Results 1  10
of
134
Interprocedural Dataflow Analysis via Graph Reachability
, 1994
"... This paper shows howalarge class of interprocedural dataflowanalysis problems can be solved precisely in polynomial time. The only restrictions are that the set of dataflow facts is a finite set, and that the dataflow functions distribute overthe confluence operator (either union or intersection). ..."
Abstract

Cited by 371 (32 self)
 Add to MetaCart
This paper shows howalarge class of interprocedural dataflowanalysis problems can be solved precisely in polynomial time. The only restrictions are that the set of dataflow facts is a finite set, and that the dataflow functions distribute overthe confluence operator (either union or intersection). This class of problems includesbut is not limited tothe classical separable problems (also known as "gen/kill" or "bitvector" problems)e.g.,reaching definitions, available expressions, and live variables. In addition, the class of problems that our techniques handle includes manynonseparable problems, including trulylive variables, copyconstant propagation, and possiblyuninitialized variables. Anovelaspect of our approach is that an interprocedural dataflowanalysis problem is transformed into a special kind of graphreachability problem (reachability along interprocedurally realizable paths). The paper presents three polynomialtime algorithms for the realizablepath reachability problem: an exhaustive version, a second exhaustive version that may be more appropriate in the incremental and/or interactive context, and a demand version. The first and third of these algorithms are asymptotically faster than the best previously known realizablepath reachability algorithm. An additional benefit of our techniques is that theylead to improved algorithms for twoother kinds of interprocedural analysis problems: interprocedural flowsensitive sideeffect problems (as studied by Callahan) and interprocedural program slicing (as studied by Horwitz, Reps, and Binkley).
The Octagon Abstract Domain
"... ... domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on DifferenceBound Matrices and allows us to represent invariants of the form (±x ± y ≤ c), where x and y are program variables and c is a real constant. We focus on giving an efficient re ..."
Abstract

Cited by 234 (23 self)
 Add to MetaCart
... domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on DifferenceBound Matrices and allows us to represent invariants of the form (±x ± y ≤ c), where x and y are program variables and c is a real constant. We focus on giving an efficient representation based on DifferenceBound Matrices—O(n²) memory cost, where n is the number of variables—and graphbased algorithms for all common abstract operators—O(n³) time cost. This includes a normal form algorithm to test equivalence of representation and a widening operator to compute least fixpoint approximations.
An Implementation of Interprocedural Bounded Regular Section Analysis
 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS
, 1991
"... Optimizing compilers should produce efficient code even in the presence of highlevel language constructs. However, current programming support systems are significantly lacking in their ability to analyze procedure calls. This deficiency complicates parallel programming, because loops with calls ca ..."
Abstract

Cited by 210 (27 self)
 Add to MetaCart
Optimizing compilers should produce efficient code even in the presence of highlevel language constructs. However, current programming support systems are significantly lacking in their ability to analyze procedure calls. This deficiency complicates parallel programming, because loops with calls can be a significant source of parallelism. We describe an implementation of regular section analysis, which summarizes interprocedural side effects on subarrays in a form useful to dependence analysis while avoiding the complexity of prior solutions. The paper gives the results of experiments on the Linpack library and a small set of scientific codes.
A Semantic Basis for the Termination Analysis of Logic Programs
 Journal of Logic Programming
, 1999
"... This paper presents a formal semantic basis for the termination analysis of logic programs. The semantics exhibits the termination properties of a logic program through its binary unfoldings  a possibly infinite set of binary clauses. Termination of a program P and goal G is determined by the abs ..."
Abstract

Cited by 99 (13 self)
 Add to MetaCart
This paper presents a formal semantic basis for the termination analysis of logic programs. The semantics exhibits the termination properties of a logic program through its binary unfoldings  a possibly infinite set of binary clauses. Termination of a program P and goal G is determined by the absence of an infinite chain in the binary unfoldings of P starting with G. The result is of practical use as basing termination analysis on a formal semantics facilitates both the design and implementation of analyzers. A simple Prolog interpreter for binary unfoldings coupled with an abstract domain based on symbolic norm constraints is proposed as an implementation vehicle. We illustrate its application using two recently proposed abstract domains. Both techniques are implemented using a standard CLP(R) library. The combination of an interpreter for binary unfoldings and a constraint solver simplifies the design of the analyzer and improves its efficiency significantly. 1 Introduction This ...
Formal Language, Grammar and SetConstraintBased Program Analysis by Abstract Interpretation
, 1995
"... Grammarbased program analysis à la Jones and Muchnick and setconstraintbased program analysis à la Aiken and Heintze are static analysis techniques that have traditionally been seen as quite different from abstractinterpretationbased analyses, in particular because of their apparent noniterati ..."
Abstract

Cited by 72 (10 self)
 Add to MetaCart
Grammarbased program analysis à la Jones and Muchnick and setconstraintbased program analysis à la Aiken and Heintze are static analysis techniques that have traditionally been seen as quite different from abstractinterpretationbased analyses, in particular because of their apparent noniterative nature. For example, on page 18 of N. Heintze thesis, it is alleged that ``The finitary nature of abstract interpretation implies that there is a fundamental limitation on the accuracy of this approach to program analysis. There are decidable kinds of analysis that cannot be computed using abstract interpretation (even with widening and narrowing). The setbased analysis considered in this thesis is one example''. On the contrary, we show that grammar and setconstraintbased program analyses are similar abstract interpretations with iterative fixpoint computation using either a widening or a finitary grammar/setconstraints transformer or even a finite domain for each particular program. The understanding of grammarbased and setconstraintbased program analysis as a particular instance of abstract interpretation of a semantics has several advantages. First, the approximation process is formalized and not only explained using examples. Second, a domain of abstract properties is exhibited which is of general scope. Third, these analyses can be easily combined with other abstractinterpretationbased analyses, in particular for the analysis of numerical values. Fourth, they can be generalized to very powerful attributedependent and contextdependent analyses. Finally, a few misunderstandings may be removed.
Scalable analysis of linear systems using mathematical programming
 In Proc. VMCAI, LNCS 3385
, 2005
"... Abstract. We present a method for generating linear invariants for domain consisting of arbitrary polyhedra of a predefined fixed shape. The basic operations on the domain like abstraction, intersection, join and inclusion tests are all posed as linear optimization queries, which can be solved effic ..."
Abstract

Cited by 67 (8 self)
 Add to MetaCart
Abstract. We present a method for generating linear invariants for domain consisting of arbitrary polyhedra of a predefined fixed shape. The basic operations on the domain like abstraction, intersection, join and inclusion tests are all posed as linear optimization queries, which can be solved efficiently by existing LP solvers. The number and dimensionality of the LP queries are polynomial in the program dimensionality, size and the number of target invariants. The method generalizes similar analyses in the interval, octagon, and octahedra domains, without resorting to polyhedral manipulations. We demonstrate the performance of our method on some benchmark programs. 1
Proving Program Invariance and Termination by Parametric Abstraction, Lagrangian Relaxation and Semidefinite Programming
 IN VMCAI’2005: VERIFICATION, MODEL CHECKING, AND ABSTRACT INTERPRETATION, VOLUME 3385 OF LNCS
, 2005
"... In order to verify semialgebraic programs, we automatize the Floyd/Naur/Hoare proof method. The main task is to automatically infer valid invariants and rank functions. First we express the program semantics in polynomial form. Then the unknown rank function and invariants are abstracted in parametr ..."
Abstract

Cited by 64 (1 self)
 Add to MetaCart
In order to verify semialgebraic programs, we automatize the Floyd/Naur/Hoare proof method. The main task is to automatically infer valid invariants and rank functions. First we express the program semantics in polynomial form. Then the unknown rank function and invariants are abstracted in parametric form. The implication in the Floyd/Naur/Hoare verification conditions is handled by abstraction into numerical constraints by Lagrangian relaxation. The remaining universal quantification is handled by semidefinite programming relaxation. Finally the parameters are computed using semidefinite programming solvers. This new approach exploits the recent progress in the numerical resolution of linear or bilinear matrix inequalities by semidefinite programming using efficient polynomial primal/dual interior point methods generalizing those wellknown in linear programming to convex optimization. The framework is applied to invariance and termination proof of sequential, nondeterministic, concurrent, and fair parallel imperative polynomial programs and can easily be extended to other safety and liveness properties.
Precise Interprocedural Analysis through Linear Algebra
, 2004
"... We apply linear algebra techniques to precise interprocedural dataflow analysis. Specifically, we describe analyses that determine for each program point identities that are valid among the program variables whenever control reaches that program point. Our analyses fully interpret assignment stateme ..."
Abstract

Cited by 60 (9 self)
 Add to MetaCart
We apply linear algebra techniques to precise interprocedural dataflow analysis. Specifically, we describe analyses that determine for each program point identities that are valid among the program variables whenever control reaches that program point. Our analyses fully interpret assignment statements with affine expressions on the right hand side while considering other assignments as nondeterministic and ignoring conditions at branches. Under this abstraction, the analysis computes the set of all affine relations and, more generally, all polynomial relations of bounded degree precisely. The running time of our algorithms is linear in the program size and polynomial in the number of occurring variables. We also show how to deal with affine preconditions and local variables and indicate how to handle parameters and return values of procedures.
Relational Inductive Shape Analysis
 in "ACM SIGPLANSIGACT Symposium on Principles of Programming Languages
, 2008
"... Shape analyses are concerned with precise abstractions of the heap to capture detailed structural properties. To do so, they need to build and decompose summaries of disjoint memory regions. Unfortunately, many data structure invariants require relations be tracked across disjoint regions, such as i ..."
Abstract

Cited by 52 (6 self)
 Add to MetaCart
Shape analyses are concerned with precise abstractions of the heap to capture detailed structural properties. To do so, they need to build and decompose summaries of disjoint memory regions. Unfortunately, many data structure invariants require relations be tracked across disjoint regions, such as intricate numerical data invariants or structural invariants concerning back and cross pointers. In this paper, we identify issues inherent to analyzing relational structures domain for pure data properties and by usersupplied specifications of the data structure invariants to check. Particularly, it supports hybrid invariants about shape and data and features a generic mechanism for materializing summaries at the beginning, middle, or end of inductive structures. Around this domain, we build a shape analysis whose interesting components include a preanalysis on the usersupplied specifications that guides the abstract interpretation and a widening operator over the combined shape and data domain. We then demonstrate our techniques on the proof of preservation of the redblack tree invariants during insertion.