Static Analysis and Verification of Aerospace Software by Abstract Interpretation

We discuss the principles of static analysis by abstract interpretation and report on the automatic verification of the absence of runtime errors in large embedded aerospace software by static analysis based on abstract interpretation. The first industrial applications concerned synchronous control/command software in open loop. Recent advances consider imperfectly synchronous programs, parallel programs, and target code validation as well. Future research directions on abstract interpretation are also discussed in the context of aerospace software.

[1]  Pietro Ferrara Static Analysis Via Abstract Interpretation of the Happens-Before Memory Model , 2008, TAP.

[2]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[3]  Xavier Leroy,et al.  A Formally-Verified C Static Analyzer , 2015, POPL.

[4]  Jérôme Feret,et al.  The Arithmetic-Geometric Progression Abstract Domain , 2005, VMCAI.

[5]  Patrick Cousot,et al.  Invariance proof methods and analysis techniques for parallel programs , 1984 .

[6]  John C. Reynolds,et al.  The discoveries of continuations , 1993, LISP Symb. Comput..

[7]  Xavier Rival,et al.  Abstract Interpretation-Based Certification of Assembly Code , 2002, VMCAI.

[8]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .

[9]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[10]  François Bourdoncle,et al.  Abstract interpretation by dynamic partitioning , 1992, Journal of Functional Programming.

[11]  James Gosling,et al.  The Java Language Specification, 3rd Edition , 2005 .

[12]  Radhia Cousot,et al.  "A la Burstall" Intermittent Assertions Induction Principles for Proving Inevitable Ability Properties of Programs , 1993, Theor. Comput. Sci..

[13]  Guy L. Steele,et al.  Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley)) , 2005 .

[14]  Jean Souyris,et al.  Astrée: From Research to Industry , 2007, SAS.

[15]  Ran Ginosar Fourteen ways to fool your synchronizer , 2003, Ninth International Symposium on Asynchronous Circuits and Systems, 2003. Proceedings..

[16]  Eric Goubault,et al.  Space Software Validation using Abstract Interpretation , 2009 .

[17]  Pietro Ferrara,et al.  Static analysis via abstract interpretation of multithreaded programs. (Analyse statique de logiciels MultitâCHES par InterpréTation abstraite) , 2009 .

[18]  Xavier Rival,et al.  The trace partitioning abstract domain , 2007, TOPL.

[19]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[20]  Philippe Granger,et al.  Static Analysis of Linear Congruence Equalities among Variables of a Program , 1991, TAPSOFT, Vol.1.

[21]  Laurent Mauborgne,et al.  Astrée: verification of absence of run-time error , 2004, IFIP Congress Topical Sessions.

[22]  Xavier Rival,et al.  Trace Partitioning in Abstract Interpretation Based Static Analyzers , 2005, ESOP.

[23]  Eric Goubault,et al.  Static Analyses of the Precision of Floating-Point Operations , 2001, SAS.

[24]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[25]  A. Miné Weakly Relational Numerical Abstract Domains , 2004 .

[26]  Manish Mahajan,et al.  Proof carrying code , 2015 .

[27]  Jérôme Feret,et al.  Static Analysis of Digital Filters , 2004, ESOP.

[28]  Paul Caspi,et al.  About the Design of Distributed Control Systems: The Quasi-Synchronous Approach , 2001, SAFECOMP.

[29]  Patrick Cousot,et al.  Méthodes itératives de construction et d'approximation de points fixes d'opérateurs monotones sur un treillis, analyse sémantique des programmes , 1978 .

[30]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[31]  Patrick Cousot,et al.  Combination of Abstractions in the ASTRÉE Static Analyzer , 2006, ASIAN.

[32]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[33]  Patrick Cousot,et al.  Verification by Abstract Interpretation , 2003, Verification: Theory and Practice.

[34]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[35]  Bertrand Jeannet,et al.  Software - The Apron Numerical Abstract Domain Library , 2010 .

[36]  Patrick Cousot,et al.  Fixpoint-Guided Abstraction Refinements , 2007, SAS.

[37]  Jérôme Feret Numerical Abstract Domains for Digital Filters ⋆ , 2007 .

[38]  Antoine Miné,et al.  Static Analysis of Run-Time Errors in Embedded Critical Parallel C Programs , 2011, ESOP.

[39]  Amir Pnueli,et al.  Translation Validation for Synchronous Languages , 1998, ICALP.

[40]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[41]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[42]  Antoine Miné,et al.  Relational Abstract Domains for the Detection of Floating-Point Run-Time Errors , 2004, ESOP.

[43]  Matthieu Martel Enhancing the implementation of mathematical formulas for fixed-point and floating-point arithmetics , 2009, Formal Methods Syst. Des..

[44]  Philippe Granger Static analysis of arithmetical congruences , 1989 .

[45]  François Bourdoncle,et al.  Efficient chaotic iteration strategies with widenings , 1993, Formal Methods in Programming and Their Applications.

[46]  Antoine Mid The Octagon Abstract Domain , 2001 .

[47]  Antoine Miné,et al.  Relational Thread-Modular Static Value Analysis by Abstract Interpretation , 2014, VMCAI.

[48]  Patrick Cousot,et al.  Types as abstract interpretations , 1997, POPL '97.

[49]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software, invited chapter , 2002 .

[50]  Patrick Cousot,et al.  Varieties of Static Analyzers: A Comparison with ASTREE , 2007, First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering (TASE '07).

[51]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[52]  Gilberto Filé,et al.  Static Analysis, 14th International Symposium, SAS 2007, Kongens Lyngby, Denmark, August 22-24, 2007, Proceedings , 2007, SAS.

[53]  Roberto Giacobazzi,et al.  Making abstract interpretations complete , 2000, JACM.

[54]  Patrick Cousot,et al.  Astrée: Proving the Absence of Runtime Errors , 2010 .

[55]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[56]  Radha Jagadeesan,et al.  A theory of memory models , 2007, PPOPP.

[57]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[58]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[59]  Xavier Rival,et al.  Symbolic transfer function-based approaches to certified compilation , 2004, POPL.

[60]  Gilles Dowek,et al.  Principles of programming languages , 1981, Prentice Hall International Series in Computer Science.

[61]  Wang Yi,et al.  Efficient verification of real-time systems: compact data structure and state-space reduction , 1997, Proceedings Real-Time Systems Symposium.

[62]  Patrick Cousot,et al.  The Reduced Product of Abstract Domains and the Combination of Decision Procedures , 2011, FoSSaCS.

[63]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[64]  David Cachera,et al.  Certified Static Analysis by Abstract Interpretation , 2009, FOSAD.

[65]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[66]  Edsger W. Dijkstra,et al.  Cooperating sequential processes , 2002 .

[67]  Antoine Miné Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics , 2006, LCTES '06.

[68]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[69]  P. Cousot,et al.  Constructive versions of tarski's fixed point theorems , 1979 .

[70]  Jeremy Manson,et al.  The Java memory model , 2005, POPL '05.

[71]  P. Cousot Thesis: These d'Etat es sciences mathematiques: Methodes iteratives de construction et d'approximation de points fixes d'operateurs monotones sur un treillis, analyse semantique de programmes (in French) , 1978 .

[72]  Patrick Cousot,et al.  Sometime = always + recursion ≡ always on the equivalence of the intermittent and invariant assertions methods for proving inevitability properties of programs , 1987, Acta Informatica.

[73]  Patrick Cousot,et al.  Systematic design of program transformation frameworks by abstract interpretation , 2002, POPL '02.

[74]  David Monniaux,et al.  The Parallel Implementation of the Astrée Static Analyzer , 2005, APLAS.

[75]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[76]  Patrick Cousot,et al.  Constructive design of a hierarchy of semantics of a transition system by abstract interpretation , 2002, MFPS.

[77]  Julien Bertrane Proving the Properties of Communicating Imperfectly-Clocked Synchronous Systems , 2006, SAS.

[78]  Julien Bertrane Static Analysis by Abstract Interpretation of the Quasi-synchronous Composition of Synchronous Programs , 2005, VMCAI.

[79]  Reinhold Heckmann,et al.  Worst case execution time prediction by static program analysis , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[80]  Rod M. Burstall,et al.  Program Proving as Hand Simulation with a Little Induction , 1974, IFIP Congress.

[81]  Cliff B. Jones,et al.  Developing methods for computer programs including a notion of interference , 1981 .

[82]  Guido D. Salvucci,et al.  Ieee standard for binary floating-point arithmetic , 1985 .

[83]  George C. Necula,et al.  Translation validation for an optimizing compiler , 2000, PLDI '00.

[84]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[85]  Patrick Cousot,et al.  Static Analysis and Verification of Aerospace Software by Abstract Interpretation , 2010, Found. Trends Program. Lang..

[86]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software , 2002, The Essence of Computation.

[87]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.