Results 1  10
of
70
The Octagon Abstract Domain
"... ... domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on DifferenceBound Matrices and allows us to represent invariants of the form (±x ± y ≤ c), where x and y are program variables and c is a real constant. We focus on giving an efficient re ..."
Abstract

Cited by 253 (24 self)
 Add to MetaCart
(Show Context)
... domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on DifferenceBound Matrices and allows us to represent invariants of the form (±x ± y ≤ c), where x and y are program variables and c is a real constant. We focus on giving an efficient representation based on DifferenceBound Matrices—O(n²) memory cost, where n is the number of variables—and graphbased algorithms for all common abstract operators—O(n³) time cost. This includes a normal form algorithm to test equivalence of representation and a widening operator to compute least fixpoint approximations.
A Static Analyzer for Large SafetyCritical Software
, 2003
"... We show that abstract interpretationbased static program analysis can be made e#cient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement of a general purpose static analyzer and later adaptation to p ..."
Abstract

Cited by 199 (43 self)
 Add to MetaCart
(Show Context)
We show that abstract interpretationbased static program analysis can be made e#cient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement of a general purpose static analyzer and later adaptation to particular programs of the family by the enduser through parametrization. This is applied to the proof of soundness of data manipulation operations at the machine level for periodic synchronous safety critical embedded software. The main novelties are the design principle of static analyzers by refinement and adaptation through parametrization, the symbolic manipulation of expressions to improve the precision of abstract transfer functions, ellipsoid, and decision tree abstract domains, all with sound handling of rounding errors in floating point computations, widening strategies (with thresholds, delayed) and the automatic determination of the parameters (parametrized packing).
The ASTRÉE analyzer
 Programming Languages and Systems, Proceedings of the 14th European Symposium on Programming, volume 3444 of Lecture Notes in Computer Science
, 2005
"... Abstract. ASTRÉE is an abstract interpretationbased static program analyzer aiming at proving automatically the absence of run time errors in programs written in the C programming language. It has been applied with success to large embedded controlcommand safety critical realtime software generate ..."
Abstract

Cited by 71 (10 self)
 Add to MetaCart
(Show Context)
Abstract. ASTRÉE is an abstract interpretationbased static program analyzer aiming at proving automatically the absence of run time errors in programs written in the C programming language. It has been applied with success to large embedded controlcommand safety critical realtime software generated automatically from synchronous specifications, producing a correctness proof for complex software without any false alarm in a few hours of computation. 1
Scalable analysis of linear systems using mathematical programming
 In Proc. VMCAI, LNCS 3385
, 2005
"... Abstract. We present a method for generating linear invariants for domain consisting of arbitrary polyhedra of a predefined fixed shape. The basic operations on the domain like abstraction, intersection, join and inclusion tests are all posed as linear optimization queries, which can be solved effic ..."
Abstract

Cited by 70 (8 self)
 Add to MetaCart
(Show Context)
Abstract. We present a method for generating linear invariants for domain consisting of arbitrary polyhedra of a predefined fixed shape. The basic operations on the domain like abstraction, intersection, join and inclusion tests are all posed as linear optimization queries, which can be solved efficiently by existing LP solvers. The number and dimensionality of the LP queries are polynomial in the program dimensionality, size and the number of target invariants. The method generalizes similar analyses in the interval, octagon, and octahedra domains, without resorting to polyhedral manipulations. We demonstrate the performance of our method on some benchmark programs. 1
The octahedron abstract domain
 In Static Analysis Symposium (2004
, 2004
"... NOTICE: This is the author’s version of a work that was accepted for publication in Science of Computer Programming. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this docu ..."
Abstract

Cited by 50 (1 self)
 Add to MetaCart
(Show Context)
NOTICE: This is the author’s version of a work that was accepted for publication in Science of Computer Programming. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. A definitive version was subsequently published in Science of Computer Programming, 64(2007):115139.
Precise and Efficient Static Array Bound Checking for Large Embedded C Programs
, 2004
"... In this paper we describe the design and implementation of a static arraybound checker for a family of embedded programs: the flight control software of recent Mars missions. These codes are large (up to 280 KLOC), pointer intensive, heavily multithreaded and written in an objectoriented style, whi ..."
Abstract

Cited by 40 (7 self)
 Add to MetaCart
(Show Context)
In this paper we describe the design and implementation of a static arraybound checker for a family of embedded programs: the flight control software of recent Mars missions. These codes are large (up to 280 KLOC), pointer intensive, heavily multithreaded and written in an objectoriented style, which makes their analysis very challenging. We designed a tool called C Global Surveyor (CGS) that can analyze the largest code in a couple of hours with a precision of 80%. The scalability and precision of the analyzer are achieved by using an incremental framework in which a pointer analysis and a numerical analysis of array indices mutually refine each other. CGS has been designed so that it can distribute the analysis over several processors in a cluster of machines. To the best of our knowledge this is the first distributed implementation of static analysis algorithms. Throughout the paper we will discuss the scalability setbacks that we encountered during the construction of the tool and their impact on the initial design decisions.
Two Variables per Linear Inequality as an Abstract Domain
 Logicbased Program Synthesis and Transformation, volume 2664 of LNCS
, 2003
"... Abstract. This paper explores the spatial domain of sets of inequalities where each inequality contains at most two variables – a domain that is richer than intervals and more tractable than general polyhedra. We present a complete suite of efficient domain operations for linear systems with two var ..."
Abstract

Cited by 35 (10 self)
 Add to MetaCart
(Show Context)
Abstract. This paper explores the spatial domain of sets of inequalities where each inequality contains at most two variables – a domain that is richer than intervals and more tractable than general polyhedra. We present a complete suite of efficient domain operations for linear systems with two variables per inequality with unrestricted coefficients. We exploit a tactic in which a system of inequalities with at most two variables per inequality is decomposed into a series of projections – one for each two dimensional plane. The decomposition enables all domain operations required for abstract interpretation to be expressed in terms of the two dimensional case. The resulting operations are efficient and include a novel planar convex hull algorithm. Empirical evidence suggests that widening can be applied effectively, ensuring tractability. 1
Modular Static Program Analysis
 Proceedings of Compiler Construction
, 2002
"... Abstract. The purpose of this paper is to present four basic methods for interpretation: – simplificationbased separate analysis; – worstcase separate analysis; – separate analysis with (userprovided) interfaces; – symbolic relational separate analysis; as well as a fifth category which is essent ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
(Show Context)
Abstract. The purpose of this paper is to present four basic methods for interpretation: – simplificationbased separate analysis; – worstcase separate analysis; – separate analysis with (userprovided) interfaces; – symbolic relational separate analysis; as well as a fifth category which is essentially obtained by composition of the above separate local analyses together with global analysis methods. 1
On the relative completeness of bytecode analysis versus source code analysis
 Proceedings of CC ’08, LNCS
, 2008
"... Abstract. We discuss the challenges faced by bytecode analyzers designed for code verification compared to similar analyzers for source code. While a bytecodelevel analysis brings many simplifications, e.g., fewer cases, independence from source syntax, name resolution, etc., it also introduces pre ..."
Abstract

Cited by 22 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We discuss the challenges faced by bytecode analyzers designed for code verification compared to similar analyzers for source code. While a bytecodelevel analysis brings many simplifications, e.g., fewer cases, independence from source syntax, name resolution, etc., it also introduces precision loss that must be recovered either via preprocessing, more precise abstract domains, more precise transfer functions, or a combination thereof. The paper studies the relative completeness of a static analysis for bytecode compared to the analysis of the program source. We illustrate it through examples originating from the design and the implementation of Clousot, a generic static analyzer based on Abstract Interpretation for the analysis of MSIL. 1
A few graphbased relational numerical abstract domains
 Static Analysis: Proceedings of the 9th International Symposium
, 2002
"... Abstract. This article presents the systematic design of a class of relational numerical abstract domains from nonrelational ones. Constructed domains represent sets of invariants of the form (vj − vi ∈ C), where vj and vi are two variables, and C lives in an abstraction of P(Z), P(Q), or P(R). We ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
(Show Context)
Abstract. This article presents the systematic design of a class of relational numerical abstract domains from nonrelational ones. Constructed domains represent sets of invariants of the form (vj − vi ∈ C), where vj and vi are two variables, and C lives in an abstraction of P(Z), P(Q), or P(R). We will call this family of domains weakly relational domains. The underlying concept allowing this construction is an extension of potential graphs and shortestpath closure algorithms in exoticlike algebras. Example constructions are given in order to retrieve wellknown domains Interpretation framework in order to design various static analyses. A major benefit of this construction is its modularity, allowing to quickly implement new abstract domains from existing ones. 1