Abstract
Value-based static analysis techniques express computed program invariants as logical formula over program variables. Researchers and practitioners use these invariants to aid in software engineering and verification tasks. When selecting abstract domains, practitioners weigh the cost of a domain against its expressiveness. However, an abstract domain’s expressiveness tends to be stated in absolute terms; either mathematically via the sub-polyhedra the domain is capable of describing, empirically using a set of known properties to verify, or empirically via logical entailment using the entire invariant of the domain at each program point. Due to carry-over effects, however, the last technique can be problematic because it tends to provide simplistic and imprecise comparisons.
We address these limitations of comparing, in general, abstract domains via logical entailment in this work. We provide a fixed-point algorithm for including the minimally necessary variables from each domain into the compared formula. Furthermore, we empirically evaluate our algorithm, comparing different techniques of widening over the Zones domain and comparing Zones to an incomparable Relational Predicates domain. Our empirical evaluation of our technique shows an improved granularity of comparison. It lowered the number of more precise invariants when comparing analysis techniques, thus, limiting the prevalent carry-over effects. Moreover, it removed undecidable invariants and lowered the number of incomparable invariants when comparing two incomparable relational abstract domain.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
\(z \le x\) is included due to transitive effects through \(x\).
References
Abate, C., et al.: An extended account of trace-relating compiler correctness and secure compilation. ACM Trans. Program. Lang. Syst. 43(4), 1–48 (2021). https://doi.org/10.1145/3460860
Ballou, K., Sherman, E.: Incremental transitive closure for zonal abstract domain. In: Deshmukh, J.V., Havelund, K., Perez, I. (eds.) NASA Formal Methods. NFM 2022. LNCS, vol. 13260, pp. 800–808. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-06773-0_43, http://dx.doi.org/10.1007/978-3-031-06773-0_43
Ballou, K., Sherman, E.: Identifying minimal changes in the zone abstract domain. In: David, C., Sun, M. (eds.) Theoretical Aspects of Software Engineering, vol. 13931, pp. 221–239. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-35257-7_13, http://dx.doi.org/10.1007/978-3-031-35257-7_13
Blanchet, B., et al.: A static analyzer for large safety-critical software. In: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation - PLDI ’03 (2003). https://doi.org/10.1145/781131.781153
Casso, I., Morales, J.F., LĂłpez-GarcĂa, P., Giacobazzi, R., Hermenegildo, M.V.: Computing abstract distances in logic programs. In: Gabbrielli, M. (ed.) LOPSTR 2019. LNCS, vol. 12042, pp. 57–72. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45260-5_4
Collberg, C., Myles, G., Stepp, M.: An empirical study of java bytecode programs. Softw. Pract. Exp. 37(6), 581–641 (2007). https://doi.org/10.1002/spe.776
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 238–252. POPL ’77, Association for Computing Machinery, New York, NY, USA, January 1977. https://doi.org/10.1145/512950.512973
Gange, G., Ma, Z., Navas, J.A., Schachte, P., Søndergaard, H., Stuckey, P.J.: A fresh look at zones and octagons. ACM Trans. Program. Lang. Syst. 43(3), 1–51 (2021). https://doi.org/10.1145/3457885
Gurfinkel, A., Chaki, S.: Boxes: a symbolic abstract domain of boxes. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 287–303. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15769-1_18
Howe, J.M., King, A.: Logahedra: a new weakly relational domain. In: Liu, Z., Ravn, A.P. (eds.) ATVA 2009. LNCS, vol. 5799, pp. 306–320. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04761-9_23
Katz, S.: Program optimization using invariants. IEEE Trans. Softw. Eng. SE-4(5), 378–389 (1978). https://doi.org/10.1109/tse.1978.233858
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976). https://doi.org/10.1145/360248.360252, http://dx.doi.org/10.1145/360248.360252
Larsen, K., Larsson, F., Pettersson, P., Yi, W.: Efficient verification of real-time systems: compact data structure and state-space reduction. In: Proceedings Real-Time Systems Symposium, pp. 14–24. IEEE Computer Society (1997). https://doi.org/10.1109/real.1997.641265
Laviron, V., Logozzo, F.: SubPolyhedra: a (more) scalable approach to infer linear inequalities. In: Jones, N.D., Müller-Olm, M. (eds.) VMCAI 2009. LNCS, vol. 5403, pp. 229–244. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-93900-9_20
Logozzo, F., Fähndrich, M.: Pentagons: a weakly relational abstract domain for the efficient validation of array accesses. Sci. Comput. Program. 75(9), 796–807 (2010). https://doi.org/10.1016/j.scico.2009.04.004
Miné, A.: A new numerical abstract domain based on difference-bound matrices. In: Danvy, O., Filinski, A. (eds.) PADO 2001. LNCS, vol. 2053, pp. 155–172. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44978-7_10
Miné, A.: Weakly Relational Numerical Abstract Domains, December 2004. https://pastel.archives-ouvertes.fr/tel-00136630
Miné, A.: The octagon abstract domain. High.-Order Symb. Comput. 19(1), 31–100 (2006). https://doi.org/10.1007/s10990-006-8609-1, http://dx.doi.org/10.1007/s10990-006-8609-1
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24
OSS, S.: Soot (2020). https://soot-oss.github.io/soot/
Sherman, E., Dwyer, M.B.: Exploiting domain and program structure to synthesize efficient and precise data flow analyses (t). In: 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), November 2015. https://doi.org/10.1109/ase.2015.41
Vallée-Rai, R. Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot - a java bytecode optimization framework. In: Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research, p. 13. CASCON ’99, IBM Press (1999)
Visser, W., Geldenhuys, J., Dwyer, M.B.: Green: reducing, reusing and recycling constraints in program analysis. In; Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, November 2012. https://doi.org/10.1145/2393596.2393665, http://dx.doi.org/10.1145/2393596.2393665
Zhu, H., Magill, S., Jagannathan, S.: A data-driven CHC solver. In: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2018. https://doi.org/10.1145/3192366.3192416
Acknowledgments
The work reported here was supported by the U.S. National Science Foundation under award CCF-19-42044.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ballou, K., Sherman, E. (2023). Minimally Comparing Relational Abstract Domains. In: André, É., Sun, J. (eds) Automated Technology for Verification and Analysis. ATVA 2023. Lecture Notes in Computer Science, vol 14216. Springer, Cham. https://doi.org/10.1007/978-3-031-45332-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-45332-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-45331-1
Online ISBN: 978-3-031-45332-8
eBook Packages: Computer ScienceComputer Science (R0)