This paper describes a static (intraprocedural) analysis for analyzing heap-manipulating programs (in presence of recursive data structures and pointer arithmetic) in languages like C or low-level code. This analysis can be used for checking memory-safety, memory leaks, and user specified assertions. We first propose a rich abstract domain for representing useful invariants about such programs....

We describe an abstract domain for representing useful invariants of heap-manipulating programs (in presence of recursive data structures and pointer arithmetic) written in languages like C or low-level code. This abstract domain allows representation of must and may equalities among pointer expressions. Pointer expressions contain existentially or universally quantified integer variables guard...

We develop abstract-interpretation domain construction in terms of the inverse-limit construction of denotational semantics and topological principles: We define an abstract domain as a “structural approximation” of a concrete domain if the former exists as a finite approximant in the inverse-limit construction of the latter, and we extract the appropriate Galois connection for sound and comple...

This paper presents a new numerical abstract domain for static analysis by abstract interpretation. This domain allows us to represent invariants of the form (x − y ≤ c) and (±x ≤ c), where x and y are variables values and c is an integer or real constant. Abstract elements are represented by Difference-Bound Matrices, widely used by model-checkers, but we had to design new operators to meet th...

This paper proposes a new abstract domain for languages on infinite alphabets, which acts as a functor taking an abstract domain for a concrete alphabet and lift it to an abstract domain for words on this alphabet. The abstract representation is based on lattice automata, which are finite automata labeled by elements of an atomic lattice. We define a normal form, standard language operations an...

interpretation Abstract interpretation [CC77] aims at providing over approximations of all possible behaviors of a program. In abstract interpretation, the semantics of a program, i.e., [[.]]′, is called the concrete semantics. The domain whose elements constitute the over representations of values and states of programs is called “abstract domain”. For instance, an abstraction of the exact val...

Class Domain Main fields V: Variable variable associated with this domain Main methods abstract boolean isEmpty() returns true iff the domain is empty abstract List discretize() returns a discrete representation of the domain (a list of values) Domain clone() returns a copy of the Domain object abstract void setSingleValue(in val:Value) reduce domain to a single value Table 3. Domain cla...

0

Interpretation is a theory developed to reason about the abstraction relation between two different semantics. The theory requires the two semantics to be defined on domains which are complete lattices. (C, ) (concrete domain) is the domain of the concrete semantics, while (A,≤) (abstract domain) is the domain of the abstract semantics. The partial order relations reflect an approximation relat...