An Abstract Domain of Uninterpreted Functions

We revisit relational static analysis of numeric variables. Such analyses face two difficulties. First, even inexpensive relational domains scale too poorly to be practical for large code-bases. Second, to remain tractable they have extremely coarse handling of non-linear relations. In this paper, we introduce the subterm domain, a weakly relational abstract domain for inferring equivalences amongst sub-expressions, based on the theory of uninterpreted functions. This provides an extremely cheap approach for enriching non-relational domains with relational information, and enhances precision of both relational and non-relational domains in the presence of non-linear operations. We evaluate the idea in the context of the software verification tool SeaHorn.

[1]  Arnaud Venet,et al.  The Gauge Domain: Scalable Analysis of Linear Inequality Invariants , 2012, CAV.

[2]  Jacob M. Howe,et al.  Two Variables per Linear Inequality as an Abstract Domain , 2002, LOPSTR.

[3]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[4]  Patrick Cousot,et al.  Why does Astrée scale up? , 2009, Formal Methods Syst. Des..

[5]  Mehdi Bouaziz TreeKs: A Functor to Make Numerical Abstract Domains Scalable , 2012, Electron. Notes Theor. Comput. Sci..

[6]  Guillaume Brat,et al.  Precise and efficient static array bound checking for large embedded C programs , 2004, PLDI '04.

[7]  Peter J. Stuckey,et al.  Global difference constraint propagation for finite domain solvers , 2008, PPDP.

[8]  Robert E. Tarjan,et al.  Variations on the Common Subexpression Problem , 1980, J. ACM.

[9]  Sagar Chaki,et al.  Automatic Abstraction in SMT-Based Unbounded Software Model Checking , 2013, CAV.

[10]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[11]  Manuel Fähndrich,et al.  Pentagons: a weakly relational abstract domain for the efficient validation of array accesses , 2008, SAC '08.

[12]  Antoine Mid The Octagon Abstract Domain , 2001 .

[13]  Jorge A. Navas,et al.  Abstract Interpretation over Non-lattice Abstract Domains , 2013, SAS.

[14]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[15]  Antoine Miné,et al.  A New Numerical Abstract Domain Based on Difference-Bound Matrices , 2001, PADO.

[16]  Antoine Miné,et al.  Symbolic Methods to Enhance the Precision of Numerical Abstract Domains , 2006, VMCAI.

[17]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[18]  Jacob M. Howe,et al.  Logahedra: A New Weakly Relational Domain , 2009, ATVA.

[19]  Jorge A. Navas,et al.  The SeaHorn Verification Framework , 2015, CAV.

[20]  Nina Narodytska,et al.  The Complexity of Integer Bound Propagation , 2011, J. Artif. Intell. Res..

[21]  Dirk Beyer,et al.  Software model checking via large-block encoding , 2009, 2009 Formal Methods in Computer-Aided Design.

[22]  Andy King,et al.  The two variable per inequality abstract domain , 2010, High. Order Symb. Comput..

[23]  Dirk Beyer Software Verification and Verifiable Witnesses - (Report on SV-COMP 2015) , 2015, TACAS.

[24]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[25]  Bor-Yuh Evan Chang,et al.  Abstract Interpretation with Alien Expressions and Heap Structures , 2005, VMCAI.