Projects per year
Abstract
Static analyses provide the foundation for several tools that
help developers find problems before executing the program
under analysis. Common applications include warning about
unused code, deprecated API calls, or about potential security
vulnerabilities within an IDE. A static analysis distinguishes
itself from a dynamic analysis in that it is supposed to termi-
nate even if the program under analysis does not. In many
cases it is also desired for the analysis to be sound, meaning
that its answers account for all possible program behavior.
Unfortunately, analysis developers may make mistakes that
violate these properties resulting in hard-to-find bugs in the
analysis code itself. Finding these bugs can be a difficult task,
especially since analysis developers have to reason about
two separate code-bases: the analyzed code and the analysis
implementation. The former is usually where the bug man-
ifests itself, while the latter contains the faulty implemen-
tation. A recent survey has found that analysis developers
prefer to reason about the analyzed program, indicating that
debugging would be easier if debugging features such as
(conditional) breakpoints and stepping were also available
in the analyzed program. In this paper, we therefore propose
cross-level debugging for static analysis. This novel technique
moves debugging features such as stepping and breakpoints
to the base-layer (i.e., analyzed program), while still making
interactions with the meta-layer (i.e., analysis implementa-
tion) possible. To this end, we introduce novel conditional
breakpoints that express conditions, which we call meta-
predicates, about the current analysis’ state. We integrated
this debugging technique in a framework for implement-
ing modular abstract interpretation-based static analyses
called MAF. Through a detailed case study on 4 real-world
bugs taken from the repository of MAF, we demonstrate how cross-level debugging helps analysis developers in locating
and solving bugs.
help developers find problems before executing the program
under analysis. Common applications include warning about
unused code, deprecated API calls, or about potential security
vulnerabilities within an IDE. A static analysis distinguishes
itself from a dynamic analysis in that it is supposed to termi-
nate even if the program under analysis does not. In many
cases it is also desired for the analysis to be sound, meaning
that its answers account for all possible program behavior.
Unfortunately, analysis developers may make mistakes that
violate these properties resulting in hard-to-find bugs in the
analysis code itself. Finding these bugs can be a difficult task,
especially since analysis developers have to reason about
two separate code-bases: the analyzed code and the analysis
implementation. The former is usually where the bug man-
ifests itself, while the latter contains the faulty implemen-
tation. A recent survey has found that analysis developers
prefer to reason about the analyzed program, indicating that
debugging would be easier if debugging features such as
(conditional) breakpoints and stepping were also available
in the analyzed program. In this paper, we therefore propose
cross-level debugging for static analysis. This novel technique
moves debugging features such as stepping and breakpoints
to the base-layer (i.e., analyzed program), while still making
interactions with the meta-layer (i.e., analysis implementa-
tion) possible. To this end, we introduce novel conditional
breakpoints that express conditions, which we call meta-
predicates, about the current analysis’ state. We integrated
this debugging technique in a framework for implement-
ing modular abstract interpretation-based static analyses
called MAF. Through a detailed case study on 4 real-world
bugs taken from the repository of MAF, we demonstrate how cross-level debugging helps analysis developers in locating
and solving bugs.
Original language | English |
---|---|
Title of host publication | Proceedings of the 16th ACM SIGPLAN International Conference on Software Language Engineering (SLE ’23) |
Subtitle of host publication | SPLASH 2023 |
Editors | Joao Saraiva, Thomas Degueule, Elizabeth Scott |
Place of Publication | New York, NY, USA |
Publisher | ACM |
Pages | 138-148 |
Number of pages | 11 |
ISBN (Electronic) | 9798400703966 |
ISBN (Print) | 979-8-4007-0396-6/23/10 |
DOIs | |
Publication status | Published - 23 Oct 2023 |
Event | 16th ACM SIGPLAN International Conference on Software Language Engineering - Hotel Cascais Miragem, Cascais, Portugal Duration: 23 Oct 2023 → 24 Oct 2023 Conference number: 16 |
Publication series
Name | SLE 2023 - Proceedings of the 16th ACM SIGPLAN International Conference on Software Language Engineering, Co-located with: SPLASH 2023 |
---|
Conference
Conference | 16th ACM SIGPLAN International Conference on Software Language Engineering |
---|---|
Abbreviated title | SLE 23 |
Country/Territory | Portugal |
City | Cascais |
Period | 23/10/23 → 24/10/23 |
Bibliographical note
Funding Information:This work has been partially funded by FWO (Research Foundations Flanders) under grant number 1187122N.
Publisher Copyright:
© 2023 ACM.
Keywords
- Static Program Analysis
- Debugging
Fingerprint
Dive into the research topics of 'Cross-Level Debugging for Static Analysers'. Together they form a unique fingerprint.Projects
- 1 Active
-
FWOTM1089: Modular static analysis for soft contract verification of distributed actor programs
Vandenbogaerde, B., De Roover, C. & Stiévenart, Q.
1/11/21 → 31/10/25
Project: Fundamental
Activities
- 1 Talk or presentation at a conference
-
Cross-Level Debugging for Static Analysers
Bram Vandenbogaerde (Speaker)
24 Oct 2023Activity: Talk or presentation › Talk or presentation at a conference