Static Analysis and Verification of Aerospace Software by Abstract Interpretation

We discuss the principles of static analysis by abstract interpretation and report on the automatic verification of the absence of runtime errors in large embedded aerospace software by static analysis based on abstract interpretation. The first industrial applications concerned synchronous control/command software in open loop. Recent advances consider imperfectly synchronous programs, parallel programs, and target code validation as well. Future research directions on abstract interpretation are also discussed in the context of aerospace software.

[1]  Manish Mahajan,et al.  Proof carrying code , 2015 .

[2]  Xavier Leroy,et al.  A Formally-Verified C Static Analyzer , 2015, POPL.

[3]  Antoine Miné,et al.  Relational Thread-Modular Static Value Analysis by Abstract Interpretation , 2014, VMCAI.

[4]  Antoine Miné,et al.  Static Analysis of Run-Time Errors in Embedded Critical Parallel C Programs , 2011, ESOP.

[5]  Patrick Cousot,et al.  The Reduced Product of Abstract Domains and the Combination of Decision Procedures , 2011, FoSSaCS.

[6]  Patrick Cousot,et al.  Astrée: Proving the Absence of Runtime Errors , 2010 .

[7]  Bertrand Jeannet,et al.  Software - The Apron Numerical Abstract Domain Library , 2010 .

[8]  Matthieu Martel Enhancing the implementation of mathematical formulas for fixed-point and floating-point arithmetics , 2009, Formal Methods Syst. Des..

[9]  David Cachera,et al.  Certified Static Analysis by Abstract Interpretation , 2009, FOSAD.

[10]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[11]  Eric Goubault,et al.  Space Software Validation using Abstract Interpretation , 2009 .

[12]  Pietro Ferrara,et al.  Static analysis via abstract interpretation of multithreaded programs. (Analyse statique de logiciels MultitâCHES par InterpréTation abstraite) , 2009 .

[13]  Pietro Ferrara Static Analysis Via Abstract Interpretation of the Happens-Before Memory Model , 2008, TAP.

[14]  Jean Souyris,et al.  Astrée: From Research to Industry , 2007, SAS.

[15]  Patrick Cousot,et al.  Fixpoint-Guided Abstraction Refinements , 2007, SAS.

[16]  Xavier Rival,et al.  The trace partitioning abstract domain , 2007, TOPL.

[17]  Patrick Cousot,et al.  Varieties of Static Analyzers: A Comparison with ASTREE , 2007, First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering (TASE '07).

[18]  Radha Jagadeesan,et al.  A theory of memory models , 2007, PPOPP.

[19]  Gilberto Filé,et al.  Static Analysis, 14th International Symposium, SAS 2007, Kongens Lyngby, Denmark, August 22-24, 2007, Proceedings , 2007, SAS.

[20]  Jérôme Feret Numerical Abstract Domains for Digital Filters ⋆ , 2007 .

[21]  Patrick Cousot,et al.  Combination of Abstractions in the ASTRÉE Static Analyzer , 2006, ASIAN.

[22]  Julien Bertrane Proving the Properties of Communicating Imperfectly-Clocked Synchronous Systems , 2006, SAS.

[23]  Antoine Miné Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics , 2006, LCTES '06.

[24]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[25]  David Monniaux,et al.  The Parallel Implementation of the Astrée Static Analyzer , 2005, APLAS.

[26]  James Gosling,et al.  The Java Language Specification, 3rd Edition , 2005 .

[27]  Guy L. Steele,et al.  Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley)) , 2005 .

[28]  Xavier Rival,et al.  Trace Partitioning in Abstract Interpretation Based Static Analyzers , 2005, ESOP.

[29]  Julien Bertrane Static Analysis by Abstract Interpretation of the Quasi-synchronous Composition of Synchronous Programs , 2005, VMCAI.

[30]  Jérôme Feret,et al.  The Arithmetic-Geometric Progression Abstract Domain , 2005, VMCAI.

[31]  Jeremy Manson,et al.  The Java memory model , 2005, POPL '05.

[32]  A. Miné Weakly Relational Numerical Abstract Domains , 2004 .

[33]  Reinhold Heckmann,et al.  Worst case execution time prediction by static program analysis , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[34]  Jérôme Feret,et al.  Static Analysis of Digital Filters , 2004, ESOP.

[35]  Antoine Miné,et al.  Relational Abstract Domains for the Detection of Floating-Point Run-Time Errors , 2004, ESOP.

[36]  Xavier Rival,et al.  Symbolic transfer function-based approaches to certified compilation , 2004, POPL.

[37]  Patrick Cousot,et al.  Sometime = always + recursion ≡ always on the equivalence of the intermittent and invariant assertions methods for proving inevitability properties of programs , 1987, Acta Informatica.

[38]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[39]  Laurent Mauborgne,et al.  Astrée: verification of absence of run-time error , 2004, IFIP Congress Topical Sessions.

[40]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[41]  Ran Ginosar Fourteen ways to fool your synchronizer , 2003, Ninth International Symposium on Asynchronous Circuits and Systems, 2003. Proceedings..

[42]  Xavier Rival,et al.  Abstract Interpretation-Based Certification of Assembly Code , 2002, VMCAI.

[43]  Patrick Cousot,et al.  Verification by Abstract Interpretation , 2003, Verification: Theory and Practice.

[44]  Patrick Cousot,et al.  Systematic design of program transformation frameworks by abstract interpretation , 2002, POPL '02.

[45]  Edsger W. Dijkstra,et al.  Cooperating sequential processes , 2002 .

[46]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software, invited chapter , 2002 .

[47]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software , 2002, The Essence of Computation.

[48]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[49]  Paul Caspi,et al.  About the Design of Distributed Control Systems: The Quasi-Synchronous Approach , 2001, SAFECOMP.

[50]  Eric Goubault,et al.  Static Analyses of the Precision of Floating-Point Operations , 2001, SAS.

[51]  Joseph Sifakis,et al.  Model checking , 1996, Handbook of Automated Reasoning.

[52]  Antoine Mid The Octagon Abstract Domain , 2001 .

[53]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[54]  George C. Necula,et al.  Translation validation for an optimizing compiler , 2000, PLDI '00.

[55]  Roberto Giacobazzi,et al.  Making abstract interpretations complete , 2000, JACM.

[56]  Amir Pnueli,et al.  Translation Validation for Synchronous Languages , 1998, ICALP.

[57]  Patrick Cousot,et al.  Constructive design of a hierarchy of semantics of a transition system by abstract interpretation , 2002, MFPS.

[58]  Wang Yi,et al.  Efficient verification of real-time systems: compact data structure and state-space reduction , 1997, Proceedings Real-Time Systems Symposium.

[59]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[60]  M. Felleisen,et al.  on the Principles of Programming Languages , 1997 .

[61]  Patrick Cousot,et al.  Types as abstract interpretations , 1997, POPL '97.

[62]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[63]  Radhia Cousot,et al.  "A la Burstall" Intermittent Assertions Induction Principles for Proving Inevitable Ability Properties of Programs , 1993, Theor. Comput. Sci..

[64]  John C. Reynolds,et al.  The discoveries of continuations , 1993, LISP Symb. Comput..

[65]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[66]  François Bourdoncle,et al.  Efficient chaotic iteration strategies with widenings , 1993, Formal Methods in Programming and Their Applications.

[67]  François Bourdoncle,et al.  Abstract interpretation by dynamic partitioning , 1992, Journal of Functional Programming.

[68]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[69]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[70]  Philippe Granger,et al.  Static Analysis of Linear Congruence Equalities among Variables of a Program , 1991, TAPSOFT, Vol.1.

[71]  Philippe Granger Static analysis of arithmetical congruences , 1989 .

[72]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[73]  Guido D. Salvucci,et al.  Ieee standard for binary floating-point arithmetic , 1985 .

[74]  Patrick Cousot,et al.  Invariance proof methods and analysis techniques for parallel programs , 1984 .

[75]  Cliff B. Jones,et al.  Developing methods for computer programs including a notion of interference , 1981 .

[76]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[77]  P. Cousot,et al.  Constructive versions of tarski's fixed point theorems , 1979 .

[78]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[79]  P. Cousot Thesis: These d'Etat es sciences mathematiques: Methodes iteratives de construction et d'approximation de points fixes d'operateurs monotones sur un treillis, analyse semantique de programmes (in French) , 1978 .

[80]  Patrick Cousot,et al.  Méthodes itératives de construction et d'approximation de points fixes d'opérateurs monotones sur un treillis, analyse sémantique des programmes , 1978 .

[81]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[82]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[83]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[84]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[85]  Rod M. Burstall,et al.  Program Proving as Hand Simulation with a Little Induction , 1974, IFIP Congress.

[86]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .