Symbolic Methods to Enhance the Precision of Numerical Abstract Domains

We present lightweight and generic symbolic methods to improve the precision of numerical static analyses based on Abstract Interpretation. The main idea is to simplify numerical expressions before they are fed to abstract transfer functions. An important novelty is that these simplifications are performed on-the-fly, using information gathered dynamically by the analyzer. A first method, called “linearization,” allows abstracting arbitrary expressions into affine forms with interval coefficients while simplifying them. A second method, called “symbolic constant propagation,” enhances the simplification feature of the linearization by propagating assigned expressions in a symbolic way. Combined together, these methods increase the relationality level of numerical abstract domains and make them more robust against program transformations. We show how they can be integrated within the classical interval, octagon and polyhedron domains. These methods have been incorporated within the Astree static analyzer that checks for the absence of run-time errors in embedded critical avionics software. We present an experimental proof of their usefulness.

[1]  Antoine Mid The Octagon Abstract Domain , 2001 .

[2]  Jordi Cortadella,et al.  The octahedron abstract domain , 2004, Sci. Comput. Program..

[3]  Gary A. Kildall,et al.  A unified approach to global program optimization , 1973, POPL.

[4]  Jacob M. Howe,et al.  Two Variables per Linear Inequality as an Abstract Domain , 2002, LOPSTR.

[5]  Patrick Cousot,et al.  Abstract Interpretation and Application to Logic Programs , 1992, J. Log. Program..

[6]  François Bourdoncle,et al.  Efficient chaotic iteration strategies with widenings , 1993, Formal Methods in Programming and Their Applications.

[7]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[8]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[9]  Philippe Granger,et al.  Improving the Results of Static Analyses Programs by Local Decreasing Iteration , 1992, FSTTCS.

[10]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[11]  Peter Lee,et al.  Semantics-based program analysis via symbolic composition of transfer relations , 1996 .

[12]  A. Miné Weakly Relational Numerical Abstract Domains , 2004 .

[13]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[14]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[15]  Jérôme Feret,et al.  Static Analysis of Digital Filters , 2004, ESOP.

[16]  Antoine Miné,et al.  Relational Abstract Domains for the Detection of Floating-Point Run-Time Errors , 2004, ESOP.