Access-Based Localization for Octagons

AbstractAccess-based localization is a two-step process. First, the set of abstract memory locations that are accessed in a procedure are determined. Then, in a subsequent fixed point iteration, the input to the respective procedure is reduced to those variables that are indeed accessed, thereby saving time and memory. The topic of this paper is access-based localization for the octagon abstract domain. For the frequently occurring scenario that only one out of two variables in some octagonal constraint is contained in the access-set of a procedure, there is a variety of opportunities how localization could be implemented. This paper presents three different approaches on how to deal with such constraints. Albeit applied to a subset of the abstract state space, two of these approaches preserve precision, i.e., the abstract state space is as precise as in the case that no localization is performed

Static Analysis of Lockless Microcontroller C Programs

Concurrently accessing shared data without locking is usually a subject to race conditions resulting in inconsistent or corrupted data. However, there are programs operating correctly without locking by exploiting the atomicity of certain operations on a specific hardware. In this paper, we describe how to precisely analyze lockless microcontroller C programs with interrupts by taking the hardware architecture into account. We evaluate this technique in an octagon-based value range analysis using access-based localization to increase efficiency