Improving Static Analyses of C Programs with Conditional Predicates
Static code analysis is increasingly used to guarantee the absence of undesirable behaviors in industrial programs. Designing sound analyses is a continuing trade-off between precision and complexity. Notably, dataflow analyses often perform overly wide approximations when two control-flow paths meet, by merging states from each path. This paper presents a generic abstract interpretation based framework to enhance the precision of such analyses on join points. It relies on predicated domains, that preserve and reuse information valid only inside some branches of the code. Our predicates are derived from conditionals statements, and postpone the loss of information. The work has been integrated into Frama-C, a C source code analysis platform. Experiments on real code show that our approach scales, and improves significantly the precision of the existing analyses of Frama-C.
Unable to display preview. Download preview PDF.
- 1.Baudin, P., Cuoq, P., Filliâtre, J.C., Marché, C., Monate, B., Moy, Y., Prevosto, V.: ACSL: ANSI/ISO C Specification Language, Version 1.8 (2014), http://frama-c.com/download/acsl-implementation-Neon-20140301.pdf
- 5.Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252. ACM (1977)Google Scholar
- 9.Cuoq, P., Prevosto, V., Yakobowski, B.: Frama-C’s value analysis plug-in, http://frama-c.com/download/value-analysis-Neon-20140301.pdf
- 10.Fischer, J., Jhala, R., Majumdar, R.: Joining dataflow with predicates. In: Wermelinger, M., Gall, H. (eds.) ESEC/SIGSOFT FSE, pp. 227–236. ACM (2005)Google Scholar
- 13.Nielson, F., Nielson, H.R., Hankin, C.: Principles of program analysis. Springer (2005)Google Scholar
- 14.Rival, X., Mauborgne, L.: The trace partitioning abstract domain. ACM Trans. Program. Lang. Syst. 29(5) (2007)Google Scholar