Soufflé: On Synthesis of Program Analyzers

  • Herbert Jordan
  • Bernhard Scholz
  • Pavle Subotić
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9780)


Soufflé is an open source programming framework that performs static program analysis expressed in Datalog on very large code bases, including points-to analysis on OpenJDK7 (1.4M program variables, 350K objects, 160K methods) in under a minute. Soufflé is being successfully used for Java security analyses at Oracle Labs due to (1) its high-performance, (2) support for rapid program analysis development, and (3) customizability. Soufflé incorporates the highly flexible Datalog-based program analysis paradigm while exhibiting performance results that are on-par with manually developed state-of-the-art tools. In this tool paper, we introduce the Soufflé architecture, usage and demonstrate its applicability for large-scale code analysis on the OpenJDK7 library as a use case.


Input Program Domain Specific Language Static Program Analysis Datalog Program Specialization Hierarchy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We would like to thank Cristina Cifuentes, Paddy Krishnan, and all our other colleagues from Oracle Labs, Brisbane. We would also like to thank Byron Cook, Yannis Smaragdakis, and our anonymous reviewers.


  1. 1.
    Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Boston (1995)zbMATHGoogle Scholar
  2. 2.
    Allen, N., Krishnan, P., Scholz, B.: Combining type-analysis with points-to analysis for analyzing java library source-code. In: Møller, A., Naik, M. (eds.) Proceedings of the 4th ACM SIGPLAN International Workshop on State of the Art in Program Analysis, SOAP@PLDI 2015, Portland, OR, USA, 15–17 June 2015, pp. 13–18. ACM (2015)Google Scholar
  3. 3.
    Allen, N., Scholz, B., Krishnan, P.: Staged points-to analysis for large code bases. In: Franke, B. (ed.) CC 2015. LNCS, vol. 9031, pp. 131–150. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  4. 4.
    Alpuente, M., Feliú, M.A., Joubert, C., Villanueva, A.: Datalog-based program analysis with BES and RWL. In: de Moor, O., Gottlob, G., Furche, T., Sellers, A. (eds.) Datalog 2010. LNCS, vol. 6702, pp. 1–20. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Cifuentes, C., Gross, A., Keynes, N.: Understanding caller-sensitive method vulnerabilities: a class of access control vulnerabilities in the java platform. In: Proceedings of the 4th ACM SIGPLAN International Workshop on State of the Art in Program Analysis. SOAP 2015, NY, USA, pp. 7–12. ACM, New York (2015)Google Scholar
  6. 6.
    Dietrich, J., Hollingum, N., Scholz, B.: Giga-scale exhaustive points-to analysis for java in under a minute. In: Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications. OOPSLA 2015, NY, USA. pp. 535–551. ACM, New York (2015)Google Scholar
  7. 7.
    Dilworth, R.: A decomposition theorem for partially ordered sets. Ann. Math. 2(51), 161–166 (1950)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Futamura, Y.: Partial evaluation of computation process - an approach to a compiler-compiler. High. Order Symbolic Comput. 12(4), 381–391 (1999)CrossRefzbMATHGoogle Scholar
  9. 9.
    Green, T.J., Huang, S.S., Loo, B.T., Zhou, W.: Datalog and recursive query processing. Found. Trends Databases 5(2), 105–195 (2013)CrossRefzbMATHGoogle Scholar
  10. 10.
    Hoder, K., Bjørner, N., de Moura, L.: \({\mu }\)Z– an efficient engine for fixed points with constraints. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 457–462. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    LogicBlox Inc.: Declartive cloud platform for applications that combine transactions & analytics.
  12. 12.
    Naik, M., Aiken, A., Whaley, J.: Effective static race detection for Java. SIGPLAN Not. 41(6), 308–319 (2006)CrossRefGoogle Scholar
  13. 13.
    Scholz, B., Jordan, H., Subotic, P., Westmann, T.: On fast large-scale program analysis in datalog. In: Zaks, A., Hermenegildo, M.V. (eds.) Proceedings of the 25th International Conference on Compiler Construction, CC 2016, Barcelona, Spain, 12–18 March 2016, pp. 196–206. ACM (2016)Google Scholar
  14. 14.
    Scholz, B., Vorobyov, K., Krishnan, P., Westmann, T.: A datalog source-to-source translator for static program analysis: an experience report. In: 24th Australasian Software Engineering Conference, ASWEC 2015, Adelaide, SA, Australia, 28 September – 1 October, 2015, pp. 28–37. IEEE Computer Society (2015)Google Scholar
  15. 15.
    Smaragdaiks, Y., Bravenboer, M., Kastrinis, G.: Doop: A framework for java pointer analysis.
  16. 16.
    Smaragdakis, Y., Kastrinis, G., Balatsouras, G.: Introspective analysis: context-sensitivity, across the board. In: PLDI, NY, USA, pp. 485–495. ACM, New York (2014)Google Scholar
  17. 17.
    Veldhuizen, T.L.: C++ templates as partial evaluation. In: Danvy, O. (ed.) PEPM, pp. 13–18. University of Aarhus (1999).
  18. 18.
    Whaley, J., Avots, D., Carbin, M., Lam, M.S.: Using datalog with binary decision diagrams for program analysis. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 97–118. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Herbert Jordan
    • 1
  • Bernhard Scholz
    • 2
  • Pavle Subotić
    • 3
  1. 1.University of InnsbruckInnsbruckAustria
  2. 2.University of SydneySydneyAustralia
  3. 3.University College LondonLondonUK

Personalised recommendations