Widening Polyhedra with Landmarks

The abstract domain of polyhedra is sufficiently expressive to be deployed in verification. One consequence of the richness of this domain is that long, possibly infinite, sequences of polyhedra can arise in the analysis of loops. Widening and narrowing have been proposed to infer a single polyhedron that summarises such a sequence of polyhedra. Motivated by precision losses encountered in verification, we explain how the classic widening/narrowing approach can be refined by an improved extrapolation strategy. The insight is to record inequalities that are thus far found to be unsatisfiable in the analysis of a loop. These so-called landmarks hint at the amount of widening necessary to reach stability. This extrapolation strategy, which refines widening with thresholds, can infer post-fixpoints that are precise enough not to require narrowing. Unlike previous techniques, our approach interacts well with other domains, is fully automatic, conceptually simple and precise on complex loops.

[1]  David Wagner,et al.  Static analysis and computer security: new techniques for software assurance , 2000 .

[2]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[3]  Roberto Bagnara,et al.  Not necessarily closed convex polyhedra and the double description method , 2005, Formal Aspects of Computing.

[4]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[5]  Nicolas Halbwachs,et al.  Détermination automatique de relations linéaires vérifiées par les variables d'un programme , 1979 .

[6]  David A. Wagner,et al.  A class of polynomially solvable range constraints for interval analysis without widenings , 2005, Theor. Comput. Sci..

[7]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[8]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[9]  Olivier Tardieu,et al.  Ultra-fast aliasing analysis using CLA: a million lines of C code in a second , 2001, PLDI '01.

[10]  Roberto Bagnara,et al.  Precise widening operators for convex polyhedra , 2003, Sci. Comput. Program..

[11]  Jean-Pierre Talpin,et al.  Polyhedral Analysis for Synchronous Languages , 1999, SAS.

[12]  Michael Rodeh,et al.  Cleanness Checking of String Manipulations in C Programs via Integer Analysis , 2001, SAS.

[13]  Andy King,et al.  Analyzing String Buffers in C , 2002, AMAST.

[14]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[15]  Jacob M. Howe,et al.  Two Variables per Linear Inequality as an Abstract Domain , 2002, LOPSTR.

[16]  Warwick Harvey,et al.  Computing Two-Dimensional Integer Hulls , 1999, SIAM J. Comput..

[17]  Nicolas Halbwachs,et al.  Verification of Real-Time Systems using Linear Relation Analysis , 1997, Formal Methods Syst. Des..

[18]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software , 2002, The Essence of Computation.

[19]  Antoine Mid The Octagon Abstract Domain , 2001 .

[20]  Henny B. Sipma,et al.  Efficient Strongly Relational Polyhedral Analysis , 2006, VMCAI.

[21]  François Bourdoncle,et al.  Efficient chaotic iteration strategies with widenings , 1993, Formal Methods in Programming and Their Applications.

[22]  David A. Wagner Static Analysis and Software Assurance , 2001, SAS.

[23]  Patricia Mary Benoy Polyhedral domains for abstract interpretation in logic programming , 2002 .

[24]  Sriram K. Rajamani,et al.  Counterexample Driven Refinement for Abstract Interpretation , 2006, TACAS.

[25]  Andy King,et al.  Exploiting Sparsity in Polyhedral Analysis , 2005, SAS.

[26]  Patrick Cousot,et al.  Abstract Interpretation and Application to Logic Programs , 1992, J. Log. Program..

[27]  Thomas W. Reps,et al.  Lookahead Widening , 2006, CAV.