ABSTRACT
The design and implementation of static analyzers has become increasingly systematic. Yet for a given language or analysis feature, it often requires tedious and error prone work to implement an analyzer and prove it sound. In short, static analysis features and their proofs of soundness do not compose well, causing a dearth of reuse in both implementation and metatheory. We solve the problem of systematically constructing static analyzers by introducing Galois transformers: monad transformers that transport Galois connection properties. In concert with a monadic interpreter, we define a library of monad transformers that implement building blocks for classic analysis parameters like context, path, and heap (in)sensitivity. Moreover, these can be composed together independent of the language being analyzed. Significantly, a Galois transformer can be proved sound once and for all, making it a reusable analysis component. As new analysis features and abstractions are developed and mixed in, soundness proofs need not be reconstructed, as the composition of a monad transformer stack is sound by virtue of its constituents. Galois transformers provide a viable foundation for reusable and composable metatheory for program analysis. Finally, these Galois transformers shift the level of abstraction in analysis design and implementation to a level where non-specialists have the ability to synthesize sound analyzers over a number of parameters.
- L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, 1994.Google Scholar
- D. R. Chase, M. Wegman, and F. K. Zadeck. Analysis of pointers and structures. PLDI ’90. ACM, 1990. Google ScholarDigital Library
- P. Cousot. The calculational design of a generic abstract interpreter. In Calculational System Design. NATO ASI Series F. IOS Press, Amsterdam, 1999.Google Scholar
- P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. POPL ’77. ACM, 1977. Google ScholarDigital Library
- P. Cousot and R. Cousot. Systematic design of program analysis frameworks. POPL ’79. ACM, 1979. Google ScholarDigital Library
- M. Das, S. Lerner, and M. Seigle. ESP: Path-sensitive program verification in polynomial time. PLDI ’02. ACM, 2002. Google ScholarDigital Library
- J. Gibbons and R. Hinze. Just do it: Simple monadic equational reasoning. ICFP ’11. ACM, 2011. Google ScholarDigital Library
- B. Hardekopf, B. Wiedermann, B. Churchill, and V. Kashyap. Widening for Control-Flow. VMCAI ’14. Springer Berlin Heidelberg, 2014.Google Scholar
- M. Hind. Pointer analysis: haven’t we solved this problem yet? PASTE ’01. ACM, 2001. Google ScholarDigital Library
- N. D. Jones. Flow analysis of lambda expressions (preliminary version). ICALP ’81. Springer-Verlag, 1981. Google ScholarDigital Library
- G. Kastrinis and Y. Smaragdakis. Hybrid context-sensitivity for points-to analysis. PLDI ’13. ACM, 2013. Google ScholarDigital Library
- S. Liang, P. Hudak, and M. Jones. Monad transformers and modular interpreters. POPL ’95. ACM, 1995. Google ScholarDigital Library
- J. Midtgaard. Control-flow analysis of functional programs. ACM Comput. Surv., 2012. Google ScholarDigital Library
- M. Might and O. Shivers. Improving flow analyses via ΓCFA: Abstract garbage collection and counting. ICFP ’06, 2006. Google ScholarDigital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol., 2005. Google ScholarDigital Library
- E. Moggi. An abstract view of programming languages. Technical report, Edinburgh University, 1989.Google Scholar
- F. Nielson and H. R. Nielson. Infinitary control flow analysis: a collecting semantics for closure analysis. POPL ’97. ACM, 1997. Google ScholarDigital Library
- F. Nielson, H. R. Nielson, and C. Hankin. Principles of Program Analysis. Springer-Verlag, 1999. Google ScholarDigital Library
- I. Sergey, D. Devriese, M. Might, J. Midtgaard, D. Darais, D. Clarke, and F. Piessens. Monadic abstract interpreters. PLDI ’13. ACM, 2013. Google ScholarDigital Library
- M. Sharir and A. Pnueli. Two Approaches to Interprocedural Data Flow Analysis, chapter 7. Prentice-Hall, Inc., 1981.Google Scholar
- O. Shivers. Control-flow analysis of higher-order languages. PhD thesis, Carnegie Mellon University, 1991. Google ScholarDigital Library
- Y. Smaragdakis, M. Bravenboer, and O. Lhoták. Pick your contexts well: Understanding object-sensitivity. POPL ’11. ACM, 2011. Google ScholarDigital Library
- D. Van Horn and M. Might. Abstracting abstract machines. ICFP ’10. ACM, 2010. Google ScholarDigital Library
Index Terms
- Galois transformers and modular abstract interpreters: reusable metatheory for program analysis
Recommendations
Sound and reusable components for abstract interpretation
Abstract interpretation is a methodology for defining sound static analysis. Yet, building sound static analyses for modern programming languages is difficult, because these static analyses need to combine sophisticated abstractions for values, ...
Monadic abstract interpreters
PLDI '13Recent developments in the systematic construction of abstract interpreters hinted at the possibility of a broad unification of concepts in static analysis. We deliver that unification by showing context-sensitivity, polyvariance, flow-sensitivity, ...
Monadic abstract interpreters
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and ImplementationRecent developments in the systematic construction of abstract interpreters hinted at the possibility of a broad unification of concepts in static analysis. We deliver that unification by showing context-sensitivity, polyvariance, flow-sensitivity, ...
Comments