Advertisement

Non-disjunctive Numerical Domain for Array Predicate Abstraction

  • Xavier Allamigeon
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4960)

Abstract

We present a numerical abstract domain to infer invariants on (a possibly unbounded number of) consecutive array elements using array predicates. It is able to represent and compute affine equality relations over the predicate parameters and the program variables, without using disjunctions or heuristics. It is the cornerstone of a sound static analysis of one- and two-dimensional array manipulation algorithms. The implementation shows very good performance on representative benchmarks. Our approach is sufficiently robust to handle programs traversing arrays and matrices in various ways.

Keywords

Equivalence Class Formal Space Array Element Memory State Abstract Interpretation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL1977, Los Angeles, California, ACM Press, New York (1977)Google Scholar
  2. 2.
    Miné, A.: The octagon abstract domain. In: AST 2001 in WCRE 2001. IEEE, pp. 310–319. IEEE CS Press, Los Alamitos (2001)Google Scholar
  3. 3.
    Karr, M.: Affine relationships among variables of a program. Acta Inf. 6 (1976)Google Scholar
  4. 4.
    Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL 1978, Tucson, Arizona, USA, ACM Press, New York (1978)Google Scholar
  5. 5.
    Cousot, P., Cousot, R.: Abstract interpretation and application to logic programs. Journal of Logic Programming 13(2–3), 103–179 (1992)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Cousot, P.: Automatic Verification by abstract interpretation. In: Zuck, L.D., Attie, P.C., Cortesi, A., Mukhopadhyay, S. (eds.) VMCAI 2003. LNCS, vol. 2575, pp. 20–24. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Gopan, D., Reps, T., Sagiv, M.: A framework for numeric analysis of array operations. SIGPLAN Not. 40(1) (2005)Google Scholar
  8. 8.
    Mauborgne, L., Rival, X.: Trace Partitioning in Abstract Interpretation Based Static Analyzers. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Müller-Olm, M., Seidl, H.: A Note on Karr’s Algorithm. In: Díaz, J., Karhumäki, J., Lepistö, A., Sannella, D. (eds.) ICALP 2004. LNCS, vol. 3142, Springer, Heidelberg (2004)Google Scholar
  10. 10.
    Beyer, D., Henzinger, T.A., Majumdar, R., Rybalchenko, A.: Path invariants. In: PLDI 2007, ACM Press, New York (2007)Google Scholar
  11. 11.
    Sagiv, S., Reps, T.W., Wilhelm, R.: Parametric shape analysis via 3–valued logic. In: POPL 1999 (1999)Google Scholar
  12. 12.
    Ball, T., Majumdar, R., Millstein, T., Rajamani, S.K.: Automatic predicate abstraction of C programs. SIGPLAN Not. 36(5) (2001)Google Scholar
  13. 13.
    Distefano, D., O’Hearn, P.W., Yang, H.: A local shape analysis based on separation logic. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Berdine, J., Calcagno, C., Cook, B., Distefano, D., O’Hearn, P., Wies, T., Yang, H.: Shape analysis for composite data structures. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, Springer, Heidelberg (to appear, 2007)CrossRefGoogle Scholar
  15. 15.
    Beyer, D., Henzinger, T.A., Théoduloz, G.: Lazy shape analysis. In: Huang, D.-S., Li, K., Irwin, G.W. (eds.) ICIC 2006. LNCS (LNAI), vol. 4114, Springer, Heidelberg (2006)Google Scholar
  16. 16.
    Venet, A., Brat, G.: Precise and efficient static array bound checking for large embedded C programs. In: PLDI 2004, ACM Press, New York (2004)Google Scholar
  17. 17.
    Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: The ASTRÉE Analyser. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, Springer, Heidelberg (2005)Google Scholar
  18. 18.
    Allamigeon, X., Godard, W., Hymans, C.: Static Analysis of String Manipulations in Critical Embedded C Programs. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Flanagan, C., Qadeer, S.: Predicate abstraction for software verification. In: POPL 2002, ACM Press, New York (2002)Google Scholar
  20. 20.
    Jhala, R., McMillan, K.L.: Array abstractions from proofs. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Gulwani, S., McCloskey, B., Tiwari, A.: Lifting abstract interpreters to quantified logical domains. In: POPL 2008 (to appear, 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Xavier Allamigeon
    • 1
    • 2
  1. 1.EADS Innovation Works, SE/CS – SuresnesFrance
  2. 2.CEA, LIST MeASI – Gif-sur-YvetteFrance

Personalised recommendations