Boxes: A symbolic abstract domain of boxes

Abstract

Abstract. Numeric abstract domains are widely used in program anal-yses. The simplest numeric domains over-approximate disjunction by an imprecise join, typically yielding path-insensitive analyses. This prob-lem is addressed by domain refinements, such as finite powersets, which provide exact disjunction. However, developing correct and efficient dis-junctive refinement is challenging. First, there must be an efficient way to represent and manipulate abstract values. The simple approach of us-ing “sets of base abstract values ” is often not scalable. Second, while a widening must strike the right balance between precision and the rate of convergence, it is notoriously hard to get correct. In this paper, we present an implementation of the Boxes abstract domain – a refinement of the well-known Box (or Intervals) domain with finite disjunctions. An element of Boxes is a finite union of boxes, i.e., expressible as a proposi-tional formula over upper- and lower-bounds constraints. Our implemen-tation is symbolic, and weds the strengths of Binary Decision Diagrams (BDDs) and Box. The complexity of the operations (meet, join, transfer functions, and widening) is polynomial in the size of the operands. Em-pirical evaluation indicates that the performance of Boxes is superior to other existing refinements of Box with comparable expressiveness.