, Definability of accelerated relations in a theory of arrays and its applications, Symposium on Frontiers of Combining Systems (FCS), 2013.
, Decision procedures for flat array properties, TACAS, 2014.
, The history of language processor technology in IBM, IBM Journal of Research and Development, vol.25, issue.5, pp.535-548, 1981.
, clang: a C language family frontend for LLVM, 2017.
, A static analyzer for large safety-critical software, PLDI, 2003.
, A static analyzer for large safety-critical software, PLDI, 2003.
URL : https://hal.archives-ouvertes.fr/hal-00128135
, SLAM and static driver verifier: Technology transfer of formal methods inside microsoft, Integrated Formal Methods, 4th International Conference, IFM, pp.1-20, 2004.
, Accurate invariant checking for programs manipulating lists and arrays with infinite data, Automated Technology for Verification and Analysis -10th International Symposium, ATVA 2012, pp.167-182, 2012.
, Static Analysis on Array Contents Jiangchao Liu
, Rupak Majumdar, and Andrey Rybalchenko. Invariant synthesis for combined theories, VMCAI, 2007.
, A theory of communicating sequential processes, Journal of the ACM (JACM), vol.31, issue.3, pp.560-599, 1984.
, Programs and their proofs: an algebraic approach, DTIC Document, 1968.
, What's decidable about arrays? In VMCAI, 2006.
, Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints, POPL, 1977.
, Systematic design of program analysis frameworks, POPL, 1979.
, A survey on product operators in abstract interpretation, 2013.
, A parametric segmentation functor for fully automatic and scalable array content analysis, POPL, 2011.
URL : https://hal.archives-ouvertes.fr/inria-00543874
, Automatic analysis of open objects in dynamic language programs, SAS, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01095955
, QUIC graphs: Relational invariant generation for containers, ECOOP, 2013.
, QUIC graphs: relational invariant generation for containers, VMCAI, 2015.
, Design and synthesis of synchronization skeletons using branching time temporal logic. Logics of programs, pp.52-71, 1982.
, Automatic discovery of linear restraints among variables of a program, POPL, 1978.
, Automatic discovery of linear restraints among variables of a program, 5th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL'78), pp.84-96, 1978.
, An abstract domain to infer octagonal constraints with absolute value, Static Analysis -21st International Symposium, pp.101-117, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01105217
, A sound floating-point polyhedra abstract domain, APLAS, 2008.
URL : https://hal.archives-ouvertes.fr/hal-00531567
, Relational inductive shape analysis, POPL, 2008.
, Modular construction of shapenumeric analyzers, Semantics, Abstract Interpretation, and Reasoning about Programs (SAIRP), 2013.
, Fluid updates: Beyond strong vs. weak updates, ESOP, 2010.
, Precise reasoning for programs using containers, POPL, 2011.
, Linux driver for eicon diva server, pp.2017-2027
, A local shape analysis based on separation logic, TACAS, 2006.
, Dialogic products and solutions, pp.2017-2027
, Assigning meanings to programs, Proceedings of Symposium on Applied Mathematics, vol.19, pp.19-32, 1967.
, Donut Domains: Efficient Non-convex Domains for Abstract Interpretation, TACAS, pp.235-250, 2004.
, The nesc language: A holistic approach to networked embedded systems, Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, pp.1-11, 2003.
, Lifting abstract interpreters to quantified logical domains, POPL, 2008.
, A framework for numeric analysis of array operations, POPL, 2005.
, An axiomatic basis for computer programming, Communications of the ACM, vol.12, issue.10, pp.576-580, 1969.
, Discovering properties about arrays in simple programs, PLDI, 2008.
URL : https://hal.archives-ouvertes.fr/hal-00288274
, Array abstraction from proofs, CAV, 2007.
, Apron: A library of numerical abstract domains for static analysis, CAV, 2009.
URL : https://hal.archives-ouvertes.fr/hal-00786354
, Affine relationships among the variables of a program, 1976.
, Introduction to metamathematics, vol.483, 1952.
, Formal verification of an os kernel, Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, pp.207-220, 2009.
, Finding loop invariants for programs over array using a theorem prover, Ambient Intelligence, 2004.
, Abstraction of arrays based on non contiguous partitions, VMCAI, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01095985
, Program analysis for overlaid data structures, CAV, 2011.
, A simple abstraction of arrays and maps by program translation, SAS, pp.217-234, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01162795
, Quantified invariant generation using an interpolation saturation prover, TACAS, 2008.
, Cell morphing: From array programs to array-free horn clauses, SAS, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01206882
, Weakly relational abstract domains, 2004.
, Relational domains for the detection of floating point run-time errors, ESOP, 2004.
, The octagon abstract domain. HOSC, pp.2017-2027, 2006.
, Static analysis by abstract interpretation of functional properties of device drivers in tinyos, Journal of Systems and Software, vol.120, pp.114-132, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01350646
, Advanced development of certified os kernels, 2010.
, Nicolas Palix
, Faults in linux: ten years later, Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2011.
URL : https://hal.archives-ouvertes.fr/inria-00509256
, Separation logic: A logic for shared mutable data structures, LICS, 2002.
, Construction of abstract domains for heterogeneous properties (position paper), International Symposium On Leveraging Applications of Formal Methods, Verification and Validation, pp.489-492, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01095977
, Theory of linear and integer programming, 1998.
, Outline of a mathematical theory of computation, 1970.
, s:i02] The chinook helicopter disaster, IMIS journal, vol.12, issue.2, 2002.
, Exploiting sparsity in polyhedral analysis, SAS, vol.3672, pp.336-351, 2005.
, The undefined domain: precise relational information for entities that do not exist, APLAS, 2013.
, Abstraction refinement for quantified array assertions, SAS, 2009.
, Hierarchical shape abstraction of dynamic structures in static blocks, APLAS, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00760427
, Parametric shape analysis via 3-valued logic, POPL, 1999.
, Parametric shape analysis via 3-valued logic, POPL, 1999.
, Summarized dimensions revisited, 2012.
, The economic impacts of inadequate infrastructure for software testing. National Institute of Standards and Technology, RTI Project, vol.7007, issue.011, 2002.
, Reduced product combination of abstract domains for shapes, VMCAI, pp.2016-2026, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00760428
, Operating systems: design and implementation, vol.2, 1987.
, Static analysis of runtime errors in interrupt-driven programs via sequentialization, ACM Trans. Embedded Comput. Syst, vol.15, issue.4, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01360581
, Safe to the last instruction: automated verification of a type-safe operating system, ACM Sigplan Notices, vol.45, pp.99-110, 2008.
, Static Analysis on Array Contents Jiangchao Liu
, Topology of the parent relations in a task table
, Topology of the structural properties
, Non-contiguous partitioning on the m next array, p.17
, Comparison of Cartesian product with coalescing, p.20
, Abstraction of numeric relations on different dimensions, p.22
, Main idea in Maya domain
, Grammar of a simple imperative language
, 2 Denotational semantics of a simple imperative language, p.27
, The join of two convex polyhedra
, An abstract semantics of the target language
, Extension of the language
, Four types of variables in the language
, Condition test abstract transfer function
, Full algorithm for the verification of a constraint, p.44
, Weak concrete semantics of condition tests
, Applicaiton of Maya+ functor on A Simple Array Analysis, p.51
,
, Extension of the language with composite type
, Minix 1.1 Memory Management Process Table (MMPT) structure, vol.57
, A simplified excerpt of cleanup
,
, A partitioning of mproc based on non contiguous groups, p.62
, An concrete state and a corresponding abstact state, p.64
, Partition splitting in array a from abstract state a, p.65
, Partition creation in array a from abstract state a, p.66
, Static Analysis on Array Contents Jiangchao Liu
, 67 5.10 The algorithm of the condition test transfer function, p.71
, The abstract state before the condition test at line 7, p.72
, The algorithm of the assignment transfer function
, Analysis on two assignments
, Impact of the group matching on the abstract join, p.76
, The algorithm of the join operator
, Join of a one group state with a two groups state, p.79
, The algorithm of the widening operator
, Widening result of two abstracts with different partitions, p.81
, The algorithm of the inclusion check operator
, Analysis of the cleanup excerpt
, 4, with 16 Gb of RAM, on an Intel Xeon E3 desktop, running at 3.2 GHz), vol.87
,
, Three linked lists in one array
, Code of function create
, Abstract state corresponding to R aos
, Unfolding algorithm in coalescing domain
,
, Folding algorithm in coalescing domain
, The abstract state before guard
, The abstract state after resolving
, 107 6.10 Transfer functions in the coalesced domain
, The abstract state before the assignment
, The abstract state after resolving and decomposition, vol.109
, The abstract state after the assignment
, The algorithm of the widening operator
, The algorithms of the join and inclusion checking, p.113
, The input states for lattice operators
, The result of lattice operators
, Definition (Concretization function)
, Definition (Soundness of abstract join)
, Definition (Soundness of abstract inclusion checking), p.30
, Definition (Soundness of abstract guard)
, Definition (Soundness of abstract assignment), p.30
, Definition (Concrete States)
, Definition (Abstract states in the Maya domain), p.37
, Definition (Concretization function in the Maya domain), p.37
, Definition (Independence property)
, Definition (The bi-avatar principle)
, Definition (Analysis of condition tests in the Maya domain), p.42
, Definition (Transfer functions for assignments), vol.46
, Definition (Algorithms of inclusion checking, join and widening), p.47
, Definition (Concretization in summarizing numeric domains), p.48
, Definition (Concretization in the Maya+ domain), p.49
, Definition (The transfer function for assignments), p.50
, Definition (The transfer function for condition tests), p.50
, Definition (Concrete states)
, Definition (Memory predicates)
, Definition (Numeric predicates), p.61
, Definition (Abstract states in the array domain), p.61
, Definition (Concretization of numeric predicates), p.63
, Definition (Concretization of abstract states in the array domain), vol.63
, Definition (Local disjunction join)
, Definition (The transfer function for condition tests), p.70
, Definition (The transfer function for assignments)
, Definition (Widening for abstract states with compatible partitions), p.79
, Definition (Widening algorithm)
, Definition (Includsion checking)
, Definition (Concrete states)
, Static Analysis on Array Contents Jiangchao Liu
, Definition (A signature of memory abstract domains: D m ), p.95
, Definition (Inductive predicates)
, Definition (Memory predicates of a shape domain), p.96
, Definition (Concretization function in the shape domain), p.97
, Coalescing Inductive Predicates), p.98
, Definition (Concretization function in the coalescing domain), p.98
, Definition (The array/shape coalescing domain), p.99
, Definition (Unfolding algorithm)
, Definition (Folding algorithm)
, Definition (The algorithm of the decomposition operators), vol.106
, Definition (The transfer function for condition tests), p.106
, Definition (The transfer function for assignments), p.108
, Compatible abstract states)
, Definition (Lattice operators over compatible abstract states), p.110
, Definition (The algorithm of widening)
, Definition (The algorithms of join and inclusion checking), p.112
, Definition (Abstract semantics in the coalescing domain), p.114
, Theorem (The bi-avatar principle satisfying the independence property), p.40
, Theorem (The expressivenss of abstract states that follow the bi-avatar principle)
, Theorem (Soundness of the transfer function for condition tests), p.42
, Theorem (Perservation of bi-avatar principle by condition test), p.42
, Theorem (Soundness of transfer functions for assignments), vol.46
, Soundness of lattice operators)
, Theorem (Soundness of the transfer function for condition tests), p.48
, Theorem (Soundness of the transfer function for assignments), p.49
, Theorem (Soundness of the transfer function for assignments), p.50
, Theorem (Soundness of the transfer function for condition tests), p.50
, Theorem (Soundness of the splitting operator), p.65
, Theorem (Soundness of the creation operator), p.66
, Theorem (Soundness of the merging operator), p.67
, Theorem (Soundness of the reduction operator), p.68
, Soundness of local disjunction join), p.70
, Theorem (Soundness of the transfer function for condition tests), p.71
, Theorem (Soundness of the transfer function for assignments), p.73
, Theorem (Soundness of the join algorithm)
, Theorem (Soundness and termination of the widening algorithm), p.81
, Soundness of inclusion checking), p.82
, Soundness of abstract semantics), p.83
, Soundness of unfolding algorithm), p.103
, Soundness of folding algorithm), p.105
, Theorem (Soundness of the resolving operator), p.105
, Theorem (Soundness of the reduction operator), p.106
, Theorem (Soundness of the transfer function for condition tests), p.107
, Theorem (Soundness of the transfer function for assignments), vol.109
, Soundness of lattice operators)
, Theorem (Soundness and termination of the widening operator), vol.112
, Theorem (Soundness of join and inclusion checking), p.112
, Theorem (Soundness of the abstract semantics in the coalescing domain), p.114
, Example (A list in one array)
, Example (The polyhedra abstract domain)
, Example (Abstract join in the polyhedra domain), p.29
, Example (Abstract inclusion checking in the polyhedra domain), p.30
, Example (Abstract guard in the polyhedra domain), p.30
, Example (Abstract assignment in the polyhedra domain), p.31
, Example (Widening in the polyhedra domain), p.31
, Example (Abstract semantics in the polyhedra domain), p.31
, Example (Concrete semantics of condition tests), p.35
, Example (A program with optional variables), p.36
, Example (An abstract state in the Maya domain), p.37
, Example (The concretization of an abstract state in the Maya domain), p.38
, Example (Choice of avatar dimensions)
, Example (Independence property)
, Example (Multiple avatar dimensions for one variable), p.39
, Example (The bi-avatar pirnciple)
, Example (The expressivenss of the bi-avatar principle), p.41
, Example (Transfer functions for condition tests), p.42
, Example (Transfer functions for assignments), vol.46
, Example (Concretization in the Maya+ domain), p.49
, Example (Memory predicates)
, Example (Numeric predicates), p.61
, Example (Concretization of abstract states in the array domain), vol.63
, Example (The splitting operator)
, Example (The creation operator)
, Example (The merging operator)
, Example (The transfer function for condition tests), p.71
, Example (The transfer function for assignments), p.73
, Example (The transfer function for assignments), p.74
, Example (The partition compatibility problem), p.76
, Join algorithm)
, Example (Widening algorithm)
, Example (Inductive predicates in a shape domain), p.97
, Coalescing inductive definition)
, Example (A coalescing inductive predicate on sorted lists in arrays), p.100
, Unfolding algorithm)
, Example (Folding algorithm)
, Example (The transfer function for condition tests), p.106
, Example (The transfer function for assignments), p.108
, Join and widening)
, Jiangchao Liu Static Analysis on Array Contents