Abstract Interpretation using a Language of Symbolic Approximation

The traditional abstract domain framework for imperative programs suers from several shortcomings; in particular it does not allow precise symbolic abstractions. To solve these problems, we propose a new abstract interpretation framework, based on symbolic expressions used both as an abstraction of the program, and as the input analyzed by abstract domains. We demonstrate new applications of the framework: an abstract domain that eciently propagates constraints across the whole program ; a new formalization of functor domains as approximate translation, which allows the production of approximate programs, on which we can perform classical symbolic techniques. We used these to build a complete analyzer for embedded C programs, that demonstrates the practical applicability of the framework.

[1]  Jorge A. Navas,et al.  An Abstract Domain of Uninterpreted Functions , 2016, VMCAI.

[2]  Laure Gonnord,et al.  Abstract acceleration in linear relation analysis , 2014, Sci. Comput. Program..

[3]  Manuel Fähndrich,et al.  Static Contract Checking with Abstract Interpretation , 2010, FoVeOOS.

[4]  Eric Goubault,et al.  A Policy Iteration Algorithm for Computing Fixed Points in Static Analysis of Programs , 2005, CAV.

[5]  Bor-Yuh Evan Chang,et al.  Modular Construction of Shape-Numeric Analyzers , 2013, Festschrift for Dave Schmidt.

[6]  Nikolai Kosmatov,et al.  Frama-C - A Software Analysis Perspective , 2012, SEFM.

[7]  K. Rustan M. Leino,et al.  Efficient weakest preconditions , 2005, Inf. Process. Lett..

[8]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[9]  Adel Djoudi,et al.  Recovering High-Level Conditions from Binary Programs , 2016, FM.

[10]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[11]  Philippe Granger Static analysis of arithmetical congruences , 1989 .

[12]  Jorge A. Navas,et al.  Exploiting Sparsity in Difference-Bound Matrices , 2016, SAS.

[13]  Michael Karr,et al.  Affine relationships among variables of a program , 1976, Acta Informatica.

[14]  Hakjoo Oh,et al.  Design and implementation of sparse global analyses for C-like languages , 2012, PLDI.

[15]  Guillaume Brat,et al.  Precise and efficient static array bound checking for large embedded C programs , 2004, PLDI '04.

[16]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[17]  Bor-Yuh Evan Chang,et al.  Abstract Interpretation with Alien Expressions and Heap Structures , 2005, VMCAI.

[18]  Alan K. Mackworth Consistency in Networks of Relations , 1977, Artif. Intell..

[19]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[20]  Patrick Cousot,et al.  A parametric segmentation functor for fully automatic and scalable array content analysis , 2011, POPL '11.

[21]  Nikolaj Bjørner,et al.  Generalized Property Directed Reachability , 2012, SAT.

[22]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[23]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software, invited chapter , 2002 .

[24]  Manuel Fähndrich,et al.  On the Relative Completeness of Bytecode Analysis Versus Source Code Analysis , 2008, CC.

[25]  Xavier Leroy,et al.  A Formally-Verified C Static Analyzer , 2015, POPL.

[26]  Virgile Prevosto,et al.  Polynomial Invariants by Linear Algebra , 2016, ATVA.

[27]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[28]  Antoine Miné,et al.  Symbolic Methods to Enhance the Precision of Numerical Abstract Domains , 2006, VMCAI.

[29]  Dirk Beyer,et al.  Reliable and Reproducible Competition Results with BenchExec and Witnesses (Report on SV-COMP 2016) , 2016, TACAS.