Add support for bounded static analysis #412

wuestholz · 2016-05-02T18:17:31Z

This adds support for bounded abstract interpretation, which allows users to bound the analysis based on their available time or their tolerance for imprecision and spurious errors. For instance, users can bound the number of analysis steps per method using the /maxSteps command line option. In addition, users can bound common sources of imprecision, such as joins (/maxJoins), widenings (/maxWidenings), and calls (/maxCalls).

Bounding the analysis can improve precision and performance (by up to 8x in our experiments), but might miss bugs. It is meant to provide faster feedback to users (e.g., in the IDE) with fewer spurious warnings.

It allowed us to uncover 5 bugs in msbuild by focusing on high priority warnings (/warninglevel low): dotnet/msbuild#452, dotnet/msbuild#569, dotnet/msbuild#574.

Fix some build errors/warnings in VS 2015.

yaakov-h · 2016-05-02T23:59:46Z

@wuestholz If I understand, bounded analysis limits the static checker in what it checks? How does this improve precision?

How does /warninglevel low mean that high-priority warnings are focused?

Hoe does limiting the static checker in what it checks uncover new bugs?

wuestholz · 2016-05-03T01:21:16Z

@yaakov-h Thank you for the questions. Let me try to provide some more details.

By bounding the analysis some program traces may not be checked. Intuitively, this allows the analysis to check the remaining ones more precisely. In particular, some warnings may not be reported because they hold for the traces that were analyzed. However, if the analysis wasn't bounded the analysis may consider more program traces (including ones that are actually not possible due to inherent imprecision in the analysis) and report a spurious warning. Usually precision is measured by the number of spurious warnings, while soundness is measured by the number of genuine bugs that are missed.

/warninglevel low does not report low-priority warning (ones with a low score based on Clousot's ranking).

In general, bounding the analysis does not uncover new bugs. However, it can increase the score of warnings. As a consequence, some low-priority warnings that would usually be suppressed are not suppressed when the analysis is bounded. For instance, the above bugs would have been reported as low-priority warnings without bounding the analysis. However, looking at all these warnings would have never been possible for us in reasonable time.

yaakov-h · 2016-05-03T01:26:12Z

Does that mean that /warninglevel low really means /ignorewarningsthatare low?

wuestholz · 2016-05-03T02:10:37Z

@yaakov-h Not exactly, since /warninglevel high does not mean /ignorewarningsthatare high. All warnings are scored and the warning level controls the threshold for how high that score needs to be in order to show the warning.

wuestholz and others added 30 commits November 3, 2015 16:49

Fix build warning.

fbc26af

Fix build error in VS 2015.

10631af

Fix build warning in VS 2015.

1af11e8

Merge pull request microsoft#2 from wuestholz/master

ab6fbac

Fix some build errors/warnings in VS 2015.

Minor change to solution file.

ccdd286

Minor change to disable warnings across configurations consistently.

4993ba1

Minor change to disable warnings based on VS version.

31556c1

Minor change to platform and configuration.

3e0ea54

Added symbolic ticks for timeouts.

4b99680

Enabled symbolic timeouts.

7ca74eb

Enabled some Clousot tests.

64c9017

Commented out some tests.

170760c

Improve support for symbolic timeouts (with Maria).

e5576e5

Added an analysis controller.

dbd458b

Started fleshing out the analysis controller.

d1e9753

Enabled multiple time slots for the analysis.

4cec9fb

Started enabling depth for joins.

b7c0095

Enabled depth for joins.

b28541c

Improved handling of symbolic timeouts and joins.

163fda5

Enabled depth for widenings.

bafd4c3

Enabled depth for calls.

3110ad4

Add counter for possible sources of imprecision.

f38d81e

Add statistics about imprecision.

4b3fb90

Enabled depth for calls.

5c05efc

Merge.

f42abe7

Improve precision of abstract interpreter for modulo operations.

291d3b8

Improve handling of bounds in DFA.

d7dd195

Add trace output for suspended program points.

66f9f88

Minor change

662b22a

Improve CSV output for imprecisions.

e63b122

wuestholz added 24 commits January 21, 2016 15:13

Fix minor issue.

1b58b9a

Extend the CSV output.

d4c661d

Extend the CSV output.

84b1b47

Minor changes

fc2a737

Minor changes

ada5541

Add checking mode for DFA controller.

cbbe9f6

Extend CSV output.

b1b37f4

Extend CSV output.

5935287

Make it use a synchronized 'TextWriter' for the CSV output.

8c223ea

Minor change

86149e5

Extend CSV output.

cc1a491

Change how the CSV file is accessed.

ebc1dd1

Minor fix in CSV output

7a482ca

Fix an issue.

a475a27

Fix more issues.

7e78df5

Minor change

a5a9b49

Minor refactoring

080baa7

Add new option '/maxFieldReads'.

db43eae

Fix minor issue.

5c9cb2a

Merge https://github.com/Microsoft/CodeContracts

90764e8

Add license header to test program files.

84347fa

Extend the CSV output.

566fdfb

Merge https://github.com/Microsoft/CodeContracts

a334dbf

Minor fix

fddedc7

wuestholz merged commit 6b1f006 into microsoft:master May 2, 2016

wuestholz mentioned this pull request May 2, 2016

What does the Future of Code Contracts Look Like? #409

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for bounded static analysis #412

Add support for bounded static analysis #412

wuestholz commented May 2, 2016

yaakov-h commented May 2, 2016

wuestholz commented May 3, 2016

yaakov-h commented May 3, 2016

wuestholz commented May 3, 2016

Add support for bounded static analysis #412

Add support for bounded static analysis #412

Conversation

wuestholz commented May 2, 2016

yaakov-h commented May 2, 2016

wuestholz commented May 3, 2016

yaakov-h commented May 3, 2016

wuestholz commented May 3, 2016