Program Analysis Using Symbolic Ranges
نویسندگان
چکیده
Interval analysis seeks static lower and upper bounds on the values of program variables. These bounds are useful, especially for inferring invariants to prove buffer overflow checks. In practice, however, intervals by themselves are often inadequate as invariants due to the lack of relational information among program variables. In this paper, we present a technique for deriving symbolic bounds on variable values. We study a restricted class of polyhedra whose constraints are stratified with respect to some variable ordering provided by the user, or chosen heuristically. We define a notion of normalization for such constraints and demonstrate polynomial time domain operations on the resulting domain of symbolic range constraints. The abstract domain is intended to complement widely used domains such as intervals and octagons for use in buffer overflow analysis. Finally, we study the impact of our analysis on commercial software using an overflow analyzer for the
منابع مشابه
Interprocedural Symbolic Range Propagation for Optimizing Compilers
We have designed and implemented an interprocedural algorithm to analyze symbolic value ranges that can be assumed by variables at any given point in a program. Our algorithm contrasts with related work on interprocedural value range analysis in that it extends the ability to handle symbolic range expressions. It builds on our previous work of intraprocedural symbolic range analysis. We have ev...
متن کاملSymbolic range propagation
Many analyses and transformations in a parallelizing compiler can bene t from the ability to compare arbitrary symbolic expressions. In this paper, we describe how one can compare expressions by using symbolic ranges of variables. A range is a lower and upper bound on a variable. We will also describe how these ranges can be e ciently computed from the program text. Symbolic range propagation h...
متن کاملTowards more Dependable Verification of Mixed-Signal Systems
The verification of complex mixed-signal systems is a challenge, especially considering the impact of parameter variations. Besides the established approaches like Monte-Carlo or Corner-Case simulation, a novel semi-symbolic approach emerged in recent years. In this approach, parameter variations and tolerances are maintained as symbolic ranges during numerical simulation runs by using affine a...
متن کاملThe Auspicious Couple: Symbolic Execution and WCET Analysis
We have recently shown that symbolic execution together with the implicit path enumeration technique can successfully be applied in the Worst-Case Execution Time (WCET) analysis of programs. Symbolic execution offers a precise framework for program analysis and tracks complex program properties by analyzing single program paths in isolation. This path-wise program exploration of symbolic execut...
متن کاملSymbolic Safety
One of the biggest challenges in operating systems, distributed systems, and mobile code is how to ensure safety of untrusted code. Two recent proposals are Software Fault Isolation (SFI) and Proof-Carrying Code (PCC). A diicult challenge is how to deal with memory accesses within loops. SFI generates run-time bounds checks at every access, which incurs non-negligible overhead in tight loops, w...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007