Static Analysis of File-Processing Programs using File Format Specifications

TL;DR

This paper introduces a framework for static analysis of file-processing programs that leverages file format specifications to improve analysis precision and enable new verification and transformation capabilities.

Contribution

It presents a generic approach that integrates file format knowledge into static analysis, enhancing its usefulness for program verification and transformation tasks.

Findings

Improves analysis precision for file-processing programs.

Enables verification tasks based on input file formats.

Demonstrates effectiveness on real-world programs.

Abstract

Programs that process data that reside in files are widely used in varied domains, such as banking, healthcare, and web-traffic analysis. Precise static analysis of these programs in the context of software verification and transformation tasks is a challenging problem. Our key insight is that static analysis of file-processing programs can be made more useful if knowledge of the input file formats of these programs is made available to the analysis. We propose a generic framework that is able to perform any given underlying abstract interpretation on the program, while restricting the attention of the analysis to program paths that are potentially feasible when the program's input conforms to the given file format specification. We describe an implementation of our approach, and present empirical results using real and realistic programs that show how our approach enables novel verification and transformation tasks, and also improves the precision of standard analysis problems.