article

Open access

The trace partitioning abstract domain

Authors:

Laurent MauborgneAuthors Info & Claims

ACM Transactions on Programming Languages and Systems (TOPLAS), Volume 29, Issue 5

Pages 26 - es

https://doi.org/10.1145/1275497.1275501

Published: 02 August 2007 Publication History

Abstract

In order to achieve better precision of abstract interpretation-based static analysis, we introduce a new generic abstract domain, the trace partitioning abstract domain. We develop a theoretical framework allowing a wide range of instantiations of the domain, proving that all these instantiations give correct results. From this theoretical framework, we go into implementation details of a particular instance developed in the Astrée static analyzer. We show how the domain is automatically configured in Astrée and the gain and cost in terms of performance and precision.

References

[1]

Ammons, G. and Larus, J. R. 1998. Improving data-flow analysis with path profiles. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (Montreal, Canada). ACM, New York, 72--84.

Digital Library

[2]

Ball, T. and Rajamani, S. K. 2001. Automatically validating temporal safety properties of interfaces. In Proceedings of the 8th International SPIN Workshop (Toronto, Canada). Lecture Notes in Computer Science. Springer, 103--122.

Digital Library

[3]

Ball, T. and Larus, J. R. 1996. Efficient path profiling. In Proceedings of the Annual ACM IEEE International Symposium on Microarchitecture (MICRO). IEEE Computer Society, Washington DC, 46--57.

Digital Library

[4]

Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. 2003. A static analyzer for large safety critical software. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (San Diego, CA). ACM Press, New York, 196--207.

Digital Library

[5]

Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. 2002. Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software. In The Essence of Computation: Complexity, Analysis, Transformation. Essays Dedicated to Neil D. Jones, T. Mogensen et al., eds. Lecture Notes in Computer Science, vol. 2566. Springer, 85--108.

Digital Library

[6]

Bodík, R., Gupta, R., and Soffa, M. L. 1997. Refining data flow information using infeasible paths. In Proceedings of the 6th European Software Engineering Conference and 5th ACM/SIGSOFT Symposium on Foundations of Software Engineering (Zurich, Switzerland). Springer, 361--377.

Digital Library

[7]

Bourdoncle, F. 1993. Efficient chaotic iteration strategies with widenings. In Proceedings of the International Conference on Formal Methods in Programming and Their Applications. Lecture Notes in Computer Science, vol. 735, Springer, 128--142.

[8]

Bryant, R. 1986. Graph based algorithms for Boolean function manipulation. IEEE Trans. Comput. C-35, 677--691.

Digital Library

[9]

Cousot, P. 1981. Semantic foundations of program analysis. In Program Flow Analysis: Theory and Applications, S. Muchnick and N. Jones, eds. Prentice-Hall, Englewood Cliffs, NJ. Chapter 10, 303--342.

[10]

Cousot, P. and Cousot, R. 1979. Systematic design of program analysis frameworks. In Conference Record of the 6th Symposium on Principles of Programming Languages (POPL) (San Antonio, TX). ACM Press, New York, 269--282.

Digital Library

[11]

Cousot, P. and Cousot, R. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Conference Record of the 4th Symposium on Principles of Programming Languages (POPL) (Los Angeles, CA). ACM Press, New York, 238--252.

Digital Library

[12]

Cousot, P. and Cousot, R. 1992a. Abstract interpretation and application to logic programs. J. Logic Program. 13, 2-3, 103--179.

Digital Library

[13]

Cousot, P. and Cousot, R. 1992b. Abstract interpretation frameworks. J. Logic Comput. 2, 4 (Aug.), 511--547.

[14]

Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. 2005. The ASTRÉE analyzer. In Proceedings of the European Symposium On Programming (ESOP) (Edinburgh, UK). Lecture Notes in Computer Science, vol. 3444. Springer.

[15]

Cousot, P. and Halbwachs, N. 1978. Automatic discovery of linear restraints among variables of a program. In Conference Record of the 5th Symposium on Principles of Programming Languages (POPL) (Tucson, AZ). ACM Press, New York, 84--97.

Digital Library

[16]

Das, M., Lerner, S., and Seigle, M. 2002. ESP: Path-Sensitive program verification in polynomial time. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (Berlin, Germany). ACM Press, New York, 57--68.

Digital Library

[17]

Feret, J. 2005. The arithmetic-geometric progression abstract domain. In Proceedings of the 6th Conference on Verification, Model-Cecking and Abstract Interpretation (VMCAI) (Paris), R. Cousot, ed. Lecture Notes in Computer Science, vol. 3385. Springer, 2--18.

Digital Library

[18]

Feret, J. 2004. Static analysis of digital filters. In Proceedings of the European Symposium on Programming (ESOP) (Barcelona, Spain). Lecture Notes in Computer Science. vol. 2986, Springer, 33--48.

[19]

Flanagan, C., Leino, K. R., Lillibridge, M., Nelson, G., Saxe, J. B., and Stata, R. 2002. Extended static checking for Java. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI). ACM Press, New York, 234--245.

Digital Library

[20]

Granger, P. 1989. Static analysis of arithmetical congruences. Int. J. Comput. Math. 30, 165--190.

[21]

Halbwachs, N., Lagnier, F., and Raymond, P. 1993. Synchronous observers and the verification of reactive systems. In Proceedings of the Workshop on Algebraic Methodology and Software Technology (AMAST) (Twente, The Netherlands). Springer, 83--96.

Digital Library

[22]

Handjieva, M. and Tzolovski, S. 1998. Refining static analyses by trace-based partitioning using control flow. In Proceedings of the 5th International Static Analysis Symposium (SAS). Lecture Notes in Computer Science, Springer, 200--214.

[23]

Holley, L. H. and Rosen, B. K. 1980. Qualified data flow problems. In Proceedings of the 7th ACM Symposium on Principles of Programming Languages (POPL) (Las Vegas, NV). ACM Press, New York, 68--82.

Digital Library

[24]

Horwitz, S., Reps, T., and Binkley, D. 1988. Interprocedural slicing using dependence graphs. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (Atlanta, GA). ACM Press, New York, 35--46.

Digital Library

[25]

Jeannet, B. 2003. Dynamic partitioning in linear relation analysis: Application to the verification of reactive systems. Formal Methods Syst. Des. 23, 1, 5--37.

Digital Library

[26]

Jeannet, B., Halbwachs, N., and Raymond, P. 1999. Dynamic partitioning in analyses of numerical properties. In Proceedings of the 6th Static Analysis Symposium (SAS) (Venice, Italy). Lecture Notes in Computer Science, vol. 1694. Springer, 39--50.

Digital Library

[27]

Jones, N. D. and Muchnick, S. S. 1979. Flow analysis and optimization of LISP-like structures. In Proceedings of the 6th ACM Symposium on Principles of Programming Languages (POPL) (San Antonio, TX). ACM Press, New York, 244--256.

Digital Library

[28]

Mauborgne, L. 2004. ASTRÉE: Verification of absence of run-time error. In Building the Information Society. Kluwer Academic, Toulouse, France. Chapter 4, 384--392.

[29]

Melski, D. and Reps, T. W. 2003. The interprocedural express-lane transformation. In Proceedings of the 12th International Conference on Compiler Construction (CC) (Warsaw, Poland). Lecture Notes in Computer Science. Springer, 200--216.

[30]

Miné, A. 2001. The octagon abstract domain. Higher-Order Symb. Comput. 19, 1, 31--100.

Digital Library

[31]

Monniaux, D. 2005. The parallel implementation of the Astrée static analyzer. In Proceedings of the 6th Asian Symposium on Programming Languages and Systems (APLAS). Lecture Notes in Computer Science, vol. 3780. Springer.

Digital Library

[32]

Plotkin, G. D. 1981. A structural approach to operational semantics. Tech. Rep. DAIMI FN-19, Aarhus University, Denmark. September.

[33]

Reps, T., Horwitz, S., and Sagiv, M. 1995. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22nd ACM Symposium on Principles of Programming Languages (POPL) (San Fransisco, CA). ACM Press, New York, 49--61.

Digital Library

[34]

Rival, X. 2005. Understanding the origin of alarms in astrée. In Proceedings of the 12th Static Analysis Symposium (SAS) (London). Lecture Notes in Computer Science, vol. 3672. Springer, 303--319.

Digital Library

[35]

Sharir, M. and Pnueli, A. 1981. Two approaches to interprocedural data flow analysis. In Program Flow Analysis: Theory and Applications, S. Muchnick and N. Jones, eds. Prentice-Hall, Englewood Cliffs, NJ. Chapter 7, 189--233.

[36]

Venet, A. 1996. Abstract cofibered domains: Application to the alias analysis of untyped programs. In Proceedings of the Static Analysis Symposium (SAS) (Aachen, Germany). Lecture Notes in Computer Science, vol. 1145, Springer.

Digital Library

Cited By

Hong JRyu S(2024)Don’t Write, but Return: Replacing Output Parameters with Algebraic Data Types in C-to-Rust TranslationProceedings of the ACM on Programming Languages10.1145/36564068:PLDI(716-740)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656406
Guo YYao PZhang CChristakis MPradel M(2024)Precise Compositional Buffer Overflow Detection via Heap DisjointnessProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652110(63-75)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652110
Bautista SJensen TMontagu B(2024)An input–output relational domain for algebraic data types and functional arraysFormal Methods in System Design10.1007/s10703-024-00456-zOnline publication date: 13-Jun-2024
https://doi.org/10.1007/s10703-024-00456-z
Show More Cited By

Index Terms

The trace partitioning abstract domain
1. Theory of computation
  1. Logic
  2. Semantics and reasoning
    1. Program reasoning
      1. Program analysis
    2. Program semantics

Recommendations

Trace partitioning in abstract interpretation based static analyzers
ESOP'05: Proceedings of the 14th European conference on Programming Languages and Systems

When designing a tractable static analysis, one usually needs to approximate the trace semantics. This paper proposes a systematic way of regaining some knowledge about the traces by performing the abstraction over a partition of the set of traces ...
The octagon abstract domain

This article presents the octagon abstract domain , a relational numerical abstract domain for static analysis by abstract interpretation. It allows representing conjunctions of constraints of the form X Y c where X and Y range among program ...
The Octagon Abstract Domain
WCRE '01: Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)

This article presents a new numerical abstract domain for static analysis by abstract interpretation. It extends our previously proposed DBM-based numerical abstract domain and allows us to represent invariants of the form (\pm x \pm y lleq c), where x ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Programming Languages and Systems

ACM Transactions on Programming Languages and Systems Volume 29, Issue 5

Special Issue ESOP'05

August 2007

213 pages

ISSN:0164-0925

EISSN:1558-4593

DOI:10.1145/1275497

Issue’s Table of Contents

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 August 2007

Published in TOPLAS Volume 29, Issue 5

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

139
Total Citations
View Citations
941
Total Downloads

Downloads (Last 12 months)136
Downloads (Last 6 weeks)18

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hong JRyu S(2024)Don’t Write, but Return: Replacing Output Parameters with Algebraic Data Types in C-to-Rust TranslationProceedings of the ACM on Programming Languages10.1145/36564068:PLDI(716-740)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656406
Guo YYao PZhang CChristakis MPradel M(2024)Precise Compositional Buffer Overflow Detection via Heap DisjointnessProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652110(63-75)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652110
Bautista SJensen TMontagu B(2024)An input–output relational domain for algebraic data types and functional arraysFormal Methods in System Design10.1007/s10703-024-00456-zOnline publication date: 13-Jun-2024
https://doi.org/10.1007/s10703-024-00456-z
Schwarz MErhard J(2024)The digest framework: concurrency-sensitivity for abstract interpretationInternational Journal on Software Tools for Technology Transfer10.1007/s10009-024-00773-y26:6(727-746)Online publication date: 28-Dec-2024
https://doi.org/10.1007/s10009-024-00773-y
Babu MLemerre MBardin SMarion J(2024)Trace Partitioning as an Optimization ProblemStatic Analysis10.1007/978-3-031-74776-2_2(26-60)Online publication date: 20-Oct-2024
https://dl.acm.org/doi/10.1007/978-3-031-74776-2_2
Bühler DMaroneze APerrelle V(2024)Abstract Interpretation with the Eva Plug-inGuide to Software Verification with Frama-C10.1007/978-3-031-55608-1_3(131-186)Online publication date: 10-Jul-2024
https://doi.org/10.1007/978-3-031-55608-1_3
Negrini LArceri VCortesi AFerrara P(2024)tarsisJournal of Software: Evolution and Process10.1002/smr.264736:8Online publication date: 5-Aug-2024
https://dl.acm.org/doi/10.1002/smr.2647
Calzavara SFerrara PLucchese C(2023)Certifying machine learning models against evasion attacks by program analysisJournal of Computer Security10.3233/JCS-21013331:1(57-84)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.3233/JCS-210133
Ma WYang STan TMa XXu CLi Y(2023)Context Sensitivity without Contexts: A Cut-Shortcut Approach to Fast and Precise Pointer AnalysisProceedings of the ACM on Programming Languages10.1145/35912427:PLDI(539-564)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591242
Yu JLi SZhu JCao YMeng WJensen CCremers CKirda E(2023)CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract InterpretationProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616584(2441-2455)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616584
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents