skip to main content
10.1145/3213846.3213847acmconferencesArticle/Chapter ViewAbstractPublication PagesisstaConference Proceedingsconference-collections
research-article

Safe and sound program analysis with Flix

Published: 12 July 2018 Publication History

Abstract

Program development tools such as bug finders, build automation tools, compilers, debuggers, integrated development environments, and refactoring tools increasingly rely on static analysis techniques to reason about program behavior. Implementing such static analysis tools is a complex and difficult task with concerns about safety and soundness. Safety guarantees that the fixed point computation -- inherent in most static analyses -- converges and ultimately terminates with a deterministic result. Soundness guarantees that the computed result over-approximates the concrete behavior of the program under analysis. But how do we know if we can trust the result of the static analysis itself? Who will guard the guards?
In this paper, we propose the use of automatic program verification techniques based on symbolic execution and SMT solvers to verify the correctness of the abstract domains used in static analysis tools. We implement a verification toolchain for Flix, a functional and logic programming language tailored for the implementation of static analyses. We apply this toolchain to several abstract domains. The experimental results show that we are able to prove 99.5% and 96.3% of the required safety and soundness properties, respectively.

References

[1]
Bruno Barras, Samuel Boutin, Cristina Cornes, Judicaël Courant, Jean-Christophe Filliatre, Eduardo Gimenez, Hugo Herbelin, Gerard Huet, Cesar Munoz, Chetan Murthy, and Others. 1997. The Coq Proof Assistant Reference Manual. Ph.D. Dissertation. Yves Bertot and Pierre Castéran. 2013. Interactive Theorem Proving and Program Development: Coq’Art: The Calculus of Inductive Constructions. Springer.
[2]
Adam Chlipala. 2013. Certified Programming with Dependent Types: A Pragmatic Introduction to the Coq Proof Assistant. MIT Press New York. Koen Claessen and John Hughes. 2011. QuickCheck: A Lightweight Tool for Random Testing of Haskell Programs. International Conference on Functional Programming (ICFP) (2011).
[3]
Pascal Cuoq, Florent Kirchner, Nikolai Kosmatov, Virgile Prevosto, Julien Signoles, and Boris Yakobowski. 2012. Frama-C – A Software Analysis Perspective. In Software Engineering and Formal Methods (SEFM). Brian Davey and Hilary Priestley. 2002. Introduction to Lattices and Order. Cambridge University Press.
[4]
Stephen Fink and Julian Dolby. 2012. WALA – The TJ Watson Libraries for Analysis. Patrice Godefroid, Nils Klarlund, and Koushik Sen. 2005. DART: Directed Automated Random Testing. In Proc. Programming Language Design and Implementation (PLDI). Jacques-Henri Jourdan, Vincent Laporte, Sandrine Blazy, Xavier Leroy, and David Pichardie. 2015. A Formally-Verified C Static Analyzer. In Proc. Principles of Programming Languages (POPL). James C. King. 1976. Symbolic Execution and Program Testing. Commun. ACM (1976).
[5]
Xavier Leroy. 2006. Formal Certification of a Compiler Back-End or: Programming a Compiler with a Proof Assistant. In Proc. Principles of Programming Languages (POPL). Xavier Leroy. 2009. Formal Verification of a Realistic Compiler. Commun. ACM (2009).
[6]
Jan Midtgaard and Anders Møller. 2015. QuickChecking Static Analysis Properties. In Software Testing, Verification and Validation (ICST). Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS). Flemming Nielson, Hanne Nielson, and Chris Hankin. 2005. Principles of Program Analysis. Springer.

Cited By

View all
  • (2024)Finding and Understanding Defects in Static Analyzers by Constructing Automated OraclesProceedings of the ACM on Software Engineering10.1145/36607811:FSE(1656-1678)Online publication date: 12-Jul-2024
  • (2024)Optimizing Nested Recursive QueriesProceedings of the ACM on Management of Data10.1145/36392712:1(1-27)Online publication date: 26-Mar-2024
  • (2024)A Modular Soundness Theory for the Blackboard Analysis ArchitectureProgramming Languages and Systems10.1007/978-3-031-57267-8_14(361-390)Online publication date: 6-Apr-2024
  • Show More Cited By

Index Terms

  1. Safe and sound program analysis with Flix

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    ISSTA 2018: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis
    July 2018
    379 pages
    ISBN:9781450356992
    DOI:10.1145/3213846
    • General Chair:
    • Frank Tip,
    • Program Chair:
    • Eric Bodden
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    In-Cooperation

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 12 July 2018

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. lattices
    2. monotonicity
    3. safety
    4. soundness
    5. static analysis

    Qualifiers

    • Research-article

    Conference

    ISSTA '18
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 58 of 213 submissions, 27%

    Upcoming Conference

    ISSTA '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)15
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 06 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Finding and Understanding Defects in Static Analyzers by Constructing Automated OraclesProceedings of the ACM on Software Engineering10.1145/36607811:FSE(1656-1678)Online publication date: 12-Jul-2024
    • (2024)Optimizing Nested Recursive QueriesProceedings of the ACM on Management of Data10.1145/36392712:1(1-27)Online publication date: 26-Mar-2024
    • (2024)A Modular Soundness Theory for the Blackboard Analysis ArchitectureProgramming Languages and Systems10.1007/978-3-031-57267-8_14(361-390)Online publication date: 6-Apr-2024
    • (2023)DCLink: Bridging Data Constraint Changes and Implementations in FinTech SystemsProceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering10.1109/ASE56229.2023.00170(914-925)Online publication date: 11-Nov-2023
    • (2022)The Principles of the Flix Programming LanguageProceedings of the 2022 ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software10.1145/3563835.3567661(112-127)Online publication date: 29-Nov-2022
    • (2022)Random testing of a higher-order blockchain language (experience report)Proceedings of the ACM on Programming Languages10.1145/35476536:ICFP(886-901)Online publication date: 31-Aug-2022
    • (2021)Incremental whole-program analysis in Datalog with latticesProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454026(1-15)Online publication date: 19-Jun-2021
    • (2020)Polymorphic types and effects with Boolean unificationProceedings of the ACM on Programming Languages10.1145/34282224:OOPSLA(1-29)Online publication date: 13-Nov-2020
    • (2020)Testing static analyses for precision and soundnessProceedings of the 18th ACM/IEEE International Symposium on Code Generation and Optimization10.1145/3368826.3377927(81-93)Online publication date: 22-Feb-2020
    • (2019)Sound and reusable components for abstract interpretationProceedings of the ACM on Programming Languages10.1145/33606023:OOPSLA(1-28)Online publication date: 10-Oct-2019
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media