Abstract
AbstractThe local solver TD is a generic fixpoint engine which explores a given system of equations on demand. It has been successfully applied to the interprocedural analysis of procedural languages. The solver TD gains efficiency by detecting dependencies between unknowns on the fly. This algorithm has been recently extended to deal with widening and narrowing as well. In particular, it has been equipped with an automatic detection of widening and narrowing points. That version, however, is only guaranteed to terminate under two conditions: only finitely many unknowns are encountered, and all right-hand sides are monotonic. While the first condition is unavoidable, the second limits the applicability of the solver. Another limitation is that the solver maintains the current abstract values of all encountered unknowns instead of a minimal set sufficient for performing the iteration. By consuming unnecessarily much space, interprocedural analyses may not succeed on seemingly small programs. In the present paper, we therefore extend the top-down solver TD in three ways. First, we indicate how the restriction to monotonic right-hand sides can be lifted without compromising termination. We then show how the solver can be tuned to store abstract values only when their preservation is inevitable. Finally, we also show how the solver can be extended to side-effecting equation systems. Right-hand sides of these may not only provide values for the corresponding left-hand side unknowns but at the same time produce contributions to other unknowns. This practical extension has successfully been used for a seamless combination of context-sensitive analyses (e.g., of local states) with flow-insensitive analyses (e.g., of globals).
Highlights
Static analysis tools based on abstract interpretation are complicated software systems
Equipping the original TD with warrowing as in Apinis et al (2016) on the other hand results in a solver which is only guaranteed to terminate for monotonic systems of abstract equations, and as is, provides no support for side-effecting
We showed how the self-monitoring capability of the solver can be used to reduce space consumption by only storing values at unknowns where widening and narrowing should be applied. We indicated how these solvers can be extended to local generic solvers that operate on side-effecting systems of abstract equations
Summary
Static analysis tools based on abstract interpretation are complicated software systems. Since for infinite complete lattices of abstract values the number of calling contexts is possibly infinite, interprocedural analysis has generally to deal with infinite systems of equations It turns out, that in this particular application, only the values of those unknowns are of interest that directly or indirectly influence some initial unknown. We settle this issue and present a variant of the TD solver with widening and narrowing which is guaranteed to terminate for all systems of equations – whenever only finitely many unknowns are encountered Besides termination, another obstacle for the practical application of static analysis is the excessive space consumption incurred by storing abstract values for all encountered unknowns. Throughout the presentation, we exemplify our notions and concepts by small examples from interprocedural program analysis
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
