Demonstration of Parf (Web Version)

抽象解释为设计静态程序分析器提供了一种通用的原则性方法。应用抽象解释的核心挑战在于如何配置静态分析器的抽象和分析策略,而这些策略往往编码成若干种参数以供用户选择。选择一套兼顾分析效率和准确率的参数配置严重依赖于专家知识,因此难以自动化。

我们实现了一个能够自适应调整基于抽象解释的静态分析器的外部参数的自动化框架,名为Parf,并在开源C程序静态分析器Frama-C/Eva上实现了原型系统。Parf的原理是将各种类型的参数建模为具有完全格结构的参数空间上的随机变量,并基于重复采样、分析生成的累积中间结果,逐步细化概率分布,最终在给定时间内产生一组高准确率参数设置。相关工作已被第39届自动化软件工程国际会议(ASE 2024)接收。

Parf网页版支持用户上传待分析C程序文件,并选择时间预算、并行进程数量、采样数量等参数设置。设置并选择选择待分析文件以及参数组后,即可开始分析。分析时间取决于用户设置的时间预算,分析完成后即可查看分析结果。

Abstract interpretation provides a universal principled method for designing static program analyzers. The core challenge in applying abstract interpretation lies in the configuration of abstraction and analysis strategies encoded by a large number of external parameters of static analysis tools. To attain low false-positive rates (i.e., accuracy) while preserving analysis efficiency, tuning the parameters heavily relies on expert knowledge and is thus difficult to automate.

We present a fully automated framework called Parf to adaptively tune the external parameters of abstract interpretation-based static analyzers. We have implemented Parf on top of Frama-C/Eva – an off-the-shelf open-source static analyzer for C programs. Parf models various types of parameters as random variables subject to probability distributions over latticed parameter spaces. It incrementally refines the probability distributions based on accumulated intermediate results generated by repeatedly sampling and analyzing, thereby ultimately yielding a set of highly accurate parameter settings within a given time budget.

The web version of Parf allows users to upload C program files for analysis and select parameter settings such as time budget, number of parallel processes, and sampling quantity. After setting and choosing the file and parameter group for analysis, the analysis can begin. The duration of the analysis depends on the time budget set by the user, and the results can be viewed once the analysis is completed.