skip to main content
10.1145/1328438.1328468acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
research-article

Lifting abstract interpreters to quantified logical domains

Published:07 January 2008Publication History

ABSTRACT

We describe a general technique for building abstract interpreters over powerful universally quantified abstract domains that leverage existing quantifier-free domains. Our quantified abstract domain can represent universally quantified facts like ∀i(0 ≤ i < n ⇒ α[i] = 0). The principal challenge in this effort is that, while most domains supply over-approximations of operations like join, meet, and variable elimination, working with the guards of quantified facts requires under-approximation. We present an automatic technique to convert the standard over-approximation operations provided with all domains into sound under-approximations. We establish the correctness of our abstract interpreters by identifying two lattices---one that establishes the soundness of the abstract interpreter and another that defines its precision, or completeness. Our experiments on a variety of programs using arrays and pointers (including several sorting algorithms) demonstrate the feasibility of the approach on challenging examples.

References

  1. Dirk Beyer, Tom Henzinger, Rupak Majumdar, and Andrey Rybalchenko. Path invariants. In PLDI, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Jesse D. Bingham and Zvonimir Rakamaric. A logic and decision procedure for predicate abstraction of heap-manipulating programs. In VMCAI, pages 207--221, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. A.R. Bradley, Z. Manna, and H. Sipma. What's decidable about arrays? In VMCAI, volume 3855 of LNCS, pages 427--442. Springer, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. P. Cerny. Verification par interpretation abstraite de predicats parametriques. Master's thesis, Univ. Paris VII &amp; Ecole normale superieure, Paris 20, 2003.Google ScholarGoogle Scholar
  5. Patrick Cousot. Verification by abstract interpretation. In Verification: Theory and Practice, volume 2772 of LNCS, pages 243--268, 2003.Google ScholarGoogle Scholar
  6. Patrick Cousot and Radhia Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, pages 234--252, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Patrick Cousot and Nicolas Halbwachs. Automatic discovery of linear restraints among variables of a program. In POPL, pages 84--97, 1978. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Cormac Flanagan and Shaz Qadeer. Predicate abstraction for software verification. In POPL, pages 191--202, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Denis Gopan, Thomas~W. Reps, and Shmuel Sagiv. A framework for numeric analysis of array operations. In POPL, pages 338--350, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Sumit Gulwani and Ashish Tiwari. Combining abstract interpreters. In PLDI, pages 376--386, June 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Sumit Gulwani and Ashish Tiwari. Static analysis of heap manipulating low-level software. In CAV, LNCS, 2007.Google ScholarGoogle Scholar
  12. Sumit Gulwani, Bill McCloskey, and Ashish Tiwari. Lifting abstract interpreters to quantified logical domains. Technical Report MSR-TR-2007-87, Microsoft Research, July 2007.Google ScholarGoogle Scholar
  13. Ranjit Jhala and Ken McMillan. Array abstractions from proofs. In CAV, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Michael Karr. Affine relationships among variables of a program. In Acta Informatica, pages 133--151. Springer, 1976.Google ScholarGoogle Scholar
  15. Shuvendu K. Lahiri and Randal E. Bryant. Indexed predicate discovery for unbounded system verification. In CAV, pages 135--147, 2004.Google ScholarGoogle Scholar
  16. Matthew Might. Logic-flow analysis of higher-order programs. In POPL, pages 185--198, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Lifting abstract interpreters to quantified logical domains

                  Recommendations

                  Comments

                  Login options

                  Check if you have access through your login credentials or your institution to get full access on this article.

                  Sign in

                  PDF Format

                  View or Download as a PDF file.

                  PDF

                  eReader

                  View online with eReader.

                  eReader
                  About Cookies On This Site

                  We use cookies to ensure that we give you the best experience on our website.

                  Learn more

                  Got it!