Value and Allocation Sensitivity in Static Python Analyses


Sound static analyses for large subsets of static programming languages such as C are now widespread. For example the Astrée static analyzer soundly overapproximates the behavior of C programs that do not contain any dynamic code loading, longjmp statements nor recursive functions. The sound and precise analysis of widely used dynamic programming languages like JavaScript and Python remains a challenge. This paper examines the variation of static analyses of Python – in precision, time and memory usage – by adapting three parameters: (i) the value sensitivity, (ii) the allocation sensitivity and (iii) the activation of an abstract garbage collector. It is not clear yet which level of sensitivity constitutes a sweet spot in terms of precision versus efficiency to achieve a meaningful Python analysis. We thus perform an experimental evaluation using a prototype static analyzer on benchmarks a few thousand lines long. Key findings are: the value analysis does not improve the precision over type-related alarms; the value analysis is three times costlier than the type analysis; the allocation sensitivity depends on the value sensitivity; using an abstract garbage collector lowers memory usage and running times, but does not affect precision.

State Of the Art in Program Analysis (co-located with PLDI) 2020

I am really grateful and honored to be the recipient of SOAP’s best presentation award for 2020, together with my coauthors Abdelraouf Ouadjaout and Antoine Miné.

Raphaël Monat
Raphaël Monat
PhD in Static Analysis