Skip to main content
SpringerLink
Log in

Conjunctive Abstract Interpretation Using Paramodulation

  • Conference paper
  • First Online:
Book cover Verification, Model Checking, and Abstract Interpretation (VMCAI 2017)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10145))

Abstract

Scaling static analysis is one of the main challenges for program verification in general and for abstract interpretation in particular. One way to compactly represent a set of states is using a formula in conjunctive normal form (CNF). This can sometimes save exponential factors. Therefore, CNF formulae are commonly used in manual program verification and symbolic reasoning. However, it is not used in abstract interpretation, due to the complexity of reasoning about the effect of program statements when the states are represented this way.

We present algorithms for performing abstract interpretation on CNF formulae recording equality and inequalities of ground terms. Here, terms correspond to the values of variables and of addresses and contents of dynamically allocated memory locations, and thus, a formula can represent pointer equalities and inequalities. The main idea is the use of the rules of paramodulation as a basis for an algorithm that computes logical consequences of CNF formulae, and the application of the algorithm to perform joins and transformers.

The algorithm was implemented and used for reasoning about low level programs. We also show that our technique can be used to implement best transformers for a variant of Connection Analysis via a non-standard interpretation of equality.

This work is supported by EU FP7 ERC grant agreement n\(^o\) [321174].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Function congruence means that if x and y are equal then, for any function \(f(\cdot )\), so are f(x) and f(y). Congruence naturally generalizes to functions with multiple arguments.

  2. 2.

    Our analysis does not prove memory safety. Thus, our results can be adapted to the case where such an operation leads to an error state in the following way: The properties we infer hold unless the program performs a memory error, e.g., dereferencing a null-valued pointer or accessing an unallocated memory address.

  3. 3.

    A ground formula is a formula which does not contain free variables.

  4. 4.

    We assume the reader is familiar with the notions of well-formedness, ranking and meaning of terms in FOL, and do not formalize them here. For a formal definition, see, e.g., [15, Chap. 7].

  5. 5.

    \({\text {remSym}}( SR (\cdot ,\mathcal {F})\) is the obvious extension of the symbol elimination function \({\text {remSym}}(\cdot ,v)\), described in Sect. 4, from a single symbol v to the removal of all symbols coming from \(\mathcal {F}\).

References

  1. Aho, A.V., Sethi, R., Ullman, J.D.: Compilers: Principles, Techniques and Tools. Addison-Wesley, Reading (1988)

    MATH  Google Scholar 

  2. Barnett, M., Chang, B.-Y.E., DeLine, R., Jacobs, B., Leino, K.R.M.: Boogie: a modular reusable verifier for object-oriented programs. In: Boer, F.S., Bonsangue, M.M., Graf, S., Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364–387. Springer, Heidelberg (2006). doi:10.1007/11804192_17

    Chapter  Google Scholar 

  3. Castelnuovo, G., Naik, M., Rinetzky, N., Sagiv, M., Yang, H.: Modularity in lattices: a case study on the correspondence between top-down and bottom-up analysis. In: Blazy, S., Jensen, T. (eds.) SAS 2015. LNCS, vol. 9291, pp. 252–274. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48288-9_15

    Chapter  Google Scholar 

  4. Codish, M., Demoen, B.: Analyzing logic programs using "PROP"-ositional logic programs and a magic wand. J. Log. Program. 25(3), 249–274 (1995)

    Article  MathSciNet  MATH  Google Scholar 

  5. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction of approximation of fixed points. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 238–252 (1977)

    Google Scholar 

  6. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 269–282. ACM Press, New York (1979)

    Google Scholar 

  7. del Val, A.: A new method for consequence finding and compilation in restricted languages. In: Hendler, J., Subramanian, D. (eds.) Proceedings of 16th National Conference on Artificial Intelligence and 11th Conference on Innovative Applications of Artificial Intelligence, 18–22 July 1999, Orlando, Florida, USA, pp. 259–264. AAAI Press/The MIT Press (1999)

    Google Scholar 

  8. Distefano, D., O’Hearn, P.W., Yang, H.: A local shape analysis based on separation logic. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 287–302. Springer, Heidelberg (2006). doi:10.1007/11691372_19

    Chapter  Google Scholar 

  9. Ghiya, R., Hendren, L.J.: Connection analysis: a practical interprocedural heap analysis for C. In: Huang, C.-H., Sadayappan, P., Banerjee, U., Gelernter, D., Nicolau, A., Padua, D. (eds.) LCPC 1995. LNCS, vol. 1033, pp. 515–533. Springer, Heidelberg (1996). doi:10.1007/BFb0014221

    Chapter  Google Scholar 

  10. Giacobazzi, R., Ranzato, F.: The reduced relative power operation on abstract domains. Theoret. Comput. Sci. 216(1–2), 159–211 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  11. Giacobazzi, R., Scozzari, F.: A logical model for relational abstract domains. ACM Trans. Program. Lang. Syst. 20(5), 1067–1109 (1998)

    Article  Google Scholar 

  12. Inoue, K.: Consequence-finding based on ordered linear resolution. In: Mylopoulos, J., Reiter, R. (eds.) Proceedings of 12th International Joint Conference on Artificial Intelligence, 24–30 August 1991, Sydney, Australia, pp. 158–164. Morgan Kaufmann (1991)

    Google Scholar 

  13. Marriott, K., Søndergaard, H.: Precise and efficient groundness analysis for logic programs. LOPLAS 2(1–4), 181–196 (1993)

    Article  MATH  Google Scholar 

  14. Nelson, G., Oppen, D.C.: Fast decision procedures based on congruence closure. J. ACM 27(2), 356–364 (1980)

    Article  MathSciNet  MATH  Google Scholar 

  15. Robinson, A., Voronkov, A. (eds.): Handbook of Automated Reasoning, vol. 1. Elsevier Science Publishers B. V., Amsterdam (2001)

    MATH  Google Scholar 

  16. Robinson, J.A.: A machine-oriented logic based on the resolution principle. J. ACM 12(1), 23–41 (1965)

    Article  MathSciNet  MATH  Google Scholar 

  17. Scozzari, F.: Logical optimality of groundness analysis. Theoret. Comput. Sci. 277(1–2), 149–184 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  18. Simon, L., del Val, A.: Efficient consequence finding. In: Nebel, B. (ed.) Proceedings of 17th International Joint Conference on Artificial Intelligence, IJCAI 2001, 4–10 August 2001, Seattle, Washington, USA, pp. 359–370. Morgan Kaufmann (2001)

    Google Scholar 

  19. Smaragdakis, Y., Balatsouras, G.: Pointer analysis. Found. Trends Program. Lang. 2(1), 1–69 (2015)

    Article  Google Scholar 

  20. US-CERT/NIST: Vulnerability summary for cve-2014-7841, April 2014. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7841

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Tel Aviv University, Tel Aviv, Israel

    Or Ozeri, Oded Padon, Noam Rinetzky & Mooly Sagiv

Authors
  1. Or Ozeri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Oded Padon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Noam Rinetzky
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mooly Sagiv
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Or Ozeri .

Editor information

Editors and Affiliations

  1. IRIF, Université Paris Diderot, Paris, France

    Ahmed Bouajjani

  2. VERIMAG, CNRS & Université Grenoble Alpes, Grenoble, France

    David Monniaux

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Ozeri, O., Padon, O., Rinetzky, N., Sagiv, M. (2017). Conjunctive Abstract Interpretation Using Paramodulation. In: Bouajjani, A., Monniaux, D. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2017. Lecture Notes in Computer Science(), vol 10145. Springer, Cham. https://doi.org/10.1007/978-3-319-52234-0_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-52234-0_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-52233-3

  • Online ISBN: 978-3-319-52234-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation