A Scalable Segmented Decision Tree Abstract Domain

The key to precision and scalability in all formal methods for static program analysis and verification is the handling of disjunctions arising in relational analyses, the flow-sensitive traversal of conditionals and loops, the context-sensitive inter-procedural calls, the interleaving of concurrent threads, etc. Explicit case enumeration immediately yields to combinatorial explosion. The art of scalable static analysis is therefore to abstract disjunctions to minimize cost while preserving weak forms of disjunctions for expressivity.

[1]  P. Cousot Thesis: These d'Etat es sciences mathematiques: Methodes iteratives de construction et d'approximation de points fixes d'operateurs monotones sur un treillis, analyse semantique de programmes (in French) , 1978 .

[2]  Philippe Granger Static analysis of arithmetical congruences , 1989 .

[3]  Nachum Dershowitz,et al.  Verification: Theory and Practice , 2004, Lecture Notes in Computer Science.

[4]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[5]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[6]  Laurent Mauborgne Binary Decision Graphs , 1999, SAS.

[7]  Arnaud Venet,et al.  Abstract Cofibered Domains: Application to the Alias Analysis of Untyped Programs , 1996, SAS.

[8]  Antoine Mid The Octagon Abstract Domain , 2001 .

[9]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[10]  Hassen Saïdi,et al.  Verifying Invariants Using theorem Proving , 1996, CAV.

[11]  Patrick Cousot,et al.  Formal language, grammar and set-constraint-based program analysis by abstract interpretation , 1995, FPCA '95.

[12]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[13]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[14]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[15]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[16]  Pierre Deransart,et al.  Programming Languages Implementation and Logic Programming , 1989, Lecture Notes in Computer Science.

[17]  Laurent Mauborgne Abstract Interpretation Using Typed Decision Graphs , 1998, Sci. Comput. Program..

[18]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[19]  Gary A. Kildall,et al.  A unified approach to global program optimization , 1973, POPL.

[20]  Patrick Cousot,et al.  Méthodes itératives de construction et d'approximation de points fixes d'opérateurs monotones sur un treillis, analyse sémantique des programmes , 1978 .

[21]  Laurent Mauborgne Abstract Interpretation Using TDGs , 1994, SAS.

[22]  Patrick Cousot,et al.  Verification by Abstract Interpretation , 2003, Verification: Theory and Practice.

[23]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .