Handbook of logic in computer science (vol. 3)
Verification of Real-Time Systems using Linear Relation Analysis
Formal Methods in System Design - Special issue on computer aided verification (CAV 93)
Optimal domains for disjunctive abstract interpretation
Science of Computer Programming - Special issue on the 6th European symposium on programming
Symbolic bounds analysis of pointers, array indices, and accessed memory regions
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
An axiomatic basis for computer programming
Communications of the ACM
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation
PLILP '92 Proceedings of the 4th International Symposium on Programming Language Implementation and Logic Programming
Possibly Not Closed Convex Polyhedra and the Parma Polyhedra Library
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
A static analyzer for large safety-critical software
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Two variables per linear inequality as an abstract domain
LOPSTR'02 Proceedings of the 12th international conference on Logic based program synthesis and transformation
Scalable analysis of linear systems using mathematical programming
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Trace partitioning in abstract interpretation based static analyzers
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Efficient strongly relational polyhedral analysis
VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
Variance analyses from invariance analyses
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
A practical and precise inference and specializer for array bound checks elimination
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Analysing memory resource bounds for low-level programs
Proceedings of the 7th international symposium on Memory management
Efficient SAT-based bounded model checking for software verification
Theoretical Computer Science
Inferring Min and Max Invariants Using Max-Plus Polyhedra
SAS '08 Proceedings of the 15th international symposium on Static Analysis
SLR: Path-Sensitive Analysis through Infeasible-Path Detection and Syntactic Language Refinement
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Model checking sequential software programs via mixed symbolic analysis
ACM Transactions on Design Automation of Electronic Systems (TODAES)
Constraint-Based Invariant Inference over Predicate Abstraction
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Control-flow refinement and progress invariants for bound analysis
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Automated Analysis of Java Methods for Confidentiality
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Proving the Correctness of the Implementation of a Control-Command Algorithm
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Refining the control structure of loops using static analysis
EMSOFT '09 Proceedings of the seventh ACM international conference on Embedded software
Program analysis via satisfiability modulo path programs
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An abstract domain extending difference-bound matrices with disequality constraints
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Using counterexamples for improving the precision of reachability computation with polyhedra
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Dual analysis for proving safety and finding bugs
Proceedings of the 2010 ACM Symposium on Applied Computing
Inferring disjunctive postconditions
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
From hardware verification to software verification: re-use and re-learn
HVC'07 Proceedings of the 3rd international Haifa verification conference on Hardware and software: verification and testing
Quadtrees as an Abstract Domain
Electronic Notes in Theoretical Computer Science (ENTCS)
BOXES: a symbolic abstract domain of boxes
SAS'10 Proceedings of the 17th international conference on Static analysis
Loop refinement using octagons and satisfiability
SSV'10 Proceedings of the 5th international conference on Systems software verification
Linear absolute value relation analysis
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
FIXBAG: a fixpoint calculator for quantified bag constraints
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Using bounded model checking to focus fixpoint iterations
SAS'11 Proceedings of the 18th international conference on Static analysis
Handling Non-linear Operations in the Value Analysis of COSTA
Electronic Notes in Theoretical Computer Science (ENTCS)
Modular abstractions of reactive nodes using disjunctive invariants
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
Numeric bounds analysis with conflict-driven learning
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
SAS'07 Proceedings of the 14th international conference on Static Analysis
Sweeping in Abstract Interpretation
Electronic Notes in Theoretical Computer Science (ENTCS)
Dual analysis for proving safety and finding bugs
Science of Computer Programming
Bias-variance tradeoffs in program analysis
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
| Hi-index | 0.00 |
The convexity of numerical domains such as polyhedra, octagons, intervals and linear equalities enables tractable analysis of software for buffer overflows, null pointer dereferences and floating point errors. However, convexity also causes the analysis to fail in many common cases. Powerset extensions can remedy this shortcoming by considering disjunctions of predicates. Unfortunately, analysis using powerset domains can be exponentially more expensive as compared to analysis on the base domain. In this paper, we prove structural properties of fixed points computed in commonly used powerset extensions. We show that a fixed point computed on a powerset extension is also a fixed point in the base domain computed on an “elaboration” of the program's CFG structure. Using this insight, we build analysis algorithms that approach path sensitive static analysis algorithms by performing the fixed point computation on the base domain while discovering an “elaboration” on the fly. Using restrictions on the nature of the elaborations, we design algorithms that scale polynomially in terms of the number of disjuncts. We have implemented a light-weight static analyzer for C programs with encouraging initial results.