static analysis by abstract interpretationrxg/cpsc509/staticanalysis.pdf · static analysis by...
TRANSCRIPT
Static AnalysisBy
Abstract Interpretation
Jeffrey Goh, Peiyu Xiong, Yingying WangNovember 20, 2019
Goals for today
● Get a brief understanding of Static Analysis and Abstract Interpretation
● Design an Abstract Interpreter to analyze a simple program
2
Outline
● Introduction to Static Analysis
○ What is static analysis
○ Why we need static analysis
○ What can we use static analysis for
● Concrete vs. Abstract Interpretation
● Design an Abstract Interpreter: Sign Analysis
● Theoretical Guarantees for Sound Approximation
● Summary
● References
3
“Program testing can be used to show the presence of bugs, but never to show their absence.”
- Edsger W. Dijkstra, 1970 [1]
Bugs are Everywhere
4Picture: Patrick Cousot, ICSME’14. https://www.di.ens.fr/~cousot/publications.www/slides-public/2014-10-02-PCousot-ICSME-1-1.pdf [1]: Edsger W. Dijkstra. Notes on structured programming. Technical Report EWD249, Technological University Eindhoven, 1970.
Better to Prove the Absence of Bugs!
5
Picture: Patrick Cousot, ICSME’14. https://www.di.ens.fr/~cousot/publications.www/slides-public/2014-10-02-PCousot-ICSME-1-1.pdf
Applications of Static Analysis
● Program optimization, e.g.,○ Dead code detection
○ Loop invariants
○ Automatic parallelization
● Program correctness, e.g.,○ Type inference
○ Null pointer dereferences
○ Division by zero error
○ Security vulnerabilities
● Program development, e.g., ○ Debugging
○ Refactoring
○ Program understanding
6
● Analyze program without running it
● Overview:
○ Type Analysis
○ Dataflow Analysis
○ Point-to Analysis
○ …
○ Abstract Interpretation
Introduction to Static Analysis
7
● Analyze program without running it
● Overview:
○ Type Analysis
○ Dataflow Analysis
○ Point-to Analysis
○ …
○ Abstract Interpretation
Introduction to Static Analysis
8
Example: Array Index Out of Bound Problem
9
i := 0;while (i<5) do
i := i+2…
i := 0
while (i<5)
i := i+2
...
● I: index of an array
● Examine i for array index out-of-bound exception
Example: Array Index Out of Bound Problem
10
i := 0;while (i<5) do
i := i+2…
i := 0
while (i<5)
i := i+2
...
● I: index of an array
● Examine i for array index out-of-bound exception
{0}
{0}
{2}
∅
Example: Array Index Out of Bound Problem
11
i := 0;while (i<5) do
i := i+2…
i := 0
while (i<5)
i := i+2
...
{0}
{0,2}
{2,4}
∅
● i: index of an array
● Examine i for array index out-of-bound exception
Example: Array Index Out of Bound Problem
12
i := 0;while (i<5) do
i := i+2…
i := 0
while (i<5)
i := i+2
...
{0}
{0,2,4}
{2,4,6}
∅
● i: index of an array
● Examine i for array index out-of-bound exception
Example: Array Index Out of Bound Problem
13
i := 0;while (i<5) do
i := i+2…
i := 0
while (i<5)
i := i+2
...
{0}
{0,2,4,6}
{2,4,6}
{6}
● i: index of an array
● Examine i for array index out-of-bound exception
Concrete Interpretation
Expensive When Program Scales
14
i := 0;while (i<500) do
i := i+2…
i := 0
while (i<5)
i := i+2
...
{0}
● i: index of an array
● Examine i for array index out-of-bound exception
while (i<500) {0,2,4,....., 500}
{2,4,....., 500}
{500}
Concrete Interpretation
Expensive When Program Scales
15
i := 0
while (i<5)
i := i+2
...
{0}
● i: index of an array
● Examine i for array index out-of-bound exception
while (i<500) {0,2,4,....., 500}
{2,4,....., 500}
{500}
Concrete Interpretation
i := 0;while (i<500) do
i := i+2…
👉 Only care about - min(i)- max(i)
Rather, Use Abstract Interpretation
16
i := 0
i := i+2
...
[0, 0]
[0, 0]
[2, 2]
∅
● i: index of an array
● Examine i for array index out-of-bound exception
while (i<500)
Abstract Interpretation
i := 0;while (i<500) do
i := i+2…
Rather, Use Abstract Interpretation
17
i := 0
while (i<500)
i := i+2
...
[0, 0]
[0, 2]
[2, 4]
∅
● i: index of an array
● Examine i for array index out-of-bound exception👉 Only care about - min(i)- max(i)
Abstract Interpretation
i := 0;while (i<500) do
i := i+2…
Rather, Use Abstract Interpretation
18
i := 0
while (i<500)
i := i+2
...
[0, 0]
[0, 4]
[2, 6]
∅
● i: index of an array
● Examine i for array index out-of-bound exception👉 Only care about - min(i)- max(i)
Abstract Interpretation
i := 0;while (i<500) do
i := i+2…
Rather, Use Abstract Interpretation
19
i := 0
while (i<500)
i := i+2
...
[0, 0]
[0, 498]
[2, 500]
● i: index of an array
● Examine i for array index out-of-bound exception
∅
👉 Only care about - min(i)- max(i)
Abstract Interpretation
i := 0;while (i<500) do
i := i+2…
Rather, Use Abstract Interpretation
20
i := 0
while (i<500)
i := i+2
...
[0, 0]
[0, 500]
[2, 500]
[500,500]
● i: index of an array
● Examine i for array index out-of-bound exception👉 Only care about - min(i)- max(i)
Abstract Interpretation
i := 0;while (i<500) do
i := i+2…
RE Ron’s Question: What is Abstract Interpretation (AI)?
● Formal verification
○ Proving that its semantics (describing "what the program executions actually do")
satisfies its specification (describing "what the program executions are supposed
to do").
● Sound approximation of the semantics of computer programs
○ No conclusion derived from the abstract semantics is wrong relative to the program concrete semantics and specification
● May result in false alarm/ false positives
21
22
Abstraction must be Sound
Error / Failure / Unexpected behavior ..
Diagram inspired by: Patrick Cousot, ICSME’14. https://www.di.ens.fr/~cousot/publications.www/slides-public/2014-10-02-PCousot-ICSME-1-1.pdf
Error / Failure / Unexpected behavior ..
23
Abstraction should be Precise
Diagram inspired by: Patrick Cousot, ICSME’14. https://www.di.ens.fr/~cousot/publications.www/slides-public/2014-10-02-PCousot-ICSME-1-1.pdf
24
Abstraction should be Precise
Error / Failure / Unexpected behavior ..
Acceptable (but not ideal)
Diagram inspired by: Patrick Cousot, ICSME’14. https://www.di.ens.fr/~cousot/publications.www/slides-public/2014-10-02-PCousot-ICSME-1-1.pdf
25
Abstraction should be Precise
Error / Failure / Unexpected behavior ..
Better
Diagram inspired by: Patrick Cousot, ICSME’14. https://www.di.ens.fr/~cousot/publications.www/slides-public/2014-10-02-PCousot-ICSME-1-1.pdf
26
Abstraction should be Precise
Error / Failure / Unexpected behavior ..
Much Better!
Diagram inspired by: Patrick Cousot, ICSME’14. https://www.di.ens.fr/~cousot/publications.www/slides-public/2014-10-02-PCousot-ICSME-1-1.pdf
Concrete value C
Concrete value C’
OperationalSemantics
Abstract Interpretation Processes
27
Concrete Domain
Abstract Domain
Concrete value C
Concrete value C’
Abstract value A
Abstract value A’
OperationalSemantics
❶
Abstract Interpretation Processes
28
Concrete Domain
Abstract Domain
Concrete value C
Concrete value C’
Abstract value A
Abstract value A’
OperationalSemantics
Abstraction (α)
Concretization (𝛄)
❶
❷
Abstract Interpretation Processes
29
Concrete Domain
❷
Abstract Domain
Concrete value C
Concrete value C’
Abstract value A
Abstract value A’
OperationalSemantics
Abstract semantics
Concretization (𝛄)
❶
❷
❸
Abstract Interpretation Processes
30
Concrete Domain
❷
Abstraction (α)
Sign Analysis: • Tracks the sign (+, -, 0) of variables
Can be used for:
• Program correctness: • Division by zero
• Banking program erroneously allow for negative
values
• Program optimization:
• Store pos values as unsigned integers or 0s as
“false” Boolean literals
• ...
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Is x always ≥ 0 in this program?
31
Abstract Domain
Concrete value C
Concrete value C’
Abstract value A
Abstract value A’
OperationalSemantics
Abstract semantics
Abstraction (α)
❶
❷
❸
Abstract Interpretation Processes
32
Concrete Domain
❷ Concretization (𝛄)
● Select the Abstract Property:
● Identify the Abstract Domain:
Step 1: Design an Abstract Domain
33
Sign of integers
Sign = { + , - , 0 }
Is x always ≥0 in this program?
Abstract Domain
Concrete value C
Concrete value C’
Abstract value A
Abstract value A’
OperationalSemantics
Abstract semantics
Abstraction (𝛂)
Concretization (𝛄)
❶
❷
❸
Abstract Interpretation Processes
34
Concrete Domain
❷
Step 2: Abstraction and Concretization Functions
35
𝛂
● Abstraction function (𝛂): maps sets of concrete elements to the most precise value in the abstract domain
Step 2: Abstraction and Concretization Functions
36
𝛄
● Concretization function (𝛄): maps abstract value back to the sets of concrete elements
𝛄
Quiz! (Kidding)
37
Syntax
Function definition Concrete (Eval) & Abstract (AEval)
Prove the following propositions:
Example from John A. Paulson. Abstract Interpretation. 2015. https://www.seas.harvard.edu/courses/cs252/2015fa/lectures/Lec05-AbstractInt.pdf
Abstract Domain
Concrete value C
Concrete value C’
Abstract value A
Abstract value A’
OperationalSemantics
Abstract semantics
Abstraction (α)
Concretization (𝛄)
❶
❷
❸
Abstract Interpretation Processes
38
Concrete Domain
❷
Step 3: Abstract Semantics
39
To ensure the soundness of abstract interpretation, the abstract semantics must faithfully models concrete semantics
* Diagram: Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
Step 3: Abstract Semantics
40
Assumption: assume abstract semantics for control structures (if-condition and while-loop) have relatively similar structure in operational semantics.
Step 3: Abstract Semantics
41
Addition Subtraction Multiplication
Boolean
Diagrams from Anders Møller and Michael I. Schwartzbach. Static Program Analysis Part 3 - lattices and fixpoints. https://cs.au.dk/~amoeller/spa/3%20-%20lattices%20and%20fixpoints.pdf
42
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Z => ZeroP => Positive
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
43
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
44
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
45
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Conclude all possible behaviors → go into all branches in this program
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
46
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
47
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
48
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
49
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
50
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
51
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
52
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}Combine the solution from two branch
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
53• When the information mismatch → take the union of them
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Second Iteration
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
54• When the information mismatch → take the union of them
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Second Iteration
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
55
• No update from more iterations → reach the fixed point of the program
• Stable Over Approximation from fixed point program
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
Third Iteration
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
56
x = 0; y = 1;
while (y<=n) {
if (z==0){x = x+1;
}else{
x=x+y;}y=y+1;
}
x is never less than 0 !
Example from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
Limitations of Abstract Interpretation: lost precision
57Example from Emina Torlak. Static Analysis. Lecture Note. 2016. https://courses.cs.washington.edu/courses/cse403/16au/lectures/L15.pdf
The Abstraction should be Built based on the Needs
58Slide from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
Theoretical guarantees for safe approximation?
59
Theoretical guarantees for safe approximation?● Abstract Domain is a Lattice with finite height
● Abstraction function (𝛂) and Concretization function (𝛄)
form a Galois Insertion
60
Background, Set Theory: Partial orders
Partial order (S, ⊑) is a binary relation ⊑ on set S that satisfies:
• Reflexivity: ∀x ∈ S. x⊑x
• Transitivity: ∀x,y,z ∈ S. x⊑y ⋀ y⊑z ⟹ x⊑z
• Anti-symmetry: ∀x,y ∈ S. x⊑y ⋀ y⊑x ⟹ x=y
61
Background, Set Theory: Partial orders
Partial order (S, ⊑) is a binary relation ⊑ on set S that satisfies:
• Reflexivity: ∀x ∈ S. x⊑x
• Transitivity: ∀x,y,z ∈ S. x⊑y ⋀ y⊑z ⟹ x⊑z
• Anti-symmetry: ∀x,y ∈ S. x⊑y ⋀ y⊑x ⟹ x=y
Assume
• a set S = {1, 2, 3, 6, 8, 12, 24}
• Binary relation “can be divided by”
62
Background, Set Theory: Partial orders
Partial order (S, ⊑) is a binary relation ⊑ on set S that satisfies:
• Reflexivity: ∀x ∈ S. x⊑x
• Transitivity: ∀x,y,z ∈ S. x⊑y ⋀ y⊑z ⟹ x⊑z
• Anti-symmetry: ∀x,y ∈ S. x⊑y ⋀ y⊑x ⟹ x=y
Assume
• a set S = {1, 2, 3, 6, 8, 12, 24}
• Binary relation “can be divided by”
Choose subset X = {2,3}, we get compute:
63
2 3
Background, Set Theory: Partial orders
Partial order (S, ⊑) is a binary relation ⊑ on set S that satisfies:
• Reflexivity: ∀x ∈ S. x⊑x
• Transitivity: ∀x,y,z ∈ S. x⊑y ⋀ y⊑z ⟹ x⊑z
• Anti-symmetry: ∀x,y ∈ S. x⊑y ⋀ y⊑x ⟹ x=y
Assume
• a set S = {1, 2, 3, 6, 8, 12, 24}
• Binary relation “can be divided by”
Choose subset X = {2,3}, we get compute:
• Upper bound: {6,12,24}
64
2 3
6
12
324
Partial order (S, ⊑) is a binary relation ⊑ on set S that satisfies:
• Reflexivity: ∀x ∈ S. x⊑x
• Transitivity: ∀x,y,z ∈ S. x⊑y ⋀ y⊑z ⟹ x⊑z
• Anti-symmetry: ∀x,y ∈ S. x⊑y ⋀ y⊑x ⟹ x=y
Assume
• a set S = {1, 2, 3, 6, 8, 12, 24}
• Binary relation “can be divided by”
Choose subset X = {2,3}, we get compute:
• Upper bound: {6,12,24}
• Lower bound: {1}
Background, Set Theory: Partial orders
65
2 3
1
Partial order (S, ⊑) is a binary relation ⊑ on set S that satisfies:
• Reflexivity: ∀x ∈ S. x⊑x
• Transitivity: ∀x,y,z ∈ S. x⊑y ⋀ y⊑z ⟹ x⊑z
• Anti-symmetry: ∀x,y ∈ S. x⊑y ⋀ y⊑x ⟹ x=y
Assume
• a set S = {1, 2, 3, 6, 8, 12, 24}
• Binary relation “can be divided by”
Choose subset X = {2,3}, we get compute:
• Upper bound: {6,12,24}
• Lower bound: {1}
• Least upper bound (LUB): {6}
Background, Set Theory: Partial orders
66
2 3
6
12
324
Partial order (S, ⊑) is a binary relation ⊑ on set S that satisfies:
• Reflexivity: ∀x ∈ S. x⊑x
• Transitivity: ∀x,y,z ∈ S. x⊑y ⋀ y⊑z ⟹ x⊑z
• Anti-symmetry: ∀x,y ∈ S. x⊑y ⋀ y⊑x ⟹ x=y
Assume
• a set S = {1, 2, 3, 6, 8, 12, 24}
• Binary relation “can be divided by”
Choose subset X = {2,3}, we get compute:
• Upper bound: {6,12,24}
• Lower bound: {1}
• Least upper bound (LUB): {6}
• Greatest lower bound (GLB): {1}
Background, Set Theory: Partial orders
67
2 3
1
● Lattice def.
○ Partial order (S, ⊑)
○ ∀ a,b ∈S. GLB(a,b) and LUB(a,b) always exists and unique
Background, Set Theory: Lattice
68
Diagrams from Anders Møller and Michael I. Schwartzbach. Static Program Analysis Part 3 - lattices and fixpoints. https://cs.au.dk/~amoeller/spa/3%20-%20lattices%20and%20fixpoints.pdf
● Lattice def.
○ Partial order (S, ⊑)
○ ∀ a,b ∈S. GLB(a,b) and LUB(a,b) always exists and unique
Background, Set Theory: Lattice
69
Diagrams from Anders Møller and Michael I. Schwartzbach. Static Program Analysis Part 3 - lattices and fixpoints. https://cs.au.dk/~amoeller/spa/3%20-%20lattices%20and%20fixpoints.pdf
Background, Set Theory: Lattice
● Lattice def.
○ Partial order (S, ⊑)
○ ∀ a,b ∈S. GLB(a,b) and LUB(a,b) always exists and unique
● Lattice height:
○ The length of the longest path from Top to Bottom
70
Diagrams from Anders Møller and Michael I. Schwartzbach. Static Program Analysis Part 3 - lattices and fixpoints. https://cs.au.dk/~amoeller/spa/3%20-%20lattices%20and%20fixpoints.pdf
Sign Analysis Example Revisited
Our abstract domain is a (powerset) lattice (with finite height)
71
(S, ⊑) = (P(Sign), ⊆)
Sign Analysis Example Revisited
Our abstract domain is a (powerset) lattice (with finite height)
Lattice so that we can converge the results
● (x = +) ∨ (x = -) ⟹ (x = non-zero)
Finite height so that we can reach the fixed point
● x=0; while (true) {x=x+1} ○ Integer domain: non-termination○ Sign domain: x = +
72
(S, ⊑) = (P(Sign), ⊆)
Theoretical guarantees for safe approximation?● Abstract Domain is a Lattice with finite height
● Abstraction function (𝛂) and Concretization function (𝛄)
form a Galois Insertion
73
Theoretical guarantees for safe approximation?● Abstract Domain is a Lattice with finite height
● Abstraction function (𝛂) and Concretization function (𝛄)
form a Galois Insertion
74
𝛂, 𝛄 Functions Should Form a Galois Insertion
75Diagram from Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014.https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
Such that We Can a Sound Approximation
76Diagrams from Anders Møller and Michael I. Schwartzbach. Static Program Analysis Part 3 - lattices and fixpoints. https://cs.au.dk/~amoeller/spa/3%20-%20lattices%20and%20fixpoints.pdf
Summary
77
Racket Your Abstract Interpreter
http://matt.might.net/articles/intro-static-analysis/
DrRacket example by Matt Might
78
● Patrick Cousot and Radhia Cousot, “Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Constructions or Approximation of Fixpoints”, in Conference Record of the Sixth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 238—252, 1977. http://doi.acm.org/10.1145/512950.512973
● Vijay D'Silva, Daniel Kroening and Georg Weissenbacher, “A Survey of Automated Techniques for Formal Software Verification”, in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 27, no. 7, pp. 1165-1178, July 2008. https://ieeexplore.ieee.org/document/4544862
● Anders Møller and Michael I. Schwartzbach, “Static Program Analysis”, Department of Computer Science, Aarhus. October 2018. https://cs.au.dk/~amoeller/spa/
References
79
References
Slides partially taken from / inspired by: ● Patrick Cousot, ICSME, 2014.
https://www.di.ens.fr/~cousot/COUSOTtalks/ICSME14.shtml
● Işil Dillig. A Gentle Introduction to Program Analysis. Programming Languages Mentoring Workshop. January 2014. https://www.cis.upenn.edu/~alur/CIS673/isil-plmw.pdf
● Susan B. Horwitz. Abstract Interpretation. 2013. http://pages.cs.wisc.edu/~horwitz/CS704-NOTES/10.ABSTRACT-INTERPRETATION.html
● Anders Møller and Michael I. Schwartzbach. Static Program Analysis Part 3 - Lattices and Fixpoints. https://cs.au.dk/~amoeller/spa/3%20-%20lattices%20and%20fixpoints.pdf
● Anders Møller and Michael I. Schwartzbach. Static Program Analysis Part 10 - Abstract Interpretation. https://cs.au.dk/~amoeller/spa/10%20-%20abstract%20interpretation.pdf
● John A. Paulson. Abstract Interpretation. 2015. https://www.seas.harvard.edu/courses/cs252/2015fa/lectures/Lec05-AbstractInt.pdf
● Emina Torlak. Static Analysis. 2016. https://courses.cs.washington.edu/courses/cse403/16au/lectures/L15.pdf 80