Skip to main content
SpringerLink
Log in

Automating Abstract Interpretation

  • Conference paper
  • First Online:
Book cover Verification, Model Checking, and Abstract Interpretation (VMCAI 2016)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9583))

Abstract

Abstract interpretation has a reputation of being a kind of “black art,” and consequently difficult to work with. This paper describes a twenty-year quest by the first author to address this issue by raising the level of automation in abstract interpretation. The most recent leg of this journey is the subject of the second author’s 2014 Ph.D. dissertation. The paper discusses several different approaches to creating correct-by-construction analyzers. Our research has allowed us to establish connections between this problem and several other areas of computer science, including automated reasoning/decision procedures, concept learning, and constraint programming.

Portions of this work appeared in [26, 35, 45, 63, 64, 66, 70, 76, 78, 81, 82]. T. Reps has an ownership interest in GrammaTech, Inc., which has licensed elements of the technology reported in this publication.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    It is interesting to note that the roles of steps (i), (iii), and (iv) are close to the steps of splitting, propagation, and join, respectively, in our generalization of St\(\mathring{\text {a}}\)lmarck’s algorithm to perform symbolic abstraction [82]. See Sect. 5.

  2. 2.

    A slight modification to the bilateral algorithm can remove the requirement of having no infinite descending chains [78].

  3. 3.

    (i) The correctness theorem for \({ focus}\) [70, Lemmas 6.8 and 6.9]; (ii) the Embedding Theorem [70, Theorem 4.9]; (iii) the correctness theorem for the finite-differencing scheme for maintaining instrumentation relations [63, Theorem 5.3]; and (iv) the correctness theorem for \({ coerce}\) [70, Theorem 6.28].

References

  1. Akers Jr, S.: On a theory of Boolean functions. J. SIAM 7(4), 487–498 (1959)

    MATH  Google Scholar 

  2. Angluin, D.: Learning regular sets from queries and counterexamples. Inf. Comput. 75(2), 87–106 (1987)

    Article  MATH  MathSciNet  Google Scholar 

  3. Apt, K.: The essence of constraint propagation. TCS 221, 179–210 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  4. Arnold, G., Manevich, R., Sagiv, M., Shaham, R.: Combining shape analyses by intersecting abstractions. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 33–48. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  5. Bagnara, R., Hill, P.M., Zaffanella, E.: The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. SCP 72(1–2), 3–21 (2008)

    MathSciNet  Google Scholar 

  6. Balakrishnan, G., Reps, T.: WYSINWYX: what you see is not what you eXecute. TOPLAS 32(6), 202–213 (2010)

    Article  Google Scholar 

  7. Ball, T., Podelski, A., Rajamani, S.K.: Boolean and cartesian abstraction for model checking C programs. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 268–283. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  8. Barrett, E., King, A.: Range and set abstraction using SAT. ENTCS 267(1), 17–27 (2010)

    Google Scholar 

  9. Beyer, D., Cimatti, A., Griggio, A., Keremoglu, M., Sebastiani, R.: Software model checking via large-block encoding. In: FMCAD (2009)

    Google Scholar 

  10. Beyer, D., Keremoglu, M., Wendler, P.: Predicate abstraction with adjustable-block encoding. In: FMCAD (2010)

    Google Scholar 

  11. Boerger, E., Staerk, R.: Abstract State Machines: A Method for High-Level System Design and Analysis. Springer, Heidelberg (2003)

    Book  Google Scholar 

  12. Bogudlov, I., Lev-Ami, T., Reps, T., Sagiv, M.: Revamping TVLA: Making parametric shape analysis competitive. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 221–225. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Brauer, J., King, A.: Automatic abstraction for intervals using Boolean formulae. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 167–183. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Bush, W., Pincus, J., Sielaff, D.: A static analyzer for finding dynamic programming errors. Softw. Pract. Experience 30, 775–802 (2000)

    Article  MATH  Google Scholar 

  15. Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Footprint analysis: A shape analysis that discovers preconditions. In: Riis Nielson, H., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 402–418. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  16. Clarke, E., Kroening, D., Sharygina, N., Yorav, K.: Predicate abstraction of ANSI-C programs using SAT. FMSD 25(2–3), 125–127 (2004)

    Google Scholar 

  17. Cousot, P.: Verification by abstract interpretation. In: Verification Theory and Practice (2003)

    Google Scholar 

  18. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL (1977)

    Google Scholar 

  19. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: POPL (1979)

    Google Scholar 

  20. Cousot, P., Cousot, R., Mauborgne, L.: Theories, solvers and static analysis by abstract interpretation. J. ACM 59(6), Article No. 31 (2012)

    Google Scholar 

  21. Cousot, P., Halbwachs, N.: Automatic discovery of linear constraints among variables of a program. In: POPL (1978)

    Google Scholar 

  22. Cousot, P., Monerau, M.: Probabilistic abstract interpretation. In: Seidl, H. (ed.) Programming Languages and Systems. LNCS, vol. 7211, pp. 169–193. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  23. Craig, W.: Three uses of the Herbrand-Gentzen theorem in relating model theory and proof theory. J. Symbolic Logic 22(3), 269–285 (1957)

    Article  MATH  MathSciNet  Google Scholar 

  24. Distefano, D., O’Hearn, P.W., Yang, H.: A local shape analysis based on separation logic. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 287–302. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  25. Dong, G., Su, J.: Incremental and decremental evaluation of transitive closure by first-order queries. Inf. Comp. 120, 101–106 (1995)

    Article  MATH  MathSciNet  Google Scholar 

  26. Elder, M., Gopan, D., Reps, T.: View-augmented abstractions. ENTCS 267(1), 43–57 (2010)

    Google Scholar 

  27. Elder, M., Lim, J., Sharma, T., Andersen, T., Reps, T.: Abstract domains of affine relations. TOPLAS 36(4), 1–73 (2014)

    Article  Google Scholar 

  28. Futamura, Y.: Partial evaluation of computation process - an approach to a compiler-compiler. Higher-Order and Symb. Comp., 12(4) (1999). Reprinted from Systems \(\cdot \) Computers \(\cdot \) Controls 2(5) (1971)

    Google Scholar 

  29. Gopan, D., Reps, T.: Lookahead widening. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 452–466. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  30. Gopan, D., Reps, T.: Guided static analysis. In: Riis Nielson, H., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 349–365. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  31. Graf, S., Saïdi, H.: Construction of abstract state graphs with PVS. In: CAV (1997)

    Google Scholar 

  32. Gulwani, S., Musuvathi, M.: Cover algorithms and their combination. In: Drossopoulou, S. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 193–207. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  33. Gupta, A., Mumick, I. (eds.): Materialized Views: Techniques, Implementations, and Applications. The M.I.T. Press, Cambridge, MA (1999)

    Google Scholar 

  34. Jackson, D.: Software Abstractions: Logic, Language, and Analysis. The M.I.T. Press, Cambridge (2006)

    Google Scholar 

  35. Jeannet, B., Loginov, A., Reps, T., Sagiv, M.: A relational approach to interprocedural shape analysis. TOPLAS 32(2), 5:1–5:2 (2010)

    Article  Google Scholar 

  36. Johnson, S.: YACC: Yet another compiler-compiler. Technical Report Comp. Sci. Tech. Rep. 32, Bell Laboratories (1975)

    Google Scholar 

  37. Jones, N., Gomard, C., Sestoft, P.: Partial Evaluation and Automatic Program Generation. Prentice-Hall International (1993)

    Google Scholar 

  38. Karr, M.: Affine relationship among variables of a program. Acta Inf. 6, 133–151 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  39. Kearns, M.J., Vazirani, U.V.: An Introduction to Computational Learning Theory. MIT Press, Cambridge, MA, USA (1994)

    Google Scholar 

  40. King, A., Søndergaard, H.: Automatic abstraction for congruences. In: Barthe, G., Hermenegildo, M. (eds.) VMCAI 2010. LNCS, vol. 5944, pp. 197–213. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  41. Kozen, D.: Semantics of probabilistic programs. JCSS 22(3), 328–350 (1981)

    MATH  MathSciNet  Google Scholar 

  42. Lev-Ami, T., Sagiv, M.: TVLA: A system for implementing static analyses. In: Palsberg, J. (ed.) Static Analysis. LNCS, vol. 1824, pp. 280–301. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  43. Li, Y., Albarghouthi, A., Kincaid, Z., Gurfinkel, A., Chechik, M.: Symbolic optimization with smt solvers. In: POPL (2014)

    Google Scholar 

  44. Lim, J., Lal, A., Reps, T.: Symbolic analysis via semantic reinterpretation. STTT 13(1), 61–87 (2011)

    Article  Google Scholar 

  45. Lim, J., Reps, T.: TSL: A system for generating abstract interpreters and its application to machine-code analysis. In: TOPLAS, 35(1), (2013). Article 4

    Google Scholar 

  46. Malmkjær, K.: Abstract Interpretation of Partial-Evaluation Algorithms. Ph.D. thesis, Dept. of Comp. and Inf. Sci., Kansas State Univ. (1993)

    Google Scholar 

  47. McMillan, K.: Don’t-care computation using k-clause approximation. In: IWLS (2005)

    Google Scholar 

  48. Miné, A.: The octagon abstract domain. In: WCRE (2001)

    Google Scholar 

  49. Miné, A.: A few graph-based relational numerical abstract domains. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 117–132. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  50. Miné, A., Breck, J., Reps, T.: An algorithm inspired by constraint solvers to infer inductive invariants in numeric programs. Submitted for publication (2015)

    Google Scholar 

  51. Mitchell, T.: Machine Learning. WCB/McGraw-Hill, Boston, MA (1997)

    MATH  Google Scholar 

  52. Monniaux, D.: Abstract interpretation of probabilistic semantics. In: Palsberg, J. (ed.) Static Analysis. LNCS, vol. 1824, pp. 322–339. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  53. Monniaux, D.: Automatic modular abstractions for template numerical constraints. LMCS 6(3), 4 (2010)

    MathSciNet  Google Scholar 

  54. Montanari, U.: Networks of constraints: Fundamental properties and applications to picture processing. Inf. Sci. 7(2), 95–132 (1974)

    Article  MATH  MathSciNet  Google Scholar 

  55. Müller-Olm, M., Seidl, H.: Precise interprocedural analysis through linear algebra. In: POPL (2004)

    Google Scholar 

  56. Mycroft, A., Jones, N.: A relational framework for abstract interpretation. In: Programs as Data Objects (1985)

    Google Scholar 

  57. Mycroft, A., Jones, N.: Data flow analysis of applicative programs using minimal function graphs. In: POPL (1986)

    Google Scholar 

  58. Nielson, F.: Two-level semantics and abstract interpretation. TCS 69, 117–242 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  59. Patnaik, S., Immerman, N.: Dyn-FO: A parallel, dynamic complexity class. JCSS 55(2), 199–209 (1997)

    MathSciNet  Google Scholar 

  60. Pelleau, M., Miné, A., Truchet, C., Benhamou, F.: A constraint solver based on abstract domains. In: Giacobazzi, R., Berdine, J., Mastroeni, I. (eds.) VMCAI 2013. LNCS, vol. 7737, pp. 434–454. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  61. Regehr, J., Reid, A.: HOIST: A system for automatically deriving static analyzers for embedded systems. In: ASPLOS (2004)

    Google Scholar 

  62. Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: POPL (1995)

    Google Scholar 

  63. Reps, T., Sagiv, M., Loginov, A.: Finite differencing of logical formulas for static analysis. TOPLAS 6(32), 1–55 (2010)

    Article  Google Scholar 

  64. Reps, T., Sagiv, M., Yorsh, G.: Symbolic implementation of the best transformer. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 252–266. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  65. Reps, T., Schwoon, S., Jha, S., Melski, D.: Weighted pushdown systems and their application to interprocedural dataflow analysis. SCP 58(1–2), 206–263 (2005)

    MATH  MathSciNet  Google Scholar 

  66. Reps, T., Thakur, A.: Through the lens of abstraction. In: HCSS (2014)

    Google Scholar 

  67. Reps, T., Turetsky, E., Prabhu, P.: Newtonian program analysis via tensor product. In: POPL (2016)

    Google Scholar 

  68. Reynolds, J.: Separation logic: A logic for shared mutable data structures. In: LICS (2002)

    Google Scholar 

  69. Sagiv, M., Reps, T., Wilhelm, R.: Solving shape-analysis problems in languages with destructive updating. TOPLAS 20(1), 1–50 (1998)

    Article  Google Scholar 

  70. Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. TOPLAS 24(3), 217–298 (2002)

    Article  Google Scholar 

  71. Sankaranarayanan, S., Sipma, H.B., Manna, Z.: Scalable analysis of linear systems using mathematical programming. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 25–41. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  72. Scherpelz, E., Lerner, S., Chambers, C.: Automatic inference of optimizer flow functions from semantic meanings. In: PLDI (2007)

    Google Scholar 

  73. Sharir, M.: Some observations concerning formal differentiation of set theoretic expressions. TOPLAS 4(2), 196–225 (1982)

    Article  MATH  MathSciNet  Google Scholar 

  74. Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. Program Flow Analysis Theory and Applications. Prentice-Hall, Englewood Cliffs (1981)

    Google Scholar 

  75. Sheeran, M., Stålmarck, G.: A tutorial on Stålmarck’s proof procedure for propositional logic. Formal Methods Syst. Des. 16(1), 23–58 (2000)

    Article  Google Scholar 

  76. Thakur, A.: Symbolic Abstraction: Algorithms and Applications. Ph.D. thesis, Comp. Sci. Dept., Univ. of Wisconsin, Madison, WI, Aug. 2014. Technical Report (1812)

    Google Scholar 

  77. Thakur, A., Breck, J., Reps, T.: Satisfiability modulo abstraction for separation logic with linked lists. In: Spin Workshop (2014)

    Google Scholar 

  78. Thakur, A., Elder, M., Reps, T.: Bilateral algorithms for symbolic abstraction. In: Miné, A., Schmidt, D. (eds.) SAS 2012. LNCS, vol. 7460, pp. 111–128. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  79. Thakur, A., Lal, A., Lim, J., Reps, T.: PostHat and all that: Automating abstract interpretation. ENTCS 311, 15–32 (2015)

    Google Scholar 

  80. Thakur, A., Lim, J., Lal, A., Burton, A., Driscoll, E., Elder, M., Andersen, T., Reps, T.: Directed proof generation for machine code. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 288–305. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  81. Thakur, A., Reps, T.: A generalization of Stålmarck’s method. In: SAS (2012)

    Google Scholar 

  82. Thakur, A., Reps, T.: A method for symbolic computation of abstract operations. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 174–192. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  83. Valiant, L.G.: A theory of the learnable. Commun. ACM 27(11), 1134–1142 (1984)

    Article  MATH  Google Scholar 

  84. Yahav, E.: Verifying safety properties of concurrent Java programs using 3-valued logic. In: POPL (2001)

    Google Scholar 

  85. Yorsh, G., Reps, T., Sagiv, M.: Symbolically computing most-precise abstract operations for shape analysis. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 530–545. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Acknowledgments

T. Reps would like to thank the many people with whom he collaborated on the work described in the paper (as well as work that motivated the work described): for shape analysis: M. Sagiv, R. Wilhelm, a long list of their former students, as well as his own former students A. Loginov and D. Gopan; for machine-code analysis: G. Balakrishnan, J. Lim, Z. Xu, B. Miller, D. Gopan, A. Thakur, E. Driscoll, A. Lal, M. Elder, T. Sharma, and researchers at GrammaTech, Inc.; for symbolic abstraction: M. Sagiv, G. Yorsh, A. Thakur, M. Elder, T. Sharma, J. Breck, and A. Miné.

The work has been supported for many years by grants and contracts from NSF, DARPA, ONR, ARL, AFOSR, HSARPA, and GrammaTech, Inc. Special thanks go to R. Wachter, F. Anger, T. Teitelbaum and A. White.

Current support comes from a gift from Rajiv and Ritu Batra; DARPA under cooperative agreement HR0011-12-2-0012; AFRL under DARPA MUSE award FA8750-14-2-0270 and DARPA STAC award FA8750-15-C-0082; and the UW-Madison Office of the Vice Chancellor for Research and Graduate Education with funding from WARF. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors, and do not necessarily reflect the views of the sponsoring organizations.

Author information

Authors and Affiliations

  1. University of Wisconsin, Madison, WI, USA

    Thomas Reps

  2. GrammaTech, Inc., Ithaca, NY, USA

    Thomas Reps

  3. Google, Inc., Mountain View, CA, USA

    Aditya Thakur

Authors
  1. Thomas Reps
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aditya Thakur
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Reps .

Editor information

Editors and Affiliations

  1. EPFL IC-DO, Lausanne, Switzerland

    Barbara Jobstmann

  2. Microsoft Research, Redmond, Washington, USA

    K. Rustan M. Leino

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Reps, T., Thakur, A. (2016). Automating Abstract Interpretation. In: Jobstmann, B., Leino, K. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2016. Lecture Notes in Computer Science(), vol 9583. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49122-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-49122-5_1

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-49121-8

  • Online ISBN: 978-3-662-49122-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation