Succinct Representations for Abstract Interpretation

Abstract interpretation techniques can be made more precise by distinguishing paths inside loops, at the expense of possibly exponential complexity. SMT-solving techniques and sparse representations of paths and sets of paths avoid this pitfall. We improve previously proposed techniques for guided static analysis and the generation of disjunctive invariants by combining them with techniques for succinct representations of paths and symbolic representations for transitions based on static single assignment. Because of the non-monotonicity of the results of abstract interpretation with widening operators, it is difficult to conclude that some abstraction is more precise than another based on theoretical local precision results. We thus conducted extensive comparisons between our new techniques and previous ones, on a variety of open-source packages.Comment: Static analysis symposium (SAS), Deauville : France (2012

Logico-numerical max-strategy iteration

Strategy iteration methods are used for solving fixed point equations. It has been shown that they improve precision in static analysis based on abstract interpretation and template abstract domains, e.g. intervals, octagons or template polyhedra. However, they are limited to numerical programs. In this paper, we propose a method for applying max-strategy iteration to logico-numerical programs, i.e. programs with numerical and Boolean variables, without explicitly enumerating the Boolean state space. The method is optimal in the sense that it computes the least fixed point w.r.t. the abstract domain; in particular, it does not resort to widening. Moreover, we give experimental evidence about the efficiency and precision of the approach

Relational Thread-Modular Abstract Interpretation Under Relaxed Memory Models

International audienceWe address the verification problem of numeric properties in many-threaded concurrent programs under weakly consistent memory models, especially TSO. We build on previous work that proposed an abstract interpretation method to analyse these programs with rela-tional domains. This method was not sufficient to analyse more than two threads in a decent time. Our contribution here is to rely on a rely-guarantee framework with automatic inference of thread interferences to design an analysis with a thread-modular approach and describe re-lational abstractions of both thread states and interferences. We show how to adapt the usual computing procedure of interferences to the additional issues raised by weakly consistent memories. We demonstrate the precision and the performance of our method on a few examples, operating a prototype analyser that verifies safety properties like mutual exclusion. We discuss how weak memory models affect the scalability results compared to a sequentially consistent environment

Using Bounded Model Checking to Focus Fixpoint Iterations

Two classical sources of imprecision in static analysis by abstract interpretation are widening and merge operations. Merge operations can be done away by distinguishing paths, as in trace partitioning, at the expense of enumerating an exponential number of paths. In this article, we describe how to avoid such systematic exploration by focusing on a single path at a time, designated by SMT-solving. Our method combines well with acceleration techniques, thus doing away with widenings as well in some cases. We illustrate it over the well-known domain of convex polyhedra

Evaluating Design Tradeoffs in Numeric Static Analysis for Java

Numeric static analysis for Java has a broad range of potentially useful applications, including array bounds checking and resource usage estimation. However, designing a scalable numeric static analysis for real-world Java programs presents a multitude of design choices, each of which may interact with others. For example, an analysis could handle method calls via either a top-down or bottom-up interprocedural analysis. Moreover, this choice could interact with how we choose to represent aliasing in the heap and/or whether we use a relational numeric domain, e.g., convex polyhedra. In this paper, we present a family of abstract interpretation-based numeric static analyses for Java and systematically evaluate the impact of 162 analysis configurations on the DaCapo benchmark suite. Our experiment considered the precision and performance of the analyses for discharging array bounds checks. We found that top-down analysis is generally a better choice than bottom-up analysis, and that using access paths to describe heap objects is better than using summary objects corresponding to points-to analysis locations. Moreover, these two choices are the most significant, while choices about the numeric domain, representation of abstract objects, and context-sensitivity make much less difference to the precision/performance tradeoff

Generic Combination of Heap and Value Analyses in Abstract Interpretation

Abstract. Abstract interpretation has been widely applied to approx-imate data structures and (usually numerical) value information. One needs to combine them to effectively apply static analysis to real software. Nevertheless, they have been studied mainly as orthogonal problems so far. In this context, we introduce a generic framework that, given a heap and a value analysis, combines them, and we formally prove its soundness. The heap analysis approximates concrete locations with heap identifiers, that can be materialized or merged. Meanwhile, the value analysis tracks information both on variable and heap identifiers, taking into account when heap identifiers are merged or materialized. We show how existing pointer and shape analyses, as well as numerical domains, can be plugged in our framework. As far as we know, this is the first sound generic automatic framework combining heap and value analyses that allows to freely manage heap identifiers.

A relational abstraction for functions

This paper concerns the abstraction of sets of functions for use in abstract interpretation. The paper gives an overview of existing methods, which are illustrated with applications to shape analysis, and formalizes a new family of relational abstract domains that allows sets of functions to be abstracted more precisely than with known approaches, while being still machine-representable

Not Available

Not AvailableA protein isolate was prepared from karanj seed (KPI) with 921.2 g protein/kg seed, which contained a negligible amount of anti-nutritional factors and a balanced amino acid composition, especially rich in methionine. For 60-day feeding trial, five isoni-trogenous (300 g/kg CP) and isocaloric (15 MJ DE/kg) diets were formulated by re-placing soybean protein isolate (SPI) on protein equivalent basis, KPI-0 (control, 0 g/kg KPI); KPI-25 (replacing 250 g/kg SPI protein with KPI); KPI-50 (replacing 500 g/kg SPI protein with KPI); KPI-75 (replacing 750 g/kg SPI protein with KPI) and KPI-100 (replacing 1,000 g/kg SPI protein with KPI) for the feeding of L. rohita. The weight gain percentage, specific growth rate, feed conversion ratio and protein efficiency ratio were not significantly (p > .05) varied among the KPI fed and control groups. A significantly higher hepatosomatic index was recorded in the control and KPI-25 groups compared with other groups. The whole-body compositions, except ether ex-tract, did not differ significantly (p > .05) among the groups. Digestive (amylase, pro-tease, lipase and alkaline phosphatase) and metabolic enzyme activities (hexokinase, transaminases and lactate dehydrogenase) and glycogen stores were not significantly affected, whereas intestinal alkaline phosphatase differed significantly (p < .05). The RNA–DNA ratio was significantly (p < .05) higher in the KPI-75 group. Thus, the study revealed that KPI can completely replace SPI protein at 191 g/kg inclusion level in the diets of L. rohita fingerlings.Not Availabl