Skip to main content
Book cover

Asian Symposium on Programming Languages and Systems

APLAS 2022: Programming Languages and Systems pp 25–44Cite as

Decoupling the Ascending and Descending Phases in Abstract Interpretation

  • 96 Accesses

Part of the Lecture Notes in Computer Science book series (LNCS,volume 13658)

Abstract

Abstract Interpretation approximates the semantics of a program by mimicking its concrete fixpoint computation on an abstract domain \(\mathbb {A}\). The abstract (post-) fixpoint computation is classically divided into two phases: the ascending phase, using widenings as extrapolation operators to enforce termination, is followed by a descending phase, using narrowings as interpolation operators, so as to mitigate the effect of the precision losses introduced by widenings. In this paper we propose a simple variation of this classical approach where, to more effectively recover precision, we decouple the two phases: in particular, before starting the descending phase, we replace the domain \(\mathbb {A}\) with a more precise abstract domain \(\mathbb {D}\). The correctness of the approach is justified by casting it as an instance of the A\(^2\)I framework. After demonstrating the new technique on a simple example, we summarize the results of a preliminary experimental evaluation, showing that it is able to obtain significant precision improvements for several choices of the domains \(\mathbb {A}\) and \(\mathbb {D}\).

Keywords

  • Abstract interpretation
  • Static analysis
  • Widening
  • Narrowing

This is a preview of subscription content, access via your institution.

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

Notes

  1. 1.

    In general, the least fixpoint on the concrete domain C is not finitely computable. Hence, the idea is to compute an abstract fixpoint, over an abstract domain A, that correctly approximates the concrete one.

  2. 2.

    By design, PAGAI does not use proper narrowing operators to enforce the termination of the decreasing sequence; rather, it stops when the iteration count reaches the threshold value (or earlier, if a fixpoint is detected).

  3. 3.

    The total number of widening points is 281.

  4. 4.

    Probably, this is due to the fact that the abstract domain glb operator implements a correct narrowing as soon as we can enforce a finite number of applications.

References

  1. Amato, G., Di Nardo Di Maio, S., Meo, M.C., Scozzari, F.: Descending chains and narrowing on template abstract domains. Acta Informatica 55(6), 521–545 (2017). https://doi.org/10.1007/s00236-016-0291-0

    CrossRef  MathSciNet  MATH  Google Scholar 

  2. Amato, G., Scozzari, F.: Localizing widening and narrowing. In: Logozzo, F., Fähndrich, M. (eds.) SAS 2013. LNCS, vol. 7935, pp. 25–42. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38856-9_4

    CrossRef  MATH  Google Scholar 

  3. Amato, G., Scozzari, F., Seidl, H., Apinis, K., Vojdani, V.: Efficiently intertwining widening and narrowing. Sci. Comput. Program. 120, 1–24 (2016). https://doi.org/10.1016/j.scico.2015.12.005

    CrossRef  Google Scholar 

  4. Arceri, V., Mastroeni, I., Xu, S.: Static analysis for ECMAScript string manipulation programs. Appl. Sci. 10, 3525 (2020). https://doi.org/10.3390/app10103525

    CrossRef  Google Scholar 

  5. Bagnara, R., Hill, P., Ricci, E., Zaffanella, E.: Precise widening operators for convex polyhedra. Sci. Comput. Program. 58(1–2), 28–56 (2005). https://doi.org/10.1016/j.scico.2005.02.003

    CrossRef  MathSciNet  MATH  Google Scholar 

  6. Bagnara, R., Hill, P., Zaffanella, E.: Widening operators for powerset domains. Int. J. Softw. Tools Technol. Transf. 8(4–5), 449–466 (2006). https://doi.org/10.1007/s10009-005-0215-8

    CrossRef  MATH  Google Scholar 

  7. Becchi, A., Zaffanella, E.: A direct encoding for nnc polyhedra. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10981, pp. 230–248. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96145-3_13

    CrossRef  Google Scholar 

  8. Becchi, A., Zaffanella, E.: An efficient abstract domain for not necessarily closed polyhedra. In: Podelski, A. (ed.) SAS 2018. LNCS, vol. 11002, pp. 146–165. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99725-4_11

    CrossRef  Google Scholar 

  9. Becchi, A., Zaffanella, E.: Revisiting polyhedral analysis for hybrid systems. In: Chang, B.-Y.E. (ed.) SAS 2019. LNCS, vol. 11822, pp. 183–202. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32304-2_10

    CrossRef  Google Scholar 

  10. Becchi, A., Zaffanella, E.: PPLite: zero-overhead encoding of NNC polyhedra. Inf. Comput. 275, 104620 (2020). https://doi.org/10.1016/j.ic.2020.104620

    CrossRef  MathSciNet  MATH  Google Scholar 

  11. Blanchet, B., et al.: A static analyzer for large safety-critical software. In: Cytron, R., Gupta, R. (eds.) Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation 2003, San Diego, California, USA, 9–11 June 2003, pp. 196–207. ACM (2003). https://doi.org/10.1145/781131.781153

  12. Bourdoncle, F.: Efficient chaotic iteration strategies with widenings. In: Bjørner, D., Broy, M., Pottosin, I.V. (eds.) FMP &TA 1993. LNCS, vol. 735, pp. 128–141. Springer, Heidelberg (1993). https://doi.org/10.1007/BFb0039704

    CrossRef  Google Scholar 

  13. Boutonnet, R., Halbwachs, N.: Improving the results of program analysis by abstract interpretation beyond the decreasing sequence. Formal Methods Syst. Des. 53(3), 384–406 (2017). https://doi.org/10.1007/s10703-017-0310-y

    CrossRef  MATH  Google Scholar 

  14. Brat, G., Navas, J.A., Shi, N., Venet, A.: IKOS: a framework for static analysis based on abstract interpretation. In: Giannakopoulou, D., Salaün, G. (eds.) SEFM 2014. LNCS, vol. 8702, pp. 271–277. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10431-7_20

    CrossRef  Google Scholar 

  15. Bruni, R., Giacobazzi, R., Gori, R., Garcia-Contreras, I., Pavlovic, D.: Abstract extensionality: on the properties of incomplete abstract interpretations. Proc. ACM Program. Lang. 4(POPL), 28:1–28:28 (2020)

    Google Scholar 

  16. Bruni, R., Giacobazzi, R., Gori, R., Ranzato, F.: A logic for locally complete abstract interpretations. In: 36th Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2021, Rome, Italy, June 29–July 2, 2021, pp. 1–13. IEEE (2021)

    Google Scholar 

  17. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Conference Record of the Fourth ACM Symposium on Principles of Programming Languages, Los Angeles, California, USA, January 1977, pp. 238–252 (1977)

    Google Scholar 

  18. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Conference Record of the Sixth Annual ACM Symposium on Principles of Programming Languages, San Antonio, Texas, USA, January 1979, pp. 269–282 (1979)

    Google Scholar 

  19. Cousot, P., Cousot, R.: Abstract interpretation frameworks. J. Log. Comput. 2(4), 511–547 (1992). https://doi.org/10.1093/logcom/2.4.511

    CrossRef  MathSciNet  MATH  Google Scholar 

  20. Cousot, P., Giacobazzi, R., Ranzato, F.: A\({^2}\)I: abstract\({^2}\) interpretation. Proc. ACM Program. Lang. 3(POPL), 42:1–42:31 (2019). https://doi.org/10.1145/3290355

  21. Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: Aho, A., Zilles, S., Szymanski, T. (eds.) Conference Record of the Fifth Annual ACM Symposium on Principles of Programming Languages, Tucson, Arizona, USA, January 1978, pp. 84–96. ACM Press (1978). https://doi.org/10.1145/512760.512770

  22. Cousot, P., Cousot, R.: Comparing the Galois connection and widening/narrowing approaches to abstract interpretation. In: Bruynooghe, M., Wirsing, M. (eds.) PLILP 1992. LNCS, vol. 631, pp. 269–295. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-55844-6_142

    CrossRef  MATH  Google Scholar 

  23. Gaubert, S., Goubault, E., Taly, A., Zennou, S.: Static analysis by policy iteration on relational domains. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 237–252. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71316-6_17

    CrossRef  Google Scholar 

  24. Gawlitza, T., Seidl, H.: Precise fixpoint computation through strategy iteration. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 300–315. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71316-6_21

    CrossRef  Google Scholar 

  25. Gonnord, L., Halbwachs, N.: Combining widening and acceleration in linear relation analysis. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 144–160. Springer, Heidelberg (2006). https://doi.org/10.1007/11823230_10

    CrossRef  MATH  Google Scholar 

  26. Gopan, D., Reps, T.: Lookahead widening. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 452–466. Springer, Heidelberg (2006). https://doi.org/10.1007/11817963_41

    CrossRef  Google Scholar 

  27. Gopan, D., Reps, T.: Guided static analysis. In: Nielson, H.R., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 349–365. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74061-2_22

    CrossRef  MATH  Google Scholar 

  28. Gurfinkel, A., Kahsai, T., Komuravelli, A., Navas, J.A.: The SeaHorn verification framework. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 343–361. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_20

    CrossRef  Google Scholar 

  29. Halbwachs, N., Henry, J.: When the decreasing sequence fails. In: Miné, A., Schmidt, D. (eds.) SAS 2012. LNCS, vol. 7460, pp. 198–213. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33125-1_15

    CrossRef  Google Scholar 

  30. Halbwachs, N., Merchat, D., Gonnord, L.: Some ways to reduce the space dimension in polyhedra computations. Formal Methods Syst. Des. 29(1), 79–95 (2006). https://doi.org/10.1007/s10703-006-0013-2

    CrossRef  MATH  Google Scholar 

  31. Halbwachs, N., Proy, Y.-E., Raymond, P.: Verification of linear hybrid systems by means of convex approximations. In: Le Charlier, B. (ed.) SAS 1994. LNCS, vol. 864, pp. 223–237. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58485-4_43

    CrossRef  Google Scholar 

  32. Henry, J., Monniaux, D., Moy, M.: PAGAI: a path sensitive static analyser. Electron. Notes Theor. Comput. Sci. 289, 15–25 (2012). https://doi.org/10.1016/j.entcs.2012.11.003

    CrossRef  Google Scholar 

  33. Jeannet, B., Miné, A.: Apron: a library of numerical abstract domains for static analysis. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 661–667. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02658-4_52

    CrossRef  Google Scholar 

  34. Mansur, M.N., Mariano, B., Christakis, M., Navas, J.A., Wüstholz, V.: Automatically tailoring abstract interpretation to custom usage scenarios. In: Silva, A., Leino, K.R.M. (eds.) CAV 2021. LNCS, vol. 12760, pp. 777–800. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81688-9_36

    CrossRef  Google Scholar 

  35. Miné, A.: The octagon abstract domain. High. Order Symb. Comput. 19(1), 31–100 (2006). https://doi.org/10.1007/s10990-006-8609-1

    CrossRef  MATH  Google Scholar 

  36. Monniaux, D., Guen, J.L.: Stratified static analysis based on variable dependencies. Electron. Notes Theor. Comput. Sci. 288, 61–74 (2012). https://doi.org/10.1016/j.entcs.2012.10.008

    CrossRef  MATH  Google Scholar 

  37. Nielson, F., Nielson, H., Hankin, C.: Principles of Program Analysis. Springer, Berlin (1999). https://doi.org/10.1007/978-3-662-03811-6

  38. Simon, A., King, A.: Widening polyhedra with landmarks. In: Kobayashi, N. (ed.) APLAS 2006. LNCS, vol. 4279, pp. 166–182. Springer, Heidelberg (2006). https://doi.org/10.1007/11924661_11

    CrossRef  Google Scholar 

  39. Singh, G., Püschel, M., Vechev, M.: Fast polyhedra abstract domain. In: Castagna, G., Gordon, A. (eds.) Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages, POPL 2017, Paris, France, 18–20 January 2017, pp. 46–59. ACM (2017). https://doi.org/10.1145/3009837.3009885

Download references

Author information

Authors and Affiliations

  1. University of Parma, Parma, Italy

    Vincenzo Arceri & Enea Zaffanella

  2. University of Verona, Verona, Italy

    Isabella Mastroeni

Authors
  1. Vincenzo Arceri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Isabella Mastroeni
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Enea Zaffanella
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vincenzo Arceri .

Editor information

Editors and Affiliations

  1. National University of Singapore, Singapore, Singapore

    Ilya Sergey

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Arceri, V., Mastroeni, I., Zaffanella, E. (2022). Decoupling the Ascending and Descending Phases in Abstract Interpretation. In: Sergey, I. (eds) Programming Languages and Systems. APLAS 2022. Lecture Notes in Computer Science, vol 13658. Springer, Cham. https://doi.org/10.1007/978-3-031-21037-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-21037-2_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-21036-5

  • Online ISBN: 978-3-031-21037-2

  • eBook Packages: Computer ScienceComputer Science (R0)