Abstract
Non-trivial analysis problems require complete lattices with infinite ascending and descending chains. In order to compute reasonably precise post-fixpoints of the resulting systems of equations, Cousot and Cousot have suggested accelerated fixpoint iteration by means of widening and narrowing.
The strict separation into phases, however, may unnecessarily give up precision that cannot be recovered later. While widening is also applicable if equations are non-monotonic, this is no longer the case for narrowing. A narrowing iteration to improve a given post-fixpoint, additionally, must assume that all right-hand sides are monotonic. The latter assumption, though, is not met in presence of widening. It is also not met by equation systems corresponding to context-sensitive interprocedural analysis, possibly combining context-sensitive analysis of local information with flow-insensitive analysis of globals.
As a remedy, we present a novel operator that combines a given widening operator with a given narrowing operator. We present adapted versions of round-robin as well as of worklist iteration, local, and side-effecting solving algorithms for the combined operator and prove that the resulting solvers always return sound results and are guaranteed to terminate for monotonic systems whenever only finitely many unknowns (constraint variables) are encountered.
- K. Apinis, H. Seidl, and V. Vojdani. Side-Effecting Constraint Systems: A Swiss Army Knife for Program Analysis. In APLAS, pages 157--172. LNCS 7705, Springer, 2012.Google Scholar
Cross Ref
- Bruno Blanchet, Patrick Cousot, Radhia Cousot, Jérome Feret, Laurent Mauborgne, Antoine Miné, David Monniaux, and Xavier Rival. A static analyzer for large safety-critical software. In ACM SIGPLAN Notices, volume 38, pages 196--207. ACM, 2003. Google Scholar
Digital Library
- François Bourdoncle. Interprocedural abstract interpretation of block structured languages with nested procedures, aliasing and recursivity. In Programming Language Implementation and Logic Programming, 2nd International Workshop PLILP'90, volume 456 of Lecture Notes in Computer Science, pages 307--323. Springer-Verlag, 1990. Google Scholar
Digital Library
- François Bourdoncle. Efficient chaotic iteration strategies with widenings. In Proceedings of the International Conference on Formal Methods in Programming and their Applications, pages 128--141. Springer-Verlag, 1993.Google Scholar
Cross Ref
- Agostino Cortesi and Matteo Zanioli. Widening and narrowing operators for abstract interpretation. Computer Languages, Systems & Structures, 37(1):24--42, 2011. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Static determination of dynamic properties of programs. In B. Robinet, editor, Second International Symposium on Programming, Paris, France, page 106--130. Dunod, Paris, 1976.Google Scholar
- P. Cousot and R. Cousot. Abstract Interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In 4th ACM Symp. on Principles of Programming Languages (POPL'77), pages 238--252. ACM Press, 1977. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Static Determination of Dynamic Properties of Recursive Procedures. In IFIP Conf. on Formal Description of Programming Concepts, pages 237--277. North-Holland, 1977.Google Scholar
- P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. Combination of abstractions in the ASTRÉE static analyzer. In M. Okada and I. Satoh, editors, Eleventh Annual Asian Computing Science Conference (ASIAN'06), pages 272--300, Tokyo, Japan, LNCS 4435, 2007. Springer, Berlin. Google Scholar
Digital Library
- Patrick Cousot. Semantic foundations of program analysis. In S.S. Muchnick and N.D. Jones, editors, Program Flow Analysis: Theory and Applications, chapter 10, page 303--342. Prentice-Hall, Inc., Englewood Cliffs, New Jersey, U.S.A., 1981.Google Scholar
- Patrick Cousot and Radhia Cousot. Comparing the galois connection and widening/narrowing approaches to abstract interpretation. In Maurice Bruynooghe and Martin Wirsing, editors, PLILP, volume 631 of LNCS, pages 269--295. Springer, 1992. Google Scholar
Digital Library
- Christian Fecht and Helmut Seidl. A Faster Solver for General Systems of Equations. Science of Computer Programming, 35(2):137--161, 1999. Google Scholar
Digital Library
- Denis Gopan and Thomas Reps. Lookahead widening. In Thomas Ball and Robert Jones, editors, Computer Aided Verification, volume 4144 of LNCS, pages 452--466. Springer, 2006. Google Scholar
Digital Library
- Denis Gopan and Thomas Reps. Guided static analysis. In Hanne Nielson and Gilberto Filé, editors, Proc. of the 14th International Static Analysis Symposium (SAS), volume 4634 of LNCS, pages 349--365. Springer, 2007. Google Scholar
Digital Library
- Bhargav Gulavani, Supratik Chakraborty, Aditya Nori, and Sriram Rajamani. Automatically refining abstract interpretations. In C. Ramakrishnan and Jakob Rehof, editors, Tools and Algorithms for the Construction and Analysis of Systems (TACAS'08), volume 4963 of LNCS, pages 443--458. Springer, 2008. Google Scholar
Digital Library
- Sumit Gulwani, Sagar Jain, and Eric Koskinen. Control-flow refinement and progress invariants for bound analysis. In Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation (PLDI'09), page 375--385, June 2009. Google Scholar
Digital Library
- Jan Gustafsson, Adam Betts, Andreas Ermedahl, and Björn Lisper. The Mälardalen WCET benchmarks -- past, present and future. In Björn Lisper, editor, WCET2010, pages 137--147, Brussels, Belgium, July 2010. OCG.Google Scholar
- Nicolas Halbwachs and Julien Henry. When the decreasing sequence fails. In Antoine Miné and David Schmidt, editors, SAS, volume 7460 of LNCS, pages 198--213. Springer, 2012. ISBN 978-3-642-33124-4. Google Scholar
Digital Library
- Julien Henry, David Monniaux, and Matthieu Moy. Succinct representations for abstract interpretation. In Antoine Miné and David Schmidt, editors, Static Analysis Symposium (SAS'12), volume 7460 of LNCS, pages 283--299. Springer Berlin / Heidelberg, 2012. Google Scholar
Digital Library
- Martin Hofmann, Aleksandr Karbyshev, and Helmut Seidl. What is a pure functional? In ICALP (2), pages 199--210. LNCS 6199, Springer, 2010. Google Scholar
Digital Library
- Martin Hofmann, Aleksandr Karbyshev, and Helmut Seidl. Verifying a local generic solver in Coq. In SAS'10, pages 340--355. LNCS 6337, Springer, 2010. Google Scholar
Digital Library
- B. Le Charlier and P. Van Hentenryck. A Universal Top-Down Fixpoint Algorithm. Technical Report 92--22, Institute of Computer Science, University of Namur, Belgium, 1992. Google Scholar
Digital Library
- David Monniaux and Julien Le Guen. Stratified static analysis based on variable dependencies. In The Third International Workshop on Numerical and Symbolic Abstract Domains, 2011.Google Scholar
- George C. Necula, Scott McPeak, S. P. Rahul, and Westley Weimer. CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In CC'02, volume 2304 of LNCS, pages 213--228. Springer, 2002. Google Scholar
Digital Library
- Helmut Seidl, Varmo Vene, and Markus Müller-Olm. Global invariants for analyzing multithreaded applications. Proc. of the Estonian Academy of Sciences: Phys., Math., 52(4):413--436, 2003.Google Scholar
- Rahul Sharma, Isil Dillig, Thomas Dillig, and Alex Aiken. Simplifying loop invariant generation using splitter predicates. In Ganesh Gopalakrishnan and Shaz Qadeer, editors, Computer Aided Verification (CAV'11), volume 6806 of LNCS, pages 703--719. Springer, 2011. Google Scholar
Digital Library
- Axel Simon and Andy King. Widening polyhedra with landmarks. In Naoki Kobayashi, editor, APLAS, volume 4279 of LNCS, pages 166-- 182. Springer, 2006. ISBN 3-540-48937-1. Google Scholar
Digital Library
- B. Vergauwen, J.Wauman, and J. Lewi. Efficient fixpoint computation. In SAS'94, volume 864 of LNCS, pages 314--328. Springer, 1994.Google Scholar
- Vesal Vojdani and Varmo Vene. Goblint: Path-sensitive data race analysis. Annales Univ. Sci. Budapest., Sect. Comp., 30:141--155, 2009.Google Scholar
Index Terms
How to combine widening and narrowing for non-monotonic systems of equations
Recommendations
How to combine widening and narrowing for non-monotonic systems of equations
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and ImplementationNon-trivial analysis problems require complete lattices with infinite ascending and descending chains. In order to compute reasonably precise post-fixpoints of the resulting systems of equations, Cousot and Cousot have suggested accelerated fixpoint ...
Compare less, defer more: scaling value-contexts based whole-program heap analyses
CC 2019: Proceedings of the 28th International Conference on Compiler ConstructionThe precision of heap analyses determines the precision of several associated optimizations, and has been a prominent area in compiler research. It has been shown that context-sensitive heap analyses are more precise than the insensitive ones, but their ...
Adaptive Static Analysis via Learning with Bayesian Optimization
Building a cost-effective static analyzer for real-world programs is still regarded an art. One key contributor to this grim reputation is the difficulty in balancing the cost and the precision of an analyzer. An ideal analyzer should be adaptive to a ...







Comments