Abstract Domains and Solvers for Sets Reasoning

  • Arlen CoxEmail author
  • Bor-Yuh Evan Chang
  • Huisong Li
  • Xavier Rival
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9450)


When constructing complex program analyses, it is often useful to reason about not just individual values, but collections of values. Symbolic set abstractions provide building blocks that can be used to partition elements, relate partitions to other partitions, and determine the provenance of multiple values, all without knowing any concrete values. To address the simultaneous challenges of scalability and precision, we formalize and implement an interface for symbolic set abstractions and construct multiple abstract domains relying on both specialized data structures and off-the-shelf theorem provers. We develop techniques for lifting existing domains to improve performance and precision. We evaluate these domains on real-world data structure analysis problems.



This material is based upon work supported in part by a Chateaubri and Fellowship, by the National Science Foundation under Grant Numbers CCF-1055066 and CCF-1218208, and by the European Research Council under the FP7 grant agreement 278673 (Project MemCAD).


  1. 1.
    Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. In: PLDI (2003)Google Scholar
  2. 2.
    Bouajjani, A., Drăgoi, C., Enea, C., Sighireanu, M.: Abstract domains for automated reasoning about list-manipulating programs with infinite data. In: Kuncak, V., Rybalchenko, A. (eds.) VMCAI 2012. LNCS, vol. 7148, pp. 1–22. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  3. 3.
    Bradley, A.R., Manna, Z., Sipma, H.B.: What’s decidable about arrays? In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 427–442. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  4. 4.
    Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. TOPLAS 8(2), 244–263 (1986)zbMATHCrossRefGoogle Scholar
  5. 5.
    Coudert, O., Madre, J.C.: A new method to compute prime and essential prime implicants of boolean functions. In: Advanced research in VLSI and Parallel Systems. MIT (1992)Google Scholar
  6. 6.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL (1977)Google Scholar
  7. 7.
    Cox, A., Chang, B.-Y.E., Rival, X.: Desynchronized multi-state abstractions for open programs in dynamic languages. In: Vitek, J. (ed.) ESOP 2015. LNCS, vol. 9032, pp. 483–509. Springer, Heidelberg (2015) CrossRefGoogle Scholar
  8. 8.
    Cox, A., Chang, B.-Y.E., Sankaranarayanan, S.: QUICr: a reusable library for parametric abstraction of sets and numbers. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 866–873. Springer, Heidelberg (2014) Google Scholar
  9. 9.
    Cox, A., Chang, B.-Y.E., Rival, X.: Automatic analysis of open objects in dynamic language programs. In: Müller-Olm, M., Seidl, H. (eds.) Static Analysis. LNCS, vol. 8723, pp. 134–150. Springer, Heidelberg (2014) Google Scholar
  10. 10.
    Cox, A., Chang, B.-Y.E., Sankaranarayanan, S.: QUIC graphs: relational invariant generation for containers. In: Castagna, G. (ed.) ECOOP 2013. LNCS, vol. 7920, pp. 401–425. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  11. 11.
    de Moura, L., Bjørner, N.S.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  12. 12.
    Dillig, I., Dillig, T., Aiken, A.: Precise reasoning for programs using containers. In: POPL (2011)Google Scholar
  13. 13.
    Kuncak, V.: Modular Data Structure Verification. Ph.D. thesis, EECS Department, Massachusetts Institute of Technology (2007)Google Scholar
  14. 14.
    Kuncak, V., Nguyen, H.H., Rinard, M.C.: Deciding boolean algebra with presburger arithmetic. J. Autom. Reason. 36(3), 213–239 (2006)zbMATHMathSciNetCrossRefGoogle Scholar
  15. 15.
    Lahiri, S.K., Bryant, R.E., Cook, B.: A symbolic approach to predicate abstraction. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 141–153. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  16. 16.
    Li, H., Rival, X., Chang, B.-Y.E.: Shape analysis for unstructured sharing. In: Blazy, S., Jensen, T. (eds.) SAS 2015. LNCS, vol. 9291, pp. 90–108. Springer, Heidelberg (2015) CrossRefGoogle Scholar
  17. 17.
    Mauborgne, L.: Representation of Sets of Trees for Abstract Interpretation. Ph.D. thesis, École Polytechnique (1999)Google Scholar
  18. 18.
    McMillan, K.L.: Interpolation and SAT-based model checking. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 1–13. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  19. 19.
    Pham, T.-H., Trinh, M.-T., Truong, A.-H., Chin, W.-N.: FixBag: a fixpoint calculator for quantified bag constraints. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 656–662. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  20. 20.
    Reynolds, J.: Separation logic: a logic for shared mutable data structures. In: LICS. IEEE (2002)Google Scholar
  21. 21.
    Somenzi, F.: Binary decision diagrams. In: Calculational System Design. IOS Press (1999)Google Scholar
  22. 22.
    Somenzi, F.: CUDD: CU decision diagram package, version 2.5.0 (2012).

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Arlen Cox
    • 1
    Email author
  • Bor-Yuh Evan Chang
    • 1
  • Huisong Li
    • 2
  • Xavier Rival
    • 2
  1. 1.University of Colorado BoulderBoulderUSA
  2. 2.Inria/CNRS/ENS Paris/PSLParisFrance

Personalised recommendations