Abstract

Born in the late 70s, Abstract Interpretation has proven an effective method to construct static analyzers. It has led to successful program analysis tools routinely used in avionic, automotive, and space industries to help ensuring the correctness of mission-critical software. This tutorial presents Abstract Interpretation and its use to create static analyzers that infer numeric invariants on programs. We first present the theoretical bases of Abstract Interpretation: how to assign a well-defined formal semantics to programs, construct computable approximations to derive effective analyzers, and ensure soundness, i.e., any property derived by the analyzer is true of all actual executions — although some properties may be missed due to approximations, a necessary compromise to keep the analysis automatic, sound, and terminating when inferring uncomputable properties.We describe the classic numeric abstractions readily available to an analysis designer: intervals, polyhedra, congruences, octagons, etc., as well as domain combiners: the reduced product and various disjunctive completions. This tutorial focuses not only on the semantic aspect, but also on the algorithmic one, providing a description of the data-structures and algorithms necessary to effectively implement all our abstractions. We will encounter many trade-offs between cost on the one hand, and precision and expressiveness on the other hand. Invariant inference is formalized on an idealized, toy-language, manipulating perfect numbers, but the principles and algorithms we present are effectively used in analyzers for real industrial programs, although this is out of the scope of this tutorial. This tutorial is intended as an entry course in Abstract Interpretation, after which the reader should be ready to read the research literature on current advances in Abstract Interpretation and on the design of static analyzers for real languages.

Tutorial on Static Inference of Numeric Invariants by Abstract Interpretation

This monograph presents Abstract Interpretation and its use to create static analyzers that infer numeric properties on programs. Abstract Interpretation, born in the late 1970s, has proven a very effective method to construct static analyzers. It has led to successful program analysis tools like PolySpace Verifier (The Mathworks) and the Astrée analyzer (AbsInt): industrial tools that are routinely used in the avionic, automotive, and space industries to help ensure the correctness of mission-critical software. Automatically inferring numeric invariants can be used to prove the absence of run-time errors, such as arithmetic overflows and out-of-bound array accesses, before the program is even run, while achieving a full coverage of the control and data space.

This monograph is based on several Master-level courses in Abstract Interpretation given by the author. It is intended as an entry course in Abstract Interpretation, after which the reader should be ready to read the research literature on current advances in Abstract Interpretation, as well as more practical articles on the design of industrial-strength static analyzers for real languages.