Abstract
Compositional recurrence analysis (CRA) is a static-analysis method based on a combination of symbolic analysis and abstract interpretation. This paper addresses the problem of creating a context-sensitive interprocedural version of CRA that handles recursive procedures. The problem is non-trivial because there is an "impedance mismatch" between CRA, which relies on analysis techniques based on regular languages (i.e., Tarjan's path-expression method), and the context-free-language underpinnings of context-sensitive analysis.
We show how to address this impedance mismatch by augmenting the CRA abstract domain with additional operations. We call the resulting algorithm Interprocedural CRA (ICRA). Our experiments with ICRA show that it has broad overall strength compared with several state-of-the-art software model checkers.
Supplemental Material
Available for Download
This ZIP archive contains a virtual machine in OVA (Open Virtualization Archive) format. The virtual machine contains an installation of ICRA, which is the program analysis tool that implements the ideas described in the associate publication, "Compositional Recurrence Analysis Revisited." For more information about the virtual machine, see the README.txt file inside the ZIP archive. For detailed information about how to use the virtual machine to run ICRA, see the README.txt file inside the virtual machine at the path "~/Newton/README.txt".
- APRON. APRON numerical abstract domain library.Google Scholar
- R. Backhouse and B. Carré. Regular algebra applied to pathfinding problems. J. Inst. Maths. Applics., 15, 1975.Google Scholar
- D. Beyer and M. Keremoglu. CPAchecker: A tool for configurable software verification. In CAV, 2011. Google Scholar
Digital Library
- S. Biallas, J. Brauer, A. King, and S. Kowalewski. Loop leaping with closures. In SAS, 2012. Google Scholar
Digital Library
- A. Bouajjani, J. Esparza, and O. Maler. Reachability analysis of pushdown automata: Application to model checking. In CONCUR, 1997. Google Scholar
Digital Library
- M. Bozga, R. Iosif, F. Koneˇ cný, and T. Vojnar. Tool demonstration of the FLATA counter automata toolset. In Workshop on Invariant Generation, 2012.Google Scholar
- Q. Carbonneaux, J. Hoffmann, and Z. Shao. Compositional certified resource bounds. In PLDI, 2015. Google Scholar
Digital Library
- Q. Carbonneaux, J. Hoffmann, and Z. Shao. Compositional certified resource bounds (extended version). YALEU/DCS/TR-1505, Yale Univ., New Haven, CT, Apr. 2015.Google Scholar
- B. Carré. An algebra for network routing problems. J. Inst. Maths. Applics., 7, 1971.Google Scholar
- P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, 1977. Google Scholar
Digital Library
- P. Cousot and N. Halbwachs. Automatic discovery of linear constraints among variables of a program. In POPL, 1978. Google Scholar
Digital Library
- L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, 2008. Google Scholar
Digital Library
- J. Esparza, S. Kiefer, and M. Luttenberger. Newtonian program analysis. J. ACM, 57(6), 2010. Google Scholar
Digital Library
- A. Farzan and Z. Kincaid. Compositional recurrence analysis. In FMCAD, 2015. Google Scholar
Digital Library
- A. Finkel, B.Willems, and P. Wolper. A direct symbolic approach to model checking pushdown systems. ENTCS, 9, 1997.Google Scholar
- P. Ganty, R. Iosif, and F. Koneˇ cný. Underapproximation of procedure summaries for integer programs. Softw. Tools for Tech. Transfer, 2016.Google Scholar
- Corrected version available as arXiv:1210.4289v3 (10.1007/s10009-016-0420-7).Google Scholar
- M. Gondran and M. Minoux. Graphs, Dioids and Semirings: New Models and Algorithms. Springer-Verlag, 2010. Google Scholar
Digital Library
- L. Gonnord and P. Schrammel. Abstract acceleration in linear relation analysis. SCP, 93, 2014. Google Scholar
Digital Library
- S. Gulwani and F. Zuleger. The reachability-bound problem. In PLDI, 2010. Google Scholar
Digital Library
- S. Gulwani, K. Mehra, and T. Chilimbi. SPEED: Precise and efficient static estimation of program computational complexity. In POPL, 2009. Google Scholar
Digital Library
- A. Gurfinkel, T. Kahsai, A. Komuravelli, and J. Navas. The SeaHorn verification framework. In CAV, 2015.Google Scholar
- M. Heizmann, J. Christ, D. Dietsch, E. Ermis, J. Hoenicke, M. Lindenmann, A. Nutz, C. Schilling, and A. Podelski. Ultimate Automizer with SMTInterpol (competition contribution). In TACAS, 2013. Google Scholar
Digital Library
- B. Jeannet, P. Schrammel, and S. Sankaranarayanan. Abstract acceleration of general linear loops. In POPL, 2014. Google Scholar
Digital Library
- E. Karpenkov, D. Monniaux, and P. Wendler. Program analysis with local policy iteration. In VMCAI, 2016. Google Scholar
Digital Library
- N. Kidd, A. Lal, and T. Reps. WALi: The Weighted Automaton Library, 2007.Google Scholar
- G. Kildall. A unified approach to global program optimization. In POPL, 1973. Google Scholar
Digital Library
- Z. Kincaid, J. Breck, A. Forouhi Boroujeni, and T. Reps. Compositional recurrence analysis revisited. TR-1840, Comp. Sci. Dept., Univ. of Wisconsin, Madison, WI, Oct. 2016. Revised, Apr. 2017.Google Scholar
- D. Kroening, N. Sharygina, S. Tonetta, A. Tsitovich, and C. Wintersteiger. Loop summarization using abstract transformers. In ATVA, 2008. Google Scholar
Digital Library
- A. Lal and T. Reps. Improving pushdown system model checking. In CAV, 2006. Google Scholar
Digital Library
- A. Lal and T. Reps. Reducing concurrent analysis under a context bound to sequential analysis. Formal Methods in System Design, 35(1):73–97, 2009. Google Scholar
Digital Library
- A. Lal, T. Touili, N. Kidd, and T. Reps. Interprocedural analysis of concurrent programs under a context bound. In TACAS, 2008. Google Scholar
Digital Library
- J. Leroux and G. Sutre. Accelerated data-flow analysis. In SAS, 2007. Google Scholar
Digital Library
- T. Reps. Program analysis via graph reachability. IST, 40, 1998.Google Scholar
- T. Reps, S. Schwoon, S. Jha, and D. Melski. Weighted pushdown systems and their application to interprocedural dataflow analysis. SCP, 58, 2005. Google Scholar
Digital Library
- T. Reps, E. Turetsky, and P. Prabhu. Newtonian program analysis via tensor product. In POPL, 2016. Google Scholar
Digital Library
- G. Rote. Path problems in graphs. In Computational Graph Theory (Computing Supplementum 7). Springer-Verlag, 1990.Google Scholar
Cross Ref
- B. Ryder and M. Paul. Elimination algorithms for data flow analysis. ACM Comput. Surv., 18(3):277–316, 1986. Google Scholar
Digital Library
- M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In Program Flow Analysis: Theory and Applications. Prentice-Hall, 1981.Google Scholar
Digital Library
- SVCOMP16. 5th Int. competition on software verification (SV-COMP16), 2016.Google Scholar
- R. Tarjan. Fast algorithms for solving path problems. J. ACM, 28(3):594–614, 1981. Google Scholar
Digital Library
Index Terms
Compositional recurrence analysis revisited
Recommendations
Compositional recurrence analysis revisited
PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and ImplementationCompositional recurrence analysis (CRA) is a static-analysis method based on a combination of symbolic analysis and abstract interpretation. This paper addresses the problem of creating a context-sensitive interprocedural version of CRA that handles ...
Symbolic pointer analysis revisited
PLDI '04Pointer analysis is a critical problem in optimizing compiler, parallelizing compiler, software engineering and most recently, hardware synthesis. While recent efforts have suggested symbolic method, which uses Bryant's Binary Decision Diagram as an ...
Symbolic pointer analysis revisited
PLDI '04: Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementationPointer analysis is a critical problem in optimizing compiler, parallelizing compiler, software engineering and most recently, hardware synthesis. While recent efforts have suggested symbolic method, which uses Bryant's Binary Decision Diagram as an ...






Comments