An introduction to static analysis

Similar documents
Class notes Program Analysis course given by Prof. Mooly Sagiv Computer Science Department, Tel Aviv University second lecture 8/3/2007

So let us begin our quest to find the holy grail of real analysis.

1 if 1 x 0 1 if 0 x 1


Undergraduate Notes in Mathematics. Arkansas Tech University Department of Mathematics

Static analysis of numerical programs

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

INCIDENCE-BETWEENNESS GEOMETRY

Chapter 3. Cartesian Products and Relations. 3.1 Cartesian Products

Introduction to Static Analysis for Assurance

µz An Efficient Engine for Fixed points with Constraints

Lecture 16 : Relations and Functions DRAFT

MAT Program Verication: Exercises

Cartesian Products and Relations

Regular Languages and Finite Automata

Rigorous Software Development CSCI-GA

a 11 x 1 + a 12 x a 1n x n = b 1 a 21 x 1 + a 22 x a 2n x n = b 2.

No: Bilkent University. Monotonic Extension. Farhad Husseinov. Discussion Papers. Department of Economics

MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.436J/15.085J Fall 2008 Lecture 5 9/17/2008 RANDOM VARIABLES

Real Roots of Univariate Polynomials with Real Coefficients

INDISTINGUISHABILITY OF ABSOLUTELY CONTINUOUS AND SINGULAR DISTRIBUTIONS

SOLUTIONS TO EXERCISES FOR. MATHEMATICS 205A Part 3. Spaces with special properties

1. Prove that the empty set is a subset of every set.

Lies My Calculator and Computer Told Me

Introduction to Topology

Algorithmic Game Semantics and Software Model-Checking

Reading 13 : Finite State Automata and Regular Expressions

Elements of probability theory

CHAPTER 3. Methods of Proofs. 1. Logical Arguments and Formal Proofs

DIFFERENTIABILITY OF COMPLEX FUNCTIONS. Contents

Common sense, and the model that we have used, suggest that an increase in p means a decrease in demand, but this is not the only possibility.

8 Divisibility and prime numbers

Static Taint-Analysis on Binary Executables

Multi-variable Calculus and Optimization

Model Checking: An Introduction

How To Solve A Minimum Set Covering Problem (Mcp)

Continued Fractions and the Euclidean Algorithm

TOPIC 4: DERIVATIVES

Chapter 3: Section 3-3 Solutions of Linear Programming Problems

Midterm Practice Problems

Mathematical Methods of Engineering Analysis

1.2 Solving a System of Linear Equations

Quotient Rings and Field Extensions

This asserts two sets are equal iff they have the same elements, that is, a set is determined by its elements.

Binary Adders: Half Adders and Full Adders

Static Program Transformations for Efficient Software Model Checking

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

CHAPTER 7 GENERAL PROOF SYSTEMS

8 Primes and Modular Arithmetic

Static Analysis. Find the Bug! : Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled

The Fundamental Theorem of Arithmetic

Degrees of Truth: the formal logic of classical and quantum probabilities as well as fuzzy sets.

God created the integers and the rest is the work of man. (Leopold Kronecker, in an after-dinner speech at a conference, Berlin, 1886)

15 Limit sets. Lyapunov functions

Some Polynomial Theorems. John Kennedy Mathematics Department Santa Monica College 1900 Pico Blvd. Santa Monica, CA

Lecture Notes on Linear Search

Duality of linear conic problems

Mathematics for Computer Science/Software Engineering. Notes for the course MSM1F3 Dr. R. A. Wilson

NOTES ON LINEAR TRANSFORMATIONS

Comprehensive Static Analysis Using Polyspace Products. A Solution to Today s Embedded Software Verification Challenges WHITE PAPER

The last three chapters introduced three major proof techniques: direct,

A binary search tree or BST is a binary tree that is either empty or in which the data element of each node has a key, and:

A Survey of Static Program Analysis Techniques

Solutions to Homework 6 Mathematics 503 Foundations of Mathematics Spring 2014

MATH10040 Chapter 2: Prime and relatively prime numbers

Metric Spaces Joseph Muscat 2003 (Last revised May 2009)

CONTINUED FRACTIONS AND FACTORING. Niels Lauritzen

Review of Fundamental Mathematics

CONTINUED FRACTIONS AND PELL S EQUATION. Contents 1. Continued Fractions 1 2. Solution to Pell s Equation 9 References 12

Formal Verification and Linear-time Model Checking

Full and Complete Binary Trees

Matrix Algebra. Some Basic Matrix Laws. Before reading the text or the following notes glance at the following list of basic matrix algebra laws.

1 = (a 0 + b 0 α) (a m 1 + b m 1 α) 2. for certain elements a 0,..., a m 1, b 0,..., b m 1 of F. Multiplying out, we obtain

Basic Concepts of Point Set Topology Notes for OU course Math 4853 Spring 2011

Math 55: Discrete Mathematics

A FIRST COURSE IN OPTIMIZATION THEORY

1 The Brownian bridge construction

Clustering and scheduling maintenance tasks over time

Relational Databases

Chapter 1: Key Concepts of Programming and Software Engineering

Combining Software and Hardware Verification Techniques


Just the Factors, Ma am

4. Continuous Random Variables, the Pareto and Normal Distributions

LEARNING OBJECTIVES FOR THIS CHAPTER

How To Find Out How To Calculate A Premeasure On A Set Of Two-Dimensional Algebra

Linear Algebra I. Ronald van Luijk, 2012

3.3 Real Zeros of Polynomials

CS 103X: Discrete Structures Homework Assignment 3 Solutions

PUTNAM TRAINING POLYNOMIALS. Exercises 1. Find a polynomial with integral coefficients whose zeros include

Comments on Quotient Spaces and Quotient Maps

programming languages, programming language standards and compiler validation

Zeros of a Polynomial Function

Functional Programming. Functional Programming Languages. Chapter 14. Introduction

Transcription:

1 An introduction to static analysis Eric Goubault Modelisation and Analysis of Systems in Interaction Laboratory 8th of april 2008

Roadmap Validation, verication, compilation? A short demo with INTERPROC/APRON to see what we want to get! Formalisation for simple safety properties: collecting semantics resolution of the semantic equations (a bit of order theory) Abstractions for practical calculations an example: sign analysis simple formalisation by Galois connections To go further interval analysis relational analyses... short demo with INTERPROC/APRON 2

Compilation and verication 3 [egoubault@is002728 Cours07]> more f.c int f(int i) { int j,k; k = i+j; j = 2; return k; } [egoubault@is002728 Cours07]> gcc -c f.c -O -Wall f.c: In function `f': f.c:3: warning: `j' might be used uninitialized in this function

But... 4 [egoubault@is002728 Cours07]> more g.c int g() { int j[10]; return j[12]; } [egoubault@is002728 Cours07]> gcc -c g.c -O -Wall [egoubault@is002728 Cours07]> The verications done by gcc are very basic... complementary tools for validation!

Extensions of these methods for guaranteed correct software: formal methods 5 Formal specications (B, Z etc.) Proof (essentially, partial correctness proof): ex. Hoare Logics (interaction with the user) Model-Checking: Verication of rened temporal properties on parallel programs Static Analysis: fully automatic method to nd bugs or synthetise proof terms

Example of validation 6 fft(complex_array_ref a,int n) { complex_array_ref b[n/2], c[n/2]; if (n > 2) { for (i=0 ; i < n ; i=i+2) { b[i/2] = a[i]; c[i/2] = a[i+1]; } fft(b,n/2); fft(c,n/2); for (i=0 ; i < n ; i=i+1) a[i] = F1(n)*b[i] + F2(n)*c[i]; } else { a[0] = g*a[0] + d*a[1]; a[1] = a[0] - 2*d*a[1]; } }

Validate? 7 Mathematical proof, not test; but of what? No bug at execution time (division by zero, out of bounds array dereference, null dereference, overows etc.) Parseval? a [i] 2 = i i a[i] 2 Equality very hard to achieve... because of oating-point numbers ( real numbers). Precision drift? Functional proof, in general not achievable...

Expected results 8 Find in an automatic and guaranteed manner: (1) Out of bounds array dereference (in the else statement) only for arrays whose size is not a power of 2! [should crash, or give an incoherent result; Astrée, Polyspace, typically] (2) Under conditions on the input signal, no overow (Astrée, Polyspace, typically; also FLUCTUAT) (3) Under conditions, to give bounds for the dierence between a real number calculation and the oating-point computation... (see our analyser FLUCTUAT) characterisation of reachable values for all variables (invariants) at each control point. [there are other general properties than these safety properties: liveness properties]

In order to do this (1)... 9 dim a=n,n=2^k,k>0 fft(a,n) { cplx b[n/2], c[n/2]; if (n > 2) { for (i=0;i<n;i=i+2) { b[i/2]=a[i]; i+1=2j+1<=n and n=2^k c[i/2]=a[i+1]; } implies i+1<n fft(b,n/2); fft(c,n/2); for (i=0;i<n;i=i+1) a[i]=f1(n)*b[i]+f2(n)*c[i];} else { a[0]=g*a[0]+d*a[1]; n=2 (n=2^j, 0<=j<=k) a[1]=a[0]-2*d*a[1]; } }

A short demo of INTERPROC/APRON 10...

Collecting semantics - informally We construct the control ow graph of a program, as being the transition system (S, i, E, Tran): S is the set of control points of the program (one by syntactic line for us - indicated in the text by [i]) i is the initial control point E = {x = expr Aexp} Bexp We dene a certain number of rules for the transitions 11

Example void main() { // [0] int x=[-100,50]; // [1] while [2] (x<100) { [3] x=x+1; // [4] } // [5] } Executions of the program correspond to dipaths on the graph (orbits of this discrete dynamical system), on which the environmnent (σ : Loc Z) is modied 12

Collecting semantics - informally 13 The environments now collect the values, for all paths, at each control point An environment is an element of (Loc Z) At each state s S, we want to compute such an environment σ

Collecting semantics - intuitively 14 We start from the control ow graph (expressed as a transition system T = (S, i, E, Tran)) We associate to each control point s i of T an equation in associated variables S i, which represent the sets of values that program variables can take, at control points s i : S i = [[t]]s j s j S (s j,t,s i ) Tran where [[t]] is the interpretation of the transition t seen as a function from the set of values of variables to itself The solutions S i to these equations are called the invariants at control points s i (it is a property which is always true for all possible executions)

Example 15 void main() { // [0] int x=[-100,50]; // [1] while [2] (x<100) { // [3] x=x+1; // [4] } // [5] } x 0 = x 1 = [ 100, 50] x 2 = x 1 x 4 x 3 = ], 99] x 2 x 4 = x 3 + [1, 1] x 5 = [100, + [ x 2

Partial orders, lattices, completeness etc. 16 How can we give a meaning to xed point equations? The fundamental notion is the one of successive approximations, ordered by a partial order

Partial order 17 A partial order (P, ) is composed of: a set P and a binary relation P P such that is reexive: p P, p p is transitive: p, q, r P, p q&q r is anti-symetric: p, q P, p q&q r = p r = p = q Ex.: ( (S), ) Notice: isomorphic to the boolean lattice of rst-order propositional logics (with atoms being predicates on one integer value). is =!

Upper bounds etc. 18 For X P: p is an upper bound of X if q X, q p p is a (the!) least upper bound (lub, sup etc.) if: p is an upper bound of X for all upper bounds q of X, p q the least upper bound, if it exists, is denoted X similarly for the notion of lower bound, the greatest lower bound (glb, inf etc.), is denoted X A lattice is a partial order admitting a lub and a glb for all X containing two elements (hence for any non empty nite set X ) Ex.: in ( (S), ), all X admit a lub (the classical set-theoretic union) and a glb (the classical set-theoretic intersection). It is a particular kind of lattice.

Chains, completeness A chain of P is p 0 p 1... p n An ω-chain of P if p 0 p 1... p n... A partial order is a cpo (Complete Partial Order) if for all ω-chains P, P admits a lub in the partial order In general, we suppose that a cpo also has a minimal element, denoted, i.e. p P, p A lattice is a complete lattice if all subsets admit a lub (and hence a glb). Ex.: ( (S), ) is a complete lattice ( =, = S). 19

Functionals 20 A function f : D E between two cpos D et E is increasing i d, d D, d d f (d) f (d ) f increasing is continuous i for all chains d 0 d 1... d n... of D, we have: ( ) f (d n ) = f d n n N n N

Fixed points - resolution of equations 21 Let f : D D increasing on a partial order D. A xed point of f is an element d of D such that f (d) = d. A post-xed point of f is an element d of D such that f (d) d A pre-xed point of f is an element d of D such that d f (d)

Resolution of equations 22 (1) Let f : D D be an increasing function on a complete lattice D. Then f admits at least a xed point. Furthermore, the set of xed points of f is a complete lattice, thus there is a least xed point (noted lfp(f )) and a greatest xed point (noted gfp(f )). (2) Let f : D D be a continuous function on a cpo D (with a element). Then, x(f ) = f n ( ) n N is the smallest xed point of f, lfp(f ) [Kleene iteration].

Resolution of the semantic equations for our example 23 We compute the Kleene (x) iteration for the functional: F x 0 x 1 x 2 x 3 x 4 x 5 = [ 100, 50] x 1 x 4 ], 99] x 2 x 3 + [1, 1] [100, + [ x 2 where we wrote x i as denoting the set of possible values at control point i.

Resolution of semantic equations 24 We begin with x i = (1 i 5) We compute the Kleene iteration... slightly ameliorated (chaotic - similar to Gauss-Seidl versus Jacobi)

Iteration 1 25 x 0 = x 1 = [ 100, 50] x 2 = x 1 x 4 x 3 = ], 99] x 2 x 4 = x 3 + [1, 1] x 5 = [100, + [ x 2 x0 1 = x1 1 = [ 100, 50] x2 1 = [ 100, 50] x3 1 = ], 99] [ 100, 50] = [ 100, 50] x4 1 = [ 100, 50] + [1, 1] = [ 99, 51] x5 1 = [100, + [ [ 100, 50] =

Iteration i + 1 (i < 50) [Kleene] 26 x 0 = x 1 = [ 100, 50] x 2 = x 1 x 4 x 3 = ], 99] x 2 x 4 = x 3 + [1, 1] x 5 = [100, + [ x 2 x i+1 0 = x i+1 1 = [ 100, 50] x i+1 2 = [ 100, 50 + i] x i+1 3 = ], 99] [ 100, 50 + i] = [ 100, 50 + i] x i+1 4 = [ 100 + i, 50 + i] + [1, 1] = [ 99, 50 + i + 1] x i+1 5 = [100, + [ [ 99, 50 + i + 1] =

Iteration 100 27 x 0 = x 1 = [ 100, 50] x 2 = x 1 x 4 x 3 = ], 99] x 2 x 4 = x 3 + [1, 1] x 5 = [100, + [ x 2 x0 100 = x1 100 = [ 100, 50] x2 100 = [ 100, 100] x2 100 = ], 99] ([ 100, 100]) = [ 100, 99] x3 100 = [ 100, 99] + [1, 1] = [ 99, 100] x4 100 = [100, + [ ([ 99, 100] = [100, 100]

Partial conclusion 28 We were lucky, as there is no reason that we can solve these semantic equations in general in nite time (undecidability results) abstract the semantics! (cf. theory of abstract interpretation, P. et R. Cousot)

Notion of approximation of properties 29 Example, the rule of signs: Intuitive notion of a rule of signs (where? means indeterminate sign): add + - mult + - + +? + + - -? - - - + How can we formalize this? [does correspond to restricting proof principles to a smaller set of predicates and consequences]

Galois connections - informally, for signs 30 + denotes the set of natural numbers denotes the set of opposites of natural numbers We are making approximations: what can we say about the addition of + with? we should be able to return a value I do not know We write this value: (value which will be the maximal element of the lattice of signs) denotes the set of relative integers (Z)

Galois connections - informally, for signs 31 In order to have a complete lattice and a Galois connection... The lattice of signs is written: (S, )

Galois connections - formally 32 Let C be a complete lattice of concrete properties: (e.g. ( (Z), )) Let A be a complete lattice of abstract properties: (e.g. (S, )) α : C A (abstraction) and γ : A C (concretisation) two monotonic functions (we could forget this hypothesis) such that α(x) A y x C γ(y)

Galois connection in the case of signs 33 Here: γ( ) = γ(0) = {0} γ(+) = N; γ( ) = N; γ( ) = Z

Galois connection for signs 34 Here: α( ) = α({0}) = 0 α(s) = + if S contains only positive values (and at least a strictly positive one) if S only contains negative values (and at least a strictly negative one) if S contains at least a negative (or zero) value and a distinct positive (or zero) value

Galois connections 35 We can check that we have the following properties: (1) α γ(x) A x (2) y C γ α(y) In fact, we even have in the case of signs: α γ(x) = x (Galois insertion). (1) or (2) are equivalent conditions to the fact that (α, γ) is a Galois connection

Galois connections 36 α and γ are said to be quasi-inverses: they are almost bijections as for inverses, one determines the other: α(x) = {y x C γ(y)} γ(x) = {y α(y) A x} In other terms: α give the most precise abstract value representing a given concrete property γ gives the semantics of abstract values, in terms of concrete properties

Abstract transfer functions 37 The abstract functions corresponding to +, - etc. can in fact be determined by calculus, given a Galois connection (α, γ) between a concrete domain C and an abstract domain A: For all concrete functionals F : C C (for example, the collecting semantics), we dene an abstract functional F : A A by F (y) = α F γ(y) It is the best possible abstraction of F. In practice, α and/or γ are not computable (algorithmically speaking). We use in general an over-approximation F such that F (y) A F (y).

Fixed point transfer 38 When we have a Galois connection (α, γ) between a concrete domain C and an abstract domain A, we have the following property, for all concrete functionals F : C C: α(lfp(f )) A lfp(f ) or, equivalently: lfp(f ) C γ lfp(f ) Hence, the abstract calculus gives an over-approximation of the concrete invariants!

Example of a computation 39 For the same old program... we then have the following semantic equations: x 0 = x 1 = 0 x 2 = x 1 x 4 x 3 = x 2 x 4 = x 3 + [1, 1] x 5 = + x 2 where we must dene the abstract transfer function corresponding to incr(x 3 ) = x 3 + 1

Transfer function of incr : x x + 1 40 We can easily check that: incr + - 0 + +

Fixed point iteration 41 We begin with x 0 i =. The rst iteration gives: x 0 = x 1 = 0 x 2 = x 1 x 4 x 3 = x 2 x 4 = x 3 + [1, 1] x 5 = + x 2 x0 1 = x1 1 = 0 x2 1 = 0 x3 1 = 0 x4 1 = + x5 1 = +

Fixed point iteration 42 The second iteration gives: x 0 = x 1 = 0 x 2 = x 1 x 4 x 3 = x 2 x 4 = x 3 + [1, 1] x0 2 = x1 2 = 0 x2 2 = + x3 2 = + x4 2 = + x5 2 = + x 5 = + x 2 This is the xed point! In fact, we can easily show that in the lattice of signs, we have at most three iterations before getting to the least xed point

Use of abstract invariants for validation 43 We have over-approximations of possibles values that variables can take, by solving systems of abstract equations. We can conclude in general for safety properties (i.e., no run time error [RTE]) of programs:

Partial conclusion 44 But we are still far from real static analysis based validation! Finer analysis of the ranges of variables to detect at least these RTEs: overows (for given types of variables) division by zero square root of a negative number (not in this course really... but not too far) access of an element in an array, out of bounds Simple analysis: interval analysis

Poset of intervals 45 We dene the poset of intervals I with bounds in R as follows: an element of I is [a, b] where a, b R and a b; or is (identied with all [a, b] with a > b); or is, identied with [, ] [a, b] [a, b] [c, d] i a c and b d

Lattice of intervals 46 [a, b] [c, d] = [min(a, b), max(c, d)] [a, b] [c, d] = [max(a, b), min(c, d)] Complete! [a i, b i ] = [inf i I a i, sup i I b i ] i I

Galois connection with ( (Z), ) 47 Dene: γ([a, b]) = {x Z a x b} γ( ) = γ( ) = Z

Necessarily... 48 Applying the formula: if S is empty: α(s) = α(s) = [inf S, sup S]

Transfer functions for expressions 49 As usual, they are strict i.e. map to, and: [a, b] + [c, d] = [a + c, b + d] [a, b] [c, d] = [a d, b c] [a, b] [c, d] = [min(ac, ad, bc, bd), max(ac, ad, bc, bd)] tests are interpreted by constraint solving within intervals etc. You know them, this is interval arithmetics.

Example 50 void main() { int x=[-100,50]; [1] while [2] (x<100) { [3] x=x+1; [4] } [5] } x 0 = x 1 = [ 100, 50] x 2 = x 1 x 4 x 3 = ], 99] x 2 x 4 = x 3 + [1, 1] x 5 = [100, + [ x 2

Iteration 1 51 x 0 = x 1 = [ 100, 50] x 2 = x 1 x 4 x 3 = ], 99] x 2 x 4 = x 3 + [1, 1] x 5 = [100, + [ x 2 x0 1 = x1 1 = [ 100, 50] x2 1 = [ 100, 50] x3 1 = ], 99] [ 100, 50] = [ 100, 50] x4 1 = [ 100, 50] + [1, 1] = [ 99, 51] x5 1 = [100, + [ [ 100, 50] =

Iteration i + 1 (i < 50) [Kleene] 52 x 0 = x 1 = [ 100, 50] x 2 = x 1 x 4 x 3 = ], 99] x 2 x 4 = x 3 + [1, 1] x 5 = [100, + [ x 2 x i+1 0 = x i+1 1 = [ 100, 50] x i+1 2 = [ 100, 50 + i] x i+1 3 = ], 99] [ 100, 50 + i] = [ 100, 50 + i] x i+1 4 = [ 100 + i, 50 + i] + [1, 1] = [ 99, 50 + i + 1] x i+1 5 = [100, + [ [ 99, 50 + i + 1] =

Iteration 50 53 x 0 = x 1 = [ 100, 50] x 2 = x 1 x 4 x 3 = ], 99] x 2 x 4 = x 3 + [1, 1] x 5 = [100, + [ x 2 x0 50 = x1 50 = [ 100, 50] x2 50 = [ 100, 100] x3 50 = ], 99] ([ 100, 100]) = [ 100, 99] x4 50 = [ 100, 99] + [1, 1] = [ 99, 100] x5 50 = [100, + [ ([ 99, 100] = [100, 100]

Acceleration of convergence 54 Classically: Use of extrapolation operators (widening) to quickly cut down Kleene iteration sequence, to get to a postxpoint Use of a narrowing operator to get to a xpoint (not necessarily the least one though)

Widening 55 We take here (for the widening at point 2): { a if a c [a, b] [c, d] = [e, f ] with e = { otherwise b if d b f = otherwise, and

Example 56 x 10 0 = x 10 1 = [ 100, 50] x 10 2 = [ 100, 58] [ 100, 59] = [ 100, [ x 10 3 = ], 99] [ 100, ] = [ 100, 99] x 10 4 = [ 100, 99] + [1, 1] = [ 99, 100] x 10 5 = [100, + [ [ 100, ] = [100, + [

Narrowing 57 Here we take: { c if a = [a, b] [c, d] = [e, f ] with e = a { otherwise d if b = f = b otherwise and

Example 58 x 11 0 = x 11 1 = [ 100, 50] x 11 2 = [ 100, ] [ 100, 100] = [ 100, 100] x 11 3 = ], 99] [ 100, 100] = [ 100, 99] x 11 4 = [ 100, 99] + [1, 1] = [ 99, 100] x 11 5 = [100, + [ [ 100, 100] = [100, 100] This is the least xed point!

To go further 59 Weaker frameworks of abstractions Interprocedural analysis Backward analysis and combinations forward/backward Aliases Relational domains Better solvers for xpoint equations, iteration strategies but also optimisation methods, or policy iteration Underapproximations, test case generation (see Sylvie's talk) Modular analysis, concurrency, objects, functional programs etc.

Aliases 60 We have to interpret aliases, even for just nding numerical invariants. Example: int *x, *z, y; y = 1; x = &y; z = &y; y = y+1; (should nd that x and z point to the same location, with value 2) More generally, any variable can point through a series of * (a dereference path), to similar locations. Impossible to nd exactly the set of aliases in general (here, at last control point, this set is {(x, z), ( x, y)}).

Relational analyses: interest 61 X = [0,10]; //2 Y = [0,10]; //3 S = X-Y; //4 if (S>=2) //5 Y = Y+2; // 6 In intervals: Y in [0,12] at 6 Using relations: At 5: X-Y>=2 hence Y<=8 So at 6, Y in [0,10]

A partial zoo of domains 62

A partial zoo of domains Also: our ane arithmetic based domains (FLUCTUAT) (see http://pop-art.inrialpes.fr/interproc/interprocweb.cgi to play with some of these domains!) 63

A last short demo of INTERPROC/APRON 64...

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information