Advertisement

Formal Methods in System Design

, Volume 35, Issue 3, pp 279–323 | Cite as

Weakly-relational shapes for numeric abstractions: improved algorithms and proofs of correctness

  • Roberto Bagnara
  • Patricia M. Hill
  • Enea Zaffanella
Article

Abstract

Weakly-relational numeric constraints provide a compromise between complexity and expressivity that is adequate for several applications in the field of formal analysis and verification of software and hardware systems. We address the problems to be solved for the construction of full-fledged, efficient and provably correct abstract domains based on such constraints. We first propose to work with semantic abstract domains, whose elements are geometric shapes, instead of the (more concrete) syntactic abstract domains of constraint networks and matrices on which the previous proposals are based. This allows to solve, once and for all, the problem whereby closure by entailment, a crucial operation for the realization of such domains, seemed to impede the realization of proper widening operators. In our approach, the implementation of widenings relies on the availability of an effective reduction procedure for the considered constraint description: one for the domain of bounded difference shapes already exists in the literature; we provide algorithms for the significantly more complex cases of rational and integer octagonal shapes. We also improve upon the state-of-the-art by presenting, along with their proof of correctness, closure by entailment algorithms of reduced complexity for domains based on rational and integer octagonal constraints. The consequences of implementing weakly-relational numerical domains with floating point numbers are also discussed.

Keywords

Abstract interpretation Numerical domains Widening operators Closure by entailment Elimination of redundant constraints UTVPI constraints 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Cousot P, Cousot R (1976) Static determination of dynamic properties of programs. In: Robinet B (ed) Proceedings of the Second International Symposium on Programming, Paris, France. Dunod, Paris, pp 106–130 Google Scholar
  2. 2.
    Cousot P, Halbwachs N (1978) Automatic discovery of linear restraints among variables of a program. In: Conference Record of the Fifth Annual ACM Symposium on Principles of Programming Languages, Tucson, Arizona. ACM, New York, pp 84–96 Google Scholar
  3. 3.
    Bagnara R (1997) Data-flow analysis for constraint logic-based languages. PhD thesis, Dipartimento di Informatica, Università di Pisa, Pisa, Italy. Printed as Report TD-1/97 Google Scholar
  4. 4.
    Bagnara R, Giacobazzi R, Levi G (1992) Static analysis of CLP programs over numeric domains. In: Billaud M, Castéran P, Corsini M, Musumbu K, Rauzy A (eds) Actes “Workshop on Static Analysis’92”. Atelier Irisa, IRISA Campus de Beaulieu, Bordeaux. Bigre, vol 81–82, pp 43–50. Extended abstract Google Scholar
  5. 5.
    Bagnara R, Giacobazzi R, Levi G (1993) An application of constraint propagation to data-flow analysis. In: Proceedings of “The Ninth Conference on Artificial Intelligence for Applications”, Orlando, Florida. IEEE Computer Society Press, Los Alamitos, pp 270–276 Google Scholar
  6. 6.
    Miné A (2001) A new numerical abstract domain based on difference-bound matrices. In: Danvy O, Filinski A (eds) Proceedings of the 2nd Symposium on Programs as Data Objects (PADO 2001), Aarhus, Denmark. Lecture notes in computer science, vol 2053. Springer, Berlin, pp 155–172 CrossRefGoogle Scholar
  7. 7.
    Shaham R, Kolodner EK, Sagiv S (2000) Automatic removal of array memory leaks in Java. In: Watt DA (ed) Proceedings of the 9th International Conference on Compiler Construction (CC 2000), Berlin, Germany. Lecture notes in computer science, vol 1781. Springer, Berlin, pp 50–66 Google Scholar
  8. 8.
    Miné A (2001) The octagon abstract domain. In: Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE’01), Stuttgart, Germany. IEEE Computer Society Press, Los Alamitos, pp 310–319 CrossRefGoogle Scholar
  9. 9.
    Simon A, King A, Howe JM (2002) Two variables per linear inequality as an abstract domain. In: Leuschel M (ed) Logic Based Program Synthesis and Transformation, 12th International Workshop, Madrid, Spain. Lecture notes in computer science, vol 2664. Springer, Berlin, pp 71–89 CrossRefGoogle Scholar
  10. 10.
    Clarisó R, Cortadella J (2004) The octahedron abstract domain. In: Giacobazzi R (ed) Static Analysis: Proceedings of the 11th International Symposium, Verona, Italy. Lecture notes in computer science, vol 3148. Springer, Berlin, pp 312–327 Google Scholar
  11. 11.
    Sankaranarayanan S, Sipma HB, Manna Z (2005) Scalable analysis of linear systems using mathematical programming. In: Cousot R (ed) Verification, Model Checking and Abstract Interpretation: Proceedings of the 6th International Conference (VMCAI 2005), Paris, France. Lecture notes in computer science, vol 3385. Springer, Berlin, pp 25–41 Google Scholar
  12. 12.
    Miné A (2002) A few graph-based relational numerical abstract domains. In: Hermenegildo MV, Puebla G (eds) Static Analysis: Proceedings of the 9th International Symposium, Madrid, Spain. Lecture notes in computer science, vol 2477. Springer, Berlin, pp 117–132 Google Scholar
  13. 13.
    Jaffar J, Maher MJ, Stuckey PJ, Yap RHC (1994) Beyond finite domains. In: Borning A (ed) Principles and Practice of Constraint Programming: Proceedings of the Second International Workshop, Rosario, Orcas Island, Washington, USA. Lecture notes in computer science, vol 874. Springer, Berlin, pp 86–94 Google Scholar
  14. 14.
    Lagarias JC (1985) The computational complexity of simultaneous Diophantine approximation problems. SIAM J Comput 14(1):196–209 zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Balasundaram V, Kennedy K (1989) A technique for summarizing data access and its use in parallelism enhancing transformations. In: Knobe B (ed) Proceedings of the ACM SIGPLAN’89 Conference on Programming Language Design and Implementation (PLDI), Portland, Oregon, USA. ACM SIGPLAN notices, vol 24(7). ACM, New York, pp 41–53 Google Scholar
  16. 16.
    Ball T, Cook B, Lahiri SK, Zhang L (2004) Zapato: Automatic theorem proving for predicate abstraction refinement. In: Alur R, Peled D (eds) Computer Aided Verification: Proceedings of the 16th International Conference, Boston, MA, USA. Lecture notes in computer science, vol 3114. Springer, Berlin, pp 457–461 Google Scholar
  17. 17.
    Cousot P, Cousot R, Feret J, Mauborgne L, Miné A, Monniaux D, Rival X (2005) The Astrée analyzer. In: Sagiv M (ed) Programming Languages and Systems, Proceedings of the 14th European Symposium on Programming, Edinburgh, UK. Lecture notes in computer science, vol 3444. Springer, Berlin, pp 21–30 Google Scholar
  18. 18.
    Miné A (2005) Weakly relational numerical abstract domains. PhD thesis, École Polytechnique, Paris, France Google Scholar
  19. 19.
    Halbwachs N (1979) Détermination automatique de relations linéaires vérifiées par les variables d’un programme. Thèse de 3ème cycle d’informatique, Université scientifique et médicale de Grenoble, Grenoble, France Google Scholar
  20. 20.
    Bagnara R, Hill PM, Mazzi E, Zaffanella E (2005) Widening operators for weakly-relational numeric abstractions. In: Hankin C, Siveroni I (eds) Static Analysis: Proceedings of the 12th International Symposium, London, UK. Lecture notes in computer science, vol 3672. Springer, Berlin, pp 3–18 Google Scholar
  21. 21.
    Bagnara R, Hill PM, Mazzi E, Zaffanella E (2005) Widening operators for weakly-relational numeric abstractions. Quaderno 399, Dipartimento di Matematica, Università di Parma, Italy. Available at http://www.cs.unipr.it/Publications/
  22. 22.
    Bagnara R, Hill PM, Zaffanella E (2008) An improved tight closure algorithm for integer octagonal constraints. In: Logozzo F, Peled D, Zuck L (eds) Verification, Model Checking and Abstract Interpretation: Proceedings of the 9th International Conference (VMCAI 2008), San Francisco, USA. Lecture notes in computer science, vol 4905. Springer, Berlin, pp 8–21 CrossRefGoogle Scholar
  23. 23.
    Birkhoff G (1967) Lattice theory, 3rd edn. Colloquium publications, vol XXV. American Mathematical Society, Providence zbMATHGoogle Scholar
  24. 24.
    Cousot P, Cousot R (1977) Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the Fourth Annual ACM Symposium on Principles of Programming Languages. ACM, New York, pp 238–252 Google Scholar
  25. 25.
    Cousot P, Cousot R (1979) Systematic design of program analysis frameworks. In: Proceedings of the Sixth Annual ACM Symposium on Principles of Programming Languages. ACM, New York, pp 269–282 Google Scholar
  26. 26.
    Cormen TH, Leiserson TE, Rivest RL (1990) Introduction to algorithms. The MIT Press, Cambridge zbMATHGoogle Scholar
  27. 27.
    Pratt VR (1977) Two easy theories whose combination is hard. Memo sent to Nelson and Oppen concerning a preprint of their paper [49] Google Scholar
  28. 28.
    Bellman R (1957) Dynamic programming. Princeton University Press, Princeton Google Scholar
  29. 29.
    Allen JF, Kautz HA (1985) A model of naive temporal reasoning. In: Hobbs JR, Moore R (eds) Formal theories of the commonsense world. Ablex, Norwood, pp 251–268 Google Scholar
  30. 30.
    Davis E (1987) Constraint propagation with interval labels. Artif Intell 32(3):281–331 zbMATHCrossRefGoogle Scholar
  31. 31.
    Dill DL (1989) Timing assumptions and verification of finite-state concurrent systems. In: Sifakis J (ed) Proceedings of the International Workshop on Automatic Verification Methods for Finite State Systems, Grenoble, France. Lecture notes in computer science, vol 407. Springer, Berlin, pp 197–212 Google Scholar
  32. 32.
    Larsen K, Larsson F, Pettersson P, Yi W (1997) Efficient verification of real-time systems: Compact data structure and state-space reduction. In: Proceedings of the 18th IEEE Real-Time Systems Symposium (RTSS’97). IEEE Computer Society Press, Los Alamitos, pp 14–24 Google Scholar
  33. 33.
    Bagnara R, Hill PM, Ricci E, Zaffanella E (2005) Precise widening operators for convex polyhedra. Sci Comput Program 58(1–2):28–56 zbMATHCrossRefMathSciNetGoogle Scholar
  34. 34.
    Aho AV, Garey MR, Ullman JD (1972) The transitive reduction of a directed graph. SIAM J Comput 1(2):131–137 zbMATHCrossRefMathSciNetGoogle Scholar
  35. 35.
    Halbwachs N, Proy YE, Raymond P (1994) Verification of linear hybrid systems by means of convex approximations. In: Le B (ed) Static Analysis: Proceedings of the 1st International Symposium, Namur, Belgium. Lecture notes in computer science, vol 864. Springer, Berlin, pp 223–237 Google Scholar
  36. 36.
    Halbwachs N, Proy YE, Roumanoff P (1997) Verification of real-time systems using linear relation analysis. Form Methods Syst Des 11(2):157–185 CrossRefGoogle Scholar
  37. 37.
    Blanchet B, Cousot P, Cousot R, Feret J, Mauborgne L, Miné A, Monniaux D, Rival X (2002) Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software. In: Mogensen TÆ, Schmidt DA, Sudborough IH (eds) The essence of computation, complexity, analysis, transformation. Lecture notes in computer science, vol 2566. Springer, Berlin, pp 85–108. Essays Dedicated to Neil D Jones [on occasion of his 60th birthday] Google Scholar
  38. 38.
    Blanchet B, Cousot P, Cousot R, Feret J, Mauborgne L, Miné A, Monniaux D, Rival X (2003) A static analyzer for large safety-critical software. In: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLDI’03). ACM, New York, pp 196–207 CrossRefGoogle Scholar
  39. 39.
    Miné A (2004) Relational abstract domains for the detection of floating-point run-time errors. In: Schmidt D (ed) Programming Languages and Systems: Proceedings of the 13th European Symposium on Programming, Barcelona, Spain. Lecture notes in computer science, vol 2986. Springer, Berlin, pp 3–17 Google Scholar
  40. 40.
    Bagnara R, Hill PM, Zaffanella E (2008) The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Sci Comput Program 72(1–2):3–21 CrossRefMathSciNetGoogle Scholar
  41. 41.
    Bagnara R, Hill PM, Zaffanella E (2006) Widening operators for powerset domains. Softw Tools Technol Transf 8(4/5):449–466. In the printed version of this article, all the figures have been improperly printed (rendering them useless). See [50] CrossRefGoogle Scholar
  42. 42.
    Miné A (2002) The Octagon Abstract Domain Library. Semantics and Abstract Interpretation Computer Science Lab., École Normale Supérieure, Paris, France, release 0.9.6 edn. Available at http://www.di.ens.fr/~mine/oct/
  43. 43.
    Venet A, Brat G (2004) Precise and efficient static array bound checking for large embedded C programs. In: Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation (PLDI’04). ACM, New York, pp 231–242 CrossRefGoogle Scholar
  44. 44.
    Harvey W, Stuckey PJ (1997) A unit two variable per inequality integer constraint solver for constraint logic programming. In Patel M (ed) ACSC’97: Proceedings of the 20th Australasian Computer Science Conference, vol 19. Australian Computer Science Communications, pp 102–111 Google Scholar
  45. 45.
    Pugh W (1991) The Omega test: A fast and practical integer programming algorithm for dependence analysis. In Supercomputing 91 Google Scholar
  46. 46.
    Seater R, Wonnacott D (2001) Polynomial time array dataflow analysis. In: Dietz HG (ed) Languages and Compilers for Parallel Computing, 14th International Workshop, Cumberland Falls, KY, USA. Lecture notes in computer science, vol 2624. Springer, Berlin, pp 411–426 CrossRefGoogle Scholar
  47. 47.
    Lahiri SK, Musuvathi M (2005) An efficient decision procedure for UTVPI constraints. In: Gramlich B (ed) Frontiers of Combining Systems: Proceedings of the 5th International Workshop, FroCoS 2005, Vienna, Austria. Lecture notes in artificial intelligence, vol 3717. Springer, Berlin, pp 168–183 Google Scholar
  48. 48.
    Miné A (2006) The octagon abstract domain. Higher-Order Symb Comput 19(1):31–100 zbMATHCrossRefGoogle Scholar
  49. 49.
    Nelson G, Oppen DC (1977) Fast decision algorithms based on Union and Find. In: Proceedings of the 18th Annual Symposium on Foundations of Computer Science (FOCS’77). IEEE Computer Society Press, Providence, pp 114–119. The journal version of this paper is [51] Google Scholar
  50. 50.
    Bagnara R, Hill PM, Zaffanella E (2007) Widening operators for powerset domains. Softw Tools Technol Transf 9(3/4):413–414. Erratum to [41] containing all the figures properly printed CrossRefGoogle Scholar
  51. 51.
    Nelson G, Oppen DC (1980) Fast decision procedures based on congruence closure. J ACM 27(2):356–364. An earlier version of this paper is [49] zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  • Roberto Bagnara
    • 1
  • Patricia M. Hill
    • 2
  • Enea Zaffanella
    • 1
  1. 1.Department of MathematicsUniversity of ParmaParmaItaly
  2. 2.School of ComputingUniversity of LeedsLeedsEngland

Personalised recommendations