论文信息 - The Undefined Domain: Precise Relational Information for Entities That Do Not Exist

The Undefined Domain: Precise Relational Information for Entities That Do Not Exist

Verification by static analysis often hinges on the inference of relational numeric information. In real-world programs, the set of active variables is often not fixed for a given program point due to, for instance, heap-allocated cells or recursive function calls. For these program points, an invariant has to summarize values for traces E where a variable x exists and values for traces N where x does not exist. Non-relational domains solve this problem by copying all information on x in traces E to those in N. Relational domains face the challenge that the relations in traces E between x and other variables cannot simply be replicated for the traces N. This work illustrates this problem and proposes a general solution in form of a co-fibered abstract domain that forwards each domain operation to operations on a child domain. By tracking which variables are undefined, it transparently stores suitable values in the child domain thus minimizing the loss of relational information. We present applications in heap abstractions and function summaries.

Axel Simon | Holger Siegel | Bogdan Mihaila

[1] Sumit Gulwani,et al. Lifting abstract interpreters to quantified logical domains , 2008, POPL '08.

[2] Arnaud Venet,et al. Abstract Cofibered Domains: Application to the Alias Analysis of Untyped Programs , 1996, SAS.

[3] Reinhard Wilhelm,et al. Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[4] Thomas W. Reps,et al. Recency-Abstraction for Heap-Allocated Storage , 2006, SAS.

[5] John C. Reynolds,et al. Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[6] Axel Simon,et al. FESA: Fold- and Expand-Based Shape Analysis , 2013, CC.

[7] Axel Simon,et al. Precise Static Analysis of Binaries by Extracting Relational Information , 2011, 2011 18th Working Conference on Reverse Engineering.

[8] Patrick Cousot,et al. Combination of Abstractions in the ASTRÉE Static Analyzer , 2006, ASIAN.

[9] Sorin Lerner,et al. ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[10] Patrick Cousot,et al. A static analyzer for large safety-critical software , 2003, PLDI.

[11] Nicolas Halbwachs,et al. Automatic discovery of linear restraints among variables of a program , 1978, POPL.