Structuring Abstract Interpreters Through State and Value Abstractions

We present a new modular way to structure abstract interpreters. Modular means that new analysis domains may be plugged-in. These abstract domains can communicate through different means to achieve maximal precision. First, all abstractions work cooperatively to emit alarms that exclude the undesirable behaviors of the program. Second, the state abstract domains may exchange information through abstractions of the possible value for expressions. Those value abstractions are themselves extensible, should two domains require a novel form of cooperation. We used this approach to design \({\textsc {eva}}\), an abstract interpreter for C implemented within the \(\textsc {Frama}\text {-}\textsc {C}\) framework. We present the domains that are available so far within \({\textsc {eva}}\), and show that this communication mechanism is able to handle them seamlessly.

[1]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[2]  Roger Frost,et al.  International Organization for Standardization (ISO) , 2004 .

[3]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[4]  Patrick Cousot,et al.  The calculational design of a generic abstract interpreter , 1999 .

[5]  Pascal Van Hentenryck,et al.  Combinations of abstract domains for logic programming: open product and generic pattern construction , 2000, Sci. Comput. Program..

[6]  Pascal Cuoq,et al.  A Mergeable Interval Map , 2011, Stud. Inform. Univ..

[7]  Xavier Rival,et al.  Trace Partitioning in Abstract Interpretation Based Static Analyzers , 2005, ESOP.

[8]  Nikolai Kosmatov,et al.  Frama-C: A software analysis perspective , 2015, Formal Aspects of Computing.

[9]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[10]  Patrick Cousot,et al.  Combination of Abstractions in the ASTRÉE Static Analyzer , 2006, ASIAN.

[11]  Jorge A. Navas,et al.  IKOS: A Framework for Static Analysis Based on Abstract Interpretation , 2014, SEFM.

[12]  Jean-Louis Boulanger Static Analysis of Software: The Abstract Interpretation , 2011 .

[13]  Thomas A. Henzinger,et al.  Program Analysis with Dynamic Precision Adjustment , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[14]  Arnaud Venet,et al.  The Gauge Domain: Scalable Analysis of Linear Inequality Invariants , 2012, CAV.

[15]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[16]  Agostino Cortesi,et al.  A Survey on Product Operators in Abstract Interpretation , 2013, Festschrift for Dave Schmidt.

[17]  Manuel Fähndrich,et al.  Static Contract Checking with Abstract Interpretation , 2010, FoVeOOS.

[18]  Nikolai Kosmatov,et al.  Frama-C - A Software Analysis Perspective , 2012, SEFM.

[19]  Thomas W. Reps,et al.  Recency-Abstraction for Heap-Allocated Storage , 2006, SAS.

[20]  Antoine Miné,et al.  Symbolic Methods to Enhance the Precision of Numerical Abstract Domains , 2006, VMCAI.

[21]  Xavier Leroy,et al.  A Formally-Verified C Static Analyzer , 2015, POPL.