Optimisation et jeux appliqués à l'analyse statique de programmes par interprétation abstraite. (Opimisation and games applied to static analysis by abstract interpretation)

The abstract interpretation is a general method to compute automatically program invariants. This method leads to solve a non-linear fixed point equation involving a monotone function. Determining numerical invariants in order, for instance, to give bounds on the values taken by the variables of a program, turns out to be equivalent to solving a two-player zero-sum game with stopping options. This observation allows one to transport algorithms from game theory, like policy iteration, to abstract interpretation. The first contribution of this thesis is the generalisation of these abstract polyhedraic numerical domains. We construct a general abstract numerical domain which encompasses all the classical ones. We define an abstract semantic function in terms of a Galois connection. However, evaluating the abstract semantic function is as hard as solving a non-convex global optimization problem. Hence, we define a second semantic function called relaxed semantics constructed from duality theory, which provides a safe overapproximation of the abstract semantic function. The duality theory also motivates the construction of a dynamical policy iteration algorithm to compute numerical invariants. In practice for programs written in affine arithmetic, we combine Shor’s relaxation scheme and Lyapunov functions to evaluate the relaxed semantic function and so generate numerical invariants which are the form of truncated ellipsoids. The second contribution concerns policy iteration and computation of the smallest fixed point problem which provides the more precise invariant. We refined the policy iteration algorithm in order to compute the smallest fixed point, in the case of stochastic games. The refinement is based on non-linear Perron-Frobenius theory. However, since the abstract semantic function in the case of interval domain can be interpreted as a Shapley operator in perfect information, we use a weaker notion of differentiability : it is semidifferentiable. The approach by the semiderivatives combined by non-linear spectral radius allows us to characterise the fixed points in the non-expansive case. In the case of non-expansive and piecewise affine (Shapley) operators, the characterisation leads to a termination criteria for policy iteration. When the fixed point found by policy iteration is not minimal, the problem is reduced to finding a non-positive fixed point for a semiderivative map. This vector provides a descent direction which leads to a new policy and then to a strictly smaller fixed point. This approach has also been applied to typical examples arising from game or program verification problems.