Widening and narrowing operators for abstract interpretation☆
Introduction
Abstract Interpretation is a general theory of approximation of mathematical structures, in particular those involved in the semantic models of computer systems, that has been successfully applied for the static analysis of software systems. This theory is based on two main key-concepts: the correspondence between concrete and abstract semantics through Galois connections/insertions, and the feasibility of a fixed point computation of the abstract semantics, through, the combination of widening operators (to get fast convergence) and narrowing operators (to improve the accuracy of the resulting analysis).
While Galois connections have been widely studied, yielding to a suite of general techniques to manage the combination of abstract domains, e.g. different kind of products [13], [24], [8], and more sophisticated notions like the quotient [10], the complement [9], and the powerset [22] of abstract domains, not much attention has been given to provide general results about widening and narrowing operators.
Nevertheless, widening and narrowing operators play a crucial role in particular when infinite abstract domains are considered to ensure the scalability of the analysis to large software systems, as it has been shown in the case of the Astrée project for analysis of absence of run-time error of avionic critical software [11].
The first infinite abstract domain (that of intervals) was introduced in [12]. This abstract domain was later used to prove that, thanks to widening and narrowing operators, infinite abstract domains can lead to effective static analyses for a given programming language that are strictly more precise and equally efficient than any other one using a finite abstract domain or an abstract domain satisfying chain conditions [16].
Specific widening and narrowing operators have been also designed not only for numerical domains but also for type graphs [25], in domains for reordering CLP(RLin) programs [32], and in the analysis of programs containing digital filters [21], just to name a few. More recently, widenings have been used also to infer loop invariants inside an STM solver [26], in trace partitioning abstract domains [33] and in string analysis for string-generating programs [6].
The main challenge for widening and narrowing operators is when considering numerical domains. For instance, the original widening operator proposed by Cousot and Halbwachs [17] for the domain of convex polyhedra, has been improved by recent works by Bagnara et al. [1], and further refined for the domain of pentagons by Logozzo et al. in [27]. In [2], the authors define three generic widening methodologies for a finite powerset abstract domain. The widening operators are obtained by lifting any widening operator defined on the base-level abstract domain. The proposed techniques are instantiated on powersets of convex polyhedra, a domain for which no non-trivial widening operator was previously known.
We observed that, with the noticeable exception of [16], [2], there is still a lack of general techniques that support the systematic construction of widening or narrowing operators. This is mainly due to the fact that the definition of widening provides extremely weak algebraic properties, while it is extremely demanding with respect to convergence and termination.
The aim of the paper is to fill this gap, and to set the ground for a systematic design of widening and narrowing operators either when they are defined on sets and when they are refined on pairs.
The main contributions can be summarized as follows:
- 1.
the formal definitions of the widening and narrowing operations already introduced in the literature;
- 2.
the proof that the widening and narrowing operators are preserved by abstraction; and
- 3.
an indication as how to construct widening operators for a product domain such as the reduced and cartesian products.
The advantages of suitable combinations of widening and narrowing operators are illustrated on a suite of examples, ranging from interval to powerset domains.
The rest of this paper is organized as follows. The next section reports some preliminary notions. In Section 3 we analyze different notions of widening and narrowing operators and we show their weakness points and their mutual relations. In the Section 4 we show how widening and narrowing behave with respect to the combination of domains through Galois insertions. Finally, Section 5 concludes.
Section snippets
Basic definitions
Let us briefly recall some basic definitions on orders and lattices [4], [18]. Definition 1 Poset If P is a non-empty set, then by a partial order on P we mean a binary relation on P which is reflexive, anti-symmetric, and transitive. By a poset we shall mean a set P on which there is defined a partial order . Definition 2 Upper and lower bounds Let P be a poset, and let S be a subset of P. An element is an upper bound of S if for all . If the set of the upper bounds of S has a least element z, then z is called the least upper
Widening and narrowing operators
In Abstract Interpretation, the collecting semantics of a program is expressed as a least fix-point of a set of equations. The equations are solved over some abstract domain that captures the property of interest to be analyzed. Typically, the equations are solved iteratively; that is, successive approximations of the solution is computed until a fix-point is reached. However, for many useful abstract domains, such chains can be either infinite or too long to let the analysis be efficient. To
Widening and narrowing operators wrt Galois insertions
Widening operators have already been used in order to derive abstract domains [34]. The next results show how to derive Galois insertions by introducing an abstraction function built on top of a widening operator. In order to do that, additional requirements have to be assumed on the widening operator, like idempotence and order-preservation on pairs/singletons. Theorem 16 Let be a pair-widening operator on a complete lattice such that . Let A be the set . Then
Conclusions and future work
We investigated which properties are necessary to support a systematic design of widening and narrowing operators. As far as we know, this is the first attempt to provide a general comparison of the different notions of widening and narrowing used in the literature and a first comprehensive discussion of their main features. More work deserves to be done in order to support a broader range of widening operators defined on abstract domains where only the concretization function is available or
Acknowledgements
Work partially supported by MIUR Project PRIN 2007 “SOFT” and by RAS Project TESLA - Tecniche di enforcement per la sicurezza dei linguaggi e delle applicazioni.
References (34)
- et al.
Precise widening operators for convex polyhedra
Science of Computer Programming
(2005) - et al.
Combinations of abstract domains for logic programming: open product and generic pattern construction
Science of Computer Programming
(2000) - et al.
The quotient of an abstract interpretation
Theoretical Computer Science
(1998) - et al.
The reduced relative power operation on abstract domains
Theoretical Computer Science
(1999) - et al.
Abstract domains for reordering CLP(RLin) programs
Journal of Logic Programming
(2000) - et al.
Widening operators for powerset domains
Software Tools for Technology Transfer
(2006) - et al.
Widening operators for weakly-relational numeric abstractions
Lattice theory
(1973)- Blanchet B, Cousot P, Cousot R, Feret J, Mauborgne L, Miné A, et al. A static analyzer for large safety-critical...
- Choi T-H, Lee O, Kim H, Doh K-G. A practical string analyzer by the widening approach. In: APLAS, 2006. p....