Download:
|
by Arnaud Venet, Kestrel Technology
http://ase.arc.nasa.gov/docs/../people/venet/pldi04.ps
Add To MetaCart
Abstract:
In this paper we describe the design and implementation of a static array-bound checker for a family of embedded programs: the flight control software of recent Mars missions. These codes are large (up to 280 KLOC), pointer intensive, heavily multithreaded and written in an objectoriented style, which makes their analysis very challenging. We designed a tool called C Global Surveyor (CGS) that can analyze the largest code in a couple of hours with a precision of 80%. The scalability and precision of the analyzer are achieved by using an incremental framework in which a pointer analysis and a numerical analysis of array indices mutually refine each other. CGS has been designed so that it can distribute the analysis over several processors in a cluster of machines. To the best of our knowledge this is the first distributed implementation of static analysis algorithms. Throughout the paper we will discuss the scalability setbacks that we encountered during the construction of the tool and their impact on the initial design decisions.
Citations
|
5824
|
Introduction to Algorithms
– Cormen, Leiserson, et al.
- 1990
|
|
1266
|
Abstract interpretation : a unified lattice model for the static analysis of programs by construction or approximation of fixpoints
– Cousot, Cousot
- 1977
|
|
436
|
Systematic Design of Program Analysis Frameworks
– Cousot, Cousot
- 1979
|
|
415
|
Points-to analysis in almost linear time
– Steensgaard
- 1996
|
|
403
|
Program analysis and specialization for the c programming language
– Andersen
- 1994
|
|
358
|
N.: Automatic discovery of linear restraints among variables of a program
– Cousot, Halbwachs
- 1978
|
|
246
|
Abstract interpretation and application to logic programs
– Cousot, Cousot
- 1992
|
|
183
|
Abstract Interpretation Frameworks
– Cousot, Cousot
- 1992
|
|
151
|
PVM 3 users guide and reference manual
– Geist, Beguelin, et al.
- 1994
|
|
146
|
Unification-based pointer analysis with directional assignments
– Das
|
|
87
|
The octagon abstract domain
– MinĂ©
- 2001
|
|
83
|
Ultra-fast aliasing analysis using CLA: A million lines of C code in a second
– Heintze, Tardieu
- 2001
|
|
79
|
A static analyzer for large safety-critical software
– Blanchet, Cousot, et al.
- 2003
|
|
77
|
Efficient chaotic iteration strategies with widenings
– Bourdoncle
- 1993
|
|
45
|
Estimating the impact of scalable pointer analysis on optimization
– Das, Liblit, et al.
- 2001
|
|
31
|
Program analysis using mixed term and set constraints
– Fahndrich, Aiken
- 1997
|
|
14
|
Modular static program analysis, invited paper
– Cousot, Cousot
- 2002
|
|
14
|
Nonuniform Alias Analysis of Recursive Data Structures and Arrays
– Venet
- 2002
|
|
12
|
Automatic analysis of pointer aliasing for untyped programs
– Venet
- 1999
|
|
10
|
A scalable nonuniform pointer analysis for embedded programs
– Venet
- 2004
|
|
5
|
A new numerical abstract domain based on di#erence-bound matrices
– Mine
- 2001
|
|
5
|
Abstract cofibered domains: Application to the alias analysis of untyped programs
– Venet
- 1996
|
|
4
|
Static analysis of the mars exploration rover flight software
– Brat, Klemm
- 2003
|
|
3
|
Parametric shape analysis using 3-valued logic
– Sagiv, Reps, et al.
- 1999
|
|
1
|
Precise and e#cient call graph construction for c programs with function pointers
– Milanova, Rountev, et al.
- 2004
|
