Failure-Directed Program Trimming (Extended Version)

TL;DR

This paper introduces program trimming, a technique that simplifies programs by reducing execution paths while preserving safety properties, thereby enhancing the scalability and effectiveness of safety checking tools.

Contribution

It presents a novel program trimming method and a lightweight static analysis for equi-safety reduction, implemented in the Trimmer tool, improving safety analysis techniques.

Findings

Significantly improves abstract interpretation and symbolic execution effectiveness.

Reduces program paths without losing safety guarantees.

Enhances scalability of safety checking tools.

Abstract

This paper describes a new program simplification technique called program trimming that aims to improve the scalability and precision of safety checking tools. Given a program ${\mathcal P}$, program trimming generates a new program ${\mathcal P}'$ such that ${\mathcal P}$ and ${\mathcal P}'$ are equi-safe (i.e., ${\mathcal P}'$ has a bug if and only if ${\mathcal P}$ has a bug), but ${\mathcal P}'$ has fewer execution paths than ${\mathcal P}$. Since many program analyzers are sensitive to the number of execution paths, program trimming has the potential to improve the effectiveness of safety checking tools. In addition to introducing the concept of program trimming, this paper also presents a lightweight static analysis that can be used as a pre-processing step to remove program paths while retaining equi-safety. We have implemented the proposed technique in a tool called Trimmer and evaluate it in the context of two program analysis techniques, namely abstract interpretation and dynamic symbolic execution. Our experiments show that program trimming significantly improves the effectiveness of both techniques.