Abstract
We want to prove that a static analysis of a given program is complete, namely, no imprecision arises when asking some query on the program behavior in the concrete (ie, for its concrete semantics) or in the abstract (ie, for its abstract interpretation). Completeness proofs are therefore useful to assign confidence to alarms raised by static analyses. We introduce the completeness class of an abstraction as the set of all programs for which the abstraction is complete. Our first result shows that for any nontrivial abstraction, its completeness class is not recursively enumerable. We then introduce a stratified deductive system to prove the completeness of program analyses over an abstract domain A. We prove the soundness of the deductive system. We observe that the only sources of incompleteness are assignments and Boolean tests --- unlikely a common belief in static analysis, joins do not induce incompleteness. The first layer of this proof system is generic, abstraction-agnostic, and it deals with the standard constructs for program composition, that is, sequential composition, branching and guarded iteration. The second layer is instead abstraction-specific: the designer of an abstract domain A provides conditions for completeness in A of assignments and Boolean tests which have to be checked by a suitable static analysis or assumed in the completeness proof as hypotheses. We instantiate the second layer of this proof system first with a generic nonrelational abstraction in order to provide a sound rule for the completeness of assignments. Orthogonally, we instantiate it to the numerical abstract domains of Intervals and Octagons, providing necessary and sufficient conditions for the completeness of their Boolean tests and of assignments for Octagons.
Supplemental Material
- Cousot, P., and Cousot, R. Static verification of dynamic type properties of variables. Research Report no. 25, Laboratoire IMAG, University of Grenoble, France, 1975.Google Scholar
- Cousot, P., and Cousot, R. Static determination of dynamic properties of programs. In Proceedings of the 2nd International Symposium on Programming (1976), Dunod, Paris, pp. 106--130.Google Scholar
- Cousot, P., and Cousot, R. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Conference Record of the 4th ACM Symposium on Principles of Programming Languagesrm ( POPL '77) (1977), ACM Press, pp. 238--252. Google ScholarDigital Library
- Cousot, P., and Cousot, R. Systematic design of program analysis frameworks. In Conference Record of the 6th ACM Symposium on Principles of Programming Languagesrm ( POPL '79) (1979), ACM Press, pp. 269--282. Google ScholarDigital Library
- Cousot, P., and Cousot, R. A Galois connection calculus for abstract interpretation. In Conference Record of the 41st ACM Symposium on Principles of Programming Languages (POPL '14) (2014), S. Jagannathan and P. Sewell, Eds., ACM Press, pp. 3--4. Google ScholarDigital Library
- Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. The ASTRÉE analyzer. In Proceedings of the European Symposium on Programming (ESOP '05) (2005), vol. 3444 of Lecture Notes in Computer Science, Springer, pp. 21--30. Google ScholarDigital Library
- Cousot, P., Cousot, R., and Logozzo, F. A parametric segmentation functor for fully automatic and scalable array content analysis. In Conference Record of the 38th ACM Symposium on Principles of Programming Languages (POPL '11) (2011), ACM Press, pp. 105--118. Google ScholarDigital Library
- Cousot, P., Cousot, R., Logozzo, F., and Barnett, M. An abstract interpretation framework for refactoring with application to extract methods with contracts. In Proceedings of the 27th ACM Inter.\ Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA '12) (2012), ACM Press, pp. 213--232. Google ScholarDigital Library
- Damas, L., and Milner, R. Principal type-schemes for functional programs. In Conference Record of the 9th ACM Symposium on Principles of Programming Languages (POPL '82) (1982), ACM Press, pp. 207--212. Google ScholarDigital Library
- Dekker, J. C. E. Productive sets. Trans.\ of the American Mathematical Society 78 (1955), 129--149.Google ScholarCross Ref
- Fahndrich, M., and Logozzo, F. Static contract checking with abstract interpretation. In Proceedings of the Internat.\ Conf.\ on Formal Verification of Object-oriented Software (FoVeOOS 10) (2010), Springer. Google ScholarDigital Library
- Giacobazzi, R. Hiding information in completeness holes -- New perspectives in code obfuscation and watermarking. In Proc.\ of the 6th IEEE International Conferences on Software Engineering and Formal Methods (SEFM '08) (2008), IEEE Press, pp. 7--20. Google ScholarDigital Library
- Giacobazzi, R., Ranzato, F., and Scozzari, F. Making abstract interpretation complete. Journal of the ACM 47, 2 (2000), 361--416. Google ScholarDigital Library
- Granger, P. Static analysis of arithmetical congruences. Intern.\ J.\ Computer Math. 30 (1989), 165--190.Google ScholarCross Ref
- Gulwani, S., McCloskey, B., and Tiwari, A. Lifting abstract interpreters to quantified logical domains. In Conference Record of the 35th ACM Symposium on Principles of Programming Languages (POPL '08) (2008), ACM Press, pp. 35--46. Google ScholarDigital Library
- Karr, M. Affine relationships among variables of a program. Acta Informatica 6 (1976), 133--151. Google ScholarDigital Library
- Laviron, V., and Logozzo, F. Refining abstract interpretation-based static analyses with hints. In Proc.\ of the 2009 Asian Symp.\ on Programming Languages and Systems (APLAS '09) (2009), vol. 5904 of Lecture Notes in Computer Science, Springer, pp. 343--358. Google ScholarDigital Library
- Logozzo, F., and Ball, T. Modular and verified automatic program repair. In Proceedings of the 27th ACM Internat.\ Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA '12) (2012), ACM Press, pp. 133--146. Google ScholarDigital Library
- Miné, A. A new numerical abstract domain based on difference-bound matrices. In Proc. of the 2nd Symp. on Programs as Data Objects (PADO '01) (2001), vol. 2053 of Lecture Notes in Computer Science, Springer, pp. 155--172. Google ScholarDigital Library
- Miné, A. The octagon abstract domain. Higher Order and Symbolic Computation 19, 1 (2006), 31--100. Google ScholarDigital Library
- Müller-Olm, M., and Seidl, H. Precise interprocedural analysis through linear algebra. In Conference Record of the 31st ACM Symposium on Principles of Programming Languages (POPL '04) (2004), ACM Press, pp. 330--341. Google ScholarDigital Library
- Ranzato, F. Complete abstractions everywhere. In Proc.\ of the 14th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'13) (2013), vol. 7737 of Lecture Notes in Computer Science, Springer, pp. 15--26.Google ScholarDigital Library
- Rogers, H. Theory of Recursive Functions and Effective Computability. The MIT press, 1992. Google ScholarDigital Library
- Soare, R. I. Recursively Enumerable Sets and Degrees. Springer-Verlag, 1980. Google ScholarDigital Library
- Winskel, G. The Formal Semantics of Programming Languages: an Introduction. MIT press, 1993. Google ScholarCross Ref
Index Terms
- Analyzing Program Analyses
Recommendations
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints
POPL '77: Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languagesA program denotes computations in some universe of objects. Abstract interpretation of programs consists in using that denotation to describe computations in another universe of abstract objects, so that the results of abstract execution give some ...
Abstract extensionality: on the properties of incomplete abstract interpretations
In this paper we generalise the notion of extensional (functional) equivalence of programs to abstract equivalences induced by abstract interpretations. The standard notion of extensional equivalence is recovered as the special case, induced by the ...
Analyzing Program Analyses
POPL '15: Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesWe want to prove that a static analysis of a given program is complete, namely, no imprecision arises when asking some query on the program behavior in the concrete (ie, for its concrete semantics) or in the abstract (ie, for its abstract interpretation)...
Comments