Skip to main content
SpringerLink
Log in
Book cover

International Static Analysis Symposium

SAS 2016: Static Analysis pp 189–211Cite as

Exploiting Sparsity in Difference-Bound Matrices

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9837))

Abstract

Relational numeric abstract domains are very important in program analysis. Common domains, such as Zones and Octagons, are usually conceptualised with weighted digraphs and implemented using difference-bound matrices (DBMs). Unfortunately, though conceptually simple, direct implementations of graph-based domains tend to perform poorly in practice, and are impractical for analyzing large code-bases. We propose new DBM algorithms that exploit sparsity and closed operands. In particular, a new representation which we call split normal form reduces graph density on typical abstract states. We compare the resulting implementation with several existing DBM-based abstract domains, and show that we can substantially reduce the time to perform full DBM analysis, without sacrificing precision.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    For presentation purposes, we assume all program states share a fixed set V of variables. In practice, this is unnecessarily expensive—we instead maintain vertices for only the variables that are in scope, and add or remove vertices as needed.

  2. 2.

    Our approach works for rational numbers as well. The implementation assumes 64-bit integers and does not currently take over-/under-flow into account.

  3. 3.

    This assumes \(\pi (\mathtt {S})\) is total. For a partial function like integer division we first close with respect to \(\mathtt {x}\), then enforce the remaining invariants.

  4. 4.

    It is not immediately clear how to extend this efficiently to an n-way meet, as a vertex may be reachable from some arbitrary subset of the operands.

  5. 5.

    This terminology may be confusing. The transitive reduction computes the greatest (by \({{\mathrm{\sqsubseteq }}}\)) equivalent representation of R, whereas the usual abstract-domain reduction corresponds to the transitive closure.

  6. 6.

    This assumes 16-bit vertex identifiers; if more than \(2^{16}\) variables are in scope at a program point, any dense-matrix approach is already impractical.

  7. 7.

    Code is available from the authors upon request.

  8. 8.

    We tried to stress test the DBM implementations by increasing the number of variables in scope through inlining. We inlined all function calls unless a called function was recursive or could not be resolved at compile time.

References

  1. Competition on software verification (SV-COMP) (2016). http://sv-comp.sosy-lab.org/2016/. Benchmarks https://github.com/sosy-lab/sv-benchmarks/c. Accessed 30 Mar 2016

  2. Briggs, P., Torczon, L.: An efficient representation for sparse sets. ACM Lett. Program. Lang. Syst. 2(1–4), 59–69 (1993)

    Article  Google Scholar 

  3. Chawdhary, A., Robbins, E., King, A.: Simple and efficient algorithms for octagons. In: Garrigue, J. (ed.) APLAS 2014. LNCS, vol. 8858, pp. 296–313. Springer, Heidelberg (2014)

    Google Scholar 

  4. Cherkassky, B.V., Goldberg, A.V.: Negative-cycle detection algorithms. Math. Program. 85(2), 277–311 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  5. Cotton, S., Maler, O.: Fast and flexible difference constraint propagation for DPLL(T). In: Biere, A., Gomes, C.P. (eds.) SAT 2006. LNCS, vol. 4121, pp. 170–183. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the Fourth ACM Symposium Principles of Programming Languages, pp. 238–252. ACM Press (1977)

    Google Scholar 

  7. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Proceedings of the Sixth ACM Symposium Principles of Programming Languages, pp. 269–282. ACM Press (1979)

    Google Scholar 

  8. Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Rival, X.: Why does Astrée scale up? Formal Methods Syst. Des. 35(3), 229–264 (2009)

    Article  MATH  Google Scholar 

  9. Cousot, P., Halbwachs, N.: Automatic discovery of linear constraints among variables of a program. In: Proceedings of the Fifth ACM Symposium Principles of Programming Languages, pp. 84–97. ACM Press (1978)

    Google Scholar 

  10. Fähndrich, M., Logozzo, F.: Static contract checking with abstract interpretation. In: Beckert, B., Marché, C. (eds.) FoVeOOS 2010. LNCS, vol. 6528, pp. 10–30. Springer, Heidelberg (2011)

    Google Scholar 

  11. Feydy, T., Schutt, A., Stuckey, P.J.: Global difference constraint propagation for finite domain solvers. In: Proceedings of the 10th International ACM SIGPLAN Conference Principles and Practice of Declarative Programming, pp. 226–235. ACM Press (2008)

    Google Scholar 

  12. Ford, L.R., Fulkerson, D.R.: Flows in Networks. Princeton University Press, Princeton (1962)

    MATH  Google Scholar 

  13. Johnson, D.B.: Efficient algorithms for shortest paths in sparse networks. J. ACM 24(1), 1–13 (1977)

    Article  MathSciNet  MATH  Google Scholar 

  14. Larsen, K.G., Larsson, F., Pettersson, P., Yi, W.: Efficient verification of real-time systems: compact data structure and state-space reduction. In: Proceedings of the 18th International Symposium Real-Time Systems, pp. 14–24. IEEE Computer Society (1997)

    Google Scholar 

  15. Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis and transformation. In: Proceedings of the International Symposium Code Generation and Optimization (CGO 2004), pp. 75–86. IEEE Computer Society (2004)

    Google Scholar 

  16. Logozzo, F., Fähndrich, M.: Pentagons: a weakly relational abstract domain for the efficient validation of array accesses. In: Proceedings of the 2008 ACM Symposium Applied Computing, pp. 184–188. ACM Press (2008)

    Google Scholar 

  17. Miné, A.: A new numerical abstract domain based on difference-bound matrices. In: Danvy, O., Filinski, A. (eds.) PADO 2001. LNCS, vol. 2053, pp. 155–172. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  18. Miné, A.: The octagon abstract domain. High. Ord. Symbolic Comput. 19(1), 31–100 (2006)

    Article  MATH  Google Scholar 

  19. Okasaki, C., Gill, A.: Fast mergeable integer maps. In: Notes of the ACM SIGPLAN Workshop on ML, pp. 77–86, September 1998

    Google Scholar 

  20. Singh, G., Püschel, M., Vechev, M.: Making numerical program analysis fast. In: Proceedings of the 36th ACM SIGPLAN Conference Programming Language Design and Implementation, pp. 303–313. ACM (2015)

    Google Scholar 

  21. Venet, A., Brat, G.: Precise and efficient static array bound checking for large embedded C programs. In: Proceedings of the 25th ACM SIGPLAN Conference Programming Language Design and Implementation, pp. 231–242. ACM Press (2004)

    Google Scholar 

  22. Venet, A.J.: The gauge domain: scalable analysis of linear inequality invariants. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 139–154. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Acknowledgments

We acknowledge the support from the Australian Research Council through grant DP140102194. We would like to thank Maxime Arthaud for implementing the non-incremental version of dense difference-bound matrices as well as the variable packing technique.

Author information

Authors and Affiliations

  1. Department of Computing and Information Systems, The University of Melbourne, Melbourne, VIC, 3010, Australia

    Graeme Gange, Peter Schachte, Harald Søndergaard & Peter J. Stuckey

  2. NASA Ames Research Center, Moffett Field, CA, 94035, USA

    Jorge A. Navas

Authors
  1. Graeme Gange
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jorge A. Navas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peter Schachte
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Harald Søndergaard
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Peter J. Stuckey
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Graeme Gange .

Editor information

Editors and Affiliations

  1. Ecole Normale Supérieure , Paris, France

    Xavier Rival

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag GmbH Germany

About this paper

Cite this paper

Gange, G., Navas, J.A., Schachte, P., Søndergaard, H., Stuckey, P.J. (2016). Exploiting Sparsity in Difference-Bound Matrices. In: Rival, X. (eds) Static Analysis. SAS 2016. Lecture Notes in Computer Science(), vol 9837. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-53413-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-53413-7_10

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-53412-0

  • Online ISBN: 978-3-662-53413-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation