Conference Paper

The Zonotope Abstract Domain Taylor1+

DOI: 10.1007/978-3-642-02658-4_47 Conference: Computer Aided Verification, 21st International Conference, CAV 2009, Grenoble, France, June 26 - July 2, 2009. Proceedings
Source: DBLP

ABSTRACT

Static analysis by abstract interpretation [1] aims at automatically inferring properties on the behaviour of programs. We
focus here on a specific kind of numerical invariants: the set of values taken by numerical variables, with a real numbers
semantics, at each control point of a program.

Download full-text

Full-text

Available from: E. Goubault
  • Source
    • "Practically, though, partial orders can be applied which are not necessarily complete lattices—given only that they support an effective binary upper bound operation. This is the case, e.g., for polyhedra (Cousot and Halbwachs, 1978) or zonotopes (Ghorbal et al., 2009). Still, variants of Kleene iteration can be applied to determine solutions. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Non-trivial analysis problems require posets with infinite ascending and descending chains. In order to compute reasonably precise post-fixpoints of the resulting systems of equations, Cousot and Cousot have suggested accelerated fixpoint iteration by means of widening and narrowing. The strict separation into phases, however, may unnecessarily give up precision that cannot be recovered later, as over-approximated interim results have to be fully propagated through the equation the system. Additionally, classical two-phased approach is not suitable for equation systems with infinitely many unknowns---where demand driven solving must be used. Construction of an intertwined approach must be able to answer when it is safe to apply narrowing---or when widening must be applied. In general, this is a difficult problem. In case the right-hand sides of equations are monotonic, however, we can always apply narrowing whenever we have reached a post-fixpoint for an equation. The assumption of monotonicity, though, is not met in presence of widening. It is also not met by equation systems corresponding to context-sensitive inter-procedural analysis, possibly combining context-sensitive analysis of local information with flow-insensitive analysis of globals. As a remedy, we present a novel operator that combines a given widening operator with a given narrowing operator. We present adapted versions of round-robin as well as of worklist iteration, local and side-effecting solving algorithms for the combined operator and prove that the resulting solvers always return sound results and are guaranteed to terminate for monotonic systems whenever only finitely many unknowns (constraint variables) are encountered. Practical remedies are proposed for termination in the non-monotonic case.
    Full-text · Article · Mar 2015 · Science of Computer Programming
  • Source
    • "We thus define a pre-order on affine sets [7] [11] which formalizes the fact that the central symbols have a specific interpretation as parameterizing the initial values of input arguments to the analyzed program: "
    [Show abstract] [Hide abstract]
    ABSTRACT: Zonotopes are a convenient abstract domain for the precise analysis of programs with numerical variables. Compared to the domain of convex polyhedra, it is less expensive and may easily handle non-linear assignments. However, the classical join operator of this abstract domain does not always preserve linear invariants, unlike the convex hull. We present a global join operator that preserves some affine relations. We end up by showing some experiments conducted on the constrained Taylor1+ domain of Apron.
    Full-text · Article · Nov 2012 · Electronic Notes in Theoretical Computer Science
  • Source
    • "The approaches discussed so far mainly aim at establishing the result of a floating-point computation. An orthogonal line of research is to analyse the deviation of a floating-point computation from its real counterpart by studying the propagation of rounding errors [43], [44]. Case studies for this approach are given in [45], [46]. "
    [Show abstract] [Hide abstract]
    ABSTRACT: We present a bit-precise decision procedure for the theory of binary floating-point arithmetic. The core of our approach is a non-trivial generalisation of the conflict analysis algorithm used in modern SAT solvers to lattice-based abstractions. Existing complete solvers for floating-point arithmetic employ bit-vector encodings. Propositional solvers based on the Conflict Driven Clause Learning (CDCL) algorithm are then used as a backend. We present a natural-domain SMT approach that lifts the CDCL framework to operate directly over abstractions of floating-point values. We have instantiated our method inside MATHSAT5 with the floating-point interval abstraction. The result is a sound and complete procedure for floating-point arithmetic that outperforms the state-of-the-art significantly on problems that check ranges on numerical variables. Our technique is independent of the specific abstraction and can be applied to problems beyond floating-point satisfiability checking.
    Full-text · Conference Paper · Jan 2012
Show more