45,919 research outputs found
Combining Forward and Backward Abstract Interpretation of Horn Clauses
Alternation of forward and backward analyses is a standard technique in
abstract interpretation of programs, which is in particular useful when we wish
to prove unreachability of some undesired program states. The current
state-of-the-art technique for combining forward (bottom-up, in logic
programming terms) and backward (top-down) abstract interpretation of Horn
clauses is query-answer transformation. It transforms a system of Horn clauses,
such that standard forward analysis can propagate constraints both forward, and
backward from a goal. Query-answer transformation is effective, but has issues
that we wish to address. For that, we introduce a new backward collecting
semantics, which is suitable for alternating forward and backward abstract
interpretation of Horn clauses. We show how the alternation can be used to
prove unreachability of the goal and how every subsequent run of an analysis
yields a refined model of the system. Experimentally, we observe that combining
forward and backward analyses is important for analysing systems that encode
questions about reachability in C programs. In particular, the combination that
follows our new semantics improves the precision of our own abstract
interpreter, including when compared to a forward analysis of a
query-answer-transformed system.Comment: Francesco Ranzato. 24th International Static Analysis Symposium
(SAS), Aug 2017, New York City, United States. Springer, Static Analysi
Static Safety for an Actor Dedicated Process Calculus by Abstract Interpretation
The actor model eases the definition of concurrent programs with non uniform
behaviors. Static analysis of such a model was previously done in a data-flow
oriented way, with type systems. This approach was based on constraint set
resolution and was not able to deal with precise properties for communications
of behaviors. We present here a new approach, control-flow oriented, based on
the abstract interpretation framework, able to deal with communication of
behaviors. Within our new analyses, we are able to verify most of the previous
properties we observed as well as new ones, principally based on occurrence
counting
From Single-thread to Multithreaded: An Efficient Static Analysis Algorithm
A great variety of static analyses that compute safety properties of
single-thread programs have now been developed. This paper presents a
systematic method to extend a class of such static analyses, so that they
handle programs with multiple POSIX-style threads. Starting from a pragmatic
operational semantics, we build a denotational semantics that expresses
reasoning a la assume-guarantee. The final algorithm is then derived by
abstract interpretation. It analyses each thread in turn, propagating
interferences between threads, in addition to other semantic information. The
combinatorial explosion, ensued from the explicit consideration of all
interleavings, is thus avoided. The worst case complexity is only increased by
a factor n compared to the single-thread case, where n is the number of
instructions in the program. We have implemented prototype tools, demonstrating
the practicality of the approach
Improving Strategies via SMT Solving
We consider the problem of computing numerical invariants of programs by
abstract interpretation. Our method eschews two traditional sources of
imprecision: (i) the use of widening operators for enforcing convergence within
a finite number of iterations (ii) the use of merge operations (often, convex
hulls) at the merge points of the control flow graph. It instead computes the
least inductive invariant expressible in the domain at a restricted set of
program points, and analyzes the rest of the code en bloc. We emphasize that we
compute this inductive invariant precisely. For that we extend the strategy
improvement algorithm of [Gawlitza and Seidl, 2007]. If we applied their method
directly, we would have to solve an exponentially sized system of abstract
semantic equations, resulting in memory exhaustion. Instead, we keep the system
implicit and discover strategy improvements using SAT modulo real linear
arithmetic (SMT). For evaluating strategies we use linear programming. Our
algorithm has low polynomial space complexity and performs for contrived
examples in the worst case exponentially many strategy improvement steps; this
is unsurprising, since we show that the associated abstract reachability
problem is Pi-p-2-complete
- …