Abstract
Abstract interpretation has a reputation of being a kind of “black art,” and consequently difficult to work with. This paper describes a twenty-year quest by the first author to address this issue by raising the level of automation in abstract interpretation. The most recent leg of this journey is the subject of the second author’s 2014 Ph.D. dissertation. The paper discusses several different approaches to creating correct-by-construction analyzers. Our research has allowed us to establish connections between this problem and several other areas of computer science, including automated reasoning/decision procedures, concept learning, and constraint programming.
Portions of this work appeared in [26, 35, 45, 63, 64, 66, 70, 76, 78, 81, 82]. T. Reps has an ownership interest in GrammaTech, Inc., which has licensed elements of the technology reported in this publication.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
A slight modification to the bilateral algorithm can remove the requirement of having no infinite descending chains [78].
- 3.
(i) The correctness theorem for \({ focus}\) [70, Lemmas 6.8 and 6.9]; (ii) the Embedding Theorem [70, Theorem 4.9]; (iii) the correctness theorem for the finite-differencing scheme for maintaining instrumentation relations [63, Theorem 5.3]; and (iv) the correctness theorem for \({ coerce}\) [70, Theorem 6.28].
References
Akers Jr, S.: On a theory of Boolean functions. J. SIAM 7(4), 487–498 (1959)
Angluin, D.: Learning regular sets from queries and counterexamples. Inf. Comput. 75(2), 87–106 (1987)
Apt, K.: The essence of constraint propagation. TCS 221, 179–210 (1999)
Arnold, G., Manevich, R., Sagiv, M., Shaham, R.: Combining shape analyses by intersecting abstractions. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 33–48. Springer, Heidelberg (2006)
Bagnara, R., Hill, P.M., Zaffanella, E.: The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. SCP 72(1–2), 3–21 (2008)
Balakrishnan, G., Reps, T.: WYSINWYX: what you see is not what you eXecute. TOPLAS 32(6), 202–213 (2010)
Ball, T., Podelski, A., Rajamani, S.K.: Boolean and cartesian abstraction for model checking C programs. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 268–283. Springer, Heidelberg (2001)
Barrett, E., King, A.: Range and set abstraction using SAT. ENTCS 267(1), 17–27 (2010)
Beyer, D., Cimatti, A., Griggio, A., Keremoglu, M., Sebastiani, R.: Software model checking via large-block encoding. In: FMCAD (2009)
Beyer, D., Keremoglu, M., Wendler, P.: Predicate abstraction with adjustable-block encoding. In: FMCAD (2010)
Boerger, E., Staerk, R.: Abstract State Machines: A Method for High-Level System Design and Analysis. Springer, Heidelberg (2003)
Bogudlov, I., Lev-Ami, T., Reps, T., Sagiv, M.: Revamping TVLA: Making parametric shape analysis competitive. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 221–225. Springer, Heidelberg (2007)
Brauer, J., King, A.: Automatic abstraction for intervals using Boolean formulae. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 167–183. Springer, Heidelberg (2010)
Bush, W., Pincus, J., Sielaff, D.: A static analyzer for finding dynamic programming errors. Softw. Pract. Experience 30, 775–802 (2000)
Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Footprint analysis: A shape analysis that discovers preconditions. In: Riis Nielson, H., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 402–418. Springer, Heidelberg (2007)
Clarke, E., Kroening, D., Sharygina, N., Yorav, K.: Predicate abstraction of ANSI-C programs using SAT. FMSD 25(2–3), 125–127 (2004)
Cousot, P.: Verification by abstract interpretation. In: Verification Theory and Practice (2003)
Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL (1977)
Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: POPL (1979)
Cousot, P., Cousot, R., Mauborgne, L.: Theories, solvers and static analysis by abstract interpretation. J. ACM 59(6), Article No. 31 (2012)
Cousot, P., Halbwachs, N.: Automatic discovery of linear constraints among variables of a program. In: POPL (1978)
Cousot, P., Monerau, M.: Probabilistic abstract interpretation. In: Seidl, H. (ed.) Programming Languages and Systems. LNCS, vol. 7211, pp. 169–193. Springer, Heidelberg (2012)
Craig, W.: Three uses of the Herbrand-Gentzen theorem in relating model theory and proof theory. J. Symbolic Logic 22(3), 269–285 (1957)
Distefano, D., O’Hearn, P.W., Yang, H.: A local shape analysis based on separation logic. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 287–302. Springer, Heidelberg (2006)
Dong, G., Su, J.: Incremental and decremental evaluation of transitive closure by first-order queries. Inf. Comp. 120, 101–106 (1995)
Elder, M., Gopan, D., Reps, T.: View-augmented abstractions. ENTCS 267(1), 43–57 (2010)
Elder, M., Lim, J., Sharma, T., Andersen, T., Reps, T.: Abstract domains of affine relations. TOPLAS 36(4), 1–73 (2014)
Futamura, Y.: Partial evaluation of computation process - an approach to a compiler-compiler. Higher-Order and Symb. Comp., 12(4) (1999). Reprinted from Systems \(\cdot \) Computers \(\cdot \) Controls 2(5) (1971)
Gopan, D., Reps, T.: Lookahead widening. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 452–466. Springer, Heidelberg (2006)
Gopan, D., Reps, T.: Guided static analysis. In: Riis Nielson, H., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 349–365. Springer, Heidelberg (2007)
Graf, S., Saïdi, H.: Construction of abstract state graphs with PVS. In: CAV (1997)
Gulwani, S., Musuvathi, M.: Cover algorithms and their combination. In: Drossopoulou, S. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 193–207. Springer, Heidelberg (2008)
Gupta, A., Mumick, I. (eds.): Materialized Views: Techniques, Implementations, and Applications. The M.I.T. Press, Cambridge, MA (1999)
Jackson, D.: Software Abstractions: Logic, Language, and Analysis. The M.I.T. Press, Cambridge (2006)
Jeannet, B., Loginov, A., Reps, T., Sagiv, M.: A relational approach to interprocedural shape analysis. TOPLAS 32(2), 5:1–5:2 (2010)
Johnson, S.: YACC: Yet another compiler-compiler. Technical Report Comp. Sci. Tech. Rep. 32, Bell Laboratories (1975)
Jones, N., Gomard, C., Sestoft, P.: Partial Evaluation and Automatic Program Generation. Prentice-Hall International (1993)
Karr, M.: Affine relationship among variables of a program. Acta Inf. 6, 133–151 (1976)
Kearns, M.J., Vazirani, U.V.: An Introduction to Computational Learning Theory. MIT Press, Cambridge, MA, USA (1994)
King, A., Søndergaard, H.: Automatic abstraction for congruences. In: Barthe, G., Hermenegildo, M. (eds.) VMCAI 2010. LNCS, vol. 5944, pp. 197–213. Springer, Heidelberg (2010)
Kozen, D.: Semantics of probabilistic programs. JCSS 22(3), 328–350 (1981)
Lev-Ami, T., Sagiv, M.: TVLA: A system for implementing static analyses. In: Palsberg, J. (ed.) Static Analysis. LNCS, vol. 1824, pp. 280–301. Springer, Heidelberg (2000)
Li, Y., Albarghouthi, A., Kincaid, Z., Gurfinkel, A., Chechik, M.: Symbolic optimization with smt solvers. In: POPL (2014)
Lim, J., Lal, A., Reps, T.: Symbolic analysis via semantic reinterpretation. STTT 13(1), 61–87 (2011)
Lim, J., Reps, T.: TSL: A system for generating abstract interpreters and its application to machine-code analysis. In: TOPLAS, 35(1), (2013). Article 4
Malmkjær, K.: Abstract Interpretation of Partial-Evaluation Algorithms. Ph.D. thesis, Dept. of Comp. and Inf. Sci., Kansas State Univ. (1993)
McMillan, K.: Don’t-care computation using k-clause approximation. In: IWLS (2005)
Miné, A.: The octagon abstract domain. In: WCRE (2001)
Miné, A.: A few graph-based relational numerical abstract domains. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 117–132. Springer, Heidelberg (2002)
Miné, A., Breck, J., Reps, T.: An algorithm inspired by constraint solvers to infer inductive invariants in numeric programs. Submitted for publication (2015)
Mitchell, T.: Machine Learning. WCB/McGraw-Hill, Boston, MA (1997)
Monniaux, D.: Abstract interpretation of probabilistic semantics. In: Palsberg, J. (ed.) Static Analysis. LNCS, vol. 1824, pp. 322–339. Springer, Heidelberg (2000)
Monniaux, D.: Automatic modular abstractions for template numerical constraints. LMCS 6(3), 4 (2010)
Montanari, U.: Networks of constraints: Fundamental properties and applications to picture processing. Inf. Sci. 7(2), 95–132 (1974)
Müller-Olm, M., Seidl, H.: Precise interprocedural analysis through linear algebra. In: POPL (2004)
Mycroft, A., Jones, N.: A relational framework for abstract interpretation. In: Programs as Data Objects (1985)
Mycroft, A., Jones, N.: Data flow analysis of applicative programs using minimal function graphs. In: POPL (1986)
Nielson, F.: Two-level semantics and abstract interpretation. TCS 69, 117–242 (1989)
Patnaik, S., Immerman, N.: Dyn-FO: A parallel, dynamic complexity class. JCSS 55(2), 199–209 (1997)
Pelleau, M., Miné, A., Truchet, C., Benhamou, F.: A constraint solver based on abstract domains. In: Giacobazzi, R., Berdine, J., Mastroeni, I. (eds.) VMCAI 2013. LNCS, vol. 7737, pp. 434–454. Springer, Heidelberg (2013)
Regehr, J., Reid, A.: HOIST: A system for automatically deriving static analyzers for embedded systems. In: ASPLOS (2004)
Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: POPL (1995)
Reps, T., Sagiv, M., Loginov, A.: Finite differencing of logical formulas for static analysis. TOPLAS 6(32), 1–55 (2010)
Reps, T., Sagiv, M., Yorsh, G.: Symbolic implementation of the best transformer. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 252–266. Springer, Heidelberg (2004)
Reps, T., Schwoon, S., Jha, S., Melski, D.: Weighted pushdown systems and their application to interprocedural dataflow analysis. SCP 58(1–2), 206–263 (2005)
Reps, T., Thakur, A.: Through the lens of abstraction. In: HCSS (2014)
Reps, T., Turetsky, E., Prabhu, P.: Newtonian program analysis via tensor product. In: POPL (2016)
Reynolds, J.: Separation logic: A logic for shared mutable data structures. In: LICS (2002)
Sagiv, M., Reps, T., Wilhelm, R.: Solving shape-analysis problems in languages with destructive updating. TOPLAS 20(1), 1–50 (1998)
Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. TOPLAS 24(3), 217–298 (2002)
Sankaranarayanan, S., Sipma, H.B., Manna, Z.: Scalable analysis of linear systems using mathematical programming. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 25–41. Springer, Heidelberg (2005)
Scherpelz, E., Lerner, S., Chambers, C.: Automatic inference of optimizer flow functions from semantic meanings. In: PLDI (2007)
Sharir, M.: Some observations concerning formal differentiation of set theoretic expressions. TOPLAS 4(2), 196–225 (1982)
Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. Program Flow Analysis Theory and Applications. Prentice-Hall, Englewood Cliffs (1981)
Sheeran, M., Stålmarck, G.: A tutorial on Stålmarck’s proof procedure for propositional logic. Formal Methods Syst. Des. 16(1), 23–58 (2000)
Thakur, A.: Symbolic Abstraction: Algorithms and Applications. Ph.D. thesis, Comp. Sci. Dept., Univ. of Wisconsin, Madison, WI, Aug. 2014. Technical Report (1812)
Thakur, A., Breck, J., Reps, T.: Satisfiability modulo abstraction for separation logic with linked lists. In: Spin Workshop (2014)
Thakur, A., Elder, M., Reps, T.: Bilateral algorithms for symbolic abstraction. In: Miné, A., Schmidt, D. (eds.) SAS 2012. LNCS, vol. 7460, pp. 111–128. Springer, Heidelberg (2012)
Thakur, A., Lal, A., Lim, J., Reps, T.: PostHat and all that: Automating abstract interpretation. ENTCS 311, 15–32 (2015)
Thakur, A., Lim, J., Lal, A., Burton, A., Driscoll, E., Elder, M., Andersen, T., Reps, T.: Directed proof generation for machine code. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 288–305. Springer, Heidelberg (2010)
Thakur, A., Reps, T.: A generalization of Stålmarck’s method. In: SAS (2012)
Thakur, A., Reps, T.: A method for symbolic computation of abstract operations. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 174–192. Springer, Heidelberg (2012)
Valiant, L.G.: A theory of the learnable. Commun. ACM 27(11), 1134–1142 (1984)
Yahav, E.: Verifying safety properties of concurrent Java programs using 3-valued logic. In: POPL (2001)
Yorsh, G., Reps, T., Sagiv, M.: Symbolically computing most-precise abstract operations for shape analysis. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 530–545. Springer, Heidelberg (2004)
Acknowledgments
T. Reps would like to thank the many people with whom he collaborated on the work described in the paper (as well as work that motivated the work described): for shape analysis: M. Sagiv, R. Wilhelm, a long list of their former students, as well as his own former students A. Loginov and D. Gopan; for machine-code analysis: G. Balakrishnan, J. Lim, Z. Xu, B. Miller, D. Gopan, A. Thakur, E. Driscoll, A. Lal, M. Elder, T. Sharma, and researchers at GrammaTech, Inc.; for symbolic abstraction: M. Sagiv, G. Yorsh, A. Thakur, M. Elder, T. Sharma, J. Breck, and A. Miné.
The work has been supported for many years by grants and contracts from NSF, DARPA, ONR, ARL, AFOSR, HSARPA, and GrammaTech, Inc. Special thanks go to R. Wachter, F. Anger, T. Teitelbaum and A. White.
Current support comes from a gift from Rajiv and Ritu Batra; DARPA under cooperative agreement HR0011-12-2-0012; AFRL under DARPA MUSE award FA8750-14-2-0270 and DARPA STAC award FA8750-15-C-0082; and the UW-Madison Office of the Vice Chancellor for Research and Graduate Education with funding from WARF. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors, and do not necessarily reflect the views of the sponsoring organizations.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Reps, T., Thakur, A. (2016). Automating Abstract Interpretation. In: Jobstmann, B., Leino, K. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2016. Lecture Notes in Computer Science(), vol 9583. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49122-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-662-49122-5_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-49121-8
Online ISBN: 978-3-662-49122-5
eBook Packages: Computer ScienceComputer Science (R0)