Results 1  10
of
47
The Octagon Abstract Domain
"... ... domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on DifferenceBound Matrices and allows us to represent invariants of the form (±x ± y ≤ c), where x and y are program variables and c is a real constant. We focus on giving an efficient re ..."
Abstract

Cited by 327 (24 self)
 Add to MetaCart
(Show Context)
... domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on DifferenceBound Matrices and allows us to represent invariants of the form (±x ± y ≤ c), where x and y are program variables and c is a real constant. We focus on giving an efficient representation based on DifferenceBound Matrices—O(n²) memory cost, where n is the number of variables—and graphbased algorithms for all common abstract operators—O(n³) time cost. This includes a normal form algorithm to test equivalence of representation and a widening operator to compute least fixpoint approximations.
Verification of RealTime Systems using Linear Relation Analysis
 FORMAL METHODS IN SYSTEM DESIGN
, 1997
"... Linear Relation Analysis [CH78] is an abstract interpretation devoted to the automatic discovery of invariant linear inequalities among numerical variables of a program. In this paper, we apply such an analysis to the verification of quantitative time properties of two kinds of systems: synchronous ..."
Abstract

Cited by 134 (7 self)
 Add to MetaCart
(Show Context)
Linear Relation Analysis [CH78] is an abstract interpretation devoted to the automatic discovery of invariant linear inequalities among numerical variables of a program. In this paper, we apply such an analysis to the verification of quantitative time properties of two kinds of systems: synchronous programs and linear hybrid systems.
Verification of Linear Hybrid Systems By Means of Convex Approximations
, 1994
"... We present a new application of the abstract interpretation by means of convex polyhedra, to a class of hybrid systems, i.e., systems involving both discrete and continuous variables. The result is an efficient automatic tool for approximate, but conservative, verification of reachability propert ..."
Abstract

Cited by 96 (2 self)
 Add to MetaCart
(Show Context)
We present a new application of the abstract interpretation by means of convex polyhedra, to a class of hybrid systems, i.e., systems involving both discrete and continuous variables. The result is an efficient automatic tool for approximate, but conservative, verification of reachability properties of these systems. 1 Introduction Timed automata [AD90] have been recently introduced to model realtime systems. A timed automaton is a finite automaton associated with a finite set of clocks, each clock counting the continuous elapsing of time. Each transition of the automaton can be guarded by a simple linear condition on the clock values, and can result in resetting some clocks to zero. A nice feature of this model is that it can be abstracted into a finite state system, and that all the standard verification problems (reachability, TCTL modelchecking [ACD90, HNSY92]) are decidable. However, many interesting extensions of this model have been shown to lose this decidability propert...
A note on Chernikova's Algorithm
, 1994
"... This paper describes an implementation of Chernikova's algorithm for finding an irredundant set of vertices for a given polyhedron defined by a set of linear inequalities and equations. This algorithm can also be used for the dual problem: given a set of extremal rays and vertices, find the ..."
Abstract

Cited by 56 (0 self)
 Add to MetaCart
This paper describes an implementation of Chernikova's algorithm for finding an irredundant set of vertices for a given polyhedron defined by a set of linear inequalities and equations. This algorithm can also be used for the dual problem: given a set of extremal rays and vertices, find the associated irredundant set of facet supporting hyperplanes. The method
Inferring Argument Size Relationships with CLP(R)
, 1996
"... . Argument size relationships are useful in termination analysis which, in turn, is important in program synthesis and goalreplacement transformations. We show how a precise analysis for interargument size relationships, formulated in terms of abstract interpretation, can be implemented straightfo ..."
Abstract

Cited by 56 (11 self)
 Add to MetaCart
. Argument size relationships are useful in termination analysis which, in turn, is important in program synthesis and goalreplacement transformations. We show how a precise analysis for interargument size relationships, formulated in terms of abstract interpretation, can be implemented straightforwardly in a language with constraint support like CLP(R) or SICStus version 3. The analysis is based on polyhedral approximations and uses a simple relaxation technique to calculate least upper bounds and a delay method to improve the precision of widening. To the best of our knowledge, and despite its simplicity, the analysis derives relationships to an accuracy that is either comparable or better than any existing technique. 1 Introduction Termination analysis is important in program synthesis, goalreplacement transformations and is also likely to be useful in offline partial deduction. Termination analysis is usually necessary in synthesis since synthesis often only guarantees semanti...
Precise Widening Operators for Convex Polyhedra
 Static Analysis: Proceedings of the 10th International Symposium, volume 2694 of Lecture Notes in Computer Science
, 2003
"... Convex polyhedra constitute the most used abstract domain among those capturing numerical relational information. Since the domain of convex polyhedra admits infinite ascending chains, it has to be used in conjunction with appropriate mechanisms for enforcing and accelerating convergence of the ..."
Abstract

Cited by 56 (9 self)
 Add to MetaCart
Convex polyhedra constitute the most used abstract domain among those capturing numerical relational information. Since the domain of convex polyhedra admits infinite ascending chains, it has to be used in conjunction with appropriate mechanisms for enforcing and accelerating convergence of the fixpoint computation. Widening operators provide a simple and general characterization for such mechanisms. For the domain of convex polyhedra, the original widening operator proposed by Cousot and Halbwachs amply deserves the name of standard widening since most analysis and verification tools that employ convex polyhedra also employ that operator. Nonetheless, there is an unfulfilled demand for more precise widening operators. In this paper, after a formal introduction to the standard widening where we clarify some aspects that are often overlooked, we embark on the challenging task of improving on it. We present a framework for the systematic definition of new and precise widening operators for convex polyhedra. The framework is then instantiated so as to obtain a new widening operator that combines several heuristics and uses the standard widening as a last resort so that it is never less precise. A preliminary experimental evaluation has yielded promising results.
Fully Automatic, Parametric WorstCase Execution Time Analysis
 In Workshop on WorstCase Execution Time (WCET) Analysis
, 2003
"... WorstCase Execution Time (WCET) analysis means to compute a safe upper bound to the execution time of a piece of code. Parametric WCET analysis yields symbolic upper bounds: expressions that may contain parameters. These parameters may represent, for instance, values of input parameters to the p ..."
Abstract

Cited by 49 (3 self)
 Add to MetaCart
(Show Context)
WorstCase Execution Time (WCET) analysis means to compute a safe upper bound to the execution time of a piece of code. Parametric WCET analysis yields symbolic upper bounds: expressions that may contain parameters. These parameters may represent, for instance, values of input parameters to the program, or maximal iteration counts for loops. We describe a technique for fully automatic parametric WCET analysis, which is based on known mathematical methods: an abstract interpretation to calculate parametric constraints on program flow, a symbolic method to count integer points in polyhedra, and a symbolic ILP technique to solve the subsequent IPET calculation of WCET bound. The technique is capable of handling unstructured code, and it can find upper bounds to loop iteration counts automatically.
Combining widening and acceleration in linear relation analysis
 IN SAS
, 2006
"... Linear Relation Analysis [CH78,Hal79] is one of the first, but still one of the most powerful, abstract interpretations working in an infinite lattice. As such, it makes use of a widening operator to enforce the convergence of fixpoint computations. While the approximation due to widening can be ar ..."
Abstract

Cited by 45 (7 self)
 Add to MetaCart
(Show Context)
Linear Relation Analysis [CH78,Hal79] is one of the first, but still one of the most powerful, abstract interpretations working in an infinite lattice. As such, it makes use of a widening operator to enforce the convergence of fixpoint computations. While the approximation due to widening can be arbitrarily refined by delaying the application of widening, the analysis quickly becomes too expensive with the increase of delay. Previous attempts at improving the precision of widening are not completely satisfactory, since none of them is guaranteed to improve the precision of the result, and they can nevertheless increase the cost of the analysis. In this paper, we investigate an improvement of Linear Relation Analysis consisting in computing, when possible, the exact (abstract) effect of a loop. This technique is fully compatible with the use of widening, and whenever it applies, it improves both the precision and the performance of the analysis. Linear Relation Analysis [CH78,Hal79] (LRA) is one of the very first applications
Modular Static Program Analysis
 Proceedings of Compiler Construction
, 2002
"... Abstract. The purpose of this paper is to present four basic methods for interpretation: – simplificationbased separate analysis; – worstcase separate analysis; – separate analysis with (userprovided) interfaces; – symbolic relational separate analysis; as well as a fifth category which is essent ..."
Abstract

Cited by 38 (2 self)
 Add to MetaCart
(Show Context)
Abstract. The purpose of this paper is to present four basic methods for interpretation: – simplificationbased separate analysis; – worstcase separate analysis; – separate analysis with (userprovided) interfaces; – symbolic relational separate analysis; as well as a fifth category which is essentially obtained by composition of the above separate local analyses together with global analysis methods. 1
Automatic modular abstractions for linear constraints, in: Principles of programming languages
 ACM
"... We propose a method for automatically generating abstract transformers for static analysis by abstract interpretation. The method focuses on linear constraints on programs operating on rational, real or floatingpoint variables and containing linear assignments and tests. In addition to loopfree co ..."
Abstract

Cited by 28 (5 self)
 Add to MetaCart
We propose a method for automatically generating abstract transformers for static analysis by abstract interpretation. The method focuses on linear constraints on programs operating on rational, real or floatingpoint variables and containing linear assignments and tests. In addition to loopfree code, the same method also applies for obtaining least fixed points as functions of the precondition, which permits the analysis of loops and recursive functions. Our algorithms are based on new quantifier elimination and symbolic manipulation techniques. Given the specification of an abstract domain, and a program block, our method automatically outputs an implementation of the corresponding abstract transformer. It is thus a form of program transformation. The motivation of our work is dataflow synchronous programming languages, used for building controlcommand embedded systems, but it also applies to imperative and functional programming. 1