Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Bringing LTL Model Checking to Biologists Kapitel lesen Erstes Kapitel lesen

2017 | OriginalPaper | Buchkapitel

Sound Bit-Precise Numerical Domains

verfasst von : Tushar Sharma, Thomas Reps

Erschienen in: Verification, Model Checking, and Abstract Interpretation

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

This paper tackles the challenge of creating a numerical abstract domain that can identify affine-inequality invariants while handling overflow in arithmetic operations over bit-vector data-types. The paper describes the design and implementation of a class of new abstract domains, called the Bit-Vector-Sound, Finite-Disjunctive (\(\textit{BVSFD}\)) domains. We introduce a framework that takes an abstract domain \(\mathcal {A}\) that is sound with respect to mathematical integers and creates an abstract domain \(\textit{BVS}(\mathcal {A})\) whose operations and abstract transformers are sound with respect to machine integers. We also describe how to create abstract transformers for \(\textit{BVS}(\mathcal {A})\) that are sound with respect to machine arithmetic. The abstract transformers make use of an operation \(\textit{WRAP}(\textit{av}, v)\)—where \(\textit{av} \in \mathcal {A}\) and v is a set of program variables—which performs wraparound in av for the variables in v.
To reduce the loss of precision from \(\textit{WRAP}\), we use finite disjunctions of \(\textit{BVS}(\mathcal {A})\) values. The constructor of finite-disjunctive domains, \(\textit{FD}_k(\cdot )\), is parameterized by k, the maximum number of disjunctions allowed.
We instantiate the \(\textit{BVS}(\textit{FD}_k)\) framework using the abstract domain of polyhedra and octagons. Our experiments show that the analysis can prove \(25\%\) of the assertions in the SVCOMP loop benchmarks with \(k=6\), and \(88\%\) of the array-bounds checks in the SVCOMP array benchmarks with \(k=4\).

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Finding Relevant Templates via the Principal Component Analysis
Nächstes Kapitel IC3 - Flipping the E in ICE
Literatur
1.
Bagnara, R., Hill, P., Zaffanella, E.: Widening operators for powerset domains. STTT 8(4/5), 449–466 (2006)CrossRefMATH
2.
Bagnara, R., Hill, P.M., Zaffanella, E.: The parma polyhedra library: toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Sci. Comput. Program. 72(1–2), 3–21 (2008)MathSciNetCrossRef
3.
Balakrishnan, G., Reps, T.: WYSINWYX: what you see is not what you execute. TOPLAS 32(6), 202–213 (2010)CrossRef
4.
Beyer, D.: Software verification and verifiable witnesses. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 401–416. Springer, Heidelberg (2015). doi:10.​1007/​978-3-662-46681-0_​31
5.
6.
7.
Brauer, J., King, A.: Transfer function synthesis without quantifier elimination. LMCS 8(3), 63 (2012)MathSciNetMATH
8.
Bygde, S., Lisper, B., Holsti, N.: Fully bounded polyhedral analysis of integers with wrapping. In: International Workshop on Numerical and Symbolic Abstract Domains (2011)
9.
Cousot, P., Cousot, R.: Static determination of dynamic properties of programs. In: Proceedings of 2nd International Symposium on Programming, Paris, April 1976
10.
Cousot, P., Halbwachs, N.: Automatic discovery of linear constraints among variables of a program. In: POPL (1978)
11.
Dietz, W., Li, P., Regehr, J., Adve, V.: Understanding integer overflow in C/C++. In: ICSE (2012)
12.
13.
Elder, M., Lim, J., Sharma, T., Andersen, T., Reps, T.: Abstract domains of affine relations. TOPLAS 36(4), 1–13 (2014)CrossRef
14.
15.
Ghorbal, K., Ivančić, F., Balakrishnan, G., Maeda, N., Gupta, A.: Donut domains: efficient non-convex domains for abstract interpretation. In: VMCAI (2012)
16.
Jones, N., Mycroft, A.: Data flow analysis of applicative programs using minimal function graphs. In: POPL, pp. 296–306 (1986)
17.
Jourdan, J.-H., Laporte, V., Blazy, S., Leroy, X., Pichardie, D.: A formally-verified C static analyzer. In: POPL (2015)
18.
19.
Lal, A., Reps, T., Balakrishnan, G.: Extended weighted pushdown systems. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 434–448. Springer, Heidelberg (2005). doi:10.​1007/​11513988_​44 CrossRef
20.
Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: International Symposium on Code Generation and Optimization (2004)
21.
Laviron, V., Logozzo, F.: Subpolyhedra: a (more) scalable approach to infer linear inequalities. In: VMCAI (2009)
22.
Lim, J.: Transformer specification language: a system for generating analyzers and its applications. Ph.D. thesis, Computer Science Department, University of Wisconsin, Madison, WI, Technical report 1689, May 2011
23.
24.
Malmkjær, K.: Abstract interpretation of partial-evaluation algorithms. Ph.D. thesis, Department of Computer and Information Science, Kansas State University, Manhattan, Kansas (1993)
25.
26.
Miné, A.: The octagon abstract domain. In: WCRE (2001)
27.
Miné, A.: A few graph-based relational numerical abstract domains. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 117–132. Springer, Heidelberg (2002). doi:10.​1007/​3-540-45789-5_​11 CrossRef
28.
Miné, A.: Abstract domains for bit-level machine integer and floating-point operations. In: IJCAR, pp. 55–70 (2012)
29.
Monniaux, D.: Automatic modular abstractions for template numerical constraints. LMCS 6(3), 4 (2010)MathSciNetMATH
30.
Müller-Olm, M., Seidl, H.: Analysis of modular arithmetic. TOPLAS 29(5), 29:1–29:27 (2007)CrossRefMATH
31.
Mycroft, A., Jones, N.: A relational framework for abstract interpretation. In: Programs as Data Objects (1985)
32.
33.
34.
Reps, T., Balakrishnan, G., Lim, J.: Intermediate-representation recovery from low-level code. In: PEPM (2006)
35.
Reps, T., Schwoon, S., Jha, S., Melski, D.: Weighted pushdown systems and their application to interprocedural dataflow analysis. SCP 58(1–2), 206–263 (2005)MathSciNetMATH
36.
Sankaranarayanan, S., Ivančić, F., Shlyakhter, I., Gupta, A.: Static analysis in disjunctive numerical domains. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 3–17. Springer, Berlin (2006). doi:10.​1007/​11823230_​2 CrossRef
37.
Sankaranarayanan, S., Sipma, H.B., Manna, Z.: Scalable analysis of linear systems using mathematical programming. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 25–41. Springer, Berlin (2005). doi:10.​1007/​978-3-540-30579-8_​2 CrossRef
38.
Sen, R., Srikant, Y.: Executable analysis using abstract interpretation with circular linear progressions. In: MEMOCODE (2007)
39.
Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Program Flow Analysis: Theory and Applications. Prentice-Hall (1981)
40.
Sharma, T., Thakur, A., Reps, T.: An abstract domain for bit-vector inequalities. TR-1789, Computer Science Department, University of Wisconsin, Madison, WI (2013)
41.
42.
Simon, A., King, A., Howe, J.: Two variables per linear inequality as an abstract domain. In: International Workshop on Logic Based Program Development and Transformation, pp. 71–89 (2002)
43.
Warren Jr., H.: Hacker’s Delight. Addison-Wesley, Boston (2003)
Metadaten
Titel
Sound Bit-Precise Numerical Domains
verfasst von
Tushar Sharma
Thomas Reps
Copyright-Jahr
2017
Buch
Verification, Model Checking, and Abstract Interpretation

Print ISBN: 978-3-319-52233-3

Electronic ISBN: 978-3-319-52234-0

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-52234-0_27