| Article ID | Journal | Published Year | Pages | File Type |
|---|---|---|---|---|
| 434885 | Science of Computer Programming | 2016 | 19 Pages |
•We automatically extend existing abstract domains.•The new information reflects the structure of the conditionals of the program.•This approach keeps path-sensitive information.•Our transfer functions have been designed to scale on real programs.•Our technique has been successfully applied to complex generated programs.
Static code analysis is increasingly used to guarantee the absence of undesirable behaviors in industrial programs. Designing sound analyses is a continuing trade-off between precision and complexity. Notably, dataflow analyses often perform overly wide approximations when two control-flow paths meet, by merging states from each path.This paper presents a generic abstract interpretation based framework to enhance the precision of such analyses on join points. It relies on predicated domains, that preserve and reuse information valid only inside some branches of the code. Our predicates are derived from conditional statements, and postpone the loss of information.The work has been integrated into Frama-C, a C source code analysis platform. Experiments on real generated code show that our approach scales, and improves significantly the precision of the existing analyses of Frama-C.
