The MOPSA project has made several contributions towards the improvement of static analysis based on Abstract Interpretation by targeting novel languages and properties. We have developed novel abstract domains, which are analysis components targeting individual properties and language constructs, and new ways to combine them to enable effective cross-language analyses.
Firstly, we addressed the scalability issue. Focusing on the analysis of C programs, we designed modular abstractions inferring function summaries. They allow reusing analysis results from functions called in related execution contexts, and help speed up the analysis of programs with libraries. We developed notably modular abstractions to check the manipulation of C strings. We also considered scaling analysis setups to more complex software depending on libraries. As, to be sound, the full program and its dependencies must be made available to the analyzer, we developed a specification language to help define concisely and soundly the effect of libraries that cannot be conveniently provided or analyzed in source form.
Secondly, we addressed the language issue, striving to go beyond the analysis of static imperative and object-oriented languages (which remain even now the core target for safety verification by semantic static analysis). We considered the analysis of Python, a dynamic language challenging for formal methods due to its involved semantic. The interpretation of key parts of the language requires a precise knowledge of the dynamic state of the program which, as we demonstrated, paradoxically makes it a perfect target for the highly precise flavor of static analyses considered in the project. We developed a semantic of Python 3 programs realistically based on the behavior of its main interpreter, CPython, and proposed abstractions that enable the automatic inference of program types and values. We also considered programs mixing different languages, a common occurrence. After developing general theoretical principles on how to combine existing independent analyses for different languages into a multi-lingual analysis, we applied this idea to the safety analysis of Python programs that call native C libraries.
Thirdly, we studied how to maintain the safety of software when they are evolving, due to bug fixes or porting to new targets. We developed an analysis of software patches for C to detect the semantic differences in program executions caused by a program change and help prevent unwanted changes or regressions. We also developed a portability analysis for C able to detect statically whether a program behaves differently on little and big-endian architectures.
Throughout the project, we developed a novel platform: the MOPSA analyzer. It leverages our new vision for semantic static analyses handling multiple languages and properties with a design promoting sharing and cooperation of abstractions. The aforementioned analyses have been implemented within and thanks to MOPSA, and successfully experimented on realistic benchmarks (including, in the case of portability analysis, large industrial code). The platform is available as open-source at
https://gitlab.com/mopsa/mopsa-analyzer(opens in new window) to promote future use in academia and industry.