Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Automatic Synthesis of Data-Flow Analyzers

  • Conference paper
  • First Online:
Static Analysis (SAS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 12913))

Included in the following conference series:

Abstract

Data-flow analyzers (DFAs) are widely deployed in many stages of software development, such as compiler optimization, bug detection, and program verification. Automating their synthesis is non-trivial but will be practically beneficial. In this paper, we propose DFASy, a framework for the automatic synthesis of DFAs. Given a specification consisting of a control flow graph and the expected data-flow facts before and after each of its nodes, DFASy automatically synthesizes a DFA that satisfies the specification, including its flow direction, meet operator, and transfer function. DFASy synthesizes transfer functions by working with a domain-specific language that supports rich data-flow fact extraction operations, set operations, and logic operations. To avoid exploding the search space, we introduce an abstraction-guided pruning technique to assess the satisfiability of partially instantiated candidates and drop unsatisfiable ones from further consideration as early as possible. In addition, we also introduce a brevity-guided pruning technique to improve the readability and simplicity of synthesized DFAs and further accelerate the search. We have built a benchmark suite, which consists of seven classic (e.g., live variable analysis and null pointer detection) and seven custom data-flow problems. DFASy has successfully solved all the 14 data-flow problems in 21.8 s on average, outperforming significantly the three baselines compared. Both DFASy and its associated benchmark suite have been open-sourced.

Thanks to all the reviewers for their constructive comments. This work is supported by Australian Research Council Grants (DP170103956 and DP180104069).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. T.j. watson libraries for analysis (wala). http://wala.sourceforge.net/wiki, http://wala.sourceforge.net/wiki

  2. Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.D.: Compilers: Principles, Techniques, and Tools, 2nd edn. Addison-Wesley Longman Publishing Co. Inc., Boston (2006)

    MATH  Google Scholar 

  3. Alur, R., et al.: Syntax-guided synthesis. IEEE (2013)

    Google Scholar 

  4. Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. Acm Sigplan Not. 49(6), 259–269 (2014)

    Article  Google Scholar 

  5. Balog, M., Gaunt, A.L., Brockschmidt, M., Nowozin, S., Tarlow, D.: DeepCoder: learning to write programs. arXiv preprint arXiv:1611.01989 (2016)

  6. Banzhaf, W., Nordin, P., Keller, R.E., Francone, F.D.: Genetic Programming. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055923

    Book  MATH  Google Scholar 

  7. Barowy, D.W., Gulwani, S., Hart, T., Zorn, B.: FlashRelate: extracting relational data from semi-structured spreadsheets using examples. ACM SIGPLAN Not. 50(6), 218–228 (2015)

    Article  Google Scholar 

  8. Barrett, C., Tinelli, C.: Satisfiability modulo theories. In: Handbook of Model Checking, pp. 305–343. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_11

    Chapter  Google Scholar 

  9. Bielik, P., Raychev, V., Vechev, M.: Learning a static analyzer from data. In: Majumdar, R., Kunčak, V. (eds.) CAV 2017. LNCS, vol. 10426, pp. 233–253. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63387-9_12

    Chapter  Google Scholar 

  10. Cai, Q., Xue, J.: Optimal and efficient speculation-based partial redundancy elimination. In: 2003 International Symposium on Code Generation and Optimization, CGO 2003, pp. 91–102 (2003). https://doi.org/10.1109/CGO.2003.1191536

  11. Černý, P., Chatterjee, K., Henzinger, T.A., Radhakrishna, A., Singh, R.: Quantitative synthesis for concurrent programs. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 243–259. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_20

    Chapter  Google Scholar 

  12. Cheung, A., Solar-Lezama, A., Madden, S.: Optimizing database-backed applications with query synthesis. ACM SIGPLAN Not. 48(6), 3–14 (2013)

    Article  Google Scholar 

  13. Das, M., Lerner, S., Seigle, M.: ESP: path-sensitive program verification in polynomial time. In: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pp. 57–68 (2002)

    Google Scholar 

  14. Feser, J.K., Chaudhuri, S., Dillig, I.: Synthesizing data structure transformations from input-output examples. ACM SIGPLAN Not. 50(6), 229–239 (2015)

    Article  Google Scholar 

  15. Frankle, J., Osera, P.M., Walker, D., Zdancewic, S.: Example-directed synthesis: a type-theoretic interpretation. ACM SIGPLAN Not. 51(1), 802–815 (2016)

    Article  Google Scholar 

  16. Gulwani, S.: Automating string processing in spreadsheets using input-output examples. ACM SIGPLAN Not. 46(1), 317–330 (2011)

    Article  Google Scholar 

  17. Gulwani, S.: Programming by examples. Dependable Softw. Syst. Eng. 45(137), 3–15 (2016)

    Google Scholar 

  18. Gulwani, S., Polozov, A., Singh, R.: Program Synthesis, vol. 4, August 2017. https://www.microsoft.com/en-us/research/publication/program-synthesis/

  19. Gvero, T., Kuncak, V., Kuraj, I., Piskac, R.: Complete completion using types and weights. In: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 27–38 (2013)

    Google Scholar 

  20. Hallem, S., Chelf, B., Xie, Y., Engler, D.: A system and language for building system-specific, static analyses. In: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pp. 69–82 (2002)

    Google Scholar 

  21. Hardekopf, B., Lin, C.: Flow-sensitive pointer analysis for millions of lines of code. In: CGO 2011, pp. 289–298 (2011)

    Google Scholar 

  22. He, D., et al.: Performance-boosting sparsification of the IFDS algorithm with applications to taint analysis. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 267–279. IEEE (2019)

    Google Scholar 

  23. He, D., Lu, J., Gao, Y., Xue, J.: Accelerating object-sensitive pointer analysis by exploiting object containment and reachability. In: Møller, A., Sridharan, M. (eds.) 35th European Conference on Object-Oriented Programming (ECOOP 2021). Leibniz International Proceedings in Informatics (LIPIcs), vol. 194, pp. 16:1–16:31. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, Dagstuhl (2021). https://doi.org/10.4230/LIPIcs.ECOOP.2021.16. https://drops.dagstuhl.de/opus/volltexte/2021/14059

  24. Katz, G., Peled, D.: Genetic programming and model checking: synthesizing new mutual exclusion algorithms. In: Cha, S.S., Choi, J.-Y., Kim, M., Lee, I., Viswanathan, M. (eds.) ATVA 2008. LNCS, vol. 5311, pp. 33–47. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88387-6_5

    Chapter  MATH  Google Scholar 

  25. Kuperstein, M., Vechev, M., Yahav, E.: Automatic inference of memory fences. ACM SIGACT News 43(2), 108–123 (2012)

    Article  Google Scholar 

  26. Le, V., Gulwani, S.: FlashExtract: a framework for data extraction by examples. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 542–553 (2014)

    Google Scholar 

  27. Madhavan, R., Komondoor, R.: Null dereference verification via over-approximated weakest pre-conditions analysis. ACM SIGPLAN Not. 46(10), 1033–1052 (2011)

    Article  Google Scholar 

  28. Nguyen, H.D.T., Qi, D., Roychoudhury, A., Chandra, S.: SemFix: program repair via semantic analysis. In: 2013 35th International Conference on Software Engineering (ICSE), pp. 772–781. IEEE (2013)

    Google Scholar 

  29. Osera, P.M., Zdancewic, S.: Type-and-example-directed program synthesis. ACM SIGPLAN Not. 50(6), 619–630 (2015)

    Article  Google Scholar 

  30. Padberg, M., Rinaldi, G.: A branch-and-cut algorithm for the resolution of large-scale symmetric traveling salesman problems. SIAM Rev. 33(1), 60–100 (1991)

    Article  MathSciNet  Google Scholar 

  31. Panchekha, P., Torlak, E.: Automated reasoning for web page layout. In: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 181–194 (2016)

    Google Scholar 

  32. Perelman, D., Gulwani, S., Ball, T., Grossman, D.: Type-directed completion of partial expressions. In: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 275–286 (2012)

    Google Scholar 

  33. Polikarpova, N., Kuraj, I., Solar-Lezama, A.: Program synthesis from polymorphic refinement types. ACM SIGPLAN Not. 51(6), 522–538 (2016)

    Article  Google Scholar 

  34. Polozov, O., Gulwani, S.: FlashMeta: a framework for inductive program synthesis. In: Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 107–126 (2015)

    Google Scholar 

  35. Raychev, V., Vechev, M., Yahav, E.: Code completion with statistical language models. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 419–428 (2014)

    Google Scholar 

  36. Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 49–61 (1995)

    Google Scholar 

  37. Sagiv, M., Reps, T., Horwitz, S.: Precise interprocedural dataflow analysis with applications to constant propagation. Theor. Comput. Sci. 167(1–2), 131–170 (1996)

    Article  MathSciNet  Google Scholar 

  38. Si, X., Lee, W., Zhang, R., Albarghouthi, A., Koutris, P., Naik, M.: Syntax-guided synthesis of datalog programs. In: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 515–527 (2018)

    Google Scholar 

  39. Singh, R., Gulwani, S., Solar-Lezama, A.: Automated feedback generation for introductory programming assignments. In: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 15–26 (2013)

    Google Scholar 

  40. Smaragdakis, Y., Bravenboer, M., Lhoták, O.: Pick your contexts well: understanding object-sensitivity. In: Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, pp. 17–30. Association for Computing Machinery, New York (2011). https://doi.org/10.1145/1926385.1926390

  41. Smith, C., Albarghouthi, A.: Program synthesis with equivalence reduction. In: Enea, C., Piskac, R. (eds.) VMCAI 2019. LNCS, vol. 11388, pp. 24–47. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-11245-5_2

    Chapter  Google Scholar 

  42. So, S., Oh, H.: Synthesizing imperative programs from examples guided by static analysis. In: Ranzato, F. (ed.) SAS 2017. LNCS, vol. 10422, pp. 364–381. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66706-5_18

    Chapter  MATH  Google Scholar 

  43. Solar-Lezama, A., Bodik, R.: Program synthesis by sketching. Citeseer (2008)

    Google Scholar 

  44. Sui, Y., Xue, J.: SVF: interprocedural static value-flow analysis in LLVM. In: Proceedings of the 25th International Conference on Compiler Construction, pp. 265–266. ACM, New York (2016)

    Google Scholar 

  45. Tan, T., Li, Y., Xue, J.: Efficient and precise points-to analysis: modeling the heap by merging equivalent automata. In: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 278–291. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3140587.3062360

  46. Thiessen, R., Lhoták, O.: Context transformations for pointer analysis. In: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, pp. 263–277. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3062341.3062359

  47. Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: Taj: effective taint analysis of web applications. ACM SIGPLAN Not. 44(6), 87–97 (2009)

    Article  Google Scholar 

  48. Vallée-Rai, R. Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot: a Java bytecode optimization framework. In: CASCON 2010, p. 13 (2010)

    Google Scholar 

  49. Vechev, M., Yahav, E., Yorsh, G.: Abstraction-guided synthesis of synchronization. In: Proceedings of the 37th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 327–338 (2010)

    Google Scholar 

  50. Wassermann, G., Su, Z.: Static detection of cross-site scripting vulnerabilities. In: 2008 ACM/IEEE 30th International Conference on Software Engineering, pp. 171–180. IEEE (2008)

    Google Scholar 

  51. Xu, X., Sui, Y., Yan, H., Xue, J.: VFix: value-flow-guided precise program repair for null pointer dereferences. In: 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), pp. 512–523 (2019). https://doi.org/10.1109/ICSE.2019.00063

  52. Xue, J., Cai, Q.: A lifetime optimal algorithm for speculative PRE. ACM Trans. Arch. Code Optim. 3(2), 115–155 (2006). https://doi.org/10.1145/1138035.1138036

    Article  MathSciNet  Google Scholar 

  53. Zhang, H., Jain, A., Khandelwal, G., Kaushik, C., Ge, S., Hu, W.: Bing developer assistant: improving developer productivity by recommending sample code. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 956–961 (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Programming Languages and Compilers Group, School of Computer Science and Engineering, UNSW Sydney, Sydney, Australia

    Xuezheng Xu, Xudong Wang & Jingling Xue

Authors
  1. Xuezheng Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xudong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jingling Xue
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Informal Systems, Inria, ENS, DI - Ecole Normale Supérieure, Paris, France

    Cezara Drăgoi

  2. Microsoft Corporation, Redmond, WA, USA

    Suvam Mukherjee

  3. Nokia Bell Labs, Murray Hill, NJ, USA

    Kedar Namjoshi

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xu, X., Wang, X., Xue, J. (2021). Automatic Synthesis of Data-Flow Analyzers. In: Drăgoi, C., Mukherjee, S., Namjoshi, K. (eds) Static Analysis. SAS 2021. Lecture Notes in Computer Science(), vol 12913. Springer, Cham. https://doi.org/10.1007/978-3-030-88806-0_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-88806-0_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-88805-3

  • Online ISBN: 978-3-030-88806-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation