Finding Fix Locations for CFL-Reachability Analyses via Minimum Cuts

Static analysis tools are increasingly important for ensuring code quality. Ideally, all warnings from a static analysis would be addressed, but the volume of warnings and false positives usually makes this effort prohibitive. We present techniques for finding fix locations, a small set of program locations where fixes can be applied to address all static analysis warnings. We focus on analyses expressible as context-free-language reachability, where a set of fix locations is naturally expressed as a min-cut of the CFL graph. We show, surprisingly, that computing such a CFL min-cut is NP-hard. We then phrase the problem of finding CFL min-cuts as an optimization problem which allows us to trade-off the size of the cut vs. the preservation of computed information. We then show how to solve the optimization problem via a MaxSAT encoding.

[1]  Xin Zhang,et al.  A user-guided approach to program analysis , 2015, ESEC/SIGSOFT FSE.

[2]  Zvonimir Pavlinovic,et al.  Practical SMT-based type error localization , 2015, ICFP.

[3]  Sanjeev Khanna,et al.  Edinburgh Research Explorer On the Propagation of Deletions and Annotations through Views , 2013 .

[4]  Benjamin Livshits,et al.  Merlin: specification inference for explicit information flow problems , 2009, PLDI '09.

[5]  Thomas W. Reps,et al.  Interconvertibility of a class of set constraints and context-free-language reachability , 2000, Theor. Comput. Sci..

[6]  Danfeng Zhang,et al.  Toward general diagnosis of static errors , 2014, POPL.

[7]  Maria Luisa Bonet,et al.  Improving SAT-Based Weighted MaxSAT Solvers , 2012, CP.

[8]  Manu Sridharan,et al.  Tech Report : A Practical Framework for Type Inference Error Explanation , 2016 .

[9]  Sanjit A. Seshia,et al.  Combinatorial sketching for finite programs , 2006, ASPLOS XII.

[10]  James B. Orlin,et al.  A faster algorithm for finding the minimum cut in a graph , 1992, SODA '92.

[11]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[12]  Rishabh Singh,et al.  Qlose: Program Repair with Quantitative Objectives , 2016, CAV.

[13]  Eran Yahav,et al.  Effective typestate verification in the presence of aliasing , 2006, TSEM.

[14]  Rupak Majumdar,et al.  Cause clue clauses: error localization using maximum satisfiability , 2010, PLDI '11.

[15]  Benjamin Livshits,et al.  Towards fully automatic placement of security sanitizers and declassifiers , 2013, POPL 2013.

[16]  Thomas W. Reps,et al.  Program analysis via graph reachability , 1997, Inf. Softw. Technol..

[17]  Amer Diwan,et al.  The DaCapo benchmarks: java benchmarking development and analysis , 2006, OOPSLA '06.

[18]  Xin Zhang,et al.  On abstraction refinement for program analyses in Datalog , 2014, PLDI 2014.

[19]  Patrick Cousot,et al.  Automatic Inference of Necessary Preconditions , 2013, VMCAI.

[20]  Mechthild Stoer,et al.  A simple min-cut algorithm , 1997, JACM.

[21]  Thomas Ball,et al.  Modular and verified automatic program repair , 2012, OOPSLA '12.