Magic-sets for localised analysis of Java bytecode

Abstract

Static analyses based on denotational semantics can naturally model functional behaviours of the code in a compositional and completely context and flow sensitive way. But they only model the functional i.e., input/output behaviour of a program P, not enough if one needs P’s internal behaviours i.e., from the input to some internal program points. This is, however, a frequent requirement for a useful static analysis. In this paper, we overcome this limitation, for the case of mono-threaded Java bytecode, with a technique used up to now for logic programs only. Namely, we define a program transformation that adds new magic blocks of code to the program P, whose functional behaviours are the internal behaviours of P. We prove the transformation correct w.r.t. an operational semantics and define an equivalent denotational semantics, devised for abstract interpretation, whose denotations for the magic blocks are hence the internal behaviours of P. We implement our transformation and instantiate it with abstract domains modelling sharing of two variables, non-cyclicity of variables, nullness of variables, class initialisation information and size of the values bound to program variables. We get a static analyser for full mono-threaded Java bytecode that is faster and scales better than another operational pair-sharing analyser. It has the same speed but is more precise than a constraint-based nullness analyser. It makes a polyhedral size analysis of Java bytecode scale up to 1300 methods in a couple of minutes and a zone-based size analysis scale to still larger applications.

This is a preview of subscription content, log in to check access.

References

  1. 1.

    Aho, A.V., Sethi, R., Ullman, J.D.: Compilers, Principles Techniques and Tools. Addison-Wesley, Reading (1986)

    Google Scholar 

  2. 2.

    Albert, E., Arenas, P., Codish, C., Genaim, S., Puebla, G., Zanardini, D.: Termination analysis of Java bytecode. In: Barthe, G., de Boer, F.S. (eds.) Proc. of Formal Methods for Open Object-Based Distributed Systems, 10th IFIP WG 6.1 International Conference, FMOODS’08, Oslo, Norway, June 2008. Lecture Notes in Computer Science, vol. 5051, pp. 2–18. Springer, Berlin (2008)

    Google Scholar 

  3. 3.

    Armstrong, T., Marriott, K., Schachte, P., Søndergaard, H.: Two classes of Boolean functions for dependency analysis. Sci. Comput. Program. 31(1), 3–45 (1998)

    MATH  Article  Google Scholar 

  4. 4.

    Bagnara, R., Hill, P.M., Zaffanella, E.: The Parma polyhedra library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Sci. Comput. Program. 72(1–2), 3–21 (2008)

    MathSciNet  Article  Google Scholar 

  5. 5.

    Bancilhon, F., Maier, D., Sagiv, Y., Ullman, J.: Magic sets and other strange ways to implement logic programs. In: Proc. of the 5th ACM Symposium on Principles of Database Systems, pp. 1–15 (1986)

  6. 6.

    Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Boogie, K.R.M. Leino: A modular reusable verifier for object-oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.P. (eds.) Proc. of the 4th International Symposium on Formal Methods for Components and Objects (FMCO’05), Amsterdam, The Netherlands, November 2005. Lecture Notes in Computer Science, vol. 4111, pp. 364–387. Springer, Berlin (2005)

    Google Scholar 

  7. 7.

    Barnett, M., Fahndrich, M., Logozzo, F.: Foxtrot and Clousot: Language agnostic dynamic and static contract checking for .NET. Technical Report MSR-TR-2008-105, Microsoft Research (August 2008)

  8. 8.

    Beeri, C., Ramakrishnan, R.: On the power of magic. J. Log. Program. 10(3 & 4), 255–300 (1991)

    MathSciNet  MATH  Article  Google Scholar 

  9. 9.

    Bodei, C., Degano, P., Nielson, F., Nielson, H.R.: Static analysis for secrecy and non-interference in networks of processes. In: Proc. of PaCT’01, Lecture Notes in Computer Science, vol. 2127, pp. 27–41. Springer, Berlin (2001)

    Google Scholar 

  10. 10.

    Bryant, R.E.: Graph-based algorithms for Boolean function manipulation. IEEE Trans. Comput. 35(8), 677–691 (1986)

    MATH  Article  Google Scholar 

  11. 11.

    Clark, D., Hankin, C., Hunt, S.: Information flow for ALGOL-like languages. Comput. Lang. 28(1), 3–28 (2002)

    MATH  Google Scholar 

  12. 12.

    Codish, M.: Efficient goal directed bottom-up evaluation of logic programs. J. Log. Program. 38(3), 355–370 (1999)

    MathSciNet  MATH  Article  Google Scholar 

  13. 13.

    Codish, M., Dams, D., Yardeni, E.: Bottom-up abstract interpretation of logic programs. J. Theor. Comput. Sci. 124, 93–125 (1994)

    MathSciNet  MATH  Article  Google Scholar 

  14. 14.

    Cook, B., Podelski, A., Rybalchenko, A.: Termination proofs for systems code. In: Schwartzbach, M.I., Ball, T. (eds.) Proc. of the ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation (PLDI’06), Ottawa, Ontario, Canada, June 2006, pp. 415–426. ACM, New York (2006)

    Google Scholar 

  15. 15.

    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. of the 4th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’77), pp. 238–252 (1977)

  16. 16.

    Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Proc. of the 6th ACM Symposium on Principles of Programming Languages (POPL’79), pp. 269–282 (1979)

  17. 17.

    Cousot, P., Cousot, R.: Abstract interpretation and applications to logic programs. J. Log. Program. 13(2 & 3), 103–179 (1992)

    MathSciNet  MATH  Article  Google Scholar 

  18. 18.

    Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: Proc. Fifth ACM Symp. Principles of Programming Languages, pp. 84–96 (1978)

  19. 19.

    Danvy, O., Filinski, A.: Representing control, a study of the CPS transformation. Math. Struct. Comput. Sci. 2(4), 361–391 (1992)

    MathSciNet  MATH  Article  Google Scholar 

  20. 20.

    Hubert, L., Jensen, T., Pichardie, D.: Semantic foundations and inference of non-null annotations. In: Barthe, G., de Boer, F.S. (eds.) Proc. of the 10th International Conference on Formal Methods for Open Object-based Distributed Systems (FMOODS’08), Oslo, Norway, June 2008. Lecture Notes in Computer Science, pp. 142–149. Springer, Berlin (2008)

    Google Scholar 

  21. 21.

    Klein, G., Nipkow, T.: A machine-checked model for a Java-like language, virtual machine, and compiler. ACM Trans. Program. Lang. Syst. (TOPLAS) 28(4), 619–695 (2006)

    Article  Google Scholar 

  22. 22.

    Laud, P.: Semantics and program analysis of computationally secure information flow. In: Proc. of the 10th European Symposium On Programming (ESOP’01). Lecture Notes in Computer Science, vol. 2028, pp. 77–91. Springer, Berlin (2001)

    Google Scholar 

  23. 23.

    Leino, K.R.M., Müller, P.: Object invariants in dynamic contexts. In: Odersky, M. (ed.) Proc. of the 18th European Conference on Object-Oriented Programming (ECOOP’04), Oslo, Norway, June 2004. Lecture Notes in Computer Science, vol. 3086, pp. 491–516. Springer, Berlin (2004)

    Google Scholar 

  24. 24.

    Leino, K.R.M., Wallenburg, A.: Class-local object invariants. In: Proc. of the 1st India Software Engineering Conference (ISEC’08), Hyderabad, India, February 2008, pp. 57–66. ACM, New York (2008)

    Google Scholar 

  25. 25.

    Lindholm, T., Yellin, F.: The JavaTM Virtual Machine Specification, 2nd edn. Addison-Wesley, Reading (1999)

    Google Scholar 

  26. 26.

    Logozzo, F.: Cibai: An abstract interpretation-based static analyzer for modular analysis and verification of Java classes. In: Cook, B., Podelski, A. (eds.) 8th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI’07), Nice, France, January 2007. Lecture Notes in Computer Science, vol. 4349, pp. 293–298. Springer, Berlin (2007)

    Google Scholar 

  27. 27.

    Logozzo, F.: Class invariants as abstract interpretation of trace semantics. Comput. Lang. Syst. Struct. 35(2), 100–142 (2009)

    Article  Google Scholar 

  28. 28.

    Logozzo, F., Fähndrich, M.: On the relative completeness of bytecode analysis versus source code analysis. In: Hendren, L.J. (ed.) Proc. of the 17th International Conference on Compiler Construction, (CC’08), Budapest, Hungary, 2008. Lecture Notes in Computer Science, vol. 4959, pp. 197–212. Springer, Berlin (2008)

    Google Scholar 

  29. 29.

    Méndez, M., Navas, J., Hermenegildo, M.V.: An efficient, parametric fixpoint algorithm for incremental analysis of Java bytecode. In: Proc. of the Second Workshop on Bytecode Semantics, Verification, Analysis and Transformation, Braga, Portugal, March 2007. Electronic Notes on Theoretical Computer Science, vol. 190(1), pp. 51–66

  30. 30.

    Miné, A.: A new numerical abstract domain based on difference-bound matrices. In: Proc. of the 2nd Symposium on Programs as Data Objects (PADO II), Aarhus, Danemark, May 2001. Lecture Notes in Computer Science, vol. 2053, pp. 155–172. Springer, Berlin (2001)

    Google Scholar 

  31. 31.

    Müller, P.: Reasoning about object structures using ownership. In: Meyer, B., Woodcock, J. (eds.) Proc. of the Workshop on Verified Software: Theories, Tools, Experiments (VSTTE’07). Lecture Notes in Computer Science, vol. 4171. Springer, Berlin (2007)

    Google Scholar 

  32. 32.

    Palsberg, J., Schwartzbach, M.I.: Object-oriented type inference. In: Proc. of OOPSLA’91, ACM SIGPLAN Notices, vol. 26(11), pp. 146–161. ACM Press, New York (1991)

    Google Scholar 

  33. 33.

    Payet, É., Spoto, F.: Magic-sets transformation for the analysis of Java bytecode. In: Nielson, H.R., Filé, G. (eds.) Proceedings of the 14th International Static Analysis Symposium (SAS’07), Kongens Lyngby, Denmark, August 2007. Lecture Notes in Computer Science, vol. 4634, pp. 452–467. Springer, Berlin (2007)

    Google Scholar 

  34. 34.

    Pollet, I., Le Charlier, B., Cortesi, A.: Distinctness and sharing domains for static analysis of Java programs. In: 15th European Conference on Object-Oriented Programming (ECOOP’01), Budapest, Hungary, June 2001. Lecture Notes in Computer Science, vol. 2072, pp. 77–98. Springer, Berlin (2001)

    Google Scholar 

  35. 35.

    Rossignoli, S., Spoto, F.: Detecting non-cyclicity by abstract compilation into boolean functions. In: Emerson, E.A., Namjoshi, K.S. (eds.) Proc. of Verification, Model Checking and Abstract Interpretation, Charleston, SC, USA, January 2006. Lecture Notes in Computer Science, vol. 3855, pp. 95–110. Springer, Berlin (2006)

    Google Scholar 

  36. 36.

    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003)

    Article  Google Scholar 

  37. 37.

    Schmidt, D.A.: Trace-based abstract interpretation of operational semantics. J. Lisp Symb. Comput. 10(3), 237–271 (1998)

    Article  Google Scholar 

  38. 38.

    Secci, S., Spoto, F.: Pair-sharing analysis of object-oriented programs. In: Hankin, C. (ed.) Proc. of the 12th Static Analysis Symposium (SAS’05), London, UK, September 2005. Lecture Notes in Computer Science, vol. 3672, pp. 320–335. Springer, Berlin (2005)

    Google Scholar 

  39. 39.

    Spoto, F.: Precise null-pointer analysis. J. Softw. Syst. Model. (to appear)

  40. 40.

    Spoto, F.: Watchpoint semantics: a tool for compositional and focussed static analyses. In: Cousot, P. (ed.) Proceedings of the 8th International Static Analysis Symposium (SAS’01), Paris, July 2001. Lecture Notes in Computer Science, vol. 2126, pp. 127–145. Springer, Berlin (2001)

    Google Scholar 

  41. 41.

    Spoto, F.: Nullness analysis in Boolean form. In: Cerone, A., Gruner, S. (eds.) Proc. of the 6th IEEE International Conference on Software Engineering and Formal Methods (SEFM’08), Cape Town, South Africa, November 2008, pp. 21–30. IEEE, New York (2008)

    Google Scholar 

  42. 42.

    Spoto, F., Hill, P.M., Payet, É.: Path-length analysis for object-oriented programs. In: Proc. of Emerging Applications of Abstract Interpretation, Vienna, Austria March 2006. profs.sci.univr.it/~spoto/papers.html

  43. 43.

    Spoto, F., Mesnard, F., Payet, É.: A termination analyzer for Java bytecode based on path-length. ACM Trans. Program. Lang. Syst. 32(3) (2010)

  44. 44.

    Sussman, G.J., Steele, G.L.: Scheme: An interpreter for extended lambda calculus. In: AI Memo, vol. 349. MIT Artificial Intelligence Laboratory (December 1975)

  45. 45.

    Sussman, G.J., Steele, G.L.: Scheme: An interpreter for extended lambda calculus. High.-Order Symb. Comput. 11(4), 405–439 (1998)

    MATH  Article  Google Scholar 

  46. 46.

    Tarski, A.: A lattice-theoretical fixpoint theorem and its applications. Pac. J. Math. 5, 285–309 (1955)

    MathSciNet  MATH  Google Scholar 

  47. 47.

    The julia Static Analyser. http://julia.scienze.univr.it

  48. 48.

    Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2,3), 167–187 (1996)

    Google Scholar 

  49. 49.

    Winskel, G.: The Formal Semantics of Programming Languages. MIT Press, Cambridge (1993)

    Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Fausto Spoto.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Spoto, F., Payet, É. Magic-sets for localised analysis of Java bytecode. Higher-Order Symb Comput 23, 29–86 (2010). https://doi.org/10.1007/s10990-010-9063-7

Download citation

Keywords

  • Magic-sets
  • Abstract interpretation
  • Static analysis
  • Denotational semantics