research-article

Public Access

Active learning of points-to specifications

Authors:

Osbert Bastani,

Percy LiangAuthors Info & Claims

ACM SIGPLAN Notices, Volume 53, Issue 4

Pages 678 - 692

https://doi.org/10.1145/3296979.3192383

Published: 11 June 2018 Publication History

Abstract

When analyzing programs, large libraries pose significant challenges to static points-to analysis. A popular solution is to have a human analyst provide points-to specifications that summarize relevant behaviors of library code, which can substantially improve precision and handle missing code such as native code. We propose Atlas, a tool that automatically infers points-to specifications. Atlas synthesizes unit tests that exercise the library code, and then infers points-to specifications based on observations from these executions. Atlas automatically infers specifications for the Java standard library, and produces better results for a client static information flow analysis on a benchmark of 46 Android apps compared to using existing handwritten specifications.

Supplementary Material

WEBM File (p678-bastani.webm)

Download
87.18 MB

References

[1]

Aws Albarghouthi, Isil Dillig, and Arie Gurfinkel. 2016. Maximal specification synthesis. In POPL.

Digital Library

[2]

Karim Ali and Ondrej Lhoták. 2013. Averroes: Whole-program analysis without the whole program. In ECOOP.

Digital Library

[3]

Rajeev Alur, Pavol Cerny, Parthasarathy Madhusudan, and Wonhong Nam. 2005. Synthesis of interface specifications for Java classes. In POPL.

Digital Library

[4]

Glenn Ammons, Rastislav Bodík, and James R Larus. 2002. Mining specifications. In POPL.

Digital Library

[5]

Lars Ole Andersen. 1994. Program analysis and specialization for the C programming language. Ph.D. Dissertation. University of Cophenhagen.

[6]

Dana Angluin. 1987. Learning regular sets from queries and counterexamples. Information and computation (1987).

Digital Library

[7]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In PLDI.

Digital Library

[8]

Osbert Bastani, Saswat Anand, and Alex Aiken. 2015. Interactively verifying absence of explicit information flows in Android apps. In OOPSLA.

Digital Library

[9]

Osbert Bastani, Saswat Anand, and Alex Aiken. 2015. Specification inference using context-free language reachability. In POPL.

Digital Library

[10]

Osbert Bastani, Lazaro Clapp, Saswat Anand, Rahul Sharma, and Alex Aiken. 2017. Eventually Sound Points-To Analysis with Missing Code. arXiv preprint arXiv:1711.03436 (2017).

[11]

Osbert Bastani, Rahul Sharma, Alex Aiken, and Percy Liang. 2017. Synthesizing program input grammars. In PLDI.

Digital Library

[12]

Nels E Beckman and Aditya V Nori. 2011. Probabilistic, modular and scalable inference of typestate specifications. In PLDI.

Digital Library

[13]

Lazaro Clapp, Saswat Anand, and Alex Aiken. 2015. Modelgen: mining explicit information flow specifications from concrete executions. In ISSTA.

Digital Library

[14]

Facebook. 2017. Adding models. (2017). http://fbinfer.com/docs/adding-models.html

[15]

Manuel Fähndrich, Jeffrey S Foster, Zhendong Su, and Alexander Aiken. 1998. Partial online cycle elimination in inclusion constraint graphs. In PLDI.

Digital Library

[16]

Yu Feng, Saswat Anand, Isil Dillig, and Alex Aiken. 2014. Apposcopy: Semantics-based detection of android malware through static analysis. In FSE.

Digital Library

[17]

Adam P Fuchs, Avik Chaudhuri, and Jeffrey S Foster. 2009. Scandroid: Automated security certification of android. (2009).

[18]

Stefan Heule, Eric Schkufza, Rahul Sharma, and Alex Aiken. 2016. Stratified synthesis: automatically learning the x86-64 instruction set. In PLDI.

Digital Library

[19]

Stefan Heule, Manu Sridharan, and Satish Chandra. 2015. Mimic: Computing models for opaque code. In FSE.

Digital Library

[20]

Jinseong Jeon, Xiaokang Qiu, Jonathan Fetter-Degges, Jeffrey S Foster, and Armando Solar-Lezama. 2016. Synthesizing framework models for symbolic execution. In ICSE.

Digital Library

[21]

Levente Kocsis and Csaba Szepesvári. 2006. Bandit based monte-carlo planning. In ECML.

Digital Library

[22]

John Kodumal and Alex Aiken. 2004. The set constraint/CFL reachability connection in practice. In PLDI.

Digital Library

[23]

John Kodumal and Alexander Aiken. 2005. Banshee: A scalable constraint-based analysis toolkit. In SAS.

Digital Library

[24]

Ted Kremenek, Paul Twohey, Godmar Back, Andrew Ng, and Dawson Engler. 2006. From uncertainty to belief: Inferring the specification within. In OSDI.

Digital Library

[25]

Percy Liang and Mayur Naik. 2011. Scaling abstraction refinement via pruning. In PLDI.

Digital Library

[26]

Benjamin Livshits, Aditya V Nori, Sriram K Rajamani, and Anindya Banerjee. 2009. Merlin: specification inference for explicit information flow problems. In PLDI.

Digital Library

[27]

David Melski and Thomas Reps. 2000. Interconvertibility of a class of set constraints and context-free-language reachability. TCS (2000).

Digital Library

[28]

Ana Milanova, Atanas Rountev, and Barbara G Ryder. 2002. Parameterized object sensitivity for points-to and side-effect analyses for Java. In ISSTA.

Digital Library

[29]

Mayur Naik, Alex Aiken, and John Whaley. 2006. Effective static race detection for Java. In PLDI.

Digital Library

[30]

Jeremy W Nimmer and Michael D Ernst. 2002. Automatic generation of program specifications. In ISSTA.

Digital Library

[31]

José Oncina and Pedro García. 1992. Identifying regular languages in polynomial time. Advances in Structural and Syntactic Pattern Recognition (1992).

[32]

Murali Krishna Ramanathan, Ananth Grama, and Suresh Jagannathan. 2007. Static specification inference using predicate mining. In PLDI.

Digital Library

[33]

Thomas Reps. 1998. Program analysis via graph reachability. Information and software technology (1998).

[34]

Andrei Sabelfeld and Andrew C Myers. 2003. Language-based information-flow security. IEEE Journal on selected areas in communications (2003).

Digital Library

[35]

Rahul Sharma and Alex Aiken. 2014. From invariant checking to invariant inference using randomized search. In CAV.

Digital Library

[36]

Rahul Sharma, Aditya V Nori, and Alex Aiken. 2012. Interpolants as classifiers. In CAV.

Digital Library

[37]

Rahul Sharma, Eric Schkufza, Berkeley Churchill, and Alex Aiken. 2013. Data-driven equivalence checking. In OOPSLA.

Digital Library

[38]

Olin Shivers. 1991. Control-flow analysis of higher-order languages. Ph.D. Dissertation. Citeseer.

Digital Library

[39]

Sharon Shoham, Eran Yahav, Stephen Fink, and Marco Pistoia. 2007. Static specification mining using automata-based abstractions. In ISSTA.

Digital Library

[40]

Yannis Smaragdakis, George Kastrinis, and George Balatsouras. 2014. Introspective analysis: context-sensitivity, across the board. In PLDI.

Digital Library

[41]

Manu Sridharan and Rastislav Bodík. 2006. Refinement-based context-sensitive points-to analysis for Java. In PLDI.

Digital Library

[42]

Manu Sridharan, Denis Gopan, Lexin Shan, and Rastislav Bodík. 2005. Demand-driven points-to analysis for Java. In OOPSLA.

Digital Library

[43]

Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot-a Java bytecode optimization framework. In CASCON.

Digital Library

[44]

John Whaley and Monica Lam. 2004. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In PLDI.

Digital Library

[45]

Robert P Wilson and Monica S Lam. 1995. Efficient context-sensitive pointer analysis for C programs. In PLDI.

Digital Library

[46]

Jinlin Yang, David Evans, Deepali Bhardwaj, Thirumalesh Bhat, and Manuvir Das. 2006. Perracotta: mining temporal API rules from imperfect traces. In ICSE.

Digital Library

[47]

Xin Zhang, Ravi Mangal, Radu Grigore, Mayur Naik, and Hongseok Yang. 2014. On abstraction refinement for program analyses in Datalog. In PLDI.

Digital Library

[48]

Haiyan Zhu, Thomas Dillig, and Isil Dillig. 2013. Automated inference of library specifications for source-sink property verification. In APLAS.

Digital Library

Cited By

Chen YWang CBastani ODillig IFeng Y(2020)Program Synthesis Using Deduction-Guided Reinforcement LearningComputer Aided Verification10.1007/978-3-030-53291-8_30(587-610)Online publication date: 21-Jul-2020
https://dl.acm.org/doi/10.1007/978-3-030-53291-8_30
Wang CZhang JWu RZhang C(2024)DAInfer: Inferring API Aliasing Specifications from Library Documentation via Neurosymbolic OptimizationProceedings of the ACM on Software Engineering10.1145/36608161:FSE(2469-2492)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660816
Wang CWang WYao PShi QZhou JXiao XZhang C(2023) Anchor: Fast and Precise Value-flow Analysis for Containers via Memory OrientationACM Transactions on Software Engineering and Methodology10.1145/356580032:3(1-39)Online publication date: 26-Apr-2023
https://dl.acm.org/doi/10.1145/3565800
Show More Cited By

Index Terms

Active learning of points-to specifications
1. Theory of computation
  1. Semantics and reasoning
    1. Program reasoning
      1. Program analysis

Recommendations

Active learning of points-to specifications
PLDI 2018: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation

When analyzing programs, large libraries pose significant challenges to static points-to analysis. A popular solution is to have a human analyst provide points-to specifications that summarize relevant behaviors of library code, which can substantially ...
DAInfer: Inferring API Aliasing Specifications from Library Documentation via Neurosymbolic Optimization

Modern software systems heavily rely on various libraries, necessitating understanding API semantics in static analysis. However, summarizing API semantics remains challenging due to complex implementations or the unavailability of library code. This ...
"What's in a name?" going beyond allocation site names in heap analysis
ISMM 2017: Proceedings of the 2017 ACM SIGPLAN International Symposium on Memory Management

A points-to analysis computes a sound abstraction of heap memory conventionally using a name-based abstraction that summarizes runtime memory by grouping locations using the names of allocation sites: All concrete heap locations allocated by the same ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 53, Issue 4

PLDI '18

April 2018

834 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/3296979

Editor:
Matthew Fluet
Rodchester Institude of Technology

Issue’s Table of Contents

PLDI 2018: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2018
825 pages
ISBN:9781450356985
DOI:10.1145/3192366
General Chair:
Jeffrey S. Foster
University of Maryland at College Park, USA
,
Program Chair:
Dan Grossman
University of Washington, USA

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2018

Published in SIGPLAN Volume 53, Issue 4

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
842
Total Downloads

Downloads (Last 12 months)152
Downloads (Last 6 weeks)18

Reflects downloads up to 27 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chen YWang CBastani ODillig IFeng Y(2020)Program Synthesis Using Deduction-Guided Reinforcement LearningComputer Aided Verification10.1007/978-3-030-53291-8_30(587-610)Online publication date: 21-Jul-2020
https://dl.acm.org/doi/10.1007/978-3-030-53291-8_30
Wang CZhang JWu RZhang C(2024)DAInfer: Inferring API Aliasing Specifications from Library Documentation via Neurosymbolic OptimizationProceedings of the ACM on Software Engineering10.1145/36608161:FSE(2469-2492)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660816
Wang CWang WYao PShi QZhou JXiao XZhang C(2023) Anchor: Fast and Precise Value-flow Analysis for Containers via Memory OrientationACM Transactions on Software Engineering and Methodology10.1145/356580032:3(1-39)Online publication date: 26-Apr-2023
https://dl.acm.org/doi/10.1145/3565800
Wang CYao PTang WShi QZhang C(2022)Complexity-guided container replacement synthesisProceedings of the ACM on Programming Languages10.1145/35273126:OOPSLA1(1-31)Online publication date: 29-Apr-2022
https://dl.acm.org/doi/10.1145/3527312
Huang KQiu X(2022)Bootstrapping Library-Based SynthesisStatic Analysis10.1007/978-3-031-22308-2_13(272-298)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-22308-2_13
He JLee CRaychev VVechev MFreund SYahav E(2021)Learning to find naming issues with big code and small supervisionProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454045(296-311)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454045
Shen JRinard M(2021)Active Learning for Inference and Regeneration of Applications that Access DatabasesACM Transactions on Programming Languages and Systems10.1145/343095242:4(1-119)Online publication date: 22-Jan-2021
https://dl.acm.org/doi/10.1145/3430952
Antoniadis AFilippakis NKrishnan PRamesh RAllen NSmaragdakis YDonaldson ATorlak E(2020)Static analysis of Java enterprise applications: frameworks and caches, the elephants in the roomProceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3385412.3386026(794-807)Online publication date: 11-Jun-2020
https://dl.acm.org/doi/10.1145/3385412.3386026
Staicu CTorp MSchäfer MMøller APradel MRothermel GBae D(2020)Extracting taint specifications for JavaScript librariesProceedings of the ACM/IEEE 42nd International Conference on Software Engineering10.1145/3377811.3380390(198-209)Online publication date: 27-Jun-2020
https://dl.acm.org/doi/10.1145/3377811.3380390
Samak MKim DRinard M(2019)Synthesizing replacement classesProceedings of the ACM on Programming Languages10.1145/33711204:POPL(1-33)Online publication date: 20-Dec-2019
https://dl.acm.org/doi/10.1145/3371120
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents