skip to main content
article
Free Access

The trace partitioning abstract domain

Published:02 August 2007Publication History
Skip Abstract Section

Abstract

In order to achieve better precision of abstract interpretation-based static analysis, we introduce a new generic abstract domain, the trace partitioning abstract domain. We develop a theoretical framework allowing a wide range of instantiations of the domain, proving that all these instantiations give correct results. From this theoretical framework, we go into implementation details of a particular instance developed in the Astrée static analyzer. We show how the domain is automatically configured in Astrée and the gain and cost in terms of performance and precision.

References

  1. Ammons, G. and Larus, J. R. 1998. Improving data-flow analysis with path profiles. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (Montreal, Canada). ACM, New York, 72--84. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Ball, T. and Rajamani, S. K. 2001. Automatically validating temporal safety properties of interfaces. In Proceedings of the 8th International SPIN Workshop (Toronto, Canada). Lecture Notes in Computer Science. Springer, 103--122. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Ball, T. and Larus, J. R. 1996. Efficient path profiling. In Proceedings of the Annual ACM IEEE International Symposium on Microarchitecture (MICRO). IEEE Computer Society, Washington DC, 46--57. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. 2003. A static analyzer for large safety critical software. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (San Diego, CA). ACM Press, New York, 196--207. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. 2002. Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software. In The Essence of Computation: Complexity, Analysis, Transformation. Essays Dedicated to Neil D. Jones, T. Mogensen et al., eds. Lecture Notes in Computer Science, vol. 2566. Springer, 85--108. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Bodík, R., Gupta, R., and Soffa, M. L. 1997. Refining data flow information using infeasible paths. In Proceedings of the 6th European Software Engineering Conference and 5th ACM/SIGSOFT Symposium on Foundations of Software Engineering (Zurich, Switzerland). Springer, 361--377. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Bourdoncle, F. 1993. Efficient chaotic iteration strategies with widenings. In Proceedings of the International Conference on Formal Methods in Programming and Their Applications. Lecture Notes in Computer Science, vol. 735, Springer, 128--142.Google ScholarGoogle Scholar
  8. Bryant, R. 1986. Graph based algorithms for Boolean function manipulation. IEEE Trans. Comput. C-35, 677--691. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Cousot, P. 1981. Semantic foundations of program analysis. In Program Flow Analysis: Theory and Applications, S. Muchnick and N. Jones, eds. Prentice-Hall, Englewood Cliffs, NJ. Chapter 10, 303--342.Google ScholarGoogle Scholar
  10. Cousot, P. and Cousot, R. 1979. Systematic design of program analysis frameworks. In Conference Record of the 6th Symposium on Principles of Programming Languages (POPL) (San Antonio, TX). ACM Press, New York, 269--282. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Cousot, P. and Cousot, R. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Conference Record of the 4th Symposium on Principles of Programming Languages (POPL) (Los Angeles, CA). ACM Press, New York, 238--252. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Cousot, P. and Cousot, R. 1992a. Abstract interpretation and application to logic programs. J. Logic Program. 13, 2-3, 103--179. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Cousot, P. and Cousot, R. 1992b. Abstract interpretation frameworks. J. Logic Comput. 2, 4 (Aug.), 511--547.Google ScholarGoogle ScholarCross RefCross Ref
  14. Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. 2005. The ASTRÉE analyzer. In Proceedings of the European Symposium On Programming (ESOP) (Edinburgh, UK). Lecture Notes in Computer Science, vol. 3444. Springer.Google ScholarGoogle Scholar
  15. Cousot, P. and Halbwachs, N. 1978. Automatic discovery of linear restraints among variables of a program. In Conference Record of the 5th Symposium on Principles of Programming Languages (POPL) (Tucson, AZ). ACM Press, New York, 84--97. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Das, M., Lerner, S., and Seigle, M. 2002. ESP: Path-Sensitive program verification in polynomial time. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (Berlin, Germany). ACM Press, New York, 57--68. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Feret, J. 2005. The arithmetic-geometric progression abstract domain. In Proceedings of the 6th Conference on Verification, Model-Cecking and Abstract Interpretation (VMCAI) (Paris), R. Cousot, ed. Lecture Notes in Computer Science, vol. 3385. Springer, 2--18. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Feret, J. 2004. Static analysis of digital filters. In Proceedings of the European Symposium on Programming (ESOP) (Barcelona, Spain). Lecture Notes in Computer Science. vol. 2986, Springer, 33--48.Google ScholarGoogle ScholarCross RefCross Ref
  19. Flanagan, C., Leino, K. R., Lillibridge, M., Nelson, G., Saxe, J. B., and Stata, R. 2002. Extended static checking for Java. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI). ACM Press, New York, 234--245. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Granger, P. 1989. Static analysis of arithmetical congruences. Int. J. Comput. Math. 30, 165--190.Google ScholarGoogle ScholarCross RefCross Ref
  21. Halbwachs, N., Lagnier, F., and Raymond, P. 1993. Synchronous observers and the verification of reactive systems. In Proceedings of the Workshop on Algebraic Methodology and Software Technology (AMAST) (Twente, The Netherlands). Springer, 83--96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Handjieva, M. and Tzolovski, S. 1998. Refining static analyses by trace-based partitioning using control flow. In Proceedings of the 5th International Static Analysis Symposium (SAS). Lecture Notes in Computer Science, Springer, 200--214.Google ScholarGoogle Scholar
  23. Holley, L. H. and Rosen, B. K. 1980. Qualified data flow problems. In Proceedings of the 7th ACM Symposium on Principles of Programming Languages (POPL) (Las Vegas, NV). ACM Press, New York, 68--82. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Horwitz, S., Reps, T., and Binkley, D. 1988. Interprocedural slicing using dependence graphs. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (Atlanta, GA). ACM Press, New York, 35--46. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Jeannet, B. 2003. Dynamic partitioning in linear relation analysis: Application to the verification of reactive systems. Formal Methods Syst. Des. 23, 1, 5--37. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Jeannet, B., Halbwachs, N., and Raymond, P. 1999. Dynamic partitioning in analyses of numerical properties. In Proceedings of the 6th Static Analysis Symposium (SAS) (Venice, Italy). Lecture Notes in Computer Science, vol. 1694. Springer, 39--50. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Jones, N. D. and Muchnick, S. S. 1979. Flow analysis and optimization of LISP-like structures. In Proceedings of the 6th ACM Symposium on Principles of Programming Languages (POPL) (San Antonio, TX). ACM Press, New York, 244--256. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Mauborgne, L. 2004. ASTRÉE: Verification of absence of run-time error. In Building the Information Society. Kluwer Academic, Toulouse, France. Chapter 4, 384--392.Google ScholarGoogle Scholar
  29. Melski, D. and Reps, T. W. 2003. The interprocedural express-lane transformation. In Proceedings of the 12th International Conference on Compiler Construction (CC) (Warsaw, Poland). Lecture Notes in Computer Science. Springer, 200--216.Google ScholarGoogle Scholar
  30. Miné, A. 2001. The octagon abstract domain. Higher-Order Symb. Comput. 19, 1, 31--100. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Monniaux, D. 2005. The parallel implementation of the Astrée static analyzer. In Proceedings of the 6th Asian Symposium on Programming Languages and Systems (APLAS). Lecture Notes in Computer Science, vol. 3780. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Plotkin, G. D. 1981. A structural approach to operational semantics. Tech. Rep. DAIMI FN-19, Aarhus University, Denmark. September.Google ScholarGoogle Scholar
  33. Reps, T., Horwitz, S., and Sagiv, M. 1995. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22nd ACM Symposium on Principles of Programming Languages (POPL) (San Fransisco, CA). ACM Press, New York, 49--61. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Rival, X. 2005. Understanding the origin of alarms in astrée. In Proceedings of the 12th Static Analysis Symposium (SAS) (London). Lecture Notes in Computer Science, vol. 3672. Springer, 303--319. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Sharir, M. and Pnueli, A. 1981. Two approaches to interprocedural data flow analysis. In Program Flow Analysis: Theory and Applications, S. Muchnick and N. Jones, eds. Prentice-Hall, Englewood Cliffs, NJ. Chapter 7, 189--233.Google ScholarGoogle Scholar
  36. Venet, A. 1996. Abstract cofibered domains: Application to the alias analysis of untyped programs. In Proceedings of the Static Analysis Symposium (SAS) (Aachen, Germany). Lecture Notes in Computer Science, vol. 1145, Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. The trace partitioning abstract domain

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Programming Languages and Systems
          ACM Transactions on Programming Languages and Systems  Volume 29, Issue 5
          Special Issue ESOP'05
          August 2007
          213 pages
          ISSN:0164-0925
          EISSN:1558-4593
          DOI:10.1145/1275497
          Issue’s Table of Contents

          Copyright © 2007 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 2 August 2007
          Published in toplas Volume 29, Issue 5

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • article

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!