Fig 3 - uploaded by Gianluca Amato
Content may be subject to copyright.
Parallelotope abstraction with axes rotated by 45 degrees.
Source publication
We present a tool which performs abstract interpretation based static analysis of numerical variables. The novelty is that
the analysis is parametric, and parameters are chosen by applying a variant of principal component analysis to partial execution
traces of programs.
Citations
... -support for observing the behaviour of the solvers with the listener class FixpointSolverTracer which can be used for debugging and computing metrics, and also for fine-tuning the analysis domain using statistical approaches (see for instance [3,6]); -support for restarting: a policy which, under certain conditions, replaces part of the current assignment with the initial assignment, in order to improve precision [8]; -implementation of other equation solvers from the literature, such as solvers based on hierarchical ordering and priority worklists. ...
We present ScalaFix, a modular library for solving equation systems by iterative methods. ScalaFix implements several solvers, involving iteration strategies from plain Kleene’s iteration to more complex ones based on a hierarchical ordering of the unknowns. It works with finite and infinite equation systems and supports widening, narrowing and warrowing operators. It also allows intertwining ascending and descending chains and other advanced techniques such as localized widening.KeywordsStatic analysisEquation systemsIterative methodsWideningNarrowing
... Jandom is an abstract interpretation based static analyzer written in Scala, derived from our former project Random [3] [6], which implemented template parallelotopes [1] [5] [7] [8]. At the moment, Jandom supports intra-procedural static analysis of numerical properties for a simple imperative language with a C-like syntax. ...
Numerical static analysis computes an approximation of all the possible values that a numeric variable may assume, in any execution of the program. Many numerical static analyses have been proposed exploiting the theory of abstract interpretation, which is a general framework for designing provably correct program analysis. The two main problems in analyzing numerical properties are: choosing the right level of abstraction (the abstract domain) and developing an efficient iteration strategy which computes the analysis result guaranteeing termination and soundness.
In this paper, we report on our prototype implementation of a Java bytecode static analyzer for numerical properties. It has been developed exploiting Soot bytecode abstractions, existing libraries for numerical abstract domains, and the iteration strategies commonly used in the abstract interpretation community. We show pros and cons of using Soot, and discuss the main differences between our analyzer and the Soot static analysis framework.
... Although ShLin ω is not amenable to a direct implementation, as future work we plan to design suitable abstractions using numerical domains. The idea is to consider ω-sharing groups with symbolic multiplicities constrained by linear inequalities, such as x α y β with α = β + 2. We plan to implement in our analyzers Random (Amato and Scozzari 2012b; Amato et al. 2010b) and Jandom () an abstract domain based on (template) parallelotopes (Amato et al. 2012; 2012a; 2010a;), exploiting the recent localized (Amato and Scozzari 2013) iteration strategies. ...
In the analysis of logic programs, abstract domains for detecting sharing
properties are widely used. Recently the new domain $\Linp$ has been introduced
to generalize both sharing and linearity information. This domain is endowed
with an optimal abstract operator for single-binding unification. The authors
claim that the repeated application of this operator is also optimal for
multi-binding unification. This is the proof of such a claim.
... We have implemented a prototype for the intra-procedural analysis of a simple imperative language, to investigate the feasibility of the ideas introduced above (Amato et al., 2010b). The prototype has been written in R, a language and environment for statistical computing (R Development Core Team, 2009). ...
We propose a new technique combining dynamic and static analysis of programs to find linear invariants. We use a statistical tool, called simple component analysis, to analyze partial execution traces of a given program. We get a new coordinate system in the vector space of program variables, which is used to specialize numerical abstract domains. As an application, we instantiate our technique to interval analysis of simple imperative programs and show some experimental evaluations.
... We show some simple examples to give a rough idea of the potentialities and limits of the new domain, using our implementation of parallelotopes in RANDOM [4,2]. Consider the program cousot78 inFigure 1, taken from [7]. ...
We propose a numerical abstract domain based on parallelotopes. A parallelotope is a polyhedron whose constraint matrix is squared and invertible. The domain of parallelotopes is a fully relational abstraction of the Cousot and Halbwachsʼ polyhedra abstract domain, and does not use templates. We equip the domain of parallelotopes with all the necessary operations for the analysis of imperative programs, and show optimality results for the abstract operators.
We present a new approach to the analysis and verification of simple properties of character navigation. We model navigation strategies for virtual characters by cellular automata, and use standard abstract interpretation techniques for abstracting and verifying navigation properties.
We show two strategies which may be easily applied to standard abstract interpretation-based static analyzers. They consist in 1) restricting the scope of widening, and 2) intertwining the computation of ascending and descending chains. Using these optimizations it is possible to improve the precision of the analysis, without any change to the abstract domains.
We present the tool Random (R-based Analyzer for Numerical DOMains) for static analysis of imperative programs. The tool is based on the theory of abstract interpretation and implements several abstract domains for detecting numerical properties, in particular integer loop invariants. The tool combines a statistical dynamic analysis with a static analysis on the new domain of parallelotopes. The tool has a graphical interface for tuning the parameters of the analysis and visualizing partial traces.
