7 research outputs found
Stratified Static Analysis Based on Variable Dependencies
In static analysis by abstract interpretation, one often uses widening
operators in order to enforce convergence within finite time to an inductive
invariant. Certain widening operators, including the classical one over finite
polyhedra, exhibit an unintuitive behavior: analyzing the program over a subset
of its variables may lead a more precise result than analyzing the original
program! In this article, we present simple workarounds for such behavior
Differentially Testing Soundness and Precision of Program Analyzers
In the last decades, numerous program analyzers have been developed both by
academia and industry. Despite their abundance however, there is currently no
systematic way of comparing the effectiveness of different analyzers on
arbitrary code. In this paper, we present the first automated technique for
differentially testing soundness and precision of program analyzers. We used
our technique to compare six mature, state-of-the art analyzers on tens of
thousands of automatically generated benchmarks. Our technique detected
soundness and precision issues in most analyzers, and we evaluated the
implications of these issues to both designers and users of program analyzers
experimental evaluation of numerical domains for inferring ranges
Abstract Among the numerical abstract domains for detecting linear relationships between program variables, the polyhedra domain is, from a purely theoretical point of view, the most precise one. Other domains, such as intervals, octagons and parallelotopes, are less expressive but generally more efficient. We focus our attention on interval constraints and, using a suite of benchmarks, we experimentally show that, in practice, polyhedra may often compute results less precise than the other domains, due to the use of the widening operator
PAGAI: a path sensitive static analyzer
We describe the design and the implementation of PAGAI, a new static analyzer
working over the LLVM compiler infrastructure, which computes inductive
invariants on the numerical variables of the analyzed program. PAGAI implements
various state-of-the-art algorithms combining abstract interpretation and
decision procedures (SMT-solving), focusing on distinction of paths inside the
control flow graph while avoiding systematic exponential enumerations. It is
parametric in the abstract domain in use, the iteration algorithm, and the
decision procedure. We compared the time and precision of various combinations
of analysis algorithms and abstract domains, with extensive experiments both on
personal benchmarks and widely available GNU programs.Comment: Tools for Automatic Program AnalysiS (TAPAS 2012), Deauville : France
(2012