Skip to main content
SpringerLink
Log in

Program Analysis Using Symbolic Ranges

  • Conference paper
Static Analysis (SAS 2007)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4634))

Included in the following conference series:

Abstract

Interval analysis seeks static lower and upper bounds on the values of program variables. These bounds are useful, especially for inferring invariants to prove buffer overflow checks. In practice, however, intervals by themselves are often inadequate as invariants due to the lack of relational information among program variables.

In this paper, we present a technique for deriving symbolic bounds on variable values. We study a restricted class of polyhedra whose constraints are stratified with respect to some variable ordering provided by the user, or chosen heuristically. We define a notion of normalization for such constraints and demonstrate polynomial time domain operations on the resulting domain of symbolic range constraints. The abstract domain is intended to complement widely used domains such as intervals and octagons for use in buffer overflow analysis. Finally, we study the impact of our analysis on commercial software using an overflow analyzer for the C language.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bagnara, R., Hill, P.M., Ricci, E., Zaffanella, E.: Precise widening operators for convex polyhedra. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 337–354. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  2. Bagnara, R., Ricci, E., Zaffanella, E., Hill, P.M.: Possibly not closed convex polyhedra and the Parma Polyhedra Library. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 213–229. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  3. Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. In: ACM SIGPLAN PLDI 2003, vol. 548030, pp. 196–207. ACM Press, New York (2003)

    Google Scholar 

  4. Blume, W., Eigenmann, R.: Symbolic range propagation. In: Proceedings of the 9th International Parallel Processing Symposium (April 1995)

    Google Scholar 

  5. Chvátal, V.: Linear Programming. Freeman (1983)

    Google Scholar 

  6. Clarisó, R., Cortadella, J.: The octahedron abstract domain. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 312–327. Springer, Heidelberg (2004)

    Google Scholar 

  7. Costan, A., Gaubert, S., Goubault, E., Martel, M., Putot, S.: A policy iteration algorithm for computing fixed points in static analysis of programs. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 462–475. Springer, Heidelberg (2005)

    Google Scholar 

  8. Cousot, P., Cousot, R.: Static determination of dynamic properties of programs. In: Proceedings of the Second International Symposium on Programming, Dunod, pp. 106–130 (1976)

    Google Scholar 

  9. Cousot, P., Cousot, R.: Abstract Interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: ACM Principles of Programming Languages, pp. 238–252 (1977)

    Google Scholar 

  10. Cousot, P., Cousot, R.: Comparing the Galois connection and widening/narrowing approaches to Abstract interpretation. In: Bruynooghe, M., Wirsing, M. (eds.) PLILP 1992. LNCS, vol. 631, pp. 269–295. Springer, Heidelberg (1992)

    Chapter  Google Scholar 

  11. Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among the variables of a program. In: ACM POPL, pp. 84–97. ACM, New York (1978)

    Google Scholar 

  12. Das, M., Lerner, S., Seigle, M.: ESP: Path-sensitive program verification in polynomial time. In: PLDI 2002. Proceedings of Programming Language Design and Implementation, pp. 57–68. ACM Press, New York, NY, USA (2002)

    Chapter  Google Scholar 

  13. Dor, N., Rodeh, M., Sagiv, M.: CSSV: Towards a realistic tool for statically detecting all buffer overflows in C. In: Proc. PLDI 2003, ACM Press, New York (2003)

    Google Scholar 

  14. Gawlitza, T., Seidl, H.: Precise fixpoint computation through strategy iteration. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 284–289. Springer, Heidelberg (2007)

    Google Scholar 

  15. Gonnord, L., Halbwachs, N.: Combining widening and acceleration in linear relation analysis. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 144–160. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  16. Gopan, D., Reps, T.W.: Lookahead widening. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 452–466. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Goubault, E., Putot, S.: Static analysis of numerical algorithms. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 18–34. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  18. Ivančić, F., Shlyakhter, I., Gupta, A., Ganai, M. K., Kahlon, V., Wang, C., Yang, Z.: Model checking C programs using f-soft. In: ICCD, pp. 297–308 (2005)

    Google Scholar 

  19. Karr, M.: Affine relationships among variables of a program. Acta Inf. 6, 133–151 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  20. Miné, A.: Octagon abstract domain library, http://www.di.ens.fr/~mine/oct/

  21. Miné, A.: A new numerical abstract domain based on difference-bound matrices. In: Danvy, O., Filinski, A. (eds.) PADO 2001. LNCS, vol. 2053, pp. 155–172. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  22. Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999)

    MATH  Google Scholar 

  23. Rugina, R., Rinard, M.: Symbolic bounds analysis of pointers, array indices, and accessed memory regions. In: PLDI 2003. Proc. Programming Language Design and Implementation, ACM Press, New York (2000)

    Google Scholar 

  24. Sankaranarayanan, S. NEC C language static analysis benchmarks. Available by request from, srirams@nec-labs.com

    Google Scholar 

  25. Sankaranarayanan, S., Colón, M., Sipma, H.B., Manna, Z.: Efficient strongly relational polyhedral analysis. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  26. Simon, A., King, A.: Widening Polyhedra with Landmarks. In: Kobayashi, N. (ed.) APLAS 2006. LNCS, vol. 4279, pp. 166–182. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  27. Simon, A., King, A., Howe, J.M.: Two Variables per Linear Inequality as an Abstract Domain. In: Leuschel, M.A. (ed.) LOPSTR 2002. LNCS, vol. 2664, pp. 71–89. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  28. Su, Z., Wagner, D.: A class of polynomially solvable range constraints for interval analysis without widenings. Theor. Comput. Sci. 345(1), 122–138 (2005)

    Article  MATH  MathSciNet  Google Scholar 

  29. Tip, F.: A survey of program slicing techniques. J. Progr. Lang. 3(3) (1995)

    Google Scholar 

  30. Wagner, D., Foster, J., Brewer, E., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Proc. Network and Distributed Systems Security Conference, pp. 3–17. ACM Press, New York (2000)

    Google Scholar 

  31. Xie, Y., Chou, A., Engler, D.: ARCHER: Using symbolic, path-sensitive analysis to detect memory access errors. SIGSOFT Softw. Eng. Notes 28(5) (2003)

    Google Scholar 

  32. Zaks, A., Cadambi, S., Shlyakhter, I., Ivančić, F., Ganai, M. K., Gupta, A., Ashar, P.: Range analysis for software verification. In: Proc. Workshop on Software Validation and Verification (SVV) (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NEC Laboratories America,  

    Sriram Sankaranarayanan, Franjo Ivančić & Aarti Gupta

Authors
  1. Sriram Sankaranarayanan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Franjo Ivančić
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aarti Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Hanne Riis Nielson Gilberto Filé

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sankaranarayanan, S., Ivančić, F., Gupta, A. (2007). Program Analysis Using Symbolic Ranges. In: Nielson, H.R., Filé, G. (eds) Static Analysis. SAS 2007. Lecture Notes in Computer Science, vol 4634. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74061-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74061-2_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74060-5

  • Online ISBN: 978-3-540-74061-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation