Program analysis using symbolic ranges

Authors:
Sriram Sankaranarayanan;Franjo Ivančić;Aarti Gupta
Affiliations:
NEC Laboratories America;NEC Laboratories America;NEC Laboratories America
Venue:
SAS'07 Proceedings of the 14th international conference on Static Analysis
Year:
2007

Citing 23
Cited 19

Symbolic bounds analysis of pointers, array indices, and accessed memory regions

PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Automatic discovery of linear restraints among variables of a program

POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Principles of Program Analysis

Principles of Program Analysis
Symbolic range propagation

IPPS '95 Proceedings of the 9th International Symposium on Parallel Processing
A New Numerical Abstract Domain Based on Difference-Bound Matrices

PADO '01 Proceedings of the Second Symposium on Programs as Data Objects
Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation

PLILP '92 Proceedings of the 4th International Symposium on Programming Language Implementation and Logic Programming
Possibly Not Closed Convex Polyhedra and the Parma Polyhedra Library

SAS '02 Proceedings of the 9th International Symposium on Static Analysis
CSSV: towards a realistic tool for statically detecting all buffer overflows in C

PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
A static analyzer for large safety-critical software

PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors

Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Model Checking C Programs Using F-SOFT

ICCD '05 Proceedings of the 2005 International Conference on Computer Design
A class of polynomially solvable range constraints for interval analysis without widenings

Theoretical Computer Science - Tools and algorithms for the construction and analysis of systems (TACAS 2004)
Precise widening operators for convex polyhedra

SAS'03 Proceedings of the 10th international conference on Static analysis
Two variables per linear inequality as an abstract domain

LOPSTR'02 Proceedings of the 12th international conference on Logic based program synthesis and transformation
Precise fixpoint computation through strategy iteration

ESOP'07 Proceedings of the 16th European conference on Programming
Static analysis of numerical algorithms

SAS'06 Proceedings of the 13th international conference on Static Analysis
Combining widening and acceleration in linear relation analysis

SAS'06 Proceedings of the 13th international conference on Static Analysis
Lookahead widening

CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Efficient strongly relational polyhedral analysis

VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
A policy iteration algorithm for computing fixed points in static analysis of programs

CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Widening polyhedra with landmarks

APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems

A practical and precise inference and specializer for array bound checks elimination

PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Efficient SAT-based bounded model checking for software verification

Theoretical Computer Science
SLR: Path-Sensitive Analysis through Infeasible-Path Detection and Syntactic Language Refinement

SAS '08 Proceedings of the 15th international symposium on Static Analysis
Model checking sequential software programs via mixed symbolic analysis

ACM Transactions on Design Automation of Electronic Systems (TODAES)
SubPolyhedra: A (More) Scalable Approach to Infer Linear Inequalities

VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Interprocedural and Flow-Sensitive Type Analysis for Memory and Type Safety of C Code

Journal of Automated Reasoning
Inferring Dataflow Properties of User Defined Table Processors

SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Refining the control structure of loops using static analysis

EMSOFT '09 Proceedings of the seventh ACM international conference on Embedded software
Program analysis via satisfiability modulo path programs

Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Bang for the buck: improvising and scheduling verification engines for effective resource utilization

MEMOCODE'09 Proceedings of the 7th IEEE/ACM international conference on Formal Methods and Models for Codesign
Pentagons: A weakly relational abstract domain for the efficient validation of array accesses

Science of Computer Programming
Deriving numerical abstract domains via principal component analysis

SAS'10 Proceedings of the 17th international conference on Static analysis
Static contract checking with abstract interpretation

FoVeOOS'10 Proceedings of the 2010 international conference on Formal verification of object-oriented software
Generalizing the template polyhedral domain

ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
The two variable per inequality abstract domain

Higher-Order and Symbolic Computation
Side-effect analysis of assembly code

SAS'11 Proceedings of the 18th international conference on Static analysis
Object model construction for inheritance in c++ and its applications to program analysis

CC'12 Proceedings of the 21st international conference on Compiler Construction
The gauge domain: scalable analysis of linear inequality invariants

CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
An abstract interpretation framework for refactoring with application to extract methods with contracts

Proceedings of the ACM international conference on Object oriented programming systems languages and applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Interval analysis seeks static lower and upper bounds on the values of program variables. These bounds are useful, especially for inferring invariants to prove buffer overflow checks. In practice, however, intervals by themselves are often inadequate as invariants due to the lack of relational information among program variables. In this paper, we present a technique for deriving symbolic bounds on variable values. We study a restricted class of polyhedra whose constraints are stratified with respect to some variable ordering provided by the user, or chosen heuristically. We define a notion of normalization for such constraints and demonstrate polynomial time domain operations on the resulting domain of symbolic range constraints. The abstract domain is intended to complement widely used domains such as intervals and octagons for use in buffer overflow analysis. Finally, we study the impact of our analysis on commercial software using an overflow analyzer for the C language.