Abstract
In order to achieve better precision of abstract interpretation-based static analysis, we introduce a new generic abstract domain, the trace partitioning abstract domain. We develop a theoretical framework allowing a wide range of instantiations of the domain, proving that all these instantiations give correct results. From this theoretical framework, we go into implementation details of a particular instance developed in the Astrée static analyzer. We show how the domain is automatically configured in Astrée and the gain and cost in terms of performance and precision.
- Ammons, G. and Larus, J. R. 1998. Improving data-flow analysis with path profiles. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (Montreal, Canada). ACM, New York, 72--84. Google Scholar
Digital Library
- Ball, T. and Rajamani, S. K. 2001. Automatically validating temporal safety properties of interfaces. In Proceedings of the 8th International SPIN Workshop (Toronto, Canada). Lecture Notes in Computer Science. Springer, 103--122. Google Scholar
Digital Library
- Ball, T. and Larus, J. R. 1996. Efficient path profiling. In Proceedings of the Annual ACM IEEE International Symposium on Microarchitecture (MICRO). IEEE Computer Society, Washington DC, 46--57. Google Scholar
Digital Library
- Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. 2003. A static analyzer for large safety critical software. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (San Diego, CA). ACM Press, New York, 196--207. Google Scholar
Digital Library
- Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. 2002. Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software. In The Essence of Computation: Complexity, Analysis, Transformation. Essays Dedicated to Neil D. Jones, T. Mogensen et al., eds. Lecture Notes in Computer Science, vol. 2566. Springer, 85--108. Google Scholar
Digital Library
- Bodík, R., Gupta, R., and Soffa, M. L. 1997. Refining data flow information using infeasible paths. In Proceedings of the 6th European Software Engineering Conference and 5th ACM/SIGSOFT Symposium on Foundations of Software Engineering (Zurich, Switzerland). Springer, 361--377. Google Scholar
Digital Library
- Bourdoncle, F. 1993. Efficient chaotic iteration strategies with widenings. In Proceedings of the International Conference on Formal Methods in Programming and Their Applications. Lecture Notes in Computer Science, vol. 735, Springer, 128--142.Google Scholar
- Bryant, R. 1986. Graph based algorithms for Boolean function manipulation. IEEE Trans. Comput. C-35, 677--691. Google Scholar
Digital Library
- Cousot, P. 1981. Semantic foundations of program analysis. In Program Flow Analysis: Theory and Applications, S. Muchnick and N. Jones, eds. Prentice-Hall, Englewood Cliffs, NJ. Chapter 10, 303--342.Google Scholar
- Cousot, P. and Cousot, R. 1979. Systematic design of program analysis frameworks. In Conference Record of the 6th Symposium on Principles of Programming Languages (POPL) (San Antonio, TX). ACM Press, New York, 269--282. Google Scholar
Digital Library
- Cousot, P. and Cousot, R. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Conference Record of the 4th Symposium on Principles of Programming Languages (POPL) (Los Angeles, CA). ACM Press, New York, 238--252. Google Scholar
Digital Library
- Cousot, P. and Cousot, R. 1992a. Abstract interpretation and application to logic programs. J. Logic Program. 13, 2-3, 103--179. Google Scholar
Digital Library
- Cousot, P. and Cousot, R. 1992b. Abstract interpretation frameworks. J. Logic Comput. 2, 4 (Aug.), 511--547.Google Scholar
Cross Ref
- Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. 2005. The ASTRÉE analyzer. In Proceedings of the European Symposium On Programming (ESOP) (Edinburgh, UK). Lecture Notes in Computer Science, vol. 3444. Springer.Google Scholar
- Cousot, P. and Halbwachs, N. 1978. Automatic discovery of linear restraints among variables of a program. In Conference Record of the 5th Symposium on Principles of Programming Languages (POPL) (Tucson, AZ). ACM Press, New York, 84--97. Google Scholar
Digital Library
- Das, M., Lerner, S., and Seigle, M. 2002. ESP: Path-Sensitive program verification in polynomial time. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (Berlin, Germany). ACM Press, New York, 57--68. Google Scholar
Digital Library
- Feret, J. 2005. The arithmetic-geometric progression abstract domain. In Proceedings of the 6th Conference on Verification, Model-Cecking and Abstract Interpretation (VMCAI) (Paris), R. Cousot, ed. Lecture Notes in Computer Science, vol. 3385. Springer, 2--18. Google Scholar
Digital Library
- Feret, J. 2004. Static analysis of digital filters. In Proceedings of the European Symposium on Programming (ESOP) (Barcelona, Spain). Lecture Notes in Computer Science. vol. 2986, Springer, 33--48.Google Scholar
Cross Ref
- Flanagan, C., Leino, K. R., Lillibridge, M., Nelson, G., Saxe, J. B., and Stata, R. 2002. Extended static checking for Java. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI). ACM Press, New York, 234--245. Google Scholar
Digital Library
- Granger, P. 1989. Static analysis of arithmetical congruences. Int. J. Comput. Math. 30, 165--190.Google Scholar
Cross Ref
- Halbwachs, N., Lagnier, F., and Raymond, P. 1993. Synchronous observers and the verification of reactive systems. In Proceedings of the Workshop on Algebraic Methodology and Software Technology (AMAST) (Twente, The Netherlands). Springer, 83--96. Google Scholar
Digital Library
- Handjieva, M. and Tzolovski, S. 1998. Refining static analyses by trace-based partitioning using control flow. In Proceedings of the 5th International Static Analysis Symposium (SAS). Lecture Notes in Computer Science, Springer, 200--214.Google Scholar
- Holley, L. H. and Rosen, B. K. 1980. Qualified data flow problems. In Proceedings of the 7th ACM Symposium on Principles of Programming Languages (POPL) (Las Vegas, NV). ACM Press, New York, 68--82. Google Scholar
Digital Library
- Horwitz, S., Reps, T., and Binkley, D. 1988. Interprocedural slicing using dependence graphs. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (Atlanta, GA). ACM Press, New York, 35--46. Google Scholar
Digital Library
- Jeannet, B. 2003. Dynamic partitioning in linear relation analysis: Application to the verification of reactive systems. Formal Methods Syst. Des. 23, 1, 5--37. Google Scholar
Digital Library
- Jeannet, B., Halbwachs, N., and Raymond, P. 1999. Dynamic partitioning in analyses of numerical properties. In Proceedings of the 6th Static Analysis Symposium (SAS) (Venice, Italy). Lecture Notes in Computer Science, vol. 1694. Springer, 39--50. Google Scholar
Digital Library
- Jones, N. D. and Muchnick, S. S. 1979. Flow analysis and optimization of LISP-like structures. In Proceedings of the 6th ACM Symposium on Principles of Programming Languages (POPL) (San Antonio, TX). ACM Press, New York, 244--256. Google Scholar
Digital Library
- Mauborgne, L. 2004. ASTRÉE: Verification of absence of run-time error. In Building the Information Society. Kluwer Academic, Toulouse, France. Chapter 4, 384--392.Google Scholar
- Melski, D. and Reps, T. W. 2003. The interprocedural express-lane transformation. In Proceedings of the 12th International Conference on Compiler Construction (CC) (Warsaw, Poland). Lecture Notes in Computer Science. Springer, 200--216.Google Scholar
- Miné, A. 2001. The octagon abstract domain. Higher-Order Symb. Comput. 19, 1, 31--100. Google Scholar
Digital Library
- Monniaux, D. 2005. The parallel implementation of the Astrée static analyzer. In Proceedings of the 6th Asian Symposium on Programming Languages and Systems (APLAS). Lecture Notes in Computer Science, vol. 3780. Springer. Google Scholar
Digital Library
- Plotkin, G. D. 1981. A structural approach to operational semantics. Tech. Rep. DAIMI FN-19, Aarhus University, Denmark. September.Google Scholar
- Reps, T., Horwitz, S., and Sagiv, M. 1995. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22nd ACM Symposium on Principles of Programming Languages (POPL) (San Fransisco, CA). ACM Press, New York, 49--61. Google Scholar
Digital Library
- Rival, X. 2005. Understanding the origin of alarms in astrée. In Proceedings of the 12th Static Analysis Symposium (SAS) (London). Lecture Notes in Computer Science, vol. 3672. Springer, 303--319. Google Scholar
Digital Library
- Sharir, M. and Pnueli, A. 1981. Two approaches to interprocedural data flow analysis. In Program Flow Analysis: Theory and Applications, S. Muchnick and N. Jones, eds. Prentice-Hall, Englewood Cliffs, NJ. Chapter 7, 189--233.Google Scholar
- Venet, A. 1996. Abstract cofibered domains: Application to the alias analysis of untyped programs. In Proceedings of the Static Analysis Symposium (SAS) (Aachen, Germany). Lecture Notes in Computer Science, vol. 1145, Springer. Google Scholar
Digital Library
Index Terms
The trace partitioning abstract domain
Recommendations
Trace partitioning in abstract interpretation based static analyzers
ESOP'05: Proceedings of the 14th European conference on Programming Languages and SystemsWhen designing a tractable static analysis, one usually needs to approximate the trace semantics. This paper proposes a systematic way of regaining some knowledge about the traces by performing the abstraction over a partition of the set of traces ...
The octagon abstract domain
This article presents the octagon abstract domain , a relational numerical abstract domain for static analysis by abstract interpretation. It allows representing conjunctions of constraints of the form X Y c where X and Y range among program ...
The Octagon Abstract Domain
WCRE '01: Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)This article presents a new numerical abstract domain for static analysis by abstract interpretation. It extends our previously proposed DBM-based numerical abstract domain and allows us to represent invariants of the form (\pm x \pm y lleq c), where x ...






Comments