Widening Operators for Abstract Interpretation

Interpretation, one of the most applied techniques for semantics based static analysis of software, is based on two main key-concepts: the correspondence between concrete and abstract semantics through Galois connections/insertions, and the feasibility of a fixed point computation of the abstract semantics, through the fast convergence of widening operators. The latter point is crucial to ensure the scalability of the analysis to large software systems. In this paper, we investigate which properties are necessary to support a systematic design of widening operators, by discussing and comparing different definitions in the literature, and by proposing various ways to combine them. In particular, we prove that, for Galois insertions, widening is preserved by abstraction, and we show how widening operators can be combined for the cartesian and reduced product of abstract domains.

[1]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[2]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[3]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[4]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[5]  Xavier Rival,et al.  The trace partitioning abstract domain , 2007, TOPL.

[6]  Roberto Bagnara,et al.  Precise widening operators for convex polyhedra , 2003, Sci. Comput. Program..

[7]  Philippe Granger,et al.  Improving the Results of Static Analyses Programs by Local Decreasing Iteration , 1992, FSTTCS.

[8]  Pascal Van Hentenryck,et al.  Type analysis of Prolog using type graphs , 1994, PLDI '94.

[9]  Pascal Van Hentenryck,et al.  Combinations of abstract domains for logic programming: open product and generic pattern construction , 2000, Sci. Comput. Program..

[10]  Patrick Cousot,et al.  Proving the absence of run-time errors in safety-critical avionics code , 2007, EMSOFT '07.

[11]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[12]  Arnaud Venet,et al.  Abstract Cofibered Domains: Application to the Alias Analysis of Untyped Programs , 1996, SAS.

[13]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[14]  Manuel Fähndrich,et al.  Pentagons: A weakly relational domain for the efficient validation of array accesses , 2008 .

[15]  Pascal Van Hentenryck,et al.  Abstract Domains for Reordering CLP(RLin) Programs , 2000, J. Log. Program..

[16]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[17]  Philippe Granger,et al.  Static Analysis of Linear Congruence Equalities among Variables of a Program , 1991, TAPSOFT, Vol.1.

[18]  P. Hill,et al.  Widening operators for powerset domains , 2006 .

[19]  Roberto Giacobazzi,et al.  The Reduced Relative Power Operation on Abstract Domains , 1999, Theor. Comput. Sci..

[20]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[21]  Brian A. Davey,et al.  An Introduction to Lattices and Order , 1989 .

[22]  Agostino Cortesi,et al.  The Quotient of an Abstract Interpretation , 1998, Theor. Comput. Sci..

[23]  Agostino Cortesi,et al.  Complementation in abstract interpretation , 1997, TOPL.

[24]  Manuel Fähndrich,et al.  Pentagons: a weakly relational abstract domain for the efficient validation of array accesses , 2008, SAC '08.

[25]  K. Leino,et al.  Using widenings to infer loop invariants inside an SMT solver, or: A theorem prover as abstract domain , 2007 .

[26]  Daniel Kroening,et al.  Approximation Refinement for Interpolation-Based Model Checking , 2008, VMCAI.

[27]  Jérôme Feret,et al.  Static Analysis of Digital Filters , 2004, ESOP.