Article

Understanding the origin of alarms in ASTRÉE

Author:

Xavier RivalAuthors Info & Claims

SAS'05: Proceedings of the 12th international conference on Static Analysis

Pages 303 - 319

https://doi.org/10.1007/11547662_21

Published: 07 September 2005 Publication History

Abstract

Static analyzers like Astrée are incomplete, hence, may produce false alarms. We propose a framework for the investigation of the alarms produced by Astrée, so as to help classifying them as true errors or false alarms that are due to the approximation inherent in the static analysis. Our approach is based on the computation of an approximation of a set of traces specified by an initial and a (set of) final state(s). Moreover, we allow for finer analyses to focus on some execution patterns or on some possible inputs. The underlying algorithms were implemented inside Astrée and used successfully to track alarms in large, critical embedded applications.

References

[1]

T. Ball, R. Majumdar, T. Millstein, and S. Rajamani. Automatic predicate abstraction of C programs. In PLDI, 2001.

Digital Library

[2]

T. Ball, M. Naik, and S. Rajamani. From symptom to cause: Localizing errors in counterexample traces. In POPL, 2003.

Digital Library

[3]

B. Blanchet, P. Cousot, R. Cousot, J. Feret, L.Mauborgne, A. Miné, D. Monniaux, and X. Rival. A Static Analyzer for Large Safety Critical Software. In PLDI, 2003.

Digital Library

[4]

G. Canfora, A. Cimitille, and A. D. Lucia. Condition program slicing. Information and Software Technology; Special issue on Program Slicing, 1998.

[5]

E. M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. In CAV, 2000.

Digital Library

[6]

P. Cousot. Méthodes itératives de construction et d'approximation de points fixes d'opérateurs monotones sur un treillis, analyse sémantique des programmes. PhD thesis, 1978.

[7]

P. Cousot. Semantic foundations of program analysis. In S. Muchnick and N. Jones, editors, Program Flow Analysis: Theory and Applications, pages 303-342. Prentice-Hall, Inc., Englewood Cliffs, New Jersey, 1981.

[8]

P. Cousot and R. Cousot. Abstract Interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, 1977.

Digital Library

[9]

P. Cousot and R. Cousot. Abstract Interpretation and Application to Logic Programs. Journal of Logic Programming, 13(2-3):103-179, 1992.

Digital Library

[10]

P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. The ASTRéE analyzer. In ESOP, 2005.

Digital Library

[11]

N. Dor, M. Rodeh, and M. Sagiv. CSSV: Towards a realistic tool for statically detecting all buffer overflows in C. In PLDI, 2003.

Digital Library

[12]

G. Erez. Generating counter examples for sound abstract interpretation. Master's thesis, 2004.

[13]

J. Feret. Static analysis of digital filters. In ESOP, 2004.

[14]

C. Fox, S. Danicic, M. Harman, and R. Hierons. ConSIT: A Conditioned Program Slicing System. Software - Practice and Experience, 2004.

Digital Library

[15]

F. Gaucher, E. Jahier, B. Jeannet, and F. Maraninchi. Automatic state reaching for debugging reactive programs. In AADEBUG, 2003.

[16]

R. Giacobazzi, F. Ranzato, and F. Scozzari. Making abstract interpretations complete. Journal of the ACM, pages 361-416, 2000.

Digital Library

[17]

P. Granger. Improving the results of static analyses programs by local decreasing iteration. In FSTTCS, 1992.

Digital Library

[18]

R. Hierons, M. Harman, C. Fox, L. Ouarbya, and D. Daoudi. Conditioned slicing supports partition testing. Journal of Software Testing, Verification and Reliability, 2002.

[19]

S. Horwitz, T. Reps, and D. Binkley. Interprocedural Slicing using Program Dependence Graphs. Programming Languages and Systems, 1990.

Digital Library

[20]

B. Jeannet. Dynamic partitioning in linear relation analysis. Formal Methods in System Design, 2003.

Digital Library

[21]

B. Korel and J. Laski. Dynamic Program Slicing. Information Processing Letters, 1988.

Digital Library

[22]

T. Lev-Ami and M. Sagiv. TVLA: A system for implementing static analyses. In SAS, 2000.

Digital Library

[23]

L. Mauborgne and X. Rival. Trace Partitioning in Abstract Interpretation Based Static Analyzers. In ESOP, 2005.

Digital Library

[24]

A. Miné. Relational abstract domains for the detection of floating-point run-time errors. In ESOP, 2004.

[25]

A. Miné. Weakly relational numerical abstract domains. PhD thesis, 2004.

[26]

G. Pace, N. Halbwachs, and P. Raymond. Counter-example generation in symbolic abstract model-checking. In 6th International Workshop on Formal Methods for Industrial Critical Systems, FMICS, 2001.

[27]

A. Podelski. Software model checking with abstraction refinement. In VMCAI, 2003.

Digital Library

[28]

A. Venet and G. Brat. Precise and efficient array bound checking for large embedded c programs. In PLDI, 2004.

Digital Library

[29]

M. Weiser. Program slicing. In Proceeding of the Fifth International Conference on Software Engineering, pages 439-449, 1981.

Digital Library

Cited By

Liew DCogumbreiro TLange J(2024)Sound and Partially-Complete Static Analysis of Data-Races in GPU ProgramsProceedings of the ACM on Programming Languages10.1145/36897978:OOPSLA2(2434-2461)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689797
Lemerre M(2023)Reverse Template Processing Using Abstract InterpretationStatic Analysis10.1007/978-3-031-44245-2_18(403-433)Online publication date: 22-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-44245-2_18
Dimovski A(2023)Generalized Program Sketching by Abstract Interpretation and Logical AbductionStatic Analysis10.1007/978-3-031-44245-2_11(212-230)Online publication date: 22-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-44245-2_11
Show More Cited By

Understanding the origin of alarms in ASTRÉE
1. Theory of computation
  1. Semantics and reasoning

Recommendations

Astrée: from research to industry
SAS'07: Proceedings of the 14th international conference on Static Analysis

Airbus has started introducing abstract interpretation based static analysers into the verification process of some of its avionics software products. Industrial constraints require any such tool to be extremely precise, which can only be achieved after ...
Why does Astrée scale up?

Astrée was the first static analyzer able to prove automatically the total absence of runtime errors of actual industrial programs of hundreds of thousand lines. What makes Astrée such an innovative tool is its scalability, while retaining ...
Astrée: design and experience
SAS'11: Proceedings of the 18th international conference on Static analysis

Safety-critical embedded software has to satisfy stringent quality requirements. Testing and validation consumes a large and growing fraction of development cost. One class of errors which are hard to find by testing are runtime errors, e.g., arithmetic ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SAS'05: Proceedings of the 12th international conference on Static Analysis

September 2005

368 pages

ISBN:3540285849

Editors:
Chris Hankin
Department of Computing, Imperial College London
,
Igor Siveroni
Department of Computing, Imperial College London, 180 Queen's Gate, London, UK

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 07 September 2005

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

32
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Liew DCogumbreiro TLange J(2024)Sound and Partially-Complete Static Analysis of Data-Races in GPU ProgramsProceedings of the ACM on Programming Languages10.1145/36897978:OOPSLA2(2434-2461)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689797
Lemerre M(2023)Reverse Template Processing Using Abstract InterpretationStatic Analysis10.1007/978-3-031-44245-2_18(403-433)Online publication date: 22-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-44245-2_18
Dimovski A(2023)Generalized Program Sketching by Abstract Interpretation and Logical AbductionStatic Analysis10.1007/978-3-031-44245-2_11(212-230)Online publication date: 22-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-44245-2_11
Dimovski A(2023)Error Invariants for Fault Localization via Abstract InterpretationStatic Analysis10.1007/978-3-031-44245-2_10(190-211)Online publication date: 22-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-44245-2_10
Asadi AChatterjee KFu HGoharshady AMahdavi MFreund SYahav E(2021)Polynomial reachability witnesses via StellensätzeProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454076(772-787)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454076
Cousot P(2019)Abstract Semantic DependencyStatic Analysis10.1007/978-3-030-32304-2_19(389-410)Online publication date: 8-Oct-2019
https://dl.acm.org/doi/10.1007/978-3-030-32304-2_19
Deng CCousot P(2019)Responsibility Analysis by Abstract InterpretationStatic Analysis10.1007/978-3-030-32304-2_18(368-388)Online publication date: 8-Oct-2019
https://dl.acm.org/doi/10.1007/978-3-030-32304-2_18
Lee WLee WKang DHeo KOh HYi K(2017)Sound Non-Statistical Clustering of Static Analysis AlarmsACM Transactions on Programming Languages and Systems10.1145/309502139:4(1-35)Online publication date: 17-Aug-2017
https://dl.acm.org/doi/10.1145/3095021
Blackshear SChang BSridharan M(2015)Selective control-flow abstraction via jumpingACM SIGPLAN Notices10.1145/2858965.281429350:10(163-182)Online publication date: 23-Oct-2015
https://dl.acm.org/doi/10.1145/2858965.2814293
Blackshear SChang BSridharan MAldrich JEugster P(2015)Selective control-flow abstraction via jumpingProceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications10.1145/2814270.2814293(163-182)Online publication date: 23-Oct-2015
https://dl.acm.org/doi/10.1145/2814270.2814293
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents