Bounded Abstract Interpretation
نویسندگان
چکیده
In practice, software engineers are only able to spend a limited amount of resources on statically analyzing their code. Such resources may refer to their available time or their tolerance for imprecision, and usually depend on when in their workflow a static analysis is run. To serve these different needs, we propose a technique that enables engineers to interactively bound a static analysis based on the available resources. When all resources are exhausted, our technique soundly records the achieved verification results with a program instrumentation. Consequently, as more resources become available, any static analysis may continue from where the previous analysis left off. Our technique is applicable to any abstract interpreter, and we have implemented it for the .NET static analyzer Clousot. Our experiments show that bounded abstract interpretation can significantly increase the performance of the analysis (by up to 8x) while also increasing the quality of the reported warnings (more definite warnings that detect genuine bugs).
منابع مشابه
Static Analysis of Bounded Polyhedra
We present a method for polyhedral abstract interpretation which derives fully bounded polyhedra for every step in the analysis. Contrary to classical polyhedral analysis, this method is sound for integer-valued variables stored as fixed-size binary strings; wrap-arounds are correctly modelled. Our work is based on earlier work by Axel Simon and Andy King but aims to significantly reduce the pr...
متن کاملAbstract Interpretation of Graph Grammars
Interpretation of Graph Grammars ? Jörg Bauer and Reinhard Wilhelm Informatik; Univ. des Saarlandes; Saarbrücken, Germany. {joba,wilhelm}@cs.uni-sb.de Abstract. Many communication systems, distributed algorithms, or heap manipulating programs are hard to verify due to their inherent unboundedness. Their semantics can be described by evolving graphs. Graph grammars are a natural, intuitive, and ...
متن کاملString Analysis as an Abstract Interpretation
We formalize a string analysis within abstract interpretation framework. The abstraction of strings is given as a conjunction of predicates that describes the common configuration changes on the reference pushdown automaton while processing the strings. We also present a family of pushdown automata called bounded pushdown automata. This family covers all context-free languages, and by using thi...
متن کاملProperty Directed Abstract Interpretation
Recently, Bradley proposed the PDR/IC3 model checking algorithm for verifying safety properties, where forward and backward reachability analyses are intertwined, and guide each other. Many variants of Bradley’s original algorithm have been developed and successfully applied to both hardware and software verification. However, these algorithms have been presented in an operational manner, in di...
متن کاملSafety Verification and Refutation by k-invariants and k-induction (extended version)
Most software verification tools can be classified into one of a number of established families, each of which has their own focus and strengths. For example, concrete counterexample generation in model checking, invariant inference in abstract interpretation and completeness via annotation for deductive verification. This creates a significant and fundamental usability problem as users may hav...
متن کامل