Publication Date

8-2024

Date of Final Oral Examination (Defense)

6-13-2024

Type of Culminating Activity

Dissertation

Degree Title

Doctor of Philosophy in Computing

Department Filter

Computer Science

Department

Computer Science

Supervisory Committee Chair

Elena Sherman, Ph.D.

Supervisory Committee Member

Jim Buffenbarger, Ph.D.

Supervisory Committee Member

Marion Scheepers, Ph.D.

Creative Commons License

Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
This work is licensed under a Creative Commons Attribution-NonCommercial-Share Alike 4.0 International License.

Abstract

Developing correct, defect-free software is a fundamental goal of software engineering. To achieve this objective, software engineers utilize many quality assurance techniques, including static program analysis. Numerical static program analysis is a powerful technique that proves the absence of defects. This approach combines data-flow analysis (DFA) with abstract interpretation (AbsI). DFA propagates information, and AbsI defines the type of information and its operations through abstract domains. Given the over-approximating nature of program analysis, however, analyzers may discover defects in infeasible program behavior, i.e., may produce false positives. To reduce false positives, numerical static analyzers use more precise relational abstract domains, such as Zones or Octagons, instead of less precise non-relational domains like Intervals.

However, running a static analyzer over relational numerical domains can be cost- prohibitive, particularly for large programs. These programs tend to have many variables and many relations between variables, which can decrease the efficiency of numerical static analyzers. Thus, to address this scalability issue, researchers focus on improving efficiency of abstract domain operations and justifying selection of more efficient, but less precise, abstract domains. This dissertation investigates these two aspects within the incremental context of DFA. Specifically, in two distinct lines of research, we devise (1) efficient domain operations and (2) precise abstract state comparisons as incremental problems within the framework of DFA.

The first part develops incremental algorithms for the closure computations for Zones and Octagons, two popular weakly-relational numerical abstract domains. This closure operation is critical for DFA’s fixed-point algorithm performance. We develop two novel incremental closure algorithms that improve analysis efficiency compared to existing closure computations. The key observation is that the closure operation can be applied to a small portion of the updated abstract state. We introduce an incremental closure algorithm for Zones and deferred incremental closure for Octagons. We theoretically and experimentally demonstrate significant runtime improvements over existing incremental closure algorithms.

The second part leverages DFA’s incremental updates to abstract states to identify a minimal number of affected variable relations. Often, researchers need to compare abstract states from different analysis runs to justify domain choices. Existing methods coarsely compare abstract states, which leads to overstating precision benefits of more expressive domains. We develop several algorithms for identifying minimal changes in weakly-relational numerical abstract states. These techniques, when applied to the problem of domain selection, improve the granularity of comparison between abstract states. Through extensive empirical evaluations, our techniques significantly reclassify invariants within their precision relations.

Comments

https://orcid.org/0000-0002-6032-474X

DOI

https://doi.org/10.18122/td.2260.boisestate

Download

Available for download on Saturday, March 13, 2027

Share

COinS