Skip to main content
Springer Nature Link
Log in

Trace Partitioning as an Optimization Problem

  • Conference paper
  • First Online:
Static Analysis (SAS 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14995))

Included in the following conference series:

  • 113 Accesses

Abstract

Imprecision is a very common phenomenon in static analyses that results in false alarms when used for program verification. Designing automatic techniques to improve static analysis precision is an old dream, but it is highly non-trivial. In the last two decades, static analysis gave rise to refinement techniques to improve precision through various forms of sensitivity. Yet, prior attempts are either specialized to particular domains or based on syntactic rules and heuristics that are tedious to design and prone to path explosion. In this paper, we cast the problem of improving static analysis precision as an optimization problem and propose a generic search-based method to solve it. We identify the challenges that one faces when solving this problem (like the large search space, path explosion, redundant computations, or non-monotonic operations in abstract domains) and provide adequate solutions to each. Finally, we provide a first implementation of the method, demonstrating both its feasibility and potential over standard benchmark (our early prototype is able to prove some goals that state-of-the-art software model checkers cannot), and providing valuable feedback when implementing this method in a static analyzer.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    To illustrate, even with a maximum delay length \(k=100\) and a total of \(n=20\) split-points, we could be faced with up to \(\ge 100^{20}\) refinements.

References

  1. Abramsky, S., Gabbay, D.M., Maibaum, T.S.E. (eds.): Handbook of Logic in Computer Science (Vol. 3): Semantic Structures. Oxford University Press, Inc., USA (1995)

    Google Scholar 

  2. Aho, A.V., Sethi, R., Ullman, J.D.: Compilers: Principles, Techniques, and Tools. Addison-Wesley series in computer science/World student series edition, Addison-Wesley, USA (1986). https://www.worldcat.org/oclc/12285707

  3. Ammons, G., Larus, J.R.: Improving data-flow analysis with path profiles. In: Davidson, J.W., Cooper, K.D., Berman, A.M. (eds.) Proceedings of the ACM SIGPLAN ’98 Conference on Programming Language Design and Implementation (PLDI), Montreal, Canada, 17–19 June 1998, pp. 72–84. ACM, Montreal, Canada (1998). https://doi.org/10.1145/277650.277665

  4. Baier, D., et al.: Cpachecker 2.3 with strategy selection - (competition contribution). In: TACAS (3). LNCS, vol. 14572, pp. 359–364. Springer (2024)

    Google Scholar 

  5. Balakrishnan, G., Sankaranarayanan, S., Ivancic, F., Gupta, A.: Refining the control structure of loops using static analysis. In: Chakraborty, S., Halbwachs, N. (eds.) Proceedings of the 9th ACM & IEEE International conference on Embedded software, EMSOFT 2009, Grenoble, France, 12–16 October 2009, pp. 49–58. ACM, Grenoble, France (2009). https://doi.org/10.1145/1629335.1629343

  6. Ball, T., Majumdar, R., Millstein, T.D., Rajamani, S.K.: Automatic predicate abstraction of C programs. In: Burke, M., Soffa, M.L. (eds.) Proceedings of the 2001 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Snowbird, Utah, USA, 20–22 June 2001, pp. 203–213. ACM, Utah, USA (2001). https://doi.org/10.1145/378795.378846

  7. Ball, T., Rajamani, S.K.: Automatically validating temporal safety properties of interfaces. In: Dwyer, M. (ed.) SPIN 2001. LNCS, vol. 2057, pp. 102–122. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45139-0_7

    Chapter  MATH  Google Scholar 

  8. Ball, T., Rajamani, S.K.: The SLAM project: debugging system software via static analysis. In: Launchbury, J., Mitchell, J.C. (eds.) Conference Record of POPL 2002: The 29th SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Portland, OR, USA, 16–18 January 2002, pp. 1–3. ACM, Portland, OR, USA (2002). https://doi.org/10.1145/503272.503274

  9. Bardin, S., Herrmann, P., Védrine, F.: Refinement-based CFG reconstruction from unstructured programs. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 54–69. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-18275-4_6

    Chapter  MATH  Google Scholar 

  10. Beyer, D.: Competition on software verification and witness validation: SV-COMP 2023. In: Sankaranarayanan, S., Sharygina, N. (eds.) Tools and Algorithms for the Construction and Analysis of Systems - 29th International Conference, TACAS 2023, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022, Paris, France, 22–27 April 2023, Proceedings, Part II. LNCS, vol. 13994, pp. 495–522. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30820-8_29

  11. Beyer, D., Löwe, S.: Explicit-state software model checking based on CEGAR and interpolation. In: Cortellessa, V., Varró, D. (eds.) Fundamental Approaches to Software Engineering - 16th International Conference, FASE 2013, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2013, Rome, Italy, March 16-24, 2013. Proceedings. LNCS, vol. 7793, pp. 146–162. Springer, Rome, Italy (2013). https://doi.org/10.1007/978-3-642-37057-1_11

  12. Bourdoncle, F.: Abstract interpretation by dynamic partitioning. J. Funct. Program. 2(4), 407–423 (1992). https://doi.org/10.1017/S0956796800000496

  13. Bourdoncle, F.: Efficient chaotic iteration strategies with widenings. In: Bjørner, D., Broy, M., Pottosin, I.V. (eds.) Formal Methods in Programming and Their Applications, International Conference, Akademgorodok, Novosibirsk, Russia, June 28–July 2 1993, Proceedings. LNCS, vol. 735, pp. 128–141. Springer, Cham (1993). https://doi.org/10.1007/BFb0039704

  14. Bruni, R., Giacobazzi, R., Gori, R., Garcia-Contreras, I., Pavlovic, D.: Abstract extensionality: on the properties of incomplete abstract interpretations. Proc. ACM Program. Lang. 4(POPL), 28:1–28:28 (2020). https://doi.org/10.1145/3371096

  15. Bruni, R., Giacobazzi, R., Gori, R., Ranzato, F.: A logic for locally complete abstract interpretations. In: 36th Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2021, Rome, Italy, June 29–July 2 2021, pp. 1–13. IEEE, Rome, Italy (2021). https://doi.org/10.1109/LICS52264.2021.9470608

  16. Bruni, R., Giacobazzi, R., Gori, R., Ranzato, F.: Abstract interpretation repair. In: Jhala, R., Dillig, I. (eds.) PLDI ’22: 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation, San Diego, CA, USA, June 13–17 2022, pp. 426–441. ACM, CA, USA (2022). https://doi.org/10.1145/3519939.3523453

  17. Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Emerson, E.A., Sistla, A.P. (eds.) Computer Aided Verification, 12th International Conference, CAV 2000, Chicago, IL, USA, 15–19 July 2000, Proceedings. LNCS, vol. 1855, pp. 154–169. Springer, Chicago, IL, USA (2000). https://doi.org/10.1007/10722167_15

  18. Cousot, P.: Semantic foundations of program analysis. In: Program Flow Analysis: Theory and Applications, pp. 303–342. Prentice Hall, New Jersey (1981)

    Google Scholar 

  19. Cousot, P.: Principles of Abstract Interpretation. MIT Press, Cambridge, Massachusetts (2021)

    MATH  Google Scholar 

  20. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Graham, R.M., Harrison, M.A., Sethi, R. (eds.) Conference Record of the Fourth ACM Symposium on Principles of Programming Languages, Los Angeles, California, USA, January 1977, pp. 238–252. ACM, California, USA (1977). https://doi.org/10.1145/512950.512973

  21. Cyphert, J., Breck, J., Kincaid, Z., Reps, T.W.: Refinement of path expressions for static analysis. Proc. ACM Program. Lang. 3(POPL), 45:1–45:29 (2019). https://doi.org/10.1145/3290358

  22. Das, M., Lerner, S., Seigle, M.: ESP: path-sensitive program verification in polynomial time. In: Knoop, J., Hendren, L.J. (eds.) Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Berlin, Germany, 17–19 June 2002, pp. 57–68. ACM, Berlin, Germany (2002). https://doi.org/10.1145/512529.512538

  23. Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for java. In: Knoop, J., Hendren, L.J. (eds.) Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Berlin, Germany, 17–19 June 2002, pp. 234–245. ACM, Berlin, Germany (2002). https://doi.org/10.1145/512529.512558

  24. Giacobazzi, R., Logozzo, F., Ranzato, F.: Analyzing program analyses. In: Rajamani, S.K., Walker, D. (eds.) Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2015, Mumbai, India, 15–17 January 2015, pp. 261–273. ACM, Mumbai, India (2015). https://doi.org/10.1145/2676726.2676987

  25. Giacobazzi, R., Ranzato, F., Scozzari, F.: Making abstract interpretations complete. J. ACM 47(2), 361–416 (2000). https://doi.org/10.1145/333979.333989

  26. Gulwani, S., Jain, S., Koskinen, E.: Control-flow refinement and progress invariants for bound analysis. In: Hind, M., Diwan, A. (eds.) Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009, Dublin, Ireland, 15–21 June 2009, pp. 375–385. ACM, Dublin, Ireland (2009). https://doi.org/10.1145/1542476.1542518

  27. Gulwani, S., Zuleger, F.: The reachability-bound problem. In: Zorn, B.G., Aiken, A. (eds.) Proceedings of the 2010 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2010, Toronto, Ontario, Canada, 5–10 June 2010, pp. 292–304. ACM, Toronto, Ontario (2010). https://doi.org/10.1145/1806596.1806630

  28. Guyer, S.Z., Lin, C.: Client-driven pointer analysis. In: Cousot, R. (ed.) Static Analysis, 10th International Symposium, SAS 2003, San Diego, CA, USA, 11–13 June 2003, Proceedings. LNCS, vol. 2694, pp. 214–236. Springer, CA, USA (2003). https://doi.org/10.1007/3-540-44898-5_12

  29. Handjieva, M., Tzolovski, S.: Refining static analyses by trace-based partitioning using control flow. In: Levi, G. (ed.) SAS 1998. LNCS, vol. 1503, pp. 200–214. Springer, Heidelberg (1998). https://doi.org/10.1007/3-540-49727-7_12

    Chapter  Google Scholar 

  30. Heizmann, M., Hoenicke, J., Podelski, A.: Refinement of trace abstraction. In: Palsberg, J., Su, Z. (eds.) Static Analysis, 16th International Symposium, SAS 2009, Los Angeles, CA, USA, 9–11 August 2009. Proceedings. LNCS, vol. 5673, pp. 69–85. Springer, CA, USA (2009). https://doi.org/10.1007/978-3-642-03237-0_7

  31. Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: Launchbury, J., Mitchell, J.C. (eds.) Conference Record of POPL 2002: The 29th SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Portland, OR, USA, 16–18 January 2002, pp. 58–70. ACM, Portland,OR, USA (2002). https://doi.org/10.1145/503272.503279

  32. Holley, L.H., Rosen, B.K.: Qualified data flow problems. IEEE Trans. Softw. Eng. 7(1), 60–78 (1981). https://doi.org/10.1109/TSE.1981.234509

  33. Jeannet, B.: Dynamic partitioning in linear relation analysis: application to the verification of reactive systems. Form. Methods Syst. Des. 23(1), 5–37 (2003). https://doi.org/10.1023/A:1024480913162

  34. Jeannet, B., Miné, A.: Apron: a library of numerical abstract domains for static analysis. In: Bouajjani, A., Maler, O. (eds.) Computer Aided Verification, 21st International Conference, CAV 2009, Grenoble, France, June 26–July 2 2009. Proceedings. LNCS, vol. 5643, pp. 661–667. Springer, Grenoble (2009). https://doi.org/10.1007/978-3-642-02658-4_52

  35. Kastrinis, G., Smaragdakis, Y.: Hybrid context-sensitivity for points-to analysis. In: Boehm, H., Flanagan, C. (eds.) ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’13, Seattle, WA, USA, June 16–19 2013, pp. 423–434. ACM, Seattle, USA (2013). https://doi.org/10.1145/2491956.2462191

  36. Kildall, G.A.: A unified approach to global program optimization. In: Fischer, P.C., Ullman, J.D. (eds.) Conference Record of the ACM Symposium on Principles of Programming Languages, Boston, Massachusetts, USA, October 1973, pp. 194–206. ACM Press, Massachusetts, USA (1973). https://doi.org/10.1145/512927.512945

  37. Kim, S., Rival, X., Ryu, S.: A theoretical foundation of sensitivity in an abstract interpretation framework. ACM Trans. Program. Lang. Syst. 40(3), 13:1–13:44 (2018). https://doi.org/10.1145/3230624

  38. Korf, R.E.: Depth-first iterative-deepening: an optimal admissible tree search. Artif. Intell. 27(1), 97–109 (1985). https://doi.org/10.1016/0004-3702(85)90084-0

  39. Li, H., Berenger, F., Chang, B.E., Rival, X.: Semantic-directed clumping of disjunctive abstract states. In: Castagna, G., Gordon, A.D. (eds.) Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, 18–20 January 2017, pp. 32–45. ACM, Paris, France (2017). https://doi.org/10.1145/3009837.3009881

  40. Liang, P., Tripp, O., Naik, M.: Learning minimal abstractions. In: Ball, T., Sagiv, M. (eds.) Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, 26–28 January 2011, pp. 31–42. ACM, Austin, TX, USA (2011). https://doi.org/10.1145/1926385.1926391

  41. Martin, F.: Generating program analyzers. Ph.D. thesis, Saarland University, Saarbrücken, Germany (1999). http://scidok.sulb.uni-saarland.de/volltexte/2004/203/index.html

  42. Mauborgne, L., Rival, X.: Trace partitioning in abstract interpretation based static analyzers. In: Sagiv, S. (ed.) Programming Languages and Systems, 14th European Symposium on Programming,ESOP 2005, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2005, Edinburgh, UK, 4–8 April 2005, Proceedings. LNCS, vol. 3444, pp. 5–20. Springer, Edinburgh, UK (2005). https://doi.org/10.1007/978-3-540-31987-0_2

  43. Milanova, A.L., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for java. ACM Trans. Softw. Eng. Methodol. 14(1), 1–41 (2005). https://doi.org/10.1145/1044834.1044835

  44. Rival, X.: Understanding the origin of alarms in Astrée. In: Hankin, C., Siveroni, I. (eds.) Static Analysis, 12th International Symposium, SAS 2005, London, UK, 7–9 September 2005, Proceedings. LNCS, vol. 3672, pp. 303–319. Springer, London, UK (2005). https://doi.org/10.1007/11547662_21

  45. Rival, X., Mauborgne, L.: The trace partitioning abstract domain. ACM Trans. Program. Lang. Syst. 29(5), 26 (2007). https://doi.org/10.1145/1275497.1275501

  46. Sankaranarayanan, S., Ivančić, F., Shlyakhter, I., Gupta, A.: Static analysis in disjunctive numerical domains. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 3–17. Springer, Heidelberg (2006). https://doi.org/10.1007/11823230_2

    Chapter  MATH  Google Scholar 

  47. Sharir, M., Pnueli, A., et al.: Two approaches to interprocedural data flow analysis. New York University. Courant Institute of Mathematical Sciences .., New York (1978)

    Google Scholar 

  48. Sharma, R., Dillig, I., Dillig, T., Aiken, A.: Simplifying loop invariant generation using splitter predicates. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 703–719. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_57

    Chapter  MATH  Google Scholar 

  49. Shivers, O.G.: Control-flow analysis of higher-order languages or taming lambda. Carnegie Mellon University (1991)

    Google Scholar 

  50. Silva, J.P.M., Sakallah, K.A.: GRASP - a new search algorithm for satisfiability. In: Rutenbar, R.A., Otten, R.H.J.M. (eds.) Proceedings of the 1996 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 1996, San Jose, CA, USA, 10–14 November 1996, pp. 220–227. IEEE Computer Society/ACM (1996). https://doi.org/10.1109/ICCAD.1996.569607

  51. Smaragdakis, Y., Balatsouras, G.: Pointer analysis. Found. Trends Program. Lang. 2(1), 1–69 (2015). https://doi.org/10.1561/2500000014

  52. Smaragdakis, Y., Bravenboer, M., Lhoták, O.: Pick your contexts well: understanding object-sensitivity. In: Ball, T., Sagiv, M. (eds.) Proceedings of the 38th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2011, Austin, TX, USA, 26–28 January 2011, pp. 17–30. ACM, USA (2011). https://doi.org/10.1145/1926385.1926390

  53. Sridharan, M., Bodík, R.: Refinement-based context-sensitive points-to analysis for java. In: Schwartzbach, M.I., Ball, T. (eds.) Proceedings of the ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation, Ottawa, Ontario, Canada, 11–14 June 2006, pp. 387–400. ACM, Canada (2006). https://doi.org/10.1145/1133981.1134027

  54. Stein, B., Chang, B.E., Sridharan, M.: Demanded abstract interpretation. In: Freund, S.N., Yahav, E. (eds.) PLDI ’21: 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation, Virtual Event, Canada, 20–25 June 2021, pp. 282–295. ACM, Canada (2021). https://doi.org/10.1145/3453483.3454044

  55. Vechev, M.T., Yahav, E., Yorsh, G.: Abstraction-guided synthesis of synchronization. In: Hermenegildo, M.V., Palsberg, J. (eds.) Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2010, Madrid, Spain, 17–23 January 2010, pp. 327–338. ACM, Madrid, Spain (2010). https://doi.org/10.1145/1706299.1706338

  56. Zhang, X., Naik, M., Yang, H.: Finding optimum abstractions in parametric dataflow analysis. In: Boehm, H., Flanagan, C. (eds.) ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’13, Seattle, WA, USA, 16–19 June 2013, pp. 365–376. ACM, Seattle, WA (2013). https://doi.org/10.1145/2491956.2462185

Download references

Acknowledgments

This work was supported in part by the National Research Agency (grant ANR-22-CE39-0014-03) and France 2030 (grants ANR-22-PECY-0005 and ANR-22-PECY-0007). We are particularly grateful to Rishika Gupta, Alakh Dhruv Chopra, and Ranadeep Biswas, for the support, discussions, and comments.

Author information

Authors and Affiliations

  1. Université Paris-Saclay, CEA, List, Saclay, France

    M. Charles Babu, Matthieu Lemerre & Sébastien Bardin

  2. University of Lorraine, LORIA, Nancy, France

    M. Charles Babu & Jean-Yves Marion

Authors
  1. M. Charles Babu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Matthieu Lemerre
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sébastien Bardin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jean-Yves Marion
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to M. Charles Babu .

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Arizona, Tucson, AZ, USA

    Roberto Giacobazzi

  2. IMDEA Software Institute, Pozuelo de Alarcon, Madrid, Spain

    Alessandra Gorla

Rights and permissions

Reprints and permissions

Copyright information

© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Babu, M.C., Lemerre, M., Bardin, S., Marion, JY. (2025). Trace Partitioning as an Optimization Problem. In: Giacobazzi, R., Gorla, A. (eds) Static Analysis. SAS 2024. Lecture Notes in Computer Science, vol 14995. Springer, Cham. https://doi.org/10.1007/978-3-031-74776-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-74776-2_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-74775-5

  • Online ISBN: 978-3-031-74776-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics