A static analyzer for large safety-critical software

Bruno Blanchet, Laurent Mauborgne, Patrick Cousot, Antoine Miné, Radhia Cousot, David Monniaux, Jérôme Feret, Xavier Rival

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We show that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement of a general purpose static analyzer and later adaptation to particular programs of the family by the end-user through parametrization. This is applied to the proof of soundness of data manipulation operations at the machine level for periodic synchronous safety critical embedded software. The main novelties are the design principle of static analyzers by refinement and adaptation through parametrization (Sect. 3 and 7), the symbolic manipulation of expressions to improve the precision of abstract transfer functions (Sect. 6.3), the octagon (Sect. 6.2.2), ellipsoid (Sect. 6.2.3), and decision tree (Sect. 6.2.4) abstract domains, all with sound handling of rounding errors in floating point computations, widening strategies (with thresholds: Sect. 7.1.2, delayed: Sect. 7.1.3) and the automatic determination of the parameters (parametrized packing: Sect. 7.2).

Original languageEnglish (US)
Title of host publicationACM Sigplan Notices. Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)
Pages196-207
Number of pages12
StatePublished - 2003
EventACM SIGPLAN Conference on Programming Language Design and Implementation - San Diego, CA, United States
Duration: Jun 9 2003Jun 11 2003

Other

OtherACM SIGPLAN Conference on Programming Language Design and Implementation
CountryUnited States
CitySan Diego, CA
Period6/9/036/11/03

Fingerprint

Embedded software
Decision trees
Transfer functions
Acoustic waves

Keywords

  • Abstract Domains
  • Abstract Interpretation
  • Embedded
  • Floating Point
  • Reactive
  • Real-Time
  • Safety-Critical Software
  • Static Analysis
  • Verification

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Blanchet, B., Mauborgne, L., Cousot, P., Miné, A., Cousot, R., Monniaux, D., ... Rival, X. (2003). A static analyzer for large safety-critical software. In ACM Sigplan Notices. Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) (pp. 196-207)

A static analyzer for large safety-critical software. / Blanchet, Bruno; Mauborgne, Laurent; Cousot, Patrick; Miné, Antoine; Cousot, Radhia; Monniaux, David; Feret, Jérôme; Rival, Xavier.

ACM Sigplan Notices. Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). 2003. p. 196-207.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Blanchet, B, Mauborgne, L, Cousot, P, Miné, A, Cousot, R, Monniaux, D, Feret, J & Rival, X 2003, A static analyzer for large safety-critical software. in ACM Sigplan Notices. Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). pp. 196-207, ACM SIGPLAN Conference on Programming Language Design and Implementation, San Diego, CA, United States, 6/9/03.
Blanchet B, Mauborgne L, Cousot P, Miné A, Cousot R, Monniaux D et al. A static analyzer for large safety-critical software. In ACM Sigplan Notices. Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). 2003. p. 196-207
Blanchet, Bruno ; Mauborgne, Laurent ; Cousot, Patrick ; Miné, Antoine ; Cousot, Radhia ; Monniaux, David ; Feret, Jérôme ; Rival, Xavier. / A static analyzer for large safety-critical software. ACM Sigplan Notices. Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). 2003. pp. 196-207
@inproceedings{e60a83da88884c68923be43dfe19e205,
title = "A static analyzer for large safety-critical software",
abstract = "We show that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement of a general purpose static analyzer and later adaptation to particular programs of the family by the end-user through parametrization. This is applied to the proof of soundness of data manipulation operations at the machine level for periodic synchronous safety critical embedded software. The main novelties are the design principle of static analyzers by refinement and adaptation through parametrization (Sect. 3 and 7), the symbolic manipulation of expressions to improve the precision of abstract transfer functions (Sect. 6.3), the octagon (Sect. 6.2.2), ellipsoid (Sect. 6.2.3), and decision tree (Sect. 6.2.4) abstract domains, all with sound handling of rounding errors in floating point computations, widening strategies (with thresholds: Sect. 7.1.2, delayed: Sect. 7.1.3) and the automatic determination of the parameters (parametrized packing: Sect. 7.2).",
keywords = "Abstract Domains, Abstract Interpretation, Embedded, Floating Point, Reactive, Real-Time, Safety-Critical Software, Static Analysis, Verification",
author = "Bruno Blanchet and Laurent Mauborgne and Patrick Cousot and Antoine Min{\'e} and Radhia Cousot and David Monniaux and J{\'e}r{\^o}me Feret and Xavier Rival",
year = "2003",
language = "English (US)",
pages = "196--207",
booktitle = "ACM Sigplan Notices. Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)",

}

TY - GEN

T1 - A static analyzer for large safety-critical software

AU - Blanchet, Bruno

AU - Mauborgne, Laurent

AU - Cousot, Patrick

AU - Miné, Antoine

AU - Cousot, Radhia

AU - Monniaux, David

AU - Feret, Jérôme

AU - Rival, Xavier

PY - 2003

Y1 - 2003

N2 - We show that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement of a general purpose static analyzer and later adaptation to particular programs of the family by the end-user through parametrization. This is applied to the proof of soundness of data manipulation operations at the machine level for periodic synchronous safety critical embedded software. The main novelties are the design principle of static analyzers by refinement and adaptation through parametrization (Sect. 3 and 7), the symbolic manipulation of expressions to improve the precision of abstract transfer functions (Sect. 6.3), the octagon (Sect. 6.2.2), ellipsoid (Sect. 6.2.3), and decision tree (Sect. 6.2.4) abstract domains, all with sound handling of rounding errors in floating point computations, widening strategies (with thresholds: Sect. 7.1.2, delayed: Sect. 7.1.3) and the automatic determination of the parameters (parametrized packing: Sect. 7.2).

AB - We show that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement of a general purpose static analyzer and later adaptation to particular programs of the family by the end-user through parametrization. This is applied to the proof of soundness of data manipulation operations at the machine level for periodic synchronous safety critical embedded software. The main novelties are the design principle of static analyzers by refinement and adaptation through parametrization (Sect. 3 and 7), the symbolic manipulation of expressions to improve the precision of abstract transfer functions (Sect. 6.3), the octagon (Sect. 6.2.2), ellipsoid (Sect. 6.2.3), and decision tree (Sect. 6.2.4) abstract domains, all with sound handling of rounding errors in floating point computations, widening strategies (with thresholds: Sect. 7.1.2, delayed: Sect. 7.1.3) and the automatic determination of the parameters (parametrized packing: Sect. 7.2).

KW - Abstract Domains

KW - Abstract Interpretation

KW - Embedded

KW - Floating Point

KW - Reactive

KW - Real-Time

KW - Safety-Critical Software

KW - Static Analysis

KW - Verification

UR - http://www.scopus.com/inward/record.url?scp=0038039865&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0038039865&partnerID=8YFLogxK

M3 - Conference contribution

SP - 196

EP - 207

BT - ACM Sigplan Notices. Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)

ER -