Analysis of pointers and structures
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Static analysis of linear congruence equalities among variables of a program
TAPSOFT '91 Proceedings of the international joint conference on theory and practice of software development on Colloquium on trees in algebra and programming (CAAP '91): vol 1
Verification of Real-Time Systems using Linear Relation Analysis
Formal Methods in System Design - Special issue on computer aided verification (CAV 93)
Composite model-checking: verification with type-specific symbolic representations
ACM Transactions on Software Engineering and Methodology (TOSEM)
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Library for Composite Symbolic Representations
TACAS 2001 Proceedings of the 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems
Dynamic Partitioning in Analyses of Numerical Properties
SAS '99 Proceedings of the 6th International Symposium on Static Analysis
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Higher-Order and Symbolic Computation
Relational inductive shape analysis
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformations
Journal of Automated Reasoning
Inferring Min and Max Invariants Using Max-Plus Polyhedra
SAS '08 Proceedings of the 15th international symposium on Static Analysis
The Zonotope Abstract Domain Taylor1+
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Apron: A Library of Numerical Abstract Domains for Static Analysis
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Refining the control structure of loops using static analysis
EMSOFT '09 Proceedings of the seventh ACM international conference on Embedded software
Relational Interprocedural Verification of Concurrent Programs
SEFM '09 Proceedings of the 2009 Seventh IEEE International Conference on Software Engineering and Formal Methods
Towards an Industrial Use of FLUCTUAT on Safety-Critical Avionics Software
FMICS '09 Proceedings of the 14th International Workshop on Formal Methods for Industrial Critical Systems
Formal Methods in System Design
Symbolic model checking of hybrid systems using template polyhedra
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
A policy iteration algorithm for computing fixed points in static analysis of programs
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
SAS'07 Proceedings of the 14th international conference on Static Analysis
Policy iteration within logico-numerical abstract domains
ATVA'11 Proceedings of the 9th international conference on Automated technology for verification and analysis
Hi-index | 0.00 |
The ''right'' way of writing and structuring compilers is well-known. The situation is a bit less clear for static analysis tools. It seems to us that a static analysis tool is ideally decomposed into three building blocks: (1) a front-end, which parses programs, generates semantic equations, and supervises the analysis process; (2) a fixpoint equation solver, which takes equations and solves them; (3) and an abstract domain, on which equations are interpreted. The expected advantages of such a modular structure is the ability of sharing development efforts between analyzers for different languages, using common solvers and abstract domains. However putting in practice such ideal concepts is not so easy, and some static analyzers merge for instance the blocks (1) and (2). We show how we instantiated these principles with three different static analyzers (addressing resp. imperative sequential programs, imperative concurrent programs, and synchronous dataflow programs), a generic fixpoint solver (Fixpoint), and two different abstract domains. We discussed our experience on the advantages and the limits of this approach compared to related work.