ABSTRACT
We explain the design of the interpretation-based static analyzer ASTRÉE and its use to prove the absence of run-time errors in safety-critical codes.
- B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software, invited chapter. T. Mogensen, D. Schmidt, and I. Sudboroughall (Eds.), The Essence of Computation: Complexity, Analysis, Transformation. Essays Dedicated to Neil D. Jones, LNCS 2566, pp. 85--108, Springer, 2002. Google ScholarDigital Library
- B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. Proc. ACM SIGPLAN '2003 Conf. PLDI, pp. 196--207, San Diego, 7-14 June 2003. ACM Press. Google ScholarDigital Library
- P. Cousot. Méthodes it ératives de construction et d'approximation de points fixes d'opérateurs monotones sur un treillis, analyse sémantique de programmes (in French). Thèse d' État ès sciences mathématiques, University of Grenoble, 21 Mar. 1978.Google Scholar
- P. Cousot and R. Cousot. Static determination of dynamic properties of programs. Proc. 2nd Int. Symp. on Programming, pp. 106--130, Paris, 1976. Dunod.Google Scholar
- P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fix points. 4th POPL, pp. 238--252, Los Angeles, 1977. ACM Press. Google ScholarDigital Library
- P. Cousot and R. Cousot. Systematic design of program analysis frameworks. 6th POPL, pp. 269--282, San Antonio, 1979. ACM Press. Google ScholarDigital Library
- P. Cousot and R. Cousot. Comparing the Galois connection and widening/narrowing approaches to abstract interpretation, invited paper. M. Bruynooghe and M. Wirsing (Eds.), Proc. 4th Int. Symp. PLILP '92, Leuven, LNCS 631, pp. 269-295, Springer, 26-28 Aug. 1992. Google ScholarDigital Library
- P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. The Astrée Static Analyzer. http://www.astree.ens.fr/.Google Scholar
- P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. The Astrée analyser. M. Sagiv (Ed.), Proc. 14th ESOP'2005, Edinburg, LNCS 3444, pp. 21--30, Springer, 2-10 Apr. 2005. Google ScholarDigital Library
- P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné , D. Monniaux, and X. Rival. Combination of abstractions in the Astrée static analyzer, invited paper. M. Okada and I. Satoh (Eds.), 11th ASIAN 06, Tokyo, 6-8 Dec. 2006. LNCS, Springer. To appear. Google ScholarDigital Library
- P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. Varieties of static analyzers: A comparison with Astrée, invited paper. M. Hinchey, H. Jifeng, and J. Sanders (Eds.), Proc. 1st TASE '07, pp. 3--17, Shanghai, 6-8 June 2007. IEEE Press. Google ScholarDigital Library
- D. Delmas and J. Souyris. Astrée: from research to industry. G. Filé and H. Riis-Nielson (Eds.), Proc. 14th Int. Symp. SAS '07, Kongens Lyngby, LNCS 4634, Springer, 22-24 Aug. 2007. Google ScholarDigital Library
- J. Feret. Static analysis of digital filters. D. Schmidt (Ed.), Proc. 30th ESOP '2004, Barcelona, LNCS 2986, pp. 33--48, Springer, Mar. 27 - Apr. 4, 2004.Google Scholar
- J. Feret. The arithmetic-geometric progression abstract domain. R. Cousot (Ed.), Proc. 6th Int. Conf. VMCAI 2005, Paris, LNCS 3385, pp. 42--58, Springer, 17-19 Jan. 2005. Google ScholarDigital Library
- É. Goubault, M. Martel, and S. Putot. Asserting the precision of floating-point computations: a simple abstract interpreter. D. Le Métayer (Ed.), Proc. 11th ESOP '2002, Grenoble, LNCS 2305, pp. 209--212, Springer, 8-12 Apr. 2002. Google ScholarDigital Library
- L. Mauborgne. Astrée: Verification of absence of run-time error. P. Jacquart (Ed.), Building the Information Society, ch4, pp. 385--392. Kluwer Acad. Pub., 2004.Google Scholar
- L. Mauborgne and X. Rival. Trace partitioning in abstract interpretation based static analyzer. M. Sagiv (Ed.), Proc. 14th ESOP '2005, Edinburg, LNCS 3444, pp. 5--20, Springer, 2-10 Apr. 2005. Google ScholarDigital Library
- A. Miné. The Octagon abstract domain library. http://www.di.ens.fr/~mine/oct/.Google Scholar
- A. Miné. A new numerical abstract domain based on difference-bound matrices. O. Danvy and A. Filinski (Eds.), Proc. 2nd Symp. PADO '2001, Århus, LNCS 2053, pp. 155--172, Springer, 21-23 May 2001. Google ScholarDigital Library
- A. Miné. A few graph-based relational numerical abstract domains. M. Hermenegildo and G. Puebla (Eds.), Proc. 9th Int. Symp. SAS '02, Madrid, LNCS 2477, pp. 117--132, Springer, 2002. Google ScholarDigital Library
- A. Miné. Relational abstract domains for the detection of floating-point run-time errors. D. Schmidt (Ed.), Proc. 30th ESOP '2004, Barcelona, LNCS 2986, pp. 3--17, Springer, Mar. 27 - Apr. 4, 2004.Google Scholar
- A. Miné. Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics. Proc. LCTES '2006, pp. 54--63, ACM Press, June 2006. Google ScholarDigital Library
- A. Miné. The octagon abstract domain. Higher-Order and Symbolic Computation, 19:31--100, 2006. Google ScholarDigital Library
- A. Miné. Symbolic methods to enhance the precision of numerical abstract domains. E. Emerson and K. Namjoshi (Eds.), Proc. l7th Int. Conf. VMCAI 2006, Charleston, LNCS 3855, pp.348--363, Springer, 8-10 Jan. 2006. Google ScholarDigital Library
- D. Monniaux. The parallel implementation of the Astrée static analyzer. K. Yi (Ed.), Proc. 3rd APLAS '2005, Tsukuba, LNCS 3780, pp. 86--96, Springer, 3-5 Nov. 2005. Google ScholarDigital Library
- F. Randimbivololona, J. Souyris, and A. Deutsch. Improving avionics software verification cost-effectiveness: Abstract interpretation based technology contribution. Proceedings DASIA 2000 - DAta Systems In Aerospace, Montreal. ESA Publications, 22-26 May 2000.Google Scholar
- X. Rival. Abstract dependences for alarm diagnosis. K. Yi (Ed.), Proc. 3rd APLAS '2005, Tsukuba, LNCS 3780, pp. 347--363, Springer, 3-5 Nov. 2005. Google ScholarDigital Library
- X. Rival. Understanding the origin of alarms in Astrée. C. Hankin and I. Siveroni (Eds.), Proc. 12th Int. Symp. SAS '05, London, LNCS 3672, pp. 303--319, Springer, 7-9 Sep. 2005. Google ScholarDigital Library
- J. Souyris. Industrial experience of abstract interpretation-based static analyzers. P. Jacquart (Ed.), Building the Information Society, ch4, pp. 393--400. Kluwer Acad. Pub., 2004.Google Scholar
- S. Thesing, J. Souyris, R. Heckmann, F. Randimbivololona, M. Langenbach, R. Wilhelm, and C. Ferdinand. Abstract interpretation-based timing validation of hard real-time avionics software. Proc. Int. Conf. DSN 2003, San Francisco, pp. 625--634. IEEE Press, 22-25 June 2003.Google ScholarCross Ref
Index Terms
- Proving the absence of run-time errors in safety-critical avionics code
Recommendations
Proving the absence of RTSJ related runtime errors through data flow analysis
JTRES '06: Proceedings of the 4th international workshop on Java technologies for real-time and embedded systemsThe Real-Time Specification for Java (RTSJ) introduces region based memory management to avoid the need for garbage collection. This region based memory management, however, introduces new possible runtime errors. Ensuring that an RTSJ application ...
Experimental assessment of Astrée on safety-critical avionics software
SAFECOMP'07: Proceedings of the 26th international conference on Computer Safety, Reliability, and SecurityAstrée is a parametric Abstract Interpretation based static analyser that aims at proving the absence of RTE (Run-Time Errors) in control programs written in C. Such properties are clearly safety properties since the behaviour of a C program is ...
Pointer Analysis, Conditional Soundness, and Proving the Absence of Errors
SAS '08: Proceedings of the 15th international symposium on Static AnalysisIt is well known that the use of points-to information can substantially improve the accuracy of a static program analysis. Commonly used algorithms for computing points-to information are known to be sound only for memory-safe programs. Thus, it ...
Comments