Results 1  10
of
37
The Octagon Abstract Domain
"... ... domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on DifferenceBound Matrices and allows us to represent invariants of the form (±x ± y ≤ c), where x and y are program variables and c is a real constant. We focus on giving an efficient re ..."
Abstract

Cited by 253 (24 self)
 Add to MetaCart
... domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on DifferenceBound Matrices and allows us to represent invariants of the form (±x ± y ≤ c), where x and y are program variables and c is a real constant. We focus on giving an efficient representation based on DifferenceBound Matrices—O(n²) memory cost, where n is the number of variables—and graphbased algorithms for all common abstract operators—O(n³) time cost. This includes a normal form algorithm to test equivalence of representation and a widening operator to compute least fixpoint approximations.
Verification of RealTime Systems using Linear Relation Analysis
 FORMAL METHODS IN SYSTEM DESIGN
, 1997
"... Linear Relation Analysis [CH78] is an abstract interpretation devoted to the automatic discovery of invariant linear inequalities among numerical variables of a program. In this paper, we apply such an analysis to the verification of quantitative time properties of two kinds of systems: synchronous ..."
Abstract

Cited by 116 (6 self)
 Add to MetaCart
Linear Relation Analysis [CH78] is an abstract interpretation devoted to the automatic discovery of invariant linear inequalities among numerical variables of a program. In this paper, we apply such an analysis to the verification of quantitative time properties of two kinds of systems: synchronous programs and linear hybrid systems.
Verification of Linear Hybrid Systems By Means of Convex Approximations
, 1994
"... We present a new application of the abstract interpretation by means of convex polyhedra, to a class of hybrid systems, i.e., systems involving both discrete and continuous variables. The result is an efficient automatic tool for approximate, but conservative, verification of reachability propert ..."
Abstract

Cited by 87 (2 self)
 Add to MetaCart
We present a new application of the abstract interpretation by means of convex polyhedra, to a class of hybrid systems, i.e., systems involving both discrete and continuous variables. The result is an efficient automatic tool for approximate, but conservative, verification of reachability properties of these systems. 1 Introduction Timed automata [AD90] have been recently introduced to model realtime systems. A timed automaton is a finite automaton associated with a finite set of clocks, each clock counting the continuous elapsing of time. Each transition of the automaton can be guarded by a simple linear condition on the clock values, and can result in resetting some clocks to zero. A nice feature of this model is that it can be abstracted into a finite state system, and that all the standard verification problems (reachability, TCTL modelchecking [ACD90, HNSY92]) are decidable. However, many interesting extensions of this model have been shown to lose this decidability propert...
A note on Chernikova's Algorithm
, 1994
"... This paper describes an implementation of Chernikova's algorithm for finding an irredundant set of vertices for a given polyhedron defined by a set of linear inequalities and equations. This algorithm can also be used for the dual problem: given a set of extremal rays and vertices, find the ..."
Abstract

Cited by 50 (0 self)
 Add to MetaCart
This paper describes an implementation of Chernikova's algorithm for finding an irredundant set of vertices for a given polyhedron defined by a set of linear inequalities and equations. This algorithm can also be used for the dual problem: given a set of extremal rays and vertices, find the associated irredundant set of facet supporting hyperplanes. The method
Inferring Argument Size Relationships with CLP(R)
, 1996
"... . Argument size relationships are useful in termination analysis which, in turn, is important in program synthesis and goalreplacement transformations. We show how a precise analysis for interargument size relationships, formulated in terms of abstract interpretation, can be implemented straightfo ..."
Abstract

Cited by 48 (8 self)
 Add to MetaCart
. Argument size relationships are useful in termination analysis which, in turn, is important in program synthesis and goalreplacement transformations. We show how a precise analysis for interargument size relationships, formulated in terms of abstract interpretation, can be implemented straightforwardly in a language with constraint support like CLP(R) or SICStus version 3. The analysis is based on polyhedral approximations and uses a simple relaxation technique to calculate least upper bounds and a delay method to improve the precision of widening. To the best of our knowledge, and despite its simplicity, the analysis derives relationships to an accuracy that is either comparable or better than any existing technique. 1 Introduction Termination analysis is important in program synthesis, goalreplacement transformations and is also likely to be useful in offline partial deduction. Termination analysis is usually necessary in synthesis since synthesis often only guarantees semanti...
Fully Automatic, Parametric WorstCase Execution Time Analysis
 In Workshop on WorstCase Execution Time (WCET) Analysis
, 2003
"... WorstCase Execution Time (WCET) analysis means to compute a safe upper bound to the execution time of a piece of code. Parametric WCET analysis yields symbolic upper bounds: expressions that may contain parameters. These parameters may represent, for instance, values of input parameters to the p ..."
Abstract

Cited by 45 (3 self)
 Add to MetaCart
WorstCase Execution Time (WCET) analysis means to compute a safe upper bound to the execution time of a piece of code. Parametric WCET analysis yields symbolic upper bounds: expressions that may contain parameters. These parameters may represent, for instance, values of input parameters to the program, or maximal iteration counts for loops. We describe a technique for fully automatic parametric WCET analysis, which is based on known mathematical methods: an abstract interpretation to calculate parametric constraints on program flow, a symbolic method to count integer points in polyhedra, and a symbolic ILP technique to solve the subsequent IPET calculation of WCET bound. The technique is capable of handling unstructured code, and it can find upper bounds to loop iteration counts automatically.
Precise Widening Operators for Convex Polyhedra
 Static Analysis: Proceedings of the 10th International Symposium, volume 2694 of Lecture Notes in Computer Science
, 2003
"... Convex polyhedra constitute the most used abstract domain among those capturing numerical relational information. Since the domain of convex polyhedra admits infinite ascending chains, it has to be used in conjunction with appropriate mechanisms for enforcing and accelerating convergence of the ..."
Abstract

Cited by 44 (9 self)
 Add to MetaCart
Convex polyhedra constitute the most used abstract domain among those capturing numerical relational information. Since the domain of convex polyhedra admits infinite ascending chains, it has to be used in conjunction with appropriate mechanisms for enforcing and accelerating convergence of the fixpoint computation. Widening operators provide a simple and general characterization for such mechanisms. For the domain of convex polyhedra, the original widening operator proposed by Cousot and Halbwachs amply deserves the name of standard widening since most analysis and verification tools that employ convex polyhedra also employ that operator. Nonetheless, there is an unfulfilled demand for more precise widening operators. In this paper, after a formal introduction to the standard widening where we clarify some aspects that are often overlooked, we embark on the challenging task of improving on it. We present a framework for the systematic definition of new and precise widening operators for convex polyhedra. The framework is then instantiated so as to obtain a new widening operator that combines several heuristics and uses the standard widening as a last resort so that it is never less precise. A preliminary experimental evaluation has yielded promising results.
Modular Static Program Analysis
 Proceedings of Compiler Construction
, 2002
"... Abstract. The purpose of this paper is to present four basic methods for interpretation: – simplificationbased separate analysis; – worstcase separate analysis; – separate analysis with (userprovided) interfaces; – symbolic relational separate analysis; as well as a fifth category which is essent ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
Abstract. The purpose of this paper is to present four basic methods for interpretation: – simplificationbased separate analysis; – worstcase separate analysis; – separate analysis with (userprovided) interfaces; – symbolic relational separate analysis; as well as a fifth category which is essentially obtained by composition of the above separate local analyses together with global analysis methods. 1
Combining widening and acceleration in linear relation analysis
 IN SAS
, 2006
"... Linear Relation Analysis [CH78,Hal79] is one of the first, but still one of the most powerful, abstract interpretations working in an infinite lattice. As such, it makes use of a widening operator to enforce the convergence of fixpoint computations. While the approximation due to widening can be ar ..."
Abstract

Cited by 26 (5 self)
 Add to MetaCart
Linear Relation Analysis [CH78,Hal79] is one of the first, but still one of the most powerful, abstract interpretations working in an infinite lattice. As such, it makes use of a widening operator to enforce the convergence of fixpoint computations. While the approximation due to widening can be arbitrarily refined by delaying the application of widening, the analysis quickly becomes too expensive with the increase of delay. Previous attempts at improving the precision of widening are not completely satisfactory, since none of them is guaranteed to improve the precision of the result, and they can nevertheless increase the cost of the analysis. In this paper, we investigate an improvement of Linear Relation Analysis consisting in computing, when possible, the exact (abstract) effect of a loop. This technique is fully compatible with the use of widening, and whenever it applies, it improves both the precision and the performance of the analysis. Linear Relation Analysis [CH78,Hal79] (LRA) is one of the very first applications
Widening arithmetic automata
 In Computer Aided Verification’04
, 2004
"... Abstract. Model checking of infinite state systems is undecidable, therefore, there are instances for which fixpoint computations used in infinite state model checkers do not converge. Given a widening operator one can compute an upper approximation of a least fixpoint in finite number of steps even ..."
Abstract

Cited by 24 (13 self)
 Add to MetaCart
Abstract. Model checking of infinite state systems is undecidable, therefore, there are instances for which fixpoint computations used in infinite state model checkers do not converge. Given a widening operator one can compute an upper approximation of a least fixpoint in finite number of steps even if the least fixpoint is uncomputable. We present a widening operator for automata encoding integer sets. We show how widening can be used to verify safety properties that cannot be verified otherwise. We also show that the dual of the widening operator can be used to detect counter examples for liveness properties. Finally, we show experimentally how the same technique can be used to verify properties of complex infinite state systems efficiently. 1