Static Analysis: 17th International Symposium, SAS 2010, by E. Allen Emerson (auth.), Radhia Cousot, Matthieu Martel

This publication constitutes the refereed complaints of the sixteenth overseas Symposium on Static research, SAS 2010, held in Perpignan, France in September 2010. The convention used to be co-located with three affiliated workshops: NSAD 2010 (Workshop on Numerical and Symbolic summary Domains), SASB 2010 (Workshop on Static research and platforms Biology) and TAPAS 2010 (Tools for computerized application Analysis). The 22 revised complete papers awarded including four invited talks have been rigorously reviewed and chosen from fifty eight submissions. The papers deal with all points of static research together with summary domain names, malicious program detection, facts stream research, common sense programming, platforms research, variety inference, cache research, move research, verification, summary checking out, compiler optimization and application verification.

Extra info for Static Analysis: 17th International Symposium, SAS 2010, Perpignan, France, September 14-16, 2010. Proceedings

3 Transition Predicate Abstraction (TPA) Transition predicate abstraction [32] is a method to compute transition invariants, just as predicate abstraction is a method to compute invariants. The method takes as input a selection of finitely many binary relation over states. We call these relations transition predicates. For this section we fix a finite set of transition predicates P. We usually refer to a transition predicate by the formula that defines it. Definition 18 (Set of abstract transitions TP# ).

This is Theorem 4 from [27]. For “only if” (⇒), suppose P is size-change terminating and that Gπ in cl(G) is idempotent: Gπ = Gπ ; Gπ . By Definition 5, the infinite call sequence π ω = π, . . , π, π, . . has an infinitely descending thread. Consider this thread’s position at the start of each π in π ω . There are finitely many variables, so the thread must visit some variable x infinitely often. Thus there must be n, x such that π n has a thread from x to x containing ↓ ↓ x → x. By Definition 6, arc x → x is in Gπn .

We thus obtain a better upper bound for the complexity. – The decision problem can be further reduced to a decision problem where the inclusion in the question “cl({aτ | τ ∈ T }) ⊆ GOOD” is restricted to a subset of abstract relations. , where a ◦# a = a. Thus, we can replace the input parameter GOOD by a subset of GOOD (containing idempotent elements only), and reserve the well-foundedness check for only those elements. We recall that both of the above decision problems require the well-foundedness of every relation denoted by an abstract relation a in GOOD.

