Conference Paper

The Zonotope Abstract Domain Taylor1+

DOI: 10.1007/978-3-642-02658-4_47 Conference: Computer Aided Verification, 21st International Conference, CAV 2009, Grenoble, France, June 26 - July 2, 2009. Proceedings
Source: DBLP


Static analysis by abstract interpretation [1] aims at automatically inferring properties on the behaviour of programs. We
focus here on a specific kind of numerical invariants: the set of values taken by numerical variables, with a real numbers
semantics, at each control point of a program.

Download full-text


Available from: E. Goubault,
38 Reads
  • Source
    • "We thus define a pre-order on affine sets [7] [11] which formalizes the fact that the central symbols have a specific interpretation as parameterizing the initial values of input arguments to the analyzed program: "
    [Show abstract] [Hide abstract]
    ABSTRACT: Zonotopes are a convenient abstract domain for the precise analysis of programs with numerical variables. Compared to the domain of convex polyhedra, it is less expensive and may easily handle non-linear assignments. However, the classical join operator of this abstract domain does not always preserve linear invariants, unlike the convex hull. We present a global join operator that preserves some affine relations. We end up by showing some experiments conducted on the constrained Taylor1+ domain of Apron.
    Electronic Notes in Theoretical Computer Science 11/2012; 287:65–76. DOI:10.1016/j.entcs.2012.09.007
  • Source
    • "The approaches discussed so far mainly aim at establishing the result of a floating-point computation. An orthogonal line of research is to analyse the deviation of a floating-point computation from its real counterpart by studying the propagation of rounding errors [43], [44]. Case studies for this approach are given in [45], [46]. "
    [Show abstract] [Hide abstract]
    ABSTRACT: We present a bit-precise decision procedure for the theory of binary floating-point arithmetic. The core of our approach is a non-trivial generalisation of the conflict analysis algorithm used in modern SAT solvers to lattice-based abstractions. Existing complete solvers for floating-point arithmetic employ bit-vector encodings. Propositional solvers based on the Conflict Driven Clause Learning (CDCL) algorithm are then used as a backend. We present a natural-domain SMT approach that lifts the CDCL framework to operate directly over abstractions of floating-point values. We have instantiated our method inside MATHSAT5 with the floating-point interval abstraction. The result is a sound and complete procedure for floating-point arithmetic that outperforms the state-of-the-art significantly on problems that check ranges on numerical variables. Our technique is independent of the specific abstraction and can be applied to problems beyond floating-point satisfiability checking.
    Formal Methods in Computer-Aided Design (FMCAD), 2012; 01/2012
  • Source
    • "It is an on-going project to support more directly in the Apron toolbox bounded numerical types, but the right way to do it is not yet clear, and it involves precision/efficiency tradeoffs New abstract domain: in this context, this means a new numerical abstract domain. Our experience is that we could connect without problem the external PPL library [2] to Apron, and that the more innovative Taylor1+ domain [11] was also connected by an external team without requiring a single change in the API. "
    [Show abstract] [Hide abstract]
    ABSTRACT: The “right” way of writing and structuring compilers is well-known. The situation is a bit less clear for static analysis tools. It seems to us that a static analysis tool is ideally decomposed into three building blocks: (1) a front-end, which parses programs, generates semantic equations, and supervises the analysis process; (2) a fixpoint equation solver, which takes equations and solves them; (3) and an abstract domain, on which equations are interpreted. The expected advantages of such a modular structure is the ability of sharing development efforts between analyzers for different languages, using common solvers and abstract domains. However putting in practice such ideal concepts is not so easy, and some static analyzers merge for instance the blocks (1) and (2).We show how we instantiated these principles with three different static analyzers (addressing resp. imperative sequential programs, imperative concurrent programs, and synchronous dataflow programs), a generic fixpoint solver (Fixpoint), and two different abstract domains. We discussed our experience on the advantages and the limits of this approach compared to related work.
    Electronic Notes in Theoretical Computer Science 10/2010; 267(2):29-42. DOI:10.1016/j.entcs.2010.09.016
Show more