research-article

Theories, solvers and static analysis by abstract interpretation

Authors:

Patrick Cousot,

Laurent MauborgneAuthors Info & Claims

Journal of the ACM (JACM), Volume 59, Issue 6

Article No.: 31, Pages 1 - 56

https://doi.org/10.1145/2395116.2395120

Published: 09 January 2013 Publication History

Abstract

The algebraic/model theoretic design of static analyzers uses abstract domains based on representations of properties and pre-calculated property transformers. It is very efficient. The logical/proof theoretic approach uses SMT solvers/theorem provers and computation of property transformers on-the-fly. It is very expressive. We propose to unify both approaches, so that they can be combined to reach the sweet spot best adapted to a specific application domain in the precision/cost spectrum. We first give a new formalization of the proof theoretic approach in the abstract interpretation framework, introducing a semantics based on multiple interpretations to deal with the soundness of such approaches. Then we describe how to combine them with any other abstract interpretation-based analysis using an iterated reduction to combine abstractions. The key observation is that the Nelson-Oppen procedure, which decides satisfiability in a combination of logical theories by exchanging equalities and disequalities, computes a reduced product (after the state is enhanced with some new “observations” corresponding to alien terms). By abandoning restrictions ensuring completeness (such as disjointness, convexity, stably-infiniteness, or shininess, etc.), we can even broaden the application scope of logical abstractions for static analysis (which is incomplete anyway).

References

[1]

Bertrane, J., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., and Rival, X. 2010. Static analysis and verification of aerospace software by abstract interpretation. In Proceedings of AIAA Infotech@Aerospace 2010. AIAA, 2010--3385.

[2]

Bradley, A., and Manna, Z. 2007. The Calculus of Computation, Decision procedures with Applications to Verification. Springer, Berlin.

Digital Library

[3]

Bradley, A., Manna, Z., and Sipma, H. 2006. What's decidable about arrays&quest; In Proceedings of the 7th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI), Lecture Notes in Computer Science, vol. 3855, Springer, Berlin, 427--442.

Digital Library

[4]

Chang, C. and Keisler, H. 1990. Model theory. In Studies in Logic and the Foundation of Mathematics 3rd Ed. J. Barwise, H. J. Keisler, P. Suppes, and A. S. Troelstra, Eds., vol. 73, Elsevier Science, New York.

[5]

Chen, L., Miné, A., Wang, J., and Cousot, P. 2011. Linear absolute value relation analysis. In Proceedings of the 20th European Symposium on Programming (ESOP), Saarbrücken, Germany, G. Barthe, Ed., Lecture Notes in Computer Science Series, vol. 6602, Springer-Verlag, Berlin, 156--175.

Digital Library

[6]

Cook, S. 1978. Soundness and completeness of an axiom system for program verification. SIAM J. Comput. 7, 1, 70--90.

Digital Library

[7]

Cooper, D. 1972. Theorem proving in arithmetic without multiplication. Mach. Intell. 91, 7, 91--99.

[8]

Cousot, P. 1978. Méthodes itératives de construction et d'approximation de points fixes d'opérateurs monotones sur un treillis, analyse sémantique de programmes (in French). Ph.D. dissertation, Thèse d'État ès sciences mathématiques, Université Joseph Fourier, Grenoble, France.

[9]

Cousot, P. 1990. Methods and logics for proving programs. In Formal Models and Semantics, J. van Leeuwen, Ed., Handbook of Theoretical Computer Science Series, vol. B. Elsevier Science Publishers B.V., Amsterdam, The Netherlands, 843--993.

Digital Library

[10]

Cousot, P. 1999. The calculational design of a generic abstract interpreter, invited chapter. In Calculational System Design, M. Broy and R. Steinbrüggen, Eds., Vol. 173, NATO Science Series, Series F: Computer and Systems Sciences, IOS Press, Amsterdam, 421--505.

[11]

Cousot, P. 2002. Constructive design of a hierarchy of semantics of a transition system by abstract interpretation. Theoret. Comput. Sci. 277, 1--2, 47--103.

Digital Library

[12]

Cousot, P. and Cousot, R. 1976. Static determination of dynamic properties of programs. In Proceedings of the 2nd International Symposium on Programming. 106--130.

[13]

Cousot, P. and Cousot, R. 1977. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4th Symposium on Principles of Programming Languages. ACM, 238--252.

Digital Library

[14]

Cousot, P. and Cousot, R. 1979a. A constructive characterization of the lattices of all retractions, pre-closure, quasi-closure and closure operators on a complete lattice. Portug. Math. 38, 2, 185--198.

[15]

Cousot, P. and Cousot, R. 1979b. Constructive versions of Tarski's fixed point theorems. Pacific J. Math. 82, 1, 43--57.

[16]

Cousot, P. and Cousot, R. 1979c. Systematic design of program analysis frameworks. In Proceedings of the 6th Symposium on Principles of Programming Languages. ACM, 269--282.

Digital Library

[17]

Cousot, P. and Cousot, R. 1992a. Abstract interpretation frameworks. J. Logic Comput. 2, 4, 511--547.

[18]

Cousot, P. and Cousot, R. 1992b. Comparing the Galois connection and widening/narrowing approaches to abstract interpretation. In Proceedings of the 4th International Symposium on Programming Language Implementation and Logic Programming, (PLILP'92), M. Bruynooghe and M. Wirsing, Eds., Lecture Notes in Computer Science, vol. 631. Springer, Berlin, 269--295.

Digital Library

[19]

Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. 2005. The Astrée analyser. In Proceedings of the 14^th European Symposium on Programming Languages and Systems (ESOP), M. Sagiv, Ed., Lecture Notes in Computer Science, vol. 3444. Springer, Berlin, 21--30.

Digital Library

[20]

Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. 2008. Combination of abstractions in the Astrée static analyzer. In Proceedings of the 11th Annual Asian Computing Science Conference (ASIAN 06). M. Okada and I. Satoh, Eds., Lecture Notes in Computer Scinece, vol. 4435, Springer, Berlin, 272--300.

Digital Library

[21]

Cousot, P., Cousot, R., and Mauborgne, L. 2010. A scalable segmented decision tree abstract domain. In Pnueli Festschrift, Z. Manna and D. Peled, Eds., Lecture Notes in Computer Science, vol. 6200, Springer-Verlag, Berlin, 72--95.

Digital Library

[22]

Craig, W. 1957. Three uses of the Herbrand-Gentzen theorem in relating model theory and proof theory. J. Symb. Logic 22, 3, 269--285.

[23]

Cytron, R., Ferrante, J., Rosen, B., Wegman, M., and Zadeck, F. 1991. Efficiently computing static single assignment form and the control dependence graph. ACM Trans. Prog. Lang. Syst. 13, 4, 451--490.

Digital Library

[24]

de Moura, L., Ruess, H., and Sorea, M. 2003. Bounded model checking and induction: From refutation to verification. In Proceedings of the 15th Computer-Aided Verification Conference (CAV'03), A. Voronkov, Ed. Lecture Notes in Computer Science, Series, vol. 2725. Springer, Berlin, 14--26.

[25]

Detlefs, D., Nelson, G., and Saxe, J. 2005. Simplify: A theorem prover for program checking. J. ACM 52, 3, 365--473.

Digital Library

[26]

Deutsch, A. 1990. On determining lifetime and aliasing of dynamically allocated data in higher-order functional specifications. In Proceedings of the 17th Symposium on Principles of Programming Languages (POPL), ACM, 157--168.

Digital Library

[27]

Elder, M., Gopan, D., and Reps, T. 2010. View-augmented abstractions. Elect. Notes. Theoret. Comput. Sci. 267, 1, 43--57.

Digital Library

[28]

Ferrante, J. and Geiser, J. 1977. An efficient decision procedure for the theory of rational order. Theoret. Comput. Sci. 4, 2, 227--233.

[29]

Ferrante, J. and Rackoff, C. 1975. A decision procedure for the first order theory of real addition with order. SIAM J. Computat. 4, 1, 69--76.

[30]

Ferrara, P., Logozzo, F., and Fähndrich, M. 2008. Safer unsafe code in .NET. In Proceedings of the 23rd Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), G. E. Harris, Ed., ACM, 329--346.

Digital Library

[31]

Floyd, R. 1967. Assigning meaning to programs. In Proceedings of the Symposium in Applied Mathematics, J. Schwartz, Ed. Vol. 19, American Mathematical Society, Providence, RI, 19--32.

[32]

Ganzinger, H. 1996. Saturation-based theorem proving (abstract). In Proceedings of the 23rd International Colloquium on Automata, Languages and Programming (ICALP). F. Meyer auf der Heide and B. Monien, Eds., Lecture Notes in Computer Science, vol. 1099, Springer, Berlin, 1--3.

Digital Library

[33]

Ge, Y., Barrett, C., and Tinelli, C. 2007. Solving quantified verification conditions using satisfiability modulo theories. In Proceedngs of the Conference on Automated Deduction (CADE 21). Lecture Notes in Artificial Intelligence, vol. 4603, Springer, Berlin, 167--182.

Digital Library

[34]

Ge, Y. and de Moura, L. 2009. Complete instantiation of quantified formulas in satisfiability modulo theories. In Proceedings of the International Conference on Computer Aided Verification (CAV'09). Lecture Notes in Computer Science, vol. 5643, Springer, Berlin, 306--320.

Digital Library

[35]

Goubault, E., Martel, M., and Putot, S. 2002. Asserting the precision of floating-point computations: A simple abstract interpreter. In Proceedings of the 11th European Symposium on Programming (ESOP), D. Le Métayer, Ed., Lecture Notes in Computer Science Series, vol. 2305, Springer, Berlin, 209--212.

Digital Library

[36]

Granger, P. 1989. Static analysis of arithmetical congruences. Int. J. Comput. Math. 30, 3 & 4, 165--190.

[37]

Granger, P. 1992. Improving the results of static analyses of programs by local decreasing iterations. In Proceedings of the 12th Foundations of Software Technology and Theoretical Computer Science Conference, R. Shyamasundar, Ed., Lecture Notes in Computer Science Series, vol. 652, Springer, Berlin, 68--79.

Digital Library

[38]

Gulwani, S., Lev-Ami, T., and Sagiv, M. 2009. A combination framework for tracking partition sizes. In Proceedings of the 36th Annual Symposium on Principles of Programming Languages (POPL). ACM, 239--251.

Digital Library

[39]

Gulwani, S., McCloskey, B., and Tiwari, A. 2008. Lifting abstract interpreters to quantified logical domains. In Proceedings of the 35th Annual Symposium on Principles of Programming Languages (POPL). ACM, 235--246.

Digital Library

[40]

Gulwani, S. and Necula, G. C. 2007. Path-sensitive analysis for linear arithmetic and uninterpreted functions. In Proceedings of the 11^th International Symposium on Static Analysis (SAS'04), R. Giacobazzi, Ed., Lecture Notes in Computer Science Series, vol. 3148, Springer, Berlin, 328--343.

[41]

Gulwani, S. and Tiwari, A. 2006. Combining abstract interpreters. In Proceedings of the Conference on Programmming Languages Design in Implementation (PLDI 06), M. Schwartzbach and T. Ball, Eds., ACM, 376--386.

Digital Library

[42]

Hoare, C. 1974. Monitors: An operating system structuring concept. Comm. ACM 17, 10, 549--557.

Digital Library

[43]

Martel, M. 2009. Program transformation for numerical precision. In Proceedings of the ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation (PEPM). G. Puebla and G. Vidal, Eds., ACM, 101--110.

Digital Library

[44]

Mauborgne, L. 1998. Abstract interpretation using typed decision graphs. Sci. Comput. Programm. 31, 1, 91--112.

Digital Library

[45]

McIlraith, S. and Amir, E. 2001. Theorem proving with structured theories. In Proceedings of the 17th International Joint Conference on Artificial Intelligence (IJCAI), B. Nebel, Ed., Morgan Kaufmann, 624--634.

Digital Library

[46]

McMillan, K. 2002. Applying SAT methods in unbounded symbolic model checking. In Proceedings of the Symposium on Computer Aided Verification (CAV). E. Brinksma and K. Larsen, Eds., Lecture Notes in Computer Science, vol. 2404, Springer, Berlin, 250--264.

Digital Library

[47]

McMillan, K. 2003. Craig interpolation and reachability analysis. In Proceedings of the 10th International Symposium on Static Analysis (SAS'03), R. Cousot, Ed., Lecture Notes in Computer Science, vol. 2694, Springer, Berlin, 336.

Digital Library

[48]

Mendelson, E. 1997. Introduction to Mathematical Logic 4^th Ed. Chapman & Hall, London.

[49]

Miné, A. 2006a. Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics. In Proceedings of the ACM SIGPLAN/SIGBED Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES). ACM, 54--63.

Digital Library

[50]

Miné, A. 2006b. The octagon abstract domain. Higher-Order Symb. Computat. 19, 31--100.

Digital Library

[51]

Monk, J. D. 1969. Introduction to Set Theory. McGraw-Hill, New York.

[52]

Monteiro, A. and Ribeiro, H. 1942. L'opération de fermeture et ses invariants dans les systèmes partiellement ordonnés. Portugal. Math. 3, 3, 171--184.

[53]

Nelson, G. and Oppen, D. 1979. Simplification by cooperating decision procedures. ACM Trans. Prog. Lang. Syst. 1, 2, 245--257.

Digital Library

[54]

Poizat, B. 2000. A Course in Model Theory: An Introduction to Contemporary Mathematical Logic. Springer, Berlin.

[55]

Pratt, V. 1977. Two easy theories whose combination is hard. Tech. rep., MIT. September 1, boole.stanford. edu/pub/sefnp.pdf.

[56]

Ranzato, F. 1999. Closures on CPOs form complete lattices. Inf. Computat. 152, 236--249.

Digital Library

[57]

Reps, T., Sagiv, S., and Yorsh, G. 2004. Symbolic implementation of the best transformer. In Proceedings of the 5th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI), B. Steffen and G. Levi, Eds., Lecture Notes in Computer Notes Science, vol. 2937, Springer, Berlin, 252--266.

[58]

Shostak, R. 1984. Deciding combinations of theories. J. ACM 31, 1, 1--12.

Digital Library

[59]

Tarski, A. 1955. A lattice theoretical fixpoint theorem and its applications. Pacific J. Math. 5, 285--310.

[60]

Tinelli, C. and Harandi, M. 1996. A new correctness proof of the Nelson--Oppen combination procedure. In Proceedings of the 1st International Workshop on Frontiers of Combining Systems, F. Baader and K. U. Schulz, Eds., Applied Logic. Kluwer Academic Publishers, 103--120.

[61]

Tinelli, P. and Zarba, C. 2005. Combining non-stably infinite theories. J. Automat. Reason. 34, 3, 209--238.

Digital Library

[62]

Tiwari, A., and Gulwani, S. 2007. Logical interpretation: Static program analysis using theorem proving. In Proceedings of the Conference on Automated Deduction (CADE-21), F. Pfenning, Ed., Lecture Notes in Artificial Intelligence, vol. 4603, Springer, Berlin, 147--166.

Digital Library

[63]

Ward, M. 1942. The closure operators of a lattice. Ann. Math. 43, 2, 191--196.

Cited By

Cousot P(2023)A Personal Historical Perspective on Abstract InterpretationThe French School of Programming10.1007/978-3-031-34518-0_9(205-239)Online publication date: 11-Oct-2023
https://doi.org/10.1007/978-3-031-34518-0_9
Bruni RGiacobazzi RGori RRanzato FJhala RDillig I(2022)Abstract interpretation repairProceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3519939.3523453(426-441)Online publication date: 9-Jun-2022
https://dl.acm.org/doi/10.1145/3519939.3523453
Even-Mendoza KHyvärinen AChockler HSharygina NRoop PZhan NGao SNuzzo P(2019)Lattice-based SMT for program verificationProceedings of the 17th ACM-IEEE International Conference on Formal Methods and Models for System Design10.1145/3359986.3361214(1-11)Online publication date: 9-Oct-2019
https://dl.acm.org/doi/10.1145/3359986.3361214
Show More Cited By

Index Terms

Recommendations

Abstract interpretation of resolution-based semantics

We extend the abstract interpretation point of view on context-free grammars by Cousot and Cousot to resolution-based logic programs and proof systems. Starting from a transition-based small-step operational semantics of Prolog programs (akin to the ...
Goal-directed weakening of abstract interpretation results

One proposal for automatic construction of proofs about programs is to combine Hoare logic and abstract interpretation. Constructing proofs is in Hoare logic. Discovering programs' invariants is done by abstract interpreters.

One problem of this ...
On the power of abstract interpretation

Increasingly sophisticated applications of static analysis make it important to precisely characterize the power of static analysis techniques. Sekar et al. recently studied the power of strictness analysis techniques and showed that strictness analysis ...

Comments

Information & Contributors

Information

Published In

cover image Journal of the ACM

Journal of the ACM Volume 59, Issue 6

December 2012

213 pages

ISSN:0004-5411

EISSN:1557-735X

DOI:10.1145/2395116

Issue’s Table of Contents

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 January 2013

Accepted: 01 September 2012

Revised: 01 July 2012

Received: 01 May 2011

Published in JACM Volume 59, Issue 6

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
826
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)1

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Cousot P(2023)A Personal Historical Perspective on Abstract InterpretationThe French School of Programming10.1007/978-3-031-34518-0_9(205-239)Online publication date: 11-Oct-2023
https://doi.org/10.1007/978-3-031-34518-0_9
Bruni RGiacobazzi RGori RRanzato FJhala RDillig I(2022)Abstract interpretation repairProceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3519939.3523453(426-441)Online publication date: 9-Jun-2022
https://dl.acm.org/doi/10.1145/3519939.3523453
Even-Mendoza KHyvärinen AChockler HSharygina NRoop PZhan NGao SNuzzo P(2019)Lattice-based SMT for program verificationProceedings of the 17th ACM-IEEE International Conference on Formal Methods and Models for System Design10.1145/3359986.3361214(1-11)Online publication date: 9-Oct-2019
https://dl.acm.org/doi/10.1145/3359986.3361214
Talbot PCachera DMonfroy ETruchet C(2019)Combining Constraint Languages via Abstract Interpretation2019 IEEE 31st International Conference on Tools with Artificial Intelligence (ICTAI)10.1109/ICTAI.2019.00016(50-58)Online publication date: Nov-2019
https://doi.org/10.1109/ICTAI.2019.00016
Ren SZhang X(2019)Synthesize Inductive Invariants by K-means++ and Support Vector Machine2019 IEEE 2nd International Conference on Computer and Communication Engineering Technology (CCET)10.1109/CCET48361.2019.8989385(50-54)Online publication date: Aug-2019
https://doi.org/10.1109/CCET48361.2019.8989385
Cousot P(2019)Abstract Semantic DependencyStatic Analysis10.1007/978-3-030-32304-2_19(389-410)Online publication date: 8-Oct-2019
https://dl.acm.org/doi/10.1007/978-3-030-32304-2_19
D'silva VUrban C(2017)Abstract Interpretation as Automated DeductionJournal of Automated Reasoning10.1007/s10817-016-9382-458:3(363-390)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1007/s10817-016-9382-4
Reps TThakur A(2016)Automating Abstract InterpretationProceedings of the 17th International Conference on Verification, Model Checking, and Abstract Interpretation - Volume 958310.1007/978-3-662-49122-5_1(3-40)Online publication date: 17-Jan-2016
https://dl.acm.org/doi/10.1007/978-3-662-49122-5_1
Cousot PFalaschi MAlbert E(2015)Verification by abstract interpretation, soundness and abstract inductionProceedings of the 17th International Symposium on Principles and Practice of Declarative Programming10.1145/2790449.2790451(1-4)Online publication date: 14-Jul-2015
https://dl.acm.org/doi/10.1145/2790449.2790451
Dalla Preda MGiacobazzi RLakhotia AMastroeni I(2015)Abstract Symbolic AutomataACM SIGPLAN Notices10.1145/2775051.267698650:1(329-341)Online publication date: 14-Jan-2015
https://dl.acm.org/doi/10.1145/2775051.2676986
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents