Abstract Domains of Affine Relations

This article considers some known abstract domains for affine-relation analysis (ARA), along with several variants, and studies how they relate to each other. The various domains represent sets of points that satisfy affine relations over variables that hold machine integers and are based on an extension of linear algebra to modules over a ring (in particular, arithmetic performed modulo 2w, for some machine-integer width w). We show that the abstract domains of Müller-Olm/Seidl (MOS) and King/Søndergaard (KS) are, in general, incomparable. However, we give sound interconversion methods. In other words, we give an algorithm to convert a KS element vKS to an overapproximating MOS element vMOS—that is, γ (vKS) ⊆ γ (vMOS—as well as an algorithm to convert an MOS element wMOS to an overapproximating KS element wKS—that is, γ (wMOS) ⊆ γ (wKS). The article provides insight on the range of options that one has for performing ARA in a program analyzer: —We describe how to perform a greedy, operator-by-operator abstraction method to obtain KS abstract transformers. —We also describe a more global approach to obtaining KS abstract transformers that considers the semantics of an entire instruction, basic block, or other loop-free program fragment. The latter method can yield best abstract transformers, and hence can be more precise than the former method. However, the latter method is more expensive. We also explain how to use the KS domain for interprocedural program analysis using a bit-precise concrete semantics, but without bit blasting.

[1]  Helmut Seidl,et al.  Analysis of modular arithmetic , 2005, TOPL.

[2]  Helmut Seidl,et al.  Precise interprocedural analysis through linear algebra , 2004, POPL.

[3]  Thomas W. Reps,et al.  Bilateral Algorithms for Symbolic Abstraction , 2012, SAS.

[4]  Michael Karr,et al.  Affine relationships among variables of a program , 1976, Acta Informatica.

[5]  Thomas Fahringer,et al.  Efficient Symbolic Analysis for Parallelizing Compilers and Performance Estimators , 1998, The Journal of Supercomputing.

[6]  Thomas W. Reps,et al.  Improving Pushdown System Model Checking , 2006, CAV.

[7]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[8]  Harald Søndergaard,et al.  Inferring Congruence Equations Using SAT , 2008, CAV.

[9]  M HillPatricia,et al.  The Parma Polyhedra Library , 2008 .

[10]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[11]  Sumit Gulwani,et al.  Precise interprocedural analysis using random interpretation , 2005, POPL '05.

[12]  Peter D. Mosses,et al.  Denotational semantics , 1995, LICS 1995.

[13]  Thomas W. Reps,et al.  A System for Generating Static Analyzers for Machine Instructions , 2008, CC.

[14]  John A. Howell,et al.  Spans in the module (Zm ) s , 1986 .

[15]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[16]  Carl D. Meyer,et al.  Matrix Analysis and Applied Linear Algebra , 2000 .

[17]  Henry S. Warren,et al.  Hacker's Delight , 2002 .

[18]  Thomas W. Reps,et al.  A Method for Symbolic Computation of Abstract Operations , 2012, CAV.

[19]  Rod M. Burstall,et al.  Proving Properties of Programs by Structural Induction , 1969, Comput. J..

[20]  Karoline Malmkjær Abstract interpretation of partial evaluation algorithms , 1993 .

[21]  Flemming Nielson,et al.  Two-Level Semantics and Abstract Interpretation , 1989, Theor. Comput. Sci..

[22]  Tayssir Touili,et al.  A Generic Approach to the Static Analysis of Concurrent Programs with Procedures , 2003, Int. J. Found. Comput. Sci..

[23]  William Pugh,et al.  Counting solutions to Presburger formulas: how and why , 1994, PLDI '94.

[24]  Thomas W. Reps,et al.  Symbolic Implementation of the Best Transformer , 2004, VMCAI.

[25]  Neil D. Jones,et al.  A relational framework for abstract interpretation , 1985, Programs as Data Objects.

[26]  Philippe Granger Static analysis of arithmetical congruences , 1989 .

[27]  Thomas W. Reps,et al.  TSL: A System for Generating Abstract Interpreters and its Application to Machine-Code Analysis , 2013, TOPL.

[28]  Roberto Bagnara,et al.  The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems , 2006, Sci. Comput. Program..

[29]  Neil D. Jones,et al.  Data flow analysis of applicative programs using minimal function graphs , 1986, POPL '86.

[30]  Helmut Seidl,et al.  A Generic Framework for Interprocedural Analysis of Numerical Properties , 2005, SAS.

[31]  Roberto Bagnara,et al.  Grids: A Domain for Analyzing the Distribution of Numerical Values , 2006, LOPSTR.

[32]  Philippe Clauss Counting Solutions to Linear and Nonlinear Constraints Through Ehrhart Polynomials: Applications to Analyze and Transform Scientific Programs , 1996, International Conference on Supercomputing.

[33]  Nadia Tawbi Estimation of nested loops execution time by integer arithmetic in convex polyhedra , 1994, Proceedings of 8th International Parallel Processing Symposium.

[34]  Harald Søndergaard,et al.  Automatic Abstraction for Congruences , 2010, VMCAI.

[35]  Bernhard Steffen,et al.  The Interprocedural Coincidence Theorem , 1992, CC.

[36]  A. Storjohann Algorithms for matrix canonical forms , 2000 .

[37]  James Lee Hafner,et al.  Asymptotically fast triangulation of matrices over rings , 1991, SODA '90.

[38]  Somesh Jha,et al.  Weighted pushdown systems and their application to interprocedural dataflow analysis , 2003, Sci. Comput. Program..

[39]  Shirley Dex,et al.  JR 旅客販売総合システム(マルス)における運用及び管理について , 1991 .

[40]  Sumit Gulwani,et al.  Discovering affine equalities using random interpretation , 2003, POPL '03.

[41]  Thomas W. Reps,et al.  Extended Weighted Pushdown Systems , 2005, CAV.

[42]  Thomas W. Reps,et al.  Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation , 1995, TAPSOFT.

[43]  Thomas W. Reps,et al.  Abstract Domains of Affine Relations , 2011, SAS.