## A new numerical abstract domain based on difference-bound matrices (2001)

Venue: | Proceedings of the 2nd Symposium on Programs as Data Objects (PADO 2001), volume 2053 of Lecture Notes in Computer Science |

Citations: | 62 - 11 self |

### BibTeX

@INPROCEEDINGS{Miné01anew,

author = {Antoine Miné and École Normale and Supérieure Paris},

title = {A new numerical abstract domain based on difference-bound matrices},

booktitle = {Proceedings of the 2nd Symposium on Programs as Data Objects (PADO 2001), volume 2053 of Lecture Notes in Computer Science},

year = {2001},

pages = {155--172},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract. This paper presents a new numerical abstract domain for static analysis by abstract interpretation. This domain allows us to represent invariants of the form (x − y ≤ c) and (±x ≤ c), where x and y are variables values and c is an integer or real constant. Abstract elements are represented by Difference-Bound Matrices, widely used by model-checkers, but we had to design new operators to meet the needs of abstract interpretation. The result is a complete lattice of infinite height featuring widening, narrowing and common transfer functions. We focus on giving an efficient O(n 2) representation and graph-based O(n 3) algorithms—where n is the number of variables—and claim that this domain always performs more precisely than the well-known interval domain. To illustrate the precision/cost tradeoff of this domain, we have implemented simple abstract interpreters for toy imperative and parallel languages which allowed us to prove some non-trivial algorithms correct. 1

### Citations

8530 | Introduction to Algorithms - Cormen, Leiserson, et al. - 1990 |

631 | Systematic Design of Program Analysis Frameworks
- Cousot, Cousot
- 1979
(Show Context)
Citation Context ...is Connection—linking the set of abstract V 0 -domains to the concrete lattice P({v2, . . . , vn} ↦→ I), following the abstract interpretation framework described in Cousot and Cousot’s POPL’79 paper =-=[5]-=-. DBM Lattice. The set M of DBMs, together with the order relation � and the point-wise least upper bound ∨ and greatest lower bound ∧, is almost a lattice. It only needs a least element ⊥, so we exte... |

572 | Automatic discovery of linear restraints among variables of a program
- Cousot, Halbwachs
- 1978
(Show Context)
Citation Context ... find. Famous examples are the lattice of intervals (described in, for instance, Cousot and Cousot’s ISOP’76 paper [4]) and the lattice of polyhedra (described in Cousot and Halbwachs’s POPL’78 paper =-=[8]-=-) which represent respectively invariants of the form (v ∈ [c1, c2]) and (α1v1 + · · · + αnvn ≤ c). Whereas the interval analysis is very efficient—linear memory and time cost—but not very precise, th... |

286 | Abstract Interpretation and Applications to Logic Programs - Cousot, Cousot - 1994 |

215 |
A new solution of dijkstra’s concurrent programming problem
- Lamport
- 1974
(Show Context)
Citation Context ...-known nondeterministic interleaving method in order to analyze all possible control flows. In this context, we managed to prove automatically that the Bakery algorithm, introduced in 1974 by Lamport =-=[9]-=-, for synchronizing two parallel processes never lets the two processes be at the same time in their critical sections. We now detail this example. The Bakery Algorithm. After the initialization of tw... |

166 |
Static determination of dynamic properties of programs
- COUSOT, COUSOT
- 1976
(Show Context)
Citation Context ...ased on numerical abstract domainssrepresenting the form of the invariants we want to find. Famous examples are the lattice of intervals (described in, for instance, Cousot and Cousot’s ISOP’76 paper =-=[4]-=-) and the lattice of polyhedra (described in Cousot and Halbwachs’s POPL’78 paper [8]) which represent respectively invariants of the form (v ∈ [c1, c2]) and (α1v1 + · · · + αnvn ≤ c). Whereas the int... |

161 | Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation
- Cousot, Cousot
- 1992
(Show Context)
Citation Context ...hen the sequence (xk)k∈N is more precise than the sequence ([yk, zk])k∈N in the following sense: ∀k, π |vi (xk) ⊆ [yk, zk] . Remark that the technique, described in Cousot and Cousot’s PLILP’92 paper =-=[7]-=-, for improving the precision of the standard widening over intervals ▽ can also be applied to our widening ▽. It allows, for instance, deriving a widening that always gives better results than a simp... |

118 | Efficient chaotic iteration strategies with widenings
- Bourdoncle
- 1993
(Show Context)
Citation Context ... the actual forward analysis algorithm used for our analyzers. They follow exactly the abstract interpretation scheme described in Cousot and Cousot’s POPL’79 paper [5] and Bourdoncle’s FMPA’93 paper =-=[1]-=- and are detailed in the author’s MS thesis [12]. Theorems 1, 3, 5, 6, 11 and 13 prove that all the operators and transfer functions we defined are indeed abstractions on the domain of DBMs of the usu... |

90 | Méthodes itératives de construction et d’approximation de points fixes d’opérateurs monotones sur un treillis, analyse sémantique des programmes. Université Scientifique et Médicale de Grenoble - Cousot - 1978 |

57 | Efficient Verification of Realtime Systems: Compact Data Structure and State-space Reduction
- Larsen, Larsson, et al.
- 1997
(Show Context)
Citation Context ...ifference-Bound Matrices (DBMs), was introduced, as well as many operators in order to model-check timed automata (see Yovine’s ES’98 paper [14] and Larsen, Larsson, Pettersson and Yi’s RTSS’97 paper =-=[10]-=-). Unfortunately, most operators are tied to modelchecking and are of little interest for static analysis. Our Contribution. This paper presents a new abstract numerical domain based on the DBM repres... |

57 | Model checking timed automata
- Yovine
(Show Context)
Citation Context ... modelchecking community. A special representation, called Difference-Bound Matrices (DBMs), was introduced, as well as many operators in order to model-check timed automata (see Yovine’s ES’98 paper =-=[14]-=- and Larsen, Larsson, Pettersson and Yi’s RTSS’97 paper [10]). Unfortunately, most operators are tied to modelchecking and are of little interest for static analysis. Our Contribution. This paper pres... |

38 | Difference Decision Diagrams
- Møller, Lichtenberg, et al.
- 1999
(Show Context)
Citation Context ...an sets. Clock-Difference Diagrams (introduced in 1999 by Larsen, Weise, Yi and Pearson [11]) and Difference Decision Diagrams (introduced in Møller, Lichtenberg, Andersen and Hulgaard’s CSL’99 paper =-=[13]-=-) are tree-based structures made compact thanks to the sharing of isomorphic sub-trees; however existence of normal forms for such structures is only a conjecture at the time of writing and only local... |

19 | W.: Clock Difference Diagrams
- Larsen, Pearson, et al.
- 1999
(Show Context)
Citation Context ...ommunity has also developed specific structures to represent finite unions of V-domains, that are less costly than sets. Clock-Difference Diagrams (introduced in 1999 by Larsen, Weise, Yi and Pearson =-=[11]-=-) and Difference Decision Diagrams (introduced in Møller, Lichtenberg, Andersen and Hulgaard’s CSL’99 paper [13]) are tree-based structures made compact thanks to the sharing of isomorphic sub-trees; ... |

4 |
Representation of two-variable difference or sum constraint set and application to automatic program analysis
- Miné
- 2000
(Show Context)
Citation Context ...method works for integers, reals and even rationals. For the sake of brevity, we will omit proofs of theorems in this paper. The complete proof for all theorems can be found in the author’s MS thesis =-=[12]-=-. Previous and Related Work. Static analysis has developed approaches to automatically find numerical invariants based on numerical abstract domainssrepresenting the form of the invariants we want to ... |