On the concept of variable roles and its use in software analysis

@article{Demyanova2013OnTC,
  title={On the concept of variable roles and its use in software analysis},
  author={Yulia Demyanova and Helmut Veith and Florian Zuleger},
  journal={2013 Formal Methods in Computer-Aided Design},
  year={2013},
  pages={226-230}
}
Human written source code in imperative programming languages exhibits typical patterns for variable use, such as flags, loop iterators, counters, indices, bitvectors, etc. Although it is widely understood by practitioners that these patterns are important for automated software analysis tools, they are not systematically studied by the formal methods community, and not well documented in the research literature. In this paper, we introduce the notion of variable roles on the example of basic… 

Figures from this paper

Domain Types: Abstract-Domain Selection Based on Variable Usage
TLDR
The concept of domain types is introduced, which classify the program variables into types that are more fine-grained than standard declared types to guide the selection of an appropriate abstract domain for a model checker.
Loop Patterns in C Programs
TLDR
This work systematically weaken the definition of definite iteration and derive a family of loop classes that are heuristics for definite iteration that describes the majority of loops in C programs and can be used as software metrics to characterize benchmarks for software verification.
Systematic Predicate Abstraction Using Variable Roles
TLDR
This paper describes the heuristics using variable roles, which allow us to pick domain-specific predicates according to the program under analysis, and describes an overall increase in the number of solved tasks, and significant speedup on certain benchmark families.
Electronic Communications of the EASST Volume 72 ( 2015 ) Proceedings of the 15 th International Workshop on Automated Verification of Critical Systems ( AVoCS 2015 ) Loop Patterns in C Programs
TLDR
This work systematically weaken the definition of definite iteration and derive a family of loop classes that are heuristics for definite iteration that describes the majority of loops in C programs and can be used as software metrics to characterize benchmarks for software verification.
Shape and Content: Incorporating Domain Knowledge into Shape Analysis
TLDR
This paper shows how Description Logics can be used on top of an existing shape analysis to add content descriptions to the shapes, and shows that the two-variable fragment of first order logic with counting and trees can been used as a joint framework to embed suitable DLs and separation logic.
Shape and Content - A Database-Theoretic Perspective on the Analysis of Data Structures
TLDR
This paper shows that the two-variable fragment of first order logic with counting and trees can be used as a joint framework to embed suitable fragments of description logic and separation logic in programs with dynamic data structures.
Strategy Selection for Software Verification Based on Boolean Features - A Simple but Effective Approach
TLDR
A small set of program features are identified that can be statically determined for each input program in an efficient way and sufficiently distinguishes the input programs such that a strategy selector for picking a particular verification strategy can be defined that outperforms every constant strategy selector.
Empirical software metrics for benchmarking of verification tools
TLDR
It is shown that this metrics are powerful enough to devise a machine-learning based portfolio solver for software verification and would be the (hypothetical) overall winner of the international competition on software verification (SV-COMP) in three consecutive years (2014–2016).
Empirical software metrics for benchmarking of verification tools
TLDR
It is shown that this metrics are powerful enough to devise a machine-learning based portfolio solver for software verification and would be the (hypothetical) overall winner of the international competition on software verification (SV-COMP) in three consecutive years (2014–2016).
Predicate Granularity in Predicate Abstraction
TLDR
This work develops several strategies on how knowledge about a program’s structure can be used to determine a suitable predicate granularity for the verification task at hand and demonstrates the applicability of this approach with several scenarios.
...
...

References

SHOWING 1-10 OF 13 REFERENCES
Domain Types: Selecting Abstractions Based on Variable Usage
TLDR
The concept of domain types, which classify the program variables into types that are more fine-grained than standard declared types, are introduced in order to guide the selection of an appropriate abstract domain for a model checker.
Domain Types: Abstract-Domain Selection Based on Variable Usage
TLDR
The concept of domain types is introduced, which classify the program variables into types that are more fine-grained than standard declared types to guide the selection of an appropriate abstract domain for a model checker.
Liquid types
We present Logically Qualified Data Types, abbreviated to Liquid Types, a system that combines Hindley-Milner type inference with Predicate Abstraction to automatically infer dependent types precise
Concise and consistent naming
TLDR
This paper renders adequate identifier naming far more precisely a formal model, based on bijective mappings between concepts and names, provides a solid foundation for the definition of precise rules for concise and consistent naming.
Principles of Program Analysis
TLDR
This book is unique in providing an overview of the four major approaches to program analysis: data flow analysis, constraint-based analysis, abstract interpretation, and type and effect systems.
Bugs as deviant behavior: a general approach to inferring errors in systems code
A major obstacle to finding program errors in a real system is knowing what correctness rules the system must obey. These rules are often undocumented or specified in an ad hoc manner. This paper
Extracting Meaning from Abbreviated Identifiers
TLDR
The approach is used to improve the syntactic identification of violations to Deissenbock and Pizka's rules for concise and consistent identifier construction and evaluates the process on a code based of just over 35 million lines of code.
The ASTR ´ EE Analyzer
ASTR´ EE is an abstract interpretation-based static program analyzer aiming at proving automatically the absence of run time errors in programs written in the C programming language. It has been
The ASTREÉ Analyzer
TLDR
ASTREE is an abstract interpretation-based static program analyzer aiming at proving automatically the absence of run time errors in programs written in the C programming language, producing a correctness proof for complex software without any false alarm in a few hours of computation.
An empirical analysis of roles of variables in novice-level procedural programs
  • J. Sajaniemi
  • Computer Science
    Proceedings IEEE 2002 Symposia on Human Centric Computing Languages and Environments
  • 2002
The use of all variables in 109 novice-level, but expert written, procedural programs were analyzed in order to find a small but still comprehensive set of generic roles that describe the nature of
...
...