Directions for research in approximate system analysis

Abstract

interpretation is a formalization of program analysis based on the last idea. Program analysis algorithms approximate the incomputable collection of all possible behaviors of the program as specified by a stan­ dard semantics [6 , 3]. The central idea is that of discrete approximation, from above when more behaviors are considered than really possible (as in invariant generation for approximate safety analysis) or dually from be­ low when considering less behaviors than existing ones (as in approximate liveness analysis). The approximation may be static (e.g. Galois connec­ tion based approximation) that is made before the analysis is started or preferably dynamic (e.g. widening/narrowing based approximation) when approximations are made during the analysis itself (hence can be better adapted to its cost) [7]. Admittedly, the practical question is to find the proper cost/precision balance. Generic/parameterized abstract interpreters and hierarchies of abstrac­ tions have been designed which help solving this balancing problem. Chang­ ing the cost/precision ratio of the analysis does not involve a complete redesign of the analyzer but only a change of modules encapsulating the abstract domain and corresponding operations. From a theoretical standpoint, the numerous results available in com­ putational complexity are hardly applicable because they concern cost only but neither precision (which might be approached from a probabilistic point of view) nor (economical) benefit. In absence of more theoretical work on this subject, the answer is therefore mostly experimental. For example, fol­ lowing the failure of the maiden flight 501 of the Ariane 5 launcher [12] , a recent success story was the static analysis of Ariane’s embedded programs to prove the absence of runtime errors [9]. In contrast to simple special-purpose abstract domains (such as bit-vectors in dataflow analysis or boolean functions in strictness analysis), the effective design of wide-scope general-purpose abstract domains involves complex use of both sophisticated data structures and efficient algorithms. An example of such successful numerical abstract domain (in order to approximated a set of vectors of numbers) is the linear relation abstract domain (a set of vectors of numbers is upper approximated by its convex hull) which was