PAGAI: A Path Sensitive Static Analyser

  title={PAGAI: A Path Sensitive Static Analyser},
  author={Julien Henry and David Monniaux and Matthieu Moy},

Figures and Tables from this paper

A Flow-Insensitive-Complete Program Representation

This paper formalizes the notion of Flow-Insensitive-Completeness with two collecting semantics and provides a program transformation that permits to analyze a program in a flow insensitive manner without sacrificing the precision.

Improving WCET Evaluation using Linear Relation Analysis

This paper uses existing tools - a WCET evaluator and a linear relation analyzer - to build and experiment a prototype implementation of the classical abstract interpretation-based method of linear relation analysis to discover and exploit relations between execution paths.

Static Code Analysis of C + + in LLVM

While LLVM’s support for sophisticated AST analysis is remarkable, being the main reason these positive results, its support for data flow analysis is not yet up to par, as well as a lack of thorough documentation.

The WCET Analysis using Counters-A Preliminary Assessment

This paper proposes a methodology for the WCET analysis using an abstract program (with special program variables called counters), in order to better exploit the underlying program semantics and to produce potentially tighter WCET bounds.

Memory-Efficient Fixpoint Computation

This paper presents a method to minimize the memory footprint in Bourdoncle's iteration strategy, a widely-used technique for fixpoint computation, and proves that this technique is optimal (i.e., it results in minimum memory footprint) for Bourdoncles' iteration strategy while computing the same result.

Static Analysis of Binary Code with Memory Indirections Using Polyhedra

This paper proposes a new abstract domain for static analysis of binary code, based to polyhedra and on two mapping functions that associatepolyhedra variables with registers and memory, and proves the correctness of the method, and its effectiveness on benchmarks and examples from typical embedded code.

Program Analysis with Local Policy Iteration

We present local policy iterationi¾?LPI, a new algorithm for deriving numerical invariants that combines the precision of max-policy iteration with the flexibility and scalability of conventional

Algorithmic Resource Verification

New algorithms that enable users to specify and verify their desired bounds on resource usage of functional programs and show that the system is able to infer hard, nonlinear resource bounds that are beyond the capability of the existing approaches are presented.

Automatically Testing Implementations of Numerical Abstract Domains

This paper presents an automatic technique to test, among other properties, the soundness and precision of abstract domains, the core of all static analyzers based on abstract interpretation, and shows that this approach is more effective than dynamic symbolic execution and than fuzzing the test inputs directly.

Localizing Widening and Narrowing

Two strategies which may be easily applied to standard abstract interpretation-based static analyzers are shown, restricting the scope of widening, and intertwining the computation of ascending and descending chains.



Guided Static Analysis

guided static analysis is introduced, a framework for controlling the exploration of the state-space of a program by applying standard static-analysis techniques to a sequence of modified versions of the analyzed program, and does not require any modifications to existing analysis techniques, and thus can be easily integrated into existingstatic-analysis tools.

Succinct Representations for Abstract Interpretation

This work improves previously proposed techniques for guided static analysis and the generation of disjunctive invariants by combining them with techniques for succinct representations of paths and symbolic representations for transitions based on static single assignment.

Static Analysis, 14th International Symposium, SAS 2007, Kongens Lyngby, Denmark, August 22-24, 2007, Proceedings

A Compilation Model for Aspect-Oriented Polymorphically Typed Functional Languages and a Framework for End-to-End Verification and Evaluation of Register Allocators are presented.

Apron: A Library of Numerical Abstract Domains for Static Analysis

Aron is a freely available library dedicated to the static analysis of the numerical variables of programs by abstract interpretation, and its goal is to provide analysis implementers with ready-to-use numerical abstractions under a unified API.

The ASTREÉ Analyzer

ASTREE is an abstract interpretation-based static program analyzer aiming at proving automatically the absence of run time errors in programs written in the C programming language, producing a correctness proof for complex software without any false alarm in a few hours of computation.

LLVM: a compilation framework for lifelong program analysis & transformation

The design of the LLVM representation and compiler framework is evaluated in three ways: the size and effectiveness of the representation, including the type information it provides; compiler performance for several interprocedural problems; and illustrative examples of the benefits LLVM provides for several challenging compiler problems.

Stratified Static Analysis Based on Variable Dependencies

The ASTR ´ EE Analyzer

ASTR´ EE is an abstract interpretation-based static program analyzer aiming at proving automatically the absence of run time errors in programs written in the C programming language. It has been

Using Bounded Model Checking to Focus Fixpoint Iterations

This article describes how to avoid systematic exploration in static analysis by focusing on a single path at a time, designated by SMT-solving, thus doing away with widenings as well in some cases.

Symbolic Methods to Enhance the Precision of Numerical Abstract Domains

These lightweight and generic symbolic methods to improve the precision of numerical static analyses based on Abstract Interpretation, and are incorporated within the Astree static analyzer that checks for the absence of run-time errors in embedded critical avionics software.