Advertisement

Higher-Order and Symbolic Computation

, Volume 19, Issue 1, pp 31–100 | Cite as

The octagon abstract domain

  • Antoine Miné
Article

Abstract

This article presents the octagon abstract domain, a relational numerical abstract domain for static analysis by abstract interpretation. It allows representing conjunctions of constraints of the form ± X ± Yc where X and Y range among program variables and c is a constant in ℤ, ℚ, or ℝ automatically inferred. Abstract elements are represented using modified Difference Bound Matrices and we use a normalization algorithm loosely based on the shortest-path closure to compute canonical representations and construct best-precision abstract transfer functions. We achieve a quadratic memory cost per abstract element and a cubic worst-case time cost per abstract operation, with respect to the number of program variables.

In terms of cost and precision, our domain is in between the well-known fast but imprecise interval domain and the costly polyhedron domain. We show that it is precise enough to treat interesting examples requiring relational invariants, and hence, out of the reach of the interval domain. We also present a packing strategy that allows scaling our domain up to large programs by tuning the amount of relationality. The octagon domain was incorporated into the ASTRÉE industrial-strength static analyzer and was key in proving the absence of run-time errors in large critical embedded flight control software for Airbus planes.

Keywords

Static analysis Abstract interpretation Numerical abstract domains Relational numerical invariants 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    1. ACI Sécurité & Informatique. Analyse de PROgrammes Numériques. http://www.cri.ensmp.fr/apron/
  2. 2.
  3. 3.
    3. Astrée. Analyse Statique de logiciels Temps-Réel embarqués (static analysis of critical real-time embedded software) analyzer page. http://www.astree.ens.fr/
  4. 4.
    4. Bagnara, R.: Data-Flow Analysis for Constraint Logic-Based Languages. PhD thesis, Dipartimento di Informatica, Universitá di Pisa, Corso Italia 40, I-56125 Pisa, Italy (1997)Google Scholar
  5. 5.
    5. Bagnara, R., Hill, P.M., Mazzi, E., Zaffanella, E.: Widening operators for weakly-relational numeric abstractions. Quaderno 399, Dipartimento di Matematica, Universitá di Parma, Italy (2005)Google Scholar
  6. 6.
    6. Balasundaram, V., Kennedy, K.: A technique for summarizing data access and its use in parallelism enhancing transformations. In: ACM PLDI′;89, ACM Press, pp. 41–53. (1989)Google Scholar
  7. 7.
    7. Bellman, R.: On a routing problem. In: Quarterly of Applied Mathematics, vol. 16, pp. 87–90 (1958)MATHMathSciNetGoogle Scholar
  8. 8.
    8. Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., A., Miné, Monniaux, D., Rival, X.: Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software, invited chapter. In: The Essence of Computation: Complexity, Analysis, Transformation. Essays Dedicated to Neil D. Jones, LNCS, Springer, pp. 85–108. (2002)Google Scholar
  9. 9.
    9. Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. In: ACM PLDI′;03, vol. 548030, pp. 196–207, ACM Press, (2003)Google Scholar
  10. 10.
    10. Bourdoncle, F.: Abstract interpretation by dynamic partitioning. Journal of Functional Programming 2(4), 407–423 (1992)MathSciNetCrossRefGoogle Scholar
  11. 11.
    11. Bourdoncle, F.: Abstract debugging of higher-order imperative languages. In: ACM PLDI′;93, pp. 46–55. ACM Press, (1993)Google Scholar
  12. 12.
    12. Clarisó, R., Cortadella, J.: The octahedron abstract domain. In: SAS′;04, vol. 3148 of LNCS, pp. 312–327. Springer (2004)MATHGoogle Scholar
  13. 13.
    13. Colón, M.A., Sipma, H.B.: Synthesis of linear ranking functions. In: TACAS′;01, vol. 2031 of LNCS, pp. 67–81 (2001)MATHGoogle Scholar
  14. 14.
    14. Cormen, T., Leiserson, C., Rivest, R.: Introduction to Algorithms. The MIT Press (1990)Google Scholar
  15. 15.
    15. Cousot, P.: The calculational design of a generic abstract interpreter. In: Calculational System Design, NATO ASI Series F. IOS Press (1999)Google Scholar
  16. 16.
    16. Cousot, P.: Verification by abstract interpretation. In: Proc. Int. Symp. on Verification—Theory & Practice—Honoring Zohar Manna’s 64th Birthday, vol. 2772, pp. 243–268. Springer (2003)MathSciNetGoogle Scholar
  17. 17.
    17. Cousot, P., Cousot, R.: Static determination of dynamic properties of programs. In ISOP′;76, pp. 106–130. Dunod, Paris, France (1976)Google Scholar
  18. 18.
    18. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: ACM POPL′;77, pp. 238–252. ACM Press (1977)Google Scholar
  19. 19.
    19. Cousot, P., Cousot, R.: Abstract interpretation and application to logic programs. Journal of Logic Programming 13(2–3), 103–179 (1992)MATHMathSciNetCrossRefGoogle Scholar
  20. 20.
    20. Cousot, P., Cousot, R.: Abstract interpretation frameworks. Journal of Logic and Computation 2(4), 511–547 (1992)MATHMathSciNetGoogle Scholar
  21. 21.
    21. Cousot, P., Cousot, R.: Comparing the Galois connection and widening/narrowing approaches to abstract interpretation, invited paper. In: PLILP′;92, LNCS, pp. 269–295. Springer (1992)Google Scholar
  22. 22.
    22. Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: ACM POPL′;78, pp. 84–97. ACM Press (1978)Google Scholar
  23. 23.
    23. Deutsch, A. Interprocedural may-alias analysis for pointers: Beyond k-limiting. In: ACM PLDI′;94, pp. 230–241. ACM Press (1994)Google Scholar
  24. 24.
    24. Dill, D.L.: Timing assumptions and verification of finite-state concurrent systems. In: Proc. International Workshop on Automatic verification Methods for Finite State Systems vol. 407 of LNCS, pp. 197–212, SpringerGoogle Scholar
  25. 25.
    25. Dor, N., Rodeh, M., Sagiv, M.: Cleanness checking of string manipulations in C programs via integer analysis. In: SAS′;01, vol. 2126 of LNCS. Springer (2001)Google Scholar
  26. 26.
    26. Feret, J.: Abstract interpretation of mobile systems. JLAP (2004)Google Scholar
  27. 27.
    27. Feret, J.: Static analysis of digital filters. In: ESOP′;04, vol. 2986 of LNCS. Springer (2004)Google Scholar
  28. 28.
    28. Feret, J.: The arithmetic-geometric progression abstract domain. In: VMCAI′;05, vol. 3385 of LNCS. Springer (2005)Google Scholar
  29. 29.
    29. Granger, P.: Static analysis of arithmetical congruences. International Journal of Computer Mathematics, 30, 165–190 (1989)MATHGoogle Scholar
  30. 30.
    30. Halbwachs, N.: Détermination automatique de relations linéaires vérifiées par les variables d’un programme. PhD thesis, Université scientifique et medicale de Grenoble, France (1979)Google Scholar
  31. 31.
    31. Handjieva, M., Tzolovski, S.: Refining static analyses by trace-based partitioning using control flow. In: SAS′;98, vol. 1503 of LNCS, pp. 200–214 (1998)Google Scholar
  32. 32.
    32. Harvey, W., Stuckey, P.: A unit two variable per inequality integer constraint solver for constraint logic programming. In: ACSC′;97, vol. 19, pp. 102–111 (1997).Google Scholar
  33. 33.
    33. Jaffar, J., Maher, M., Stuckey, P., Yap, H.: Beyond finite domains. In: PPCP′;94, vol. 874 of LNCS, pp. 86–94. Springer (1994)Google Scholar
  34. 34.
    34. Jeannet, B.: Partitionnement dynamique dans l’analyse de relations Linéaires et application á la Vérification de programmes synchrones. PhD thesis, Institut National Polytechnique de Grenoble, France (2000)Google Scholar
  35. 35.
    35. Karr, M.: Affine relationships among variables of a program. Acta Informatica, pp. 133–151 (1976)Google Scholar
  36. 36.
    36. Larsen, K., Weise, C., Yi, W., Pearson, J.: Clock difference diagrams. Nordic Journal of Computing, 6(3), 271–298 (1999)MATHMathSciNetGoogle Scholar
  37. 37.
    37. Lions, J.L.: ARIANE 5, flight 501 failure, report by the Inquiry Board (1996)Google Scholar
  38. 38.
    38. Mauborgne, L.: ASTRÉE: Verification of absence of run-time error. In: Building the Information Society (18th IFIP World Computer Congress), vol. 156, pp. 385–392. Springer (2004)Google Scholar
  39. 39.
    39. Mauborgne, L., Rival, X.: Trace partitioning in abstract interpretation based static analyzers. In ESOP′;05, vol. 3444 of LNCS, pp. 5–20. Springer (2005)Google Scholar
  40. 40.
    40. Measche, M., Berthomieu, B.: Time Petri-nets for analyzing and verifying time dependent communication protocols. Protocol Specification, Testing and Verification III, pp. 161–172 (1983)Google Scholar
  41. 41.
    41. Miné, A.: The octagon abstract domain library. http://www.di.ens.fr/mine/oct/
  42. 42.
    42. Miné, A.: On-line octagon abstract domain sample analyzer. http://cgi.di.ens.fr/cgi-bin/mine/octanalhtml/octanalweb/
  43. 43.
    43. Miné, A.: A new numerical abstract domain based on difference-bound matrices. In: PADO II, vol. 2053 of LNCS, pp. 155–172. Springer (2001)Google Scholar
  44. 44.
    44. Miné, A.: The octagon abstract domain. In: AST 2001 in WCRE 2001, IEEE, pp. 310–319. IEEE CS Press (2001)Google Scholar
  45. 45.
    45. Miné, A.: Relational abstract domains for the detection of floating-point run-time errors. In: ESOP′;04, vol. 2986 of LNCS, pp. 3–17. Springer (2004)Google Scholar
  46. 46.
    46. Miné, A.: Weakly Relational Numerical Abstract Domains. PhD thesis, École Polytechnique, Palaiseau, France (2004). http://www.di.ens.fr/mine/these/
  47. 47.
    47. Møller, J., Lichtenberg, J., Andersen, H.R., Hulgaard, H.: Difference decision diagrams. In: CSL′;99, vol. 1683 of LNCS, pp. 111–125. Springer (1999)MATHGoogle Scholar
  48. 48.
    48. Moore, R.E.: Interval Analysis. Prentice Hall (1966)Google Scholar
  49. 49.
    49. OCaml.: The objective Caml system. http://paulliac.inria.fr/ocaml
  50. 50.
    50. Rugina, R.: Quantitative shape analysis. In: SAS′;04, vol. 3148 of LNCS, pp. 228–245. Springer (2004)MATHMathSciNetGoogle Scholar
  51. 51.
    51. Shaham, R., Kolodner, E.K., Sagiv, M.: Automatic removal of array memory leaks in java. In: CC′;00, LNCS, pp. 50–66. Springer (2000)Google Scholar
  52. 52.
    52. Simon, A., King, A., Howe, J.: Two variables per linear inequality as an abstract domain. In: LOPSTR′;02, vol. 2664 of LNCS, pp. 71–89. Springer (2002)MathSciNetGoogle Scholar
  53. 53.
    53. Venet, A.: Nonuniform alias analysis of recursive data structures and arrays. In: SAS′;02, vol. 2477 of LNCS, pp. 36–51. Springer (2002)MATHMathSciNetGoogle Scholar
  54. 54.
    54. Yovine, S.: Model-checking timed automata. In: Embedded Systems, vol. 1494 of LNCS. Springer (1998)Google Scholar

Copyright information

© Springer Science + Business Media, LLC 2006

Authors and Affiliations

  1. 1.Département d’InformatiqueÉcole Normale SupérieureParis Cedex 05France

Personalised recommendations