Results 1 
5 of
5
Symbolic methods to enhance the precision of numerical abstract domains
 In Proc. of the 7th Int. Conf. on Verification, Model Checking, and Abstract Interpretation (VMCAI’06), volume 3855 of LNCS
, 2006
"... Abstract. We present lightweight and generic symbolic methods to improve the precision of numerical static analyses based on Abstract Interpretation. The main idea is to simplify numerical expressions before they are fed to abstract transfer functions. An important novelty is that these simplificati ..."
Abstract

Cited by 23 (5 self)
 Add to MetaCart
Abstract. We present lightweight and generic symbolic methods to improve the precision of numerical static analyses based on Abstract Interpretation. The main idea is to simplify numerical expressions before they are fed to abstract transfer functions. An important novelty is that these simplifications are performed onthefly, using information gathered dynamically by the analyzer. A first method, called“linearization,”allows abstracting arbitrary expressions into affine forms with interval coefficients while simplifying them. A second method, called “symbolic constant propagation, ” enhances the simplification feature of the linearization by propagating assigned expressions in a symbolic way. Combined together, these methods increase the relationality level of numerical abstract domains and make them more robust against program transformations. We show how they can be integrated within the classical interval, octagon and polyhedron domains. These methods have been incorporated within the Astrée static analyzer that checks for the absence of runtime errors in embedded critical avionics software. We present an experimental proof of their usefulness. 1
Algebra of Normal Function Tables
, 1997
"... In contrast to classical algebra and analysis the functions encountered in computer science are usually piecewise continuous functions or functions whose evaluation rules change dramatically depending on a subset of the input values. Because of the pervasiveness of the ifthenelse construction in p ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In contrast to classical algebra and analysis the functions encountered in computer science are usually piecewise continuous functions or functions whose evaluation rules change dramatically depending on a subset of the input values. Because of the pervasiveness of the ifthenelse construction in programming, we have to extend classical mathematical methods to handle this kind of object. We approach this class of functions using tabular expressions. In this paper we define a function algebra, over a many sorted algebra, which is closed under composition. Then, this function algebra is extended to tables. This enables us to define the composition of tables. We show that this algebra of tables is closed under composition. We give two algorithms to compute the composition of tables. 1 Introduction In literature we find several different approaches to define easily readable but mathematically precise notations for piecewise functions and functions changing definition depending on parame...
Abstract Algebra of Normal Function Tables
, 1997
"... In contrast to classical algebra and analysis the functions encountered in computer science are usually piecewise continuous functions or functions whose evaluation rules change dramatically depending on a subset of the input values. Because of the pervasiveness of the ifthenelse construction in p ..."
Abstract
 Add to MetaCart
In contrast to classical algebra and analysis the functions encountered in computer science are usually piecewise continuous functions or functions whose evaluation rules change dramatically depending on a subset of the input values. Because of the pervasiveness of the ifthenelse construction in programming, we have to extend classical mathematical methods to handle this kind of object. We approach this class of functions using tabular expressions. In this paper we de ne a function algebra, over a many sorted algebra, which is closed under composition. Then, this function algebra is extended to tables. This enables us to de ne the composition of tables. We show that this algebra of tables is closed under composition. We give two algorithms to compute the composition of tables. 1
Symbolic Safety Analysis of Memory Accesses Within Loops
, 1997
"... One of the biggest challenges in operating systems, distributed systems, and mobile code is how to ensure safety of untrusted code. Two recent proposals are Software Fault Isolation (SFI) and ProofCarrying Code (PCC). A difficult challenge is how to deal with memory accesses within loops. SFI gener ..."
Abstract
 Add to MetaCart
One of the biggest challenges in operating systems, distributed systems, and mobile code is how to ensure safety of untrusted code. Two recent proposals are Software Fault Isolation (SFI) and ProofCarrying Code (PCC). A difficult challenge is how to deal with memory accesses within loops. SFI generates runtime bounds checks at every access, which incurs nonnegligible overhead in tight loops, while PCC currently requires that the loop be preannotated with invariants that specify these bounds. I present a static analysis for automatically determining the bounds of the memory accesses within a loop. Given a loop in either source code (e.g., C) or executable binary, the analysis attempts to generate a symbolic expression for each memory access in the loop that describes its range in terms of the context (e.g., values of variables) before the loop. An operating system can use the results of the analysis in one of two ways: [1] to prove statically that the surrounding context guarantees ...
Automatically Closing Open Reactive Programs
 In Proceedings of 1998 ACM SIGPLAN Conference on Programming Language Design and Implementation
, 1998
"... We study in this paper the problem of analyzing implementations of open systems  systems in which only some of the components are present. We present an algorithm for automatically closing an open concurrent reactive system with its most general environment, i.e., the environment that can provide ..."
Abstract
 Add to MetaCart
We study in this paper the problem of analyzing implementations of open systems  systems in which only some of the components are present. We present an algorithm for automatically closing an open concurrent reactive system with its most general environment, i.e., the environment that can provide any input at any time to the system. The result is a nondeterministic closed (i.e., selfexecutable) system which can exhibit all the possible reactive behaviors of the original open system. These behaviors can then be analyzed using VeriSoft, an existing tool for systematically exploring the state spaces of closed systems composed of multiple (possibly nondeterministic) processes executing arbitrary code. We have implemented the techniques introduced in this paper in a prototype tool for automatically closing open programs written in the C programming language. We discuss preliminary experimental results obtained with a large telephoneswitching software application developed at Lucent Tec...