Memory-Efficient Fixpoint Computation

Practical adoption of static analysis often requires trading precision for performance. This paper focuses on improving the memory efficiency of abstract interpretation without sacrificing precision or time efficiency. Computationally, abstract interpretation reduces the problem of inferring program invariants to computing a fixpoint of a set of equations. This paper presents a method to minimize the memory footprint in Bourdoncle's iteration strategy, a widely-used technique for fixpoint computation. Our technique is agnostic to the abstract domain used. We prove that our technique is optimal (i.e., it results in minimum memory footprint) for Bourdoncle's iteration strategy while computing the same result. We evaluate the efficacy of our technique by implementing it in a tool called MIKOS, which extends the state-of-the-art abstract interpreter IKOS. When verifying user-provided assertions, MIKOS shows a decrease in peak-memory usage to 4.07% (24.57x) on average compared to IKOS. When performing interprocedural buffer-overflow analysis, MIKOS shows a decrease in peak-memory usage to 43.7% (2.29x) on average compared to IKOS.

[1]  Thomas W. Reps,et al.  PostHat and All That: Automating Abstract Interpretation , 2015, Electron. Notes Theor. Comput. Sci..

[2]  Guillaume Brat,et al.  Precise and efficient static array bound checking for large embedded C programs , 2004, PLDI '04.

[3]  Patrick Cousot,et al.  Static analysis by abstract interpretation of embedded critical software , 2011, SOEN.

[4]  Kalmer Apinis,et al.  Enhancing Top-Down Solving with Widening and Narrowing , 2016, Semantics, Logics, and Calculi.

[5]  G. Ramalingam,et al.  On loops, dominators, and dominance frontiers , 2002, TOPL.

[6]  Chris Okasaki,et al.  Fast Mergeable Integer Maps , 1998 .

[7]  Eric Bodden,et al.  Inter-procedural data-flow analysis with IFDS/IDE and Soot , 2012, SOAP '12.

[8]  Jorge A. Navas,et al.  An Abstract Domain of Uninterpreted Functions , 2016, VMCAI.

[9]  Andy King,et al.  Compact Difference Bound Matrices , 2017, APLAS.

[10]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software , 2002, The Essence of Computation.

[11]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[12]  Markus Püschel,et al.  Making numerical program analysis fast , 2015, PLDI.

[13]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[14]  Kalmer Apinis,et al.  Efficiently intertwining widening and narrowing , 2015, Sci. Comput. Program..

[15]  Philippe Granger Static analysis of arithmetical congruences , 1989 .

[16]  François Bourdoncle,et al.  Efficient chaotic iteration strategies with widenings , 1993, Formal Methods in Programming and Their Applications.

[17]  Hongseok Yang,et al.  Learning a Variable-Clustering Strategy for Octagon from Labeled Data Generated by a Static Analysis , 2016, SAS.

[18]  Nicolas Halbwachs,et al.  Some ways to reduce the space dimension in polyhedra computations , 2006, Formal Methods Syst. Des..

[19]  Roberto Bagnara,et al.  The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems , 2006, Sci. Comput. Program..

[20]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[21]  Markus Püschel,et al.  Fast Numerical Program Analysis with Reinforcement Learning , 2018, CAV.

[22]  Hakjoo Oh,et al.  Design and implementation of sparse global analyses for C-like languages , 2012, PLDI.

[23]  Dirk Beyer,et al.  Automatic Verification of C and Java Programs: SV-COMP 2019 , 2019, TACAS.

[24]  Jorge A. Navas,et al.  IKOS: A Framework for Static Analysis Based on Abstract Interpretation , 2014, SEFM.

[25]  Markus Püschel,et al.  A practical construction for decomposing numerical abstract domains , 2017, Proc. ACM Program. Lang..

[26]  David Monniaux,et al.  The Parallel Implementation of the Astrée Static Analyzer , 2005, APLAS.

[27]  David Monniaux,et al.  PAGAI: A Path Sensitive Static Analyser , 2012, Electron. Notes Theor. Comput. Sci..

[28]  Markus Püschel,et al.  Fast polyhedra abstract domain , 2017, POPL.

[29]  Thomas W. Reps,et al.  Symbolic Implementation of the Best Transformer , 2004, VMCAI.

[30]  Thomas W. Reps,et al.  A Method for Symbolic Computation of Abstract Operations , 2012, CAV.

[31]  Helmut Seidl,et al.  Three Improvements to the Top-Down Solver , 2018, PPDP.

[32]  Gianluca Amato,et al.  Localizing Widening and Narrowing , 2013, SAS.

[33]  Thomas W. Reps,et al.  Bilateral Algorithms for Symbolic Abstraction , 2012, SAS.

[34]  Thomas W. Reps,et al.  Automating Abstract Interpretation , 2016, VMCAI.

[35]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[36]  Nicolas Halbwachs,et al.  When the Decreasing Sequence Fails , 2012, SAS.

[37]  Aditya V. Thakur,et al.  Deterministic parallel fixpoint computation , 2020, Proc. ACM Program. Lang..

[38]  Jorge A. Navas,et al.  Exploiting Sparsity in Difference-Bound Matrices , 2016, SAS.

[39]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[40]  Rong Gu,et al.  BigSpa: An Efficient Interprocedural Static Analysis Engine in the Cloud , 2019, 2019 IEEE International Parallel and Distributed Processing Symposium (IPDPS).

[41]  Antoine Miné,et al.  Tutorial on Static Inference of Numeric Invariants by Abstract Interpretation , 2018, Found. Trends Program. Lang..

[42]  Dirk Beyer,et al.  Reliable benchmarking: requirements and solutions , 2017, International Journal on Software Tools for Technology Transfer.

[43]  Ondrej Lhoták,et al.  Practical Extensions to the IFDS Algorithm , 2010, CC.

[44]  Cathrin Weiss,et al.  Database-Backed Program Analysis for Scalable Error Propagation , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[45]  Cristiano Calcagno,et al.  Infer: An Automatic Program Verifier for Memory Safety of C Programs , 2011, NASA Formal Methods.

[46]  Robert E. Tarjan,et al.  Applications of Path Compression on Balanced Trees , 1979, JACM.

[47]  Ronald L. Rivest,et al.  Introduction to Algorithms, 3rd Edition , 2009 .

[48]  Jeehoon Kang,et al.  Global Sparse Analysis Framework , 2014, TOPL.

[49]  G. Ramalingam,et al.  Identifying loops in almost linear time , 1999, TOPL.

[50]  Marsha Chechik,et al.  Symbolic optimization with SMT solvers , 2014, POPL.