Skip to main content

The Top-Down Solver—An Exercise in \(\text {A}^{2}\)I

  • Chapter
  • First Online:
Challenges of Software Verification

Part of the book series: Intelligent Systems Reference Library ((ISRL,volume 238))

Abstract

The top-down solver TD is a convenient local generic fixpoint engine which is at the heart of static analysis frameworks such as Ciao and Goblint. Here, we show how Patrick Cousot’s idea of applying analysis to the analyzer itself allows to derive advanced versions of TD from a recursive descent fixpoint algorithm. A run of that fixpoint algorithm provides us with a trace whose dynamic analysis allows not only to identify semantic dependencies between unknowns on-the-fly, but also to choose appropriate widening/narrowing points. It is thus not only the sequence of iterates for individual unknowns which is taken into account, but the global trace of the fixpoint algorithm itself.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Apinis, K., Seidl, H., Vojdani, V.: Side-effecting constraint systems: A swiss army knife for program analysis. In: R. Jhala, A. Igarashi (eds.) Programming Languages and Systems - 10th Asian Symposium, APLAS 2012. Proceedings, LNCS, vol. 7705, pp. 157–172. Springer (2012)

    Google Scholar 

  2. Apinis, K., Seidl, H., Vojdani, V.: Enhancing top-down solving with widening and narrowing. In: C.W. Probst, C. Hankin, R.R. Hansen (eds.) Semantics, Logics, and Calculi - Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays, LNCS, vol. 9560, pp. 272–288. Springer (2016)

    Google Scholar 

  3. Baudin, P., Bobot, F., Bühler, D., Correnson, L., Kirchner, F., Kosmatov, N., Maroneze, A., Perrelle, V., Prevosto, V., Signoles, J., Williams, N.: The dogged pursuit of bug-free C programs: the frama-c software analysis platform. Commun. ACM 64(8), 56–68 (2021).

    Article  Google Scholar 

  4. Blazy, S., Bühler, D., Yakobowski, B.: Structuring abstract interpreters through state and value abstractions. In: A. Bouajjani, D. Monniaux (eds.) Verification, Model Checking, and Abstract Interpretation - 18th International Conference, VMCAI 2017, Proceedings, LNCS, vol. 10145, pp. 112–130. Springer (2017)

    Google Scholar 

  5. Bourdoncle, F.: Efficient chaotic iteration strategies with widenings. In: D. Bjørner, M. Broy, I.V. Pottosin (eds.) Formal Methods in Programming and Their Applications, International Conference, 1993, Proceedings, LNCS, vol. 735, pp. 128–141. Springer (1993)

    Google Scholar 

  6. Charlier, B.L., Van Hentenryck, P.: A universal top-down fixpoint algorithm. Tech. rep, Providence, RI, USA (1992)

    Google Scholar 

  7. Cousot, P.: Abstracting induction by extrapolation and interpolation. In: D. D’Souza, A. Lal, K.G. Larsen (eds.) Verification, Model Checking, and Abstract Interpretation - 16th International Conference, VMCAI 2015. Proceedings, LNCS, vol. 8931, pp. 19–42. Springer (2015)

    Google Scholar 

  8. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: R.M. Graham, M.A. Harrison, R. Sethi (eds.) Conference Record of the Fourth ACM Symposium on Principles of Programming Languages, 1977, pp. 238–252. ACM (1977)

    Google Scholar 

  9. Cousot, P., Cousot, R.: Static determination of dynamic properties of recursive procedures. In: E.J. Neuhold (ed.) Formal Description of Programming Concepts: Proceedings of the IFIP Working Conference on Formal Description of Programming Concepts, 1977, pp. 237–278. North-Holland (1977)

    Google Scholar 

  10. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: A.V. Aho, S.N. Zilles, B.K. Rosen (eds.) Conference Record of the Sixth Annual ACM Symposium on Principles of Programming Languages, 1979, pp. 269–282. ACM Press (1979)

    Google Scholar 

  11. Cousot, P., Cousot, R.: Comparing the galois connection and widening/narrowing approaches to abstract interpretation. In: M. Bruynooghe, M. Wirsing (eds.) Programming Language Implementation and Logic Programming, 4th International Symposium, PLILP’92, Proceedings, LNCS, vol. 631, pp. 269–295. Springer (1992)

    Google Scholar 

  12. Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: The astreé analyzer. In: S. Sagiv (ed.) Programming Languages and Systems, 14th European Symposium on Programming,ESOP 2005, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2005, Proceedings, LNCS, vol. 3444, pp. 21–30. Springer (2005)

    Google Scholar 

  13. Cousot, P., Giacobazzi, R., Ranzato, F.: A\({^2}\)I: Abstract\({^2}\) interpretation. Proc. ACM Program. Lang. 3(POPL), 42:1–42:31 (2019)

    Google Scholar 

  14. Distefano, D., Fähndrich, M., Logozzo, F., O’Hearn, P.W.: Scaling static analyses at facebook. Commun. ACM 62(8), 62–70 (2019).

    Article  Google Scholar 

  15. Fecht, C., Seidl, H.: A faster solver for general systems of equations. Sci. Comput. Program. 35(2), 137–161 (1999).

    Article  MathSciNet  MATH  Google Scholar 

  16. Hermenegildo, M.: Parallelizing irregular and pointer-based computations automatically: Perspectives from logic and constraint programming. Parallel Computing (13–14), 1685–1708 (2000).

    Article  MATH  Google Scholar 

  17. Hermenegildo, M.V., Bueno, F., Carro, M., López-García, P., Mera, E., Morales, J.F., Puebla, G.: An overview of Ciao and its design philosophy. Theory Pract. Log. Program. 12(1–2), 219–252 (2012).

    Article  MathSciNet  MATH  Google Scholar 

  18. Hermenegildo, M.V., Puebla, G., Bueno, F., López-García, P.: Integrated program debugging, verification, and optimization using abstract interpretation (and the Ciao system preprocessor). Science of Computer Programming 58(1–2), 115–140 (2005).

    Article  MathSciNet  MATH  Google Scholar 

  19. Hofmann, M., Karbyshev, A., Seidl, H.: What is a pure functional? In: S. Abramsky, C. Gavoille, C. Kirchner, F.M. auf der Heide, P.G. Spirakis (eds.) Automata, Languages and Programming, 37th International Colloquium, ICALP 2010, Proceedings, Part II, LNCS, vol. 6199, pp. 199–210. Springer (2010)

    Google Scholar 

  20. K. Muthukumar, M.H.: Determination of variable dependence information at compile-time through abstract interpretation. In: North American Conference on Logic Programming, pp. 166–189. MIT Press (1989)

    Google Scholar 

  21. K. Muthukumar, M.H.: Compile-time derivation of variable dependency using abstract interpretation. Journal of Logic Programming 13(2/3), 315–347 (1992)

    Google Scholar 

  22. Karbyshev, A.: Monadic parametricity of second-order functionals. Ph.D. thesis, Technical University Munich (2013). https://nbn-resolving.org/urn:nbn:de:bvb:91-diss-20130923-1144371-0-6

  23. K.S. Henriksen, J.G.: Abstract interpretation of PIC programs through logic programming. In: SCAM, p. 184-196. IEEE Computer Society (2006)

    Google Scholar 

  24. M. Mendez-Lojo J. Navas, M.H.: A flexible (C)LP-based approach to the analysis of object-oriented programs. In: LOPSTR, p. 154-168. LNCS 4915, Springer (2007)

    Google Scholar 

  25. Monat, R., Ouadjaout, A., Miné, A.: A multilanguage static analysis of python programs with native C extensions. In: C. Dragoi, S. Mukherjee, K.S. Namjoshi (eds.) Static Analysis - 28th International Symposium, SAS 2021, Proceedings, Lecture Notes in Computer Science, vol. 12913, pp. 323–345. Springer (2021)

    Google Scholar 

  26. Muthukumar, K., Hermenegildo, M.: Deriving a fixpoint computation algorithm for top-down abstract interpretation of logic programs. Tech. Rep. ACT-DC-153-90, Microelectronics and Computer Technology Corporation (MCC), Austin, TX 78759 (1990)

    Google Scholar 

  27. Schwarz, M., Saan, S., Seidl, H., Apinis, K., Erhard, J., Vojdani, V.: Improving thread-modular abstract interpretation. In: C. Dragoi, S. Mukherjee, K.S. Namjoshi (eds.) Static Analysis - 28th International Symposium, SAS 2021, Proceedings, LNCS, vol. 12913, pp. 359–383. Springer (2021)

    Google Scholar 

  28. Seidl, H., Vogler, R.: Three improvements to the top-down solver. Math. Struct. Comput. Sci. 31(9), 1090–1134 (2021).

    Article  MathSciNet  MATH  Google Scholar 

  29. Vojdani, V., Apinis, K., Rõtov, V., Seidl, H., Vene, V., Vogler, R.: Static race detection for device drivers: the goblint approach. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016, pp. 391–402. ACM (2016)

    Google Scholar 

Download references

Acknowledgements

This work was supported in part by Deutsche Forschungsgemeinschaft (DFG)—378803395/2428 ConVeY.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Helmut Seidl .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Tilscher, S., Stade, Y., Schwarz, M., Vogler, R., Seidl, H. (2023). The Top-Down Solver—An Exercise in \(\text {A}^{2}\)I. In: Arceri, V., Cortesi, A., Ferrara, P., Olliaro, M. (eds) Challenges of Software Verification. Intelligent Systems Reference Library, vol 238. Springer, Singapore. https://doi.org/10.1007/978-981-19-9601-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-9601-6_9

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-9600-9

  • Online ISBN: 978-981-19-9601-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics