Non-disjunctive Numerical Domain for Array Predicate Abstraction

We present a numerical abstract domain to infer invariants on (a possibly unbounded number of) consecutive array elements using array predicates. It is able to represent and compute affine equality relations over the predicate parameters and the program variables, without using disjunctions or heuristics. It is the cornerstone of a sound static analysis of one- and two-dimensional array manipulation algorithms. The implementation shows very good performance on representative benchmarks. Our approach is sufficiently robust to handle programs traversing arrays and matrices in various ways.

[1]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[2]  Patrick Cousot,et al.  Verification by Abstract Interpretation , 2003, Verification: Theory and Practice.

[3]  Guillaume Brat,et al.  Precise and efficient static array bound checking for large embedded C programs , 2004, PLDI '04.

[4]  Michael Karr,et al.  Affine relationships among variables of a program , 1976, Acta Informatica.

[5]  Patrick Cousot,et al.  Abstract Interpretation and Application to Logic Programs , 1992, J. Log. Program..

[6]  Peter W. O'Hearn,et al.  Shape Analysis for Composite Data Structures , 2007, CAV.

[7]  Thomas A. Henzinger,et al.  Lazy Shape Analysis , 2006, CAV.

[8]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[9]  Thomas A. Henzinger,et al.  Path invariants , 2007, PLDI '07.

[10]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[11]  Xavier Allamigeon,et al.  Static Analysis of String Manipulations in Critical Embedded C Programs , 2006, SAS.

[12]  Markus Müller-Olm,et al.  A Note on Karr's Algorithm , 2004, ICALP.

[13]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[14]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[15]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[16]  Patrick Cousot,et al.  Automatic Verification by Abstract Interpretation , 2002, VMCAI.

[17]  Xavier Rival,et al.  Trace Partitioning in Abstract Interpretation Based Static Analyzers , 2005, ESOP.

[18]  Thomas W. Reps,et al.  A framework for numeric analysis of array operations , 2005, POPL '05.

[19]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[20]  Antoine Mid The Octagon Abstract Domain , 2001 .

[21]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[22]  Ranjit Jhala,et al.  Array Abstractions from Proofs , 2007, CAV.

[23]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[24]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[25]  Sumit Gulwani,et al.  Lifting abstract interpreters to quantified logical domains , 2008, POPL '08.