Construction of Abstract Domains for Heterogeneous Properties (Position Paper)

International audience; The aim of static analysis is to infer invariants about programs that are tight enough to establish semantic properties, like the absence of run-time errors. In the last decades, several branches of the static analysis of imperative programs have made significant progress, such as in the inference of numeric invariants or the computation of data structures properties (using pointer abstractions or shape analyzers). Although simultaneous inference of shape-numeric invariants is often needed, this case is especially challenging and less well explored. Notably, simultaneous shape-numeric inference raises complex issues in the design of the static analyzer itself. We study the modular construction of static analyzers, based on combinations of atomic abstract domains to describe several kinds of memory properties and value properties. Static analysis to infer heterogeneous properties. Static analysis by abstract interpreta-tion [4] utilizes an abstraction to over-approximate (non-computable) sets of program states, using computer-representable elements, that stand for logical properties of con-crete program states. As an example, for numerical properties, the interval abstract domain [4] uses constraints of the form n ≤ x and x ≤ p to describe possible values of variable x, where n, p are scalars. To construct a static analyzer capable of inferring sound approximations of program behaviors, one designs an abstract domain, which consists of an abstraction, and abstract operations for sound post-condition operators, join and widening: 1. An abstraction is defined by a set of abstract elements A and a concretization function γ : A → P(C), which maps each abstract property a into the set of concrete elements γ(a) that satisfy it. The set A of abstract elements will be assumed to be defined by a grammar of admissible logical predicates (e.g., for intervals, a(∈ A) ::= a ∧ a | n ≤ x | x ≤ p). 2. A post-condition operator is a function f : A → A which over-approximates a concrete operation f : C → P(C) encountered in programs (as, e.g., a test).