When the Decreasing Sequence Fails

The classical method for program analysis by abstract interpretation consists in computing a increasing sequence with widening, which converges towards a correct solution, then computing a decreasing sequence of correct solutions without widening. It is generally admitted that, when the decreasing sequence reaches a fixpoint, it cannot be improved further. As a consequence, all efforts for improving the precision of an analysis have been devoted to improving the limit of the increasing sequence. In this paper, we propose a method to improve a fixpoint after its computation. The method consists in projecting the solution onto well-chosen components and to start again increasing and decreasing sequences from the result of the projection.

[1]  A. Miné Weakly Relational Numerical Abstract Domains , 2004 .

[2]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI '03.

[3]  Roberto Bagnara,et al.  Precise widening operators for convex polyhedra , 2003, Sci. Comput. Program..

[4]  Henny B. Sipma,et al.  Constraint-Based Linear-Relations Analysis , 2004, SAS.

[5]  David Monniaux,et al.  Stratified Static Analysis Based on Variable Dependencies , 2011, NSAD@SAS.

[6]  Thomas W. Reps,et al.  Guided Static Analysis , 2007, SAS.

[7]  François Bourdoncle,et al.  Efficient chaotic iteration strategies with widenings , 1993, Formal Methods in Programming and Their Applications.

[8]  Eric Goubault,et al.  Static Analysis-Based Validation of Floating-Point Computations , 2003, Numerical Software with Result Verification.

[9]  David A. Wagner,et al.  A Class of Polynomially Solvable Range Constraints for Interval Analysis without Widenings and Narrowings , 2004, TACAS.

[10]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[11]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[12]  Helmut Seidl,et al.  Precise Fixpoint Computation Through Strategy Iteration , 2007, ESOP.

[13]  Gilberto Filé,et al.  Static Analysis, 14th International Symposium, SAS 2007, Kongens Lyngby, Denmark, August 22-24, 2007, Proceedings , 2007, SAS.

[14]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[15]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[16]  Eric Goubault,et al.  Static Analyses of the Precision of Floating-Point Operations , 2001, SAS.

[17]  Pierre Wolper,et al.  Verifying Systems with Infinite but Regular State Spaces , 1998, CAV.

[18]  Thomas W. Reps,et al.  Lookahead Widening , 2006, CAV.

[19]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[20]  Laure Petrucci,et al.  FAST: Fast Acceleration of Symbolikc Transition Systems , 2003, CAV.

[21]  Hubert Comon-Lundh,et al.  Multiple Counters Automata, Safety Analysis and Presburger Arithmetic , 1998, CAV.

[22]  Wolfram Luther,et al.  Numerical Software with Result Verification , 2004, Lecture Notes in Computer Science.

[23]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[24]  Bertrand Jeannet,et al.  Widening with Thresholds for Programs with Complex Control Graphs , 2011, ATVA.

[25]  Chao Wang,et al.  Using Counterexamples for Improving the Precision of Reachability Computation with Polyhedra , 2007, CAV.

[26]  Mohamed Nassim Seghir,et al.  A Lightweight Approach for Loop Summarization , 2011, ATVA.

[27]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[28]  Agostino Cortesi,et al.  Widening and narrowing operators for abstract interpretation , 2011, Comput. Lang. Syst. Struct..

[29]  Richard Gerber,et al.  Symbolic Model Checking of Infinite State Systems Using Presburger Arithmetic , 1997, CAV.

[30]  Manfred Broy,et al.  Formal Methods in Programming and Their Applications , 1993, Lecture Notes in Computer Science.

[31]  Nicolas Halbwachs,et al.  Verification of Real-Time Systems using Linear Relation Analysis , 1997, Formal Methods Syst. Des..

[32]  Nicolas Halbwachs,et al.  Delay Analysis in Synchronous Programs , 1993, CAV.

[33]  Henny B. Sipma,et al.  Scalable Analysis of Linear Systems Using Mathematical Programming , 2005, VMCAI.

[34]  Robert E. Tarjan,et al.  Depth-First Search and Linear Graph Algorithms , 1972, SIAM J. Comput..

[35]  Nicolas Halbwachs,et al.  Combining Widening and Acceleration in Linear Relation Analysis , 2006, SAS.

[36]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[37]  Eric Goubault,et al.  A Policy Iteration Algorithm for Computing Fixed Points in Static Analysis of Programs , 2005, CAV.