The Gauge Domain: Scalable Analysis of Linear Inequality Invariants

The inference of linear inequality invariants among variables of a program plays an important role in static analysis. The polyhedral abstract domain introduced by Cousot and Halbwachs in 1978 provides an elegant and precise solution to this problem. However, the computational complexity of higher-dimensional convex hull algorithms makes it impractical for real-size programs. In the past decade, much attention has been devoted to finding efficient alternatives by trading expressiveness for performance. However, polynomial-time algorithms are still too costly to use for large-scale programs, whereas the full expressive power of general linear inequalities is required in many practical cases. In this paper, we introduce the gauge domain, which enables the efficient inference of general linear inequality invariants within loops. The idea behind this domain consists of breaking down an invariant into a set of linear relations between each program variable and all loop counters in scope. Using this abstraction, the complexity of domain operations is no larger than O(kn), where n is the number of variables and k is the maximum depth of loop nests. We demonstrate the effectiveness of this domain on a real 144K LOC intelligent flight control system, which implements advanced adaptive avionics.

[1]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[2]  K. Brown,et al.  Graduate Texts in Mathematics , 1982 .

[3]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[4]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[5]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[6]  Peter J. Stuckey,et al.  Improving Linear Constraint Propagation by Changing Constraint Representation , 2003, Constraints.

[7]  Jordi Cortadella,et al.  The octahedron abstract domain , 2004, Sci. Comput. Program..

[8]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[9]  G. Brat,et al.  Precise and Scalable Static Program Analysis of NASA Flight Software , 2005, 2005 IEEE Aerospace Conference.

[10]  Jacob M. Howe,et al.  Two Variables per Linear Inequality as an Abstract Domain , 2002, LOPSTR.

[11]  Harald Ganzinger,et al.  Programs as Data Objects , 1986, Lecture Notes in Computer Science.

[12]  Antoine Miné,et al.  A New Numerical Abstract Domain Based on Difference-Bound Matrices , 2001, PADO.

[13]  Guillaume Brat,et al.  Precise and efficient static array bound checking for large embedded C programs , 2004, PLDI '04.

[14]  Francesco Logozzo,et al.  SubPolyhedra: A (More) Scalable Approach to Infer Linear Inequalities , 2009, VMCAI.

[15]  Henny B. Sipma,et al.  Efficient Strongly Relational Polyhedral Analysis , 2006, VMCAI.

[16]  Sriram Sankaranarayanan,et al.  Program Analysis Using Symbolic Ranges , 2007, SAS.

[17]  A. Dax,et al.  AN ELEMENTARY PROOF OF FARKAS ’ LEMMA , 1997 .

[18]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[19]  François Bourdoncle,et al.  Efficient chaotic iteration strategies with widenings , 1993, Formal Methods in Programming and Their Applications.

[20]  Patrick Cousot,et al.  Semantic foundations of program analysis , 1981 .

[21]  H. Raiffa,et al.  3. The Double Description Method , 1953 .

[22]  Helmut Seidl,et al.  Interprocedurally Analysing Linear Inequality Relations , 2007, ESOP.

[23]  Eric Goubault,et al.  Space Software Validation using Abstract Interpretation , 2009 .

[24]  Antoine Miné,et al.  A Few Graph-Based Relational Numerical Abstract Domains , 2002, SAS.

[25]  G. Ziegler Lectures on Polytopes , 1994 .

[26]  Achiya Dax,et al.  Classroom Note: An Elementary Proof of Farkas' Lemma , 1997, SIAM Rev..

[27]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[28]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[29]  Manfred Broy,et al.  Formal Methods in Programming and Their Applications , 1993, Lecture Notes in Computer Science.

[30]  N. V. Chernikoba Algorithm for discovering the set of all the solutions of a linear programming problem , 1968 .

[31]  Manuel Fähndrich,et al.  Pentagons: a weakly relational abstract domain for the efficient validation of array accesses , 2008, SAC '08.

[32]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[33]  Andy King,et al.  Exploiting Sparsity in Polyhedral Analysis , 2005, SAS.

[34]  Antoine Mid The Octagon Abstract Domain , 2001 .

[35]  Henny B. Sipma,et al.  Scalable Analysis of Linear Systems Using Mathematical Programming , 2005, VMCAI.