Path-Sensitive Dataflow Analysis with Iterative Refinement

Dinakar Dhurjati (University of Illinois at Urbana Champaign), Manuvir Das (Center for Software Excellence, Microsoft Corporation) and Yue Yang (Center for Software Excellence, Microsoft Corporation)


In this paper, we present a new method for supporting abstraction refinement in path-sensitive dataflow analysis. We show how an adjustable merge criterion can be used as an interface to control the degree of abstraction. In particular, we partition the merge criterion with two sets of predicates - one related to the dataflow facts being propagated and the other related to path feasibility. These tracked predicates are then used to guide join operations and path feasibility analysis, so that expensive computations are performed only at the right places. Refinement amounts to lazily growing the path predicate set to recover lost precision. We have implemented our refinement technique in ESP, a software validation tool for C/C++ programs. We apply ESP to validate a future version of Windows against critical security properties. Our experience suggests that applying iterative refinement to path-sensitive dataflow analysis is both effective in cutting down spurious errors and scalable enough for solving real world problems.