The octagon abstract domain

The article presents a novel numerical abstract domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on Difference-Bound Matrices and allows us to represent invariants of the form (/spl plusmn/x/spl plusmn/y/spl les/c), where x and y are program variables and c is a real constant. We focus on giving an efficient representation based on Difference-Bound Matrices with O(n/sup 2/) memory cost, where n is the number of variables, and graph-based algorithms for all common abstract operators, with O(n/sup 3/) time cost. This includes a normal form algorithm to test the equivalence of representation and a widening operator to compute least fixpoint approximations.

[1]  Ken Kennedy,et al.  A technique for summarizing data access and its use in parallelism enhancing transformations , 1989, PLDI '89.

[2]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[3]  François Bourdoncle,et al.  Abstract interpretation by dynamic partitioning , 1992, Journal of Functional Programming.

[4]  Arnaud Venet,et al.  Nonuniform Alias Analysis of Recursive Data Structures and Arrays , 2002, SAS.

[5]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[6]  Henny B. Sipma,et al.  Synthesis of Linear Ranking Functions , 2001, TACAS.

[7]  Nicolas Halbwachs Détermination automatique de relations linéaires vérifiées par les variables d'un programme , 1979 .

[8]  Patrick Cousot,et al.  Abstract Interpretation and Application to Logic Programs , 1992, J. Log. Program..

[9]  Elliot K. Kolodner,et al.  Automatic Removal of Array Memory Leaks in Java , 2000, CC.

[10]  Patrick Cousot,et al.  Méthodes itératives de construction et d'approximation de points fixes d'opérateurs monotones sur un treillis, analyse sémantique des programmes , 1978 .

[11]  Bernard Berthomieu,et al.  Time Petri Nets for Analyzing and Verifying Time Dependent Communication Protocols , 1983, Protocol Specification, Testing, and Verification.

[12]  Philippe Granger Static analysis of arithmetical congruences , 1989 .

[13]  V. Pratt Two Easy Theories Whose Combination is Hard , 2002 .

[14]  Roberto Bagnara,et al.  Data-Flow Analysis for Constraint Logic-Based Languages , 1999 .

[15]  Patrick Cousot,et al.  Verification by Abstract Interpretation , 2003, Verification: Theory and Practice.

[16]  Michael Rodeh,et al.  Cleanness Checking of String Manipulations in C Programs via Integer Analysis , 2001, SAS.

[17]  Patrick Cousot,et al.  The calculational design of a generic abstract interpreter , 1999 .

[18]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[19]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[20]  Henrik Reif Andersen,et al.  Difference Decision Diagrams , 1999, CSL.

[21]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[22]  J. L. Lions ARIANE 5 Flight 501 Failure: Report by the Enquiry Board , 1996 .

[23]  Leslie Lamport,et al.  A new solution of Dijkstra's concurrent programming problem , 1974, Commun. ACM.

[24]  Maria Handjieva,et al.  Refining Static Analyses by Trace-Based Partitioning Using Control Flow , 1998, SAS.

[25]  Jacob M. Howe,et al.  Two Variables per Linear Inequality as an Abstract Domain , 2002, LOPSTR.

[26]  Sergio Yovine,et al.  Model Checking Timed Automata , 1996, European Educational Forum: School on Embedded Systems.

[27]  G. S. Graham A New Solution of Dijkstra ' s Concurrent Programming Problem , 2022 .

[28]  François Bourdoncle,et al.  Abstract debugging of higher-order imperative languages , 1993, PLDI '93.

[29]  Wang Yi,et al.  Clock Difference Diagrams , 1998, Nord. J. Comput..

[30]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI '03.

[31]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[32]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software, invited chapter , 2002 .

[33]  Bertrand Jeannet Partitionnement dynamique dans l'analyse de relations linéaires et application à la vérification de programmes synchrones , 2000 .

[34]  David L. Dill,et al.  Timing Assumptions and Verification of Finite-State Concurrent Systems , 1989, Automatic Verification Methods for Finite State Systems.

[35]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[36]  Wang Yi,et al.  Efficient verification of real-time systems: compact data structure and state-space reduction , 1997, Proceedings Real-Time Systems Symposium.

[37]  Antoine Miné,et al.  A New Numerical Abstract Domain Based on Difference-Bound Matrices , 2001, PADO.

[38]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[39]  Robert E. Shostak,et al.  Deciding Linear Inequalities by Computing Loop Residues , 1981, JACM.

[40]  Michael J. Maher,et al.  Beyond Finite Domains , 1994, PPCP.