Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Composite model-checking: verification with type-specific symbolic representations
ACM Transactions on Software Engineering and Methodology (TOSEM)
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Algebric Decision Diagrams and Their Applications
Formal Methods in System Design
Construction of Abstract State Graphs with PVS
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
A static analyzer for large safety-critical software
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Joining dataflow with predicates
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Combining abstract interpreters
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Combining predicate and numeric abstraction for software model checking
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Using statically computed invariants inside the predicate abstraction and refinement loop
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Combining predicate and numeric abstraction for software model checking
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
BOXES: a symbolic abstract domain of boxes
SAS'10 Proceedings of the 17th international conference on Static analysis
Hi-index | 0.01 |
Predicate (PA) and Numeric (NA) abstractions are the two principal techniques for software analysis. In this paper, we develop an approach to couple the two techniques tightly into a unified framework via a single abstract domain called NumPredDom. In particular, we develop and evaluate four data structures that implement NumPredDom but differ in their expressivity and internal representation and algorithms. All our data structures combine BDDs (for efficient propositional reasoning) with data structures for representing numerical constraints. Our technique is distinguished by its support for complex transfer functions that allow two way interaction between predicate and numeric information during state transformation. We have implemented a general framework for reachability analysis of C programs on top of our four data structures. Our experiments on non-trivial examples show that our proposed combination of PA and NA is more powerful and more efficient than either technique alone.