Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
A hierarchy of constraint systems for data-flow analysis of constraint logic-based languages
Science of Computer Programming - Special issue on concurrent constraint programming
Symbolic model checking of process networks using interval diagram techniques
Proceedings of the 1998 IEEE/ACM international conference on Computer-aided design
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Efficient Data Structure for Fully Symbolic Verification of Real-Time Software Systems
TACAS '00 Proceedings of the 6th International Conference on Tools and Algorithms for Construction and Analysis of Systems: Held as Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS 2000
Construction of Abstract State Graphs with PVS
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
CSL '99 Proceedings of the 13th International Workshop and 8th Annual Conference of the EACSL on Computer Science Logic
Nordic Journal of Computing
LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
Widening operators for powerset domains
International Journal on Software Tools for Technology Transfer (STTT) - A View from Formal Methods 2003 (pp 301-354); Special Section on Recent Advances in Hardware Verification (pp 355-447)
Combining predicate and numeric abstraction for software model checking
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Automatically refining abstract interpretations
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Static analysis in disjunctive numerical domains
SAS'06 Proceedings of the 13th international conference on Static Analysis
Trace partitioning in abstract interpretation based static analyzers
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Quadtrees as an Abstract Domain
Electronic Notes in Theoretical Computer Science (ENTCS)
Loop refinement using octagons and satisfiability
SSV'10 Proceedings of the 5th international conference on Systems software verification
Donut domains: efficient non-convex domains for abstract interpretation
VMCAI'12 Proceedings of the 13th international conference on Verification, Model Checking, and Abstract Interpretation
Sweeping in Abstract Interpretation
Electronic Notes in Theoretical Computer Science (ENTCS)
SAS'12 Proceedings of the 19th international conference on Static Analysis
UFO: verification with interpolants and abstract interpretation
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
| Hi-index | 0.00 |
Numeric abstract domains are widely used in program analyses. The simplest numeric domains over-approximate disjunction by an imprecise join, typically yielding path-insensitive analyses. This problem is addressed by domain refinements, such as finite powersets, which provide exact disjunction. However, developing correct and efficient disjunctive refinement is challenging. First, there must be an efficient way to represent and manipulate abstract values. The simple approach of using "sets of base abstract values" is often not scalable. Second, while a widening must strike the right balance between precision and the rate of convergence, it is notoriously hard to get correct. In this paper, we present an implementation of the Boxes abstract domain - a refinement of the well-known Box (or Intervals) domain with finite disjunctions. An element of Boxes is a finite union of boxes, i.e., expressible as a propositional formula over upper- and lower-bounds constraints. Our implementation is symbolic, and weds the strengths of Binary Decision Diagrams (BDDs) and Box. The complexity of the operations (meet, join, transfer functions, and widening) is polynomial in the size of the operands. Empirical evaluation indicates that the performance of Boxes is superior to other existing refinements of Box with comparable expressiveness.