Abstract
Static analyses based on denotational semantics can naturally model functional behaviours of the code in a compositional and completely context and flow sensitive way. But they only model the functional i.e., input/output behaviour of a program P, not enough if one needs P’s internal behaviours i.e., from the input to some internal program points. This is, however, a frequent requirement for a useful static analysis. In this paper, we overcome this limitation, for the case of mono-threaded Java bytecode, with a technique used up to now for logic programs only. Namely, we define a program transformation that adds new magic blocks of code to the program P, whose functional behaviours are the internal behaviours of P. We prove the transformation correct w.r.t. an operational semantics and define an equivalent denotational semantics, devised for abstract interpretation, whose denotations for the magic blocks are hence the internal behaviours of P. We implement our transformation and instantiate it with abstract domains modelling sharing of two variables, non-cyclicity of variables, nullness of variables, class initialisation information and size of the values bound to program variables. We get a static analyser for full mono-threaded Java bytecode that is faster and scales better than another operational pair-sharing analyser. It has the same speed but is more precise than a constraint-based nullness analyser. It makes a polyhedral size analysis of Java bytecode scale up to 1300 methods in a couple of minutes and a zone-based size analysis scale to still larger applications.
Similar content being viewed by others
References
Aho, A.V., Sethi, R., Ullman, J.D.: Compilers, Principles Techniques and Tools. Addison-Wesley, Reading (1986)
Albert, E., Arenas, P., Codish, C., Genaim, S., Puebla, G., Zanardini, D.: Termination analysis of Java bytecode. In: Barthe, G., de Boer, F.S. (eds.) Proc. of Formal Methods for Open Object-Based Distributed Systems, 10th IFIP WG 6.1 International Conference, FMOODS’08, Oslo, Norway, June 2008. Lecture Notes in Computer Science, vol. 5051, pp. 2–18. Springer, Berlin (2008)
Armstrong, T., Marriott, K., Schachte, P., Søndergaard, H.: Two classes of Boolean functions for dependency analysis. Sci. Comput. Program. 31(1), 3–45 (1998)
Bagnara, R., Hill, P.M., Zaffanella, E.: The Parma polyhedra library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Sci. Comput. Program. 72(1–2), 3–21 (2008)
Bancilhon, F., Maier, D., Sagiv, Y., Ullman, J.: Magic sets and other strange ways to implement logic programs. In: Proc. of the 5th ACM Symposium on Principles of Database Systems, pp. 1–15 (1986)
Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Boogie, K.R.M. Leino: A modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.P. (eds.) Proc. of the 4th International Symposium on Formal Methods for Components and Objects (FMCO’05), Amsterdam, The Netherlands, November 2005. Lecture Notes in Computer Science, vol. 4111, pp. 364–387. Springer, Berlin (2005)
Barnett, M., Fahndrich, M., Logozzo, F.: Foxtrot and Clousot: Language agnostic dynamic and static contract checking for .NET. Technical Report MSR-TR-2008-105, Microsoft Research (August 2008)
Beeri, C., Ramakrishnan, R.: On the power of magic. J. Log. Program. 10(3 & 4), 255–300 (1991)
Bodei, C., Degano, P., Nielson, F., Nielson, H.R.: Static analysis for secrecy and non-interference in networks of processes. In: Proc. of PaCT’01, Lecture Notes in Computer Science, vol. 2127, pp. 27–41. Springer, Berlin (2001)
Bryant, R.E.: Graph-based algorithms for Boolean function manipulation. IEEE Trans. Comput. 35(8), 677–691 (1986)
Clark, D., Hankin, C., Hunt, S.: Information flow for ALGOL-like languages. Comput. Lang. 28(1), 3–28 (2002)
Codish, M.: Efficient goal directed bottom-up evaluation of logic programs. J. Log. Program. 38(3), 355–370 (1999)
Codish, M., Dams, D., Yardeni, E.: Bottom-up abstract interpretation of logic programs. J. Theor. Comput. Sci. 124, 93–125 (1994)
Cook, B., Podelski, A., Rybalchenko, A.: Termination proofs for systems code. In: Schwartzbach, M.I., Ball, T. (eds.) Proc. of the ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation (PLDI’06), Ottawa, Ontario, Canada, June 2006, pp. 415–426. ACM, New York (2006)
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. of the 4th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’77), pp. 238–252 (1977)
Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Proc. of the 6th ACM Symposium on Principles of Programming Languages (POPL’79), pp. 269–282 (1979)
Cousot, P., Cousot, R.: Abstract interpretation and applications to logic programs. J. Log. Program. 13(2 & 3), 103–179 (1992)
Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: Proc. Fifth ACM Symp. Principles of Programming Languages, pp. 84–96 (1978)
Danvy, O., Filinski, A.: Representing control, a study of the CPS transformation. Math. Struct. Comput. Sci. 2(4), 361–391 (1992)
Hubert, L., Jensen, T., Pichardie, D.: Semantic foundations and inference of non-null annotations. In: Barthe, G., de Boer, F.S. (eds.) Proc. of the 10th International Conference on Formal Methods for Open Object-based Distributed Systems (FMOODS’08), Oslo, Norway, June 2008. Lecture Notes in Computer Science, pp. 142–149. Springer, Berlin (2008)
Klein, G., Nipkow, T.: A machine-checked model for a Java-like language, virtual machine, and compiler. ACM Trans. Program. Lang. Syst. (TOPLAS) 28(4), 619–695 (2006)
Laud, P.: Semantics and program analysis of computationally secure information flow. In: Proc. of the 10th European Symposium On Programming (ESOP’01). Lecture Notes in Computer Science, vol. 2028, pp. 77–91. Springer, Berlin (2001)
Leino, K.R.M., Müller, P.: Object invariants in dynamic contexts. In: Odersky, M. (ed.) Proc. of the 18th European Conference on Object-Oriented Programming (ECOOP’04), Oslo, Norway, June 2004. Lecture Notes in Computer Science, vol. 3086, pp. 491–516. Springer, Berlin (2004)
Leino, K.R.M., Wallenburg, A.: Class-local object invariants. In: Proc. of the 1st India Software Engineering Conference (ISEC’08), Hyderabad, India, February 2008, pp. 57–66. ACM, New York (2008)
Lindholm, T., Yellin, F.: The JavaTM Virtual Machine Specification, 2nd edn. Addison-Wesley, Reading (1999)
Logozzo, F.: Cibai: An abstract interpretation-based static analyzer for modular analysis and verification of Java classes. In: Cook, B., Podelski, A. (eds.) 8th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI’07), Nice, France, January 2007. Lecture Notes in Computer Science, vol. 4349, pp. 293–298. Springer, Berlin (2007)
Logozzo, F.: Class invariants as abstract interpretation of trace semantics. Comput. Lang. Syst. Struct. 35(2), 100–142 (2009)
Logozzo, F., Fähndrich, M.: On the relative completeness of bytecode analysis versus source code analysis. In: Hendren, L.J. (ed.) Proc. of the 17th International Conference on Compiler Construction, (CC’08), Budapest, Hungary, 2008. Lecture Notes in Computer Science, vol. 4959, pp. 197–212. Springer, Berlin (2008)
Méndez, M., Navas, J., Hermenegildo, M.V.: An efficient, parametric fixpoint algorithm for incremental analysis of Java bytecode. In: Proc. of the Second Workshop on Bytecode Semantics, Verification, Analysis and Transformation, Braga, Portugal, March 2007. Electronic Notes on Theoretical Computer Science, vol. 190(1), pp. 51–66
Miné, A.: A new numerical abstract domain based on difference-bound matrices. In: Proc. of the 2nd Symposium on Programs as Data Objects (PADO II), Aarhus, Danemark, May 2001. Lecture Notes in Computer Science, vol. 2053, pp. 155–172. Springer, Berlin (2001)
Müller, P.: Reasoning about object structures using ownership. In: Meyer, B., Woodcock, J. (eds.) Proc. of the Workshop on Verified Software: Theories, Tools, Experiments (VSTTE’07). Lecture Notes in Computer Science, vol. 4171. Springer, Berlin (2007)
Palsberg, J., Schwartzbach, M.I.: Object-oriented type inference. In: Proc. of OOPSLA’91, ACM SIGPLAN Notices, vol. 26(11), pp. 146–161. ACM Press, New York (1991)
Payet, É., Spoto, F.: Magic-sets transformation for the analysis of Java bytecode. In: Nielson, H.R., Filé, G. (eds.) Proceedings of the 14th International Static Analysis Symposium (SAS’07), Kongens Lyngby, Denmark, August 2007. Lecture Notes in Computer Science, vol. 4634, pp. 452–467. Springer, Berlin (2007)
Pollet, I., Le Charlier, B., Cortesi, A.: Distinctness and sharing domains for static analysis of Java programs. In: 15th European Conference on Object-Oriented Programming (ECOOP’01), Budapest, Hungary, June 2001. Lecture Notes in Computer Science, vol. 2072, pp. 77–98. Springer, Berlin (2001)
Rossignoli, S., Spoto, F.: Detecting non-cyclicity by abstract compilation into boolean functions. In: Emerson, E.A., Namjoshi, K.S. (eds.) Proc. of Verification, Model Checking and Abstract Interpretation, Charleston, SC, USA, January 2006. Lecture Notes in Computer Science, vol. 3855, pp. 95–110. Springer, Berlin (2006)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003)
Schmidt, D.A.: Trace-based abstract interpretation of operational semantics. J. Lisp Symb. Comput. 10(3), 237–271 (1998)
Secci, S., Spoto, F.: Pair-sharing analysis of object-oriented programs. In: Hankin, C. (ed.) Proc. of the 12th Static Analysis Symposium (SAS’05), London, UK, September 2005. Lecture Notes in Computer Science, vol. 3672, pp. 320–335. Springer, Berlin (2005)
Spoto, F.: Precise null-pointer analysis. J. Softw. Syst. Model. (to appear)
Spoto, F.: Watchpoint semantics: a tool for compositional and focussed static analyses. In: Cousot, P. (ed.) Proceedings of the 8th International Static Analysis Symposium (SAS’01), Paris, July 2001. Lecture Notes in Computer Science, vol. 2126, pp. 127–145. Springer, Berlin (2001)
Spoto, F.: Nullness analysis in Boolean form. In: Cerone, A., Gruner, S. (eds.) Proc. of the 6th IEEE International Conference on Software Engineering and Formal Methods (SEFM’08), Cape Town, South Africa, November 2008, pp. 21–30. IEEE, New York (2008)
Spoto, F., Hill, P.M., Payet, É.: Path-length analysis for object-oriented programs. In: Proc. of Emerging Applications of Abstract Interpretation, Vienna, Austria March 2006. profs.sci.univr.it/~spoto/papers.html
Spoto, F., Mesnard, F., Payet, É.: A termination analyzer for Java bytecode based on path-length. ACM Trans. Program. Lang. Syst. 32(3) (2010)
Sussman, G.J., Steele, G.L.: Scheme: An interpreter for extended lambda calculus. In: AI Memo, vol. 349. MIT Artificial Intelligence Laboratory (December 1975)
Sussman, G.J., Steele, G.L.: Scheme: An interpreter for extended lambda calculus. High.-Order Symb. Comput. 11(4), 405–439 (1998)
Tarski, A.: A lattice-theoretical fixpoint theorem and its applications. Pac. J. Math. 5, 285–309 (1955)
The julia Static Analyser. http://julia.scienze.univr.it
Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2,3), 167–187 (1996)
Winskel, G.: The Formal Semantics of Programming Languages. MIT Press, Cambridge (1993)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Spoto, F., Payet, É. Magic-sets for localised analysis of Java bytecode. Higher-Order Symb Comput 23, 29–86 (2010). https://doi.org/10.1007/s10990-010-9063-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10990-010-9063-7