Abstract
We introduce SubPolyhedra (SubPoly), a new family of numerical abstract domains to infer and propagate linear inequalities. The key insight is that the reduced product of linear equalities and intervals produces powerful yet scalable analyses. Abstract domains in SubPoly are as expressive as Polyhedra, but they drop some of the deductive power to achieve scalability. The cost/precision ratio of abstract domains in the SubPoly family can be fine-tuned according to the precision one wants to retain at join points, and the algorithm used to infer the tighter bounds on intervals. We implemented SubPoly on the top of \({{\tt Clousot}}\), a generic abstract interpreter for \({{\tt .Net.\,Clousot}}\) with SubPoly analyzes very large and complex code bases in few minutes. SubPoly can efficiently capture linear inequalities among hundreds of variables, a result well beyond the state-of-the-art implementations of Polyhedra.
Similar content being viewed by others
References
Bagnara, R., Hill, P.M., Zaffanella, E.: The Parma Polyhedra Library. http://www.cs.unipr.it/ppl/ (2011)
Barnett, M., Fähndrich, M.A., Logozzo, F.: Foxtrot and Clousot: Language Agnostic Dynamic and Static Contract Checking for \({{\tt .Net}}\). Technical Report MSR-TR-2008-105. Microsoft Research (2008)
Barnett, M., Fändrich, M., Garbervetsky, D., Logozzo, F.: Annotations for (more) precise points-to analysis. In: IWACO 2007 (July 2007)
Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. In: PLDI’03. ACM Press, New York (2003)
Chang, B.-Y.E., Leino, K.R.M.: Abstract interpretation with alien expressions and heap structures. In: VMCAI’05. Springer, Berlin (2005)
Chvátal V.: Linear Programming. W.H. Freeman, New York (1983)
Clarisó, R., Cortadella, J.: The octahedron abstract domain. In: SAS’04 (2004)
Cousot, P.: The calculational design of a generic abstract interpreter. In: Calculational System Design. NATO ASI Series F. IOS Press, Amsterdam (1999)
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL’77 (1977)
Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: POPL’79 (1979)
Cousot P., Cousot R.: Abstract interpretation and application to logic programs. J. Logic Program. 13(2–3), 103–179 (1992)
Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: Combination of abstractions in the ASTRÉE static analyzer. In: ASIAN’06. LNCS, vol. 4435, pp. 272–300. Springer, Berlin (2006)
Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL’78 (1978)
Dantzig, G.B.: Programming in Linear Structures. Technical Report. USAF (1948)
Ferrara, P., Logozzo, F., Fähndrich, M.A.: Safer unsafe code in .Net. In: OOPSLA’08 (2008)
Granger, P.: Improving the results of static analyses programs by local decreasing iteration. In: FSTTCS’92. Springer, Berlin (1992)
Gulavani, B.S., Chakraborty, S., Nori, A.V., Rajamani, S.K.: Automatically refining abstract interpretations. In: TACAS’08 (2008)
Gulwani, S., McCloskey, B., Tiwari, A.: Lifting abstract interpreters to quantified logical domains. In: POPL’08. ACM Press, New York (2008)
Gulwani, S., Srivastava, S., Venkatesan, R.: Program analysis as constraint solving. In: PLDI’08 (2008)
Karr M.: On affine relationships among variables of a program. Acta Inform. 6(2), 133–151 (1976)
Khachiyan, L., Boros, E., Borys, K., Elbassioni, K.M., Gurvich, M.: Generating all vertices of a polyhedron is hard. In: SODA’06 (2006)
Kovács, L.: Reasoning algebraically about p-solvable loops. In: TACAS’08. Springer, Berlin (2008)
Laviron, V., Logozzo, F.: Refining abstract interpretation-based static analyses with hints. In: APLAS’09 (2009)
Laviron, V., Logozzo, F.: Subpolyhedra: a (more) scalable approach to infer linear inequalities. In: VMCAI’09 (2009)
Logozzo, F.: Cibai: an abstract interpretation-based static analyzer for modular analysis and verification of Java classes. In: VMCAI’07 (2007)
Logozzo, F., Fähndrich, M.A.: On the relative completeness of bytecode analysis versus source code analysis. In: CC’08 (2008)
Logozzo, F., Fähndrich, M.A.: Pentagons: A weakly relational abstract domain for the efficient validation of array accesses. In: SAC’08 (2008)
Meyer B.: Object-Oriented Software Construction, 2nd ed., Professional Technical Reference. Prentice Hall, Upper Saddle River (1997)
Miné, A.: The octagon abstract domain. In: WCRE 2001 (2001)
Miné, A.: Weakly Relational Numerical Abstract Domains. PhD Thesis. École Polythechnique (2004)
Müller-Olm, M., Seidl, H.: Precise interprocedural analysis through linear algebra. In: POPL’04 (2004)
Rodríguez-Carbonell E., Kapur D.: Automatic generation of polynomial invariants of bounded degree using abstract interpretation. Sci. Comput. Program. 64(1), 54–75 (2007)
Sankaranarayanan, S., Ivancic, F., Gupta A.: Program analysis using symbolic ranges. In: SAS’07 (2007)
Sankaranarayanan, S., Sipma, H.B., Manna, Z.: Scalable analysis of linear systems using mathematical programming. In: VMCAI’05 (2005)
Simon A.: Value-Range Analysis of C Programs. Springer, New York (2008)
Simon, A., King, A., Howe, J.: Two variables per linear inequality as an abstract domain. In: LOPSTR’02 (2002)
Spielman D.A., Teng S.-H.: Smoothed analysis of algorithms: Why the simplex algorithm usually takes polynomial time. J. ACM 51(3), 385–463 (2004)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Laviron, V., Logozzo, F. SubPolyhedra: a family of numerical abstract domains for the (more) scalable inference of linear inequalities. Int J Softw Tools Technol Transfer 13, 585–601 (2011). https://doi.org/10.1007/s10009-011-0199-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-011-0199-5