Skip to main content
SpringerLink
Log in

Weakly-relational shapes for numeric abstractions: improved algorithms and proofs of correctness

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

Weakly-relational numeric constraints provide a compromise between complexity and expressivity that is adequate for several applications in the field of formal analysis and verification of software and hardware systems. We address the problems to be solved for the construction of full-fledged, efficient and provably correct abstract domains based on such constraints. We first propose to work with semantic abstract domains, whose elements are geometric shapes, instead of the (more concrete) syntactic abstract domains of constraint networks and matrices on which the previous proposals are based. This allows to solve, once and for all, the problem whereby closure by entailment, a crucial operation for the realization of such domains, seemed to impede the realization of proper widening operators. In our approach, the implementation of widenings relies on the availability of an effective reduction procedure for the considered constraint description: one for the domain of bounded difference shapes already exists in the literature; we provide algorithms for the significantly more complex cases of rational and integer octagonal shapes. We also improve upon the state-of-the-art by presenting, along with their proof of correctness, closure by entailment algorithms of reduced complexity for domains based on rational and integer octagonal constraints. The consequences of implementing weakly-relational numerical domains with floating point numbers are also discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Cousot P, Cousot R (1976) Static determination of dynamic properties of programs. In: Robinet B (ed) Proceedings of the Second International Symposium on Programming, Paris, France. Dunod, Paris, pp 106–130

    Google Scholar 

  2. Cousot P, Halbwachs N (1978) Automatic discovery of linear restraints among variables of a program. In: Conference Record of the Fifth Annual ACM Symposium on Principles of Programming Languages, Tucson, Arizona. ACM, New York, pp 84–96

    Google Scholar 

  3. Bagnara R (1997) Data-flow analysis for constraint logic-based languages. PhD thesis, Dipartimento di Informatica, Università di Pisa, Pisa, Italy. Printed as Report TD-1/97

  4. Bagnara R, Giacobazzi R, Levi G (1992) Static analysis of CLP programs over numeric domains. In: Billaud M, Castéran P, Corsini M, Musumbu K, Rauzy A (eds) Actes “Workshop on Static Analysis’92”. Atelier Irisa, IRISA Campus de Beaulieu, Bordeaux. Bigre, vol 81–82, pp 43–50. Extended abstract

    Google Scholar 

  5. Bagnara R, Giacobazzi R, Levi G (1993) An application of constraint propagation to data-flow analysis. In: Proceedings of “The Ninth Conference on Artificial Intelligence for Applications”, Orlando, Florida. IEEE Computer Society Press, Los Alamitos, pp 270–276

    Google Scholar 

  6. Miné A (2001) A new numerical abstract domain based on difference-bound matrices. In: Danvy O, Filinski A (eds) Proceedings of the 2nd Symposium on Programs as Data Objects (PADO 2001), Aarhus, Denmark. Lecture notes in computer science, vol 2053. Springer, Berlin, pp 155–172

    Chapter  Google Scholar 

  7. Shaham R, Kolodner EK, Sagiv S (2000) Automatic removal of array memory leaks in Java. In: Watt DA (ed) Proceedings of the 9th International Conference on Compiler Construction (CC 2000), Berlin, Germany. Lecture notes in computer science, vol 1781. Springer, Berlin, pp 50–66

    Google Scholar 

  8. Miné A (2001) The octagon abstract domain. In: Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE’01), Stuttgart, Germany. IEEE Computer Society Press, Los Alamitos, pp 310–319

    Chapter  Google Scholar 

  9. Simon A, King A, Howe JM (2002) Two variables per linear inequality as an abstract domain. In: Leuschel M (ed) Logic Based Program Synthesis and Transformation, 12th International Workshop, Madrid, Spain. Lecture notes in computer science, vol 2664. Springer, Berlin, pp 71–89

    Chapter  Google Scholar 

  10. Clarisó R, Cortadella J (2004) The octahedron abstract domain. In: Giacobazzi R (ed) Static Analysis: Proceedings of the 11th International Symposium, Verona, Italy. Lecture notes in computer science, vol 3148. Springer, Berlin, pp 312–327

    Google Scholar 

  11. Sankaranarayanan S, Sipma HB, Manna Z (2005) Scalable analysis of linear systems using mathematical programming. In: Cousot R (ed) Verification, Model Checking and Abstract Interpretation: Proceedings of the 6th International Conference (VMCAI 2005), Paris, France. Lecture notes in computer science, vol 3385. Springer, Berlin, pp 25–41

    Google Scholar 

  12. Miné A (2002) A few graph-based relational numerical abstract domains. In: Hermenegildo MV, Puebla G (eds) Static Analysis: Proceedings of the 9th International Symposium, Madrid, Spain. Lecture notes in computer science, vol 2477. Springer, Berlin, pp 117–132

    Google Scholar 

  13. Jaffar J, Maher MJ, Stuckey PJ, Yap RHC (1994) Beyond finite domains. In: Borning A (ed) Principles and Practice of Constraint Programming: Proceedings of the Second International Workshop, Rosario, Orcas Island, Washington, USA. Lecture notes in computer science, vol 874. Springer, Berlin, pp 86–94

    Google Scholar 

  14. Lagarias JC (1985) The computational complexity of simultaneous Diophantine approximation problems. SIAM J Comput 14(1):196–209

    Article  MATH  MathSciNet  Google Scholar 

  15. Balasundaram V, Kennedy K (1989) A technique for summarizing data access and its use in parallelism enhancing transformations. In: Knobe B (ed) Proceedings of the ACM SIGPLAN’89 Conference on Programming Language Design and Implementation (PLDI), Portland, Oregon, USA. ACM SIGPLAN notices, vol 24(7). ACM, New York, pp 41–53

    Google Scholar 

  16. Ball T, Cook B, Lahiri SK, Zhang L (2004) Zapato: Automatic theorem proving for predicate abstraction refinement. In: Alur R, Peled D (eds) Computer Aided Verification: Proceedings of the 16th International Conference, Boston, MA, USA. Lecture notes in computer science, vol 3114. Springer, Berlin, pp 457–461

    Google Scholar 

  17. Cousot P, Cousot R, Feret J, Mauborgne L, Miné A, Monniaux D, Rival X (2005) The Astrée analyzer. In: Sagiv M (ed) Programming Languages and Systems, Proceedings of the 14th European Symposium on Programming, Edinburgh, UK. Lecture notes in computer science, vol 3444. Springer, Berlin, pp 21–30

    Google Scholar 

  18. Miné A (2005) Weakly relational numerical abstract domains. PhD thesis, École Polytechnique, Paris, France

  19. Halbwachs N (1979) Détermination automatique de relations linéaires vérifiées par les variables d’un programme. Thèse de 3ème cycle d’informatique, Université scientifique et médicale de Grenoble, Grenoble, France

  20. Bagnara R, Hill PM, Mazzi E, Zaffanella E (2005) Widening operators for weakly-relational numeric abstractions. In: Hankin C, Siveroni I (eds) Static Analysis: Proceedings of the 12th International Symposium, London, UK. Lecture notes in computer science, vol 3672. Springer, Berlin, pp 3–18

    Google Scholar 

  21. Bagnara R, Hill PM, Mazzi E, Zaffanella E (2005) Widening operators for weakly-relational numeric abstractions. Quaderno 399, Dipartimento di Matematica, Università di Parma, Italy. Available at http://www.cs.unipr.it/Publications/

  22. Bagnara R, Hill PM, Zaffanella E (2008) An improved tight closure algorithm for integer octagonal constraints. In: Logozzo F, Peled D, Zuck L (eds) Verification, Model Checking and Abstract Interpretation: Proceedings of the 9th International Conference (VMCAI 2008), San Francisco, USA. Lecture notes in computer science, vol 4905. Springer, Berlin, pp 8–21

    Chapter  Google Scholar 

  23. Birkhoff G (1967) Lattice theory, 3rd edn. Colloquium publications, vol XXV. American Mathematical Society, Providence

    MATH  Google Scholar 

  24. Cousot P, Cousot R (1977) Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the Fourth Annual ACM Symposium on Principles of Programming Languages. ACM, New York, pp 238–252

    Google Scholar 

  25. Cousot P, Cousot R (1979) Systematic design of program analysis frameworks. In: Proceedings of the Sixth Annual ACM Symposium on Principles of Programming Languages. ACM, New York, pp 269–282

    Google Scholar 

  26. Cormen TH, Leiserson TE, Rivest RL (1990) Introduction to algorithms. The MIT Press, Cambridge

    MATH  Google Scholar 

  27. Pratt VR (1977) Two easy theories whose combination is hard. Memo sent to Nelson and Oppen concerning a preprint of their paper [49]

  28. Bellman R (1957) Dynamic programming. Princeton University Press, Princeton

    Google Scholar 

  29. Allen JF, Kautz HA (1985) A model of naive temporal reasoning. In: Hobbs JR, Moore R (eds) Formal theories of the commonsense world. Ablex, Norwood, pp 251–268

    Google Scholar 

  30. Davis E (1987) Constraint propagation with interval labels. Artif Intell 32(3):281–331

    Article  MATH  Google Scholar 

  31. Dill DL (1989) Timing assumptions and verification of finite-state concurrent systems. In: Sifakis J (ed) Proceedings of the International Workshop on Automatic Verification Methods for Finite State Systems, Grenoble, France. Lecture notes in computer science, vol 407. Springer, Berlin, pp 197–212

    Google Scholar 

  32. Larsen K, Larsson F, Pettersson P, Yi W (1997) Efficient verification of real-time systems: Compact data structure and state-space reduction. In: Proceedings of the 18th IEEE Real-Time Systems Symposium (RTSS’97). IEEE Computer Society Press, Los Alamitos, pp 14–24

    Google Scholar 

  33. Bagnara R, Hill PM, Ricci E, Zaffanella E (2005) Precise widening operators for convex polyhedra. Sci Comput Program 58(1–2):28–56

    Article  MATH  MathSciNet  Google Scholar 

  34. Aho AV, Garey MR, Ullman JD (1972) The transitive reduction of a directed graph. SIAM J Comput 1(2):131–137

    Article  MATH  MathSciNet  Google Scholar 

  35. Halbwachs N, Proy YE, Raymond P (1994) Verification of linear hybrid systems by means of convex approximations. In: Le B (ed) Static Analysis: Proceedings of the 1st International Symposium, Namur, Belgium. Lecture notes in computer science, vol 864. Springer, Berlin, pp 223–237

    Google Scholar 

  36. Halbwachs N, Proy YE, Roumanoff P (1997) Verification of real-time systems using linear relation analysis. Form Methods Syst Des 11(2):157–185

    Article  Google Scholar 

  37. Blanchet B, Cousot P, Cousot R, Feret J, Mauborgne L, Miné A, Monniaux D, Rival X (2002) Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software. In: Mogensen TÆ, Schmidt DA, Sudborough IH (eds) The essence of computation, complexity, analysis, transformation. Lecture notes in computer science, vol 2566. Springer, Berlin, pp 85–108. Essays Dedicated to Neil D Jones [on occasion of his 60th birthday]

    Google Scholar 

  38. Blanchet B, Cousot P, Cousot R, Feret J, Mauborgne L, Miné A, Monniaux D, Rival X (2003) A static analyzer for large safety-critical software. In: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLDI’03). ACM, New York, pp 196–207

    Chapter  Google Scholar 

  39. Miné A (2004) Relational abstract domains for the detection of floating-point run-time errors. In: Schmidt D (ed) Programming Languages and Systems: Proceedings of the 13th European Symposium on Programming, Barcelona, Spain. Lecture notes in computer science, vol 2986. Springer, Berlin, pp 3–17

    Google Scholar 

  40. Bagnara R, Hill PM, Zaffanella E (2008) The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Sci Comput Program 72(1–2):3–21

    Article  MathSciNet  Google Scholar 

  41. Bagnara R, Hill PM, Zaffanella E (2006) Widening operators for powerset domains. Softw Tools Technol Transf 8(4/5):449–466. In the printed version of this article, all the figures have been improperly printed (rendering them useless). See [50]

    Article  Google Scholar 

  42. Miné A (2002) The Octagon Abstract Domain Library. Semantics and Abstract Interpretation Computer Science Lab., École Normale Supérieure, Paris, France, release 0.9.6 edn. Available at http://www.di.ens.fr/~mine/oct/

  43. Venet A, Brat G (2004) Precise and efficient static array bound checking for large embedded C programs. In: Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation (PLDI’04). ACM, New York, pp 231–242

    Chapter  Google Scholar 

  44. Harvey W, Stuckey PJ (1997) A unit two variable per inequality integer constraint solver for constraint logic programming. In Patel M (ed) ACSC’97: Proceedings of the 20th Australasian Computer Science Conference, vol 19. Australian Computer Science Communications, pp 102–111

  45. Pugh W (1991) The Omega test: A fast and practical integer programming algorithm for dependence analysis. In Supercomputing 91

  46. Seater R, Wonnacott D (2001) Polynomial time array dataflow analysis. In: Dietz HG (ed) Languages and Compilers for Parallel Computing, 14th International Workshop, Cumberland Falls, KY, USA. Lecture notes in computer science, vol 2624. Springer, Berlin, pp 411–426

    Chapter  Google Scholar 

  47. Lahiri SK, Musuvathi M (2005) An efficient decision procedure for UTVPI constraints. In: Gramlich B (ed) Frontiers of Combining Systems: Proceedings of the 5th International Workshop, FroCoS 2005, Vienna, Austria. Lecture notes in artificial intelligence, vol 3717. Springer, Berlin, pp 168–183

    Google Scholar 

  48. Miné A (2006) The octagon abstract domain. Higher-Order Symb Comput 19(1):31–100

    Article  MATH  Google Scholar 

  49. Nelson G, Oppen DC (1977) Fast decision algorithms based on Union and Find. In: Proceedings of the 18th Annual Symposium on Foundations of Computer Science (FOCS’77). IEEE Computer Society Press, Providence, pp 114–119. The journal version of this paper is [51]

    Google Scholar 

  50. Bagnara R, Hill PM, Zaffanella E (2007) Widening operators for powerset domains. Softw Tools Technol Transf 9(3/4):413–414. Erratum to [41] containing all the figures properly printed

    Article  Google Scholar 

  51. Nelson G, Oppen DC (1980) Fast decision procedures based on congruence closure. J ACM 27(2):356–364. An earlier version of this paper is [49]

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, University of Parma, Viale G.P. Usberti 53/A, 43100, Parma, Italy

    Roberto Bagnara & Enea Zaffanella

  2. School of Computing, University of Leeds, Leeds, LS2 9JT, England

    Patricia M. Hill

Authors
  1. Roberto Bagnara
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Patricia M. Hill
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Enea Zaffanella
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Roberto Bagnara.

Additional information

This work has been partly supported by MURST projects “Constraint Based Verification of Reactive Systems” and “AIDA—Abstract Interpretation: Design and Applications,” and by a Royal Society (UK) International Joint Project (ESEP) award.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bagnara, R., Hill, P.M. & Zaffanella, E. Weakly-relational shapes for numeric abstractions: improved algorithms and proofs of correctness. Form Methods Syst Des 35, 279–323 (2009). https://doi.org/10.1007/s10703-009-0073-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10703-009-0073-1

Keywords

Search

Navigation