TY - GEN
T1 - Identifying Minimal Changes in the Zone Abstract Domain
AU - Ballou, Kenny
AU - Sherman, Elena
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023
Y1 - 2023
N2 - Verification techniques express program states as logical formulas over program variables. For example, symbolic execution and abstract interpretation encode program states as a set of linear integer inequalities. However, for real-world programs these formulas tend to become large, which affects scalability of analyses. To address this problem, researchers developed complementary approaches which either remove redundant inequalities or extract a subset of inequalities sufficient for specific reasoning, i.e., formula slicing. For arbitrary linear integer inequalities, such reduction approaches either have high complexities or over-approximate. However, efficiency and precision of these approaches can be improved for a restricted type of logical formulas used in relational numerical abstract domains. While previous work investigated custom efficient redundant inequality elimination for Zones states, our work examines custom semantic slicing algorithms that identify a minimal set of changed inequalities in Zones states. The client application of the minimal changes in Zones is an empirical study on comparison between invariants computed by data-flow analysis using Zones, Intervals and Predicates numerical domains. In particular, evaluations compare how our proposed algorithms affect the precision of comparing Zones vs. Intervals and Zones vs. Predicates abstract domains. The results show our techniques reduce the number of variables by more than 70 % and the number of linear inequalities by 30 %, comparing to those of full states. The approach refines the granularity of comparison between domains, reducing incomparable invariants between Zones and Predicates from 52 % to 4 %, and increases equality of Intervals and Zones, invariants from 27 % to 71 %. Finally, the techniques improve the comparison efficiency by reducing total runtime for all subject comparisons for Zones and Predicates from over four minutes to a few seconds.
AB - Verification techniques express program states as logical formulas over program variables. For example, symbolic execution and abstract interpretation encode program states as a set of linear integer inequalities. However, for real-world programs these formulas tend to become large, which affects scalability of analyses. To address this problem, researchers developed complementary approaches which either remove redundant inequalities or extract a subset of inequalities sufficient for specific reasoning, i.e., formula slicing. For arbitrary linear integer inequalities, such reduction approaches either have high complexities or over-approximate. However, efficiency and precision of these approaches can be improved for a restricted type of logical formulas used in relational numerical abstract domains. While previous work investigated custom efficient redundant inequality elimination for Zones states, our work examines custom semantic slicing algorithms that identify a minimal set of changed inequalities in Zones states. The client application of the minimal changes in Zones is an empirical study on comparison between invariants computed by data-flow analysis using Zones, Intervals and Predicates numerical domains. In particular, evaluations compare how our proposed algorithms affect the precision of comparing Zones vs. Intervals and Zones vs. Predicates abstract domains. The results show our techniques reduce the number of variables by more than 70 % and the number of linear inequalities by 30 %, comparing to those of full states. The approach refines the granularity of comparison between domains, reducing incomparable invariants between Zones and Predicates from 52 % to 4 %, and increases equality of Intervals and Zones, invariants from 27 % to 71 %. Finally, the techniques improve the comparison efficiency by reducing total runtime for all subject comparisons for Zones and Predicates from over four minutes to a few seconds.
KW - Abstract domains
KW - Abstract interpretation
KW - Program analysis
KW - Static analysis
UR - https://www.scopus.com/pages/publications/85164948510
U2 - 10.1007/978-3-031-35257-7_13
DO - 10.1007/978-3-031-35257-7_13
M3 - Conference contribution
AN - SCOPUS:85164948510
SN - 9783031352560
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 221
EP - 239
BT - Theoretical Aspects of Software Engineering - 17th International Symposium, TASE 2023, Proceedings
A2 - David, Cristina
A2 - Sun, Meng
PB - Springer Science and Business Media Deutschland GmbH
T2 - 17th International Symposium on Theoretical Aspects of Software Engineering, TASE 2023
Y2 - 4 July 2023 through 6 July 2023
ER -