TY - JOUR
T1 - Why does Astrée scale up?
AU - Cousot, Patrick
AU - Cousot, Radhia
AU - Feret, Jérôme
AU - Mauborgne, Laurent
AU - Miné, Antoine
AU - Rival, Xavier
N1 - Funding Information:
This work was supported by the INRIA project-team ABSTRACTION common to the CNRS and the École Normale Supérieure.
PY - 2009/12
Y1 - 2009/12
N2 - Astrée was the first static analyzer able to prove automatically the total absence of runtime errors of actual industrial programs of hundreds of thousand lines. What makes Astrée such an innovative tool is its scalability, while retaining the required precision, when it is used to analyze a specific class of programs: that of reactive control-command software. In this paper, we discuss the important choice of algorithms and data-structures we made to achieve this goal. However, what really made this task possible was the ability to also take semantic decisions, without compromising soundness, thanks to the abstract interpretation framework. We discuss the way the precision of the semantics was tuned in Astrée in order to scale up, the differences with some more academic approaches and some of the dead-ends we explored. In particular, we show a development process which was not specific to the particular usage Astrée was built for, hoping that it might prove helpful in building other scalable static analyzers.
AB - Astrée was the first static analyzer able to prove automatically the total absence of runtime errors of actual industrial programs of hundreds of thousand lines. What makes Astrée such an innovative tool is its scalability, while retaining the required precision, when it is used to analyze a specific class of programs: that of reactive control-command software. In this paper, we discuss the important choice of algorithms and data-structures we made to achieve this goal. However, what really made this task possible was the ability to also take semantic decisions, without compromising soundness, thanks to the abstract interpretation framework. We discuss the way the precision of the semantics was tuned in Astrée in order to scale up, the differences with some more academic approaches and some of the dead-ends we explored. In particular, we show a development process which was not specific to the particular usage Astrée was built for, hoping that it might prove helpful in building other scalable static analyzers.
KW - Abstract Interpretation
KW - Embedded critical software
KW - Formal methods
KW - Safety
KW - Scalability
KW - Static analysis tool
KW - Verification
UR - http://www.scopus.com/inward/record.url?scp=74549191335&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=74549191335&partnerID=8YFLogxK
U2 - 10.1007/s10703-009-0089-6
DO - 10.1007/s10703-009-0089-6
M3 - Article
AN - SCOPUS:74549191335
SN - 0925-9856
VL - 35
SP - 229
EP - 264
JO - Formal Methods in System Design
JF - Formal Methods in System Design
IS - 3
ER -