The ASTREÉ Analyzer

Cousot, Patrick; Cousot, Radhia; Feret, Jérôme; Mauborgne, Laurent; Miné, Antoine; Monniaux, David; Rival, Xavier

doi:10.1007/978-3-540-31987-0_3

Cited by 322 publications

(248 citation statements)

References 18 publications

Supporting

Mentioning

247

Contrasting

Unclassified

Order By: Relevance

“…For instance, ASTRÉE [7] is a credible candidate for an industrial use in the near future [8,22], in order to prove the absence of run-time errors on control programs. Indeed, such programs perform a lot of floating-point computations, so that the absence of floating-point overflow or other invalid operation has to be guaranteed.…”

Section: Introductionmentioning

confidence: 99%

Towards an Industrial Use of FLUCTUAT on Safety-Critical Avionics Software

Delmas

Goubault

Putot

et al. 2009

Lecture Notes in Computer Science

106

109

View full text Add to dashboard Cite

Abstract. Most modern safety-critical control programs, such as those embedded in fly-by-wire control systems, perform a lot of floating-point computations. The well-known pitfalls of IEEE 754 arithmetic make stability and accuracy analyses a requirement for this type of software. This need is traditionally addressed through a combination of testing and sophisticated intellectual analyses, but such a process is both costly and error-prone. FLUCTUAT is a static analyzer developed by CEA-LIST for studying the propagation of rounding errors in C programs. After a long time research collaboration with CEA-LIST on this tool, Airbus is now willing to use FLUCTUAT industrially, in order to automate part of the accuracy analyses of some control programs. In this paper, we present the IEEE 754 standard, the FLUCTUAT tool, the types of codes to be analyzed and the analysis methodology, together with code examples and analysis results.

show abstract

Section: Introductionmentioning

confidence: 99%

Towards an Industrial Use of FLUCTUAT on Safety-Critical Avionics Software

Delmas

Goubault

Putot

et al. 2009

Lecture Notes in Computer Science

106

109

View full text Add to dashboard Cite

show abstract

“…Other tools such as Astree [37], CodeSurfer/x86 and WPDS++ [7], Coverity Prevent, FlexeLint, Goanna [44,45], Klocwork K7, Metal [54], PolySpace Verifier, PREfix/PREfast [22], and RT-Tester [90,91] use static analysis itself to analyze programs. As static analysis can be applied to very large programs in contrast to model checking, we can use static analysis to annotate the program with information that is used during state space creation to limit the size of the resulting state spaces.…”

Section: Static Analysis In [Mc]squarementioning

confidence: 99%

Model Checking Software

Donaldson¹,

Parker²

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Software of microcontrollers is getting more and more complex. It is mandatory to extensively analyze their software as errors can lead to severe failures or cause high costs. Model checking is a formal method used to verify whether a system satisfies certain properties.This thesis describes a new approach for model checking software for microcontrollers. In this approach, assembly code is used for model checking instead of an intermediate representation such as C code.The development of [mc]square, which is a microcontroller assembly code model checker implementing this approach, is detailed.[mc]square has a modular architecture to cope with the hardware dependency of this approach. The single steps of the model checking process are divided into separate packages. The creation of the states is conducted by a specific simulator, which is the only hardware-dependent package. Within the simulator, the different microcontrollers are modeled accurately.This work describes the modeling of the ATMEL ATmega16 microcontroller and details implemented abstraction techniques, which are used to tackle the stateexplosion problem. These abstraction techniques include lazy interrupt evaluation, lazy stack evaluation, delayed nondeterminism, dead variable reduction, and path reduction. Delayed nondeterminism introduces symbolic states, which represent a set of states, into [mc]square while still explicit model checking techniques are used. Thus, we successfully combined explicit and symbolic model checking techniques.A formal model of the simulator, which we developed to prove the correctness of abstraction techniques, is described. In this work, the formal model is used to show the correctness of delayed nondeterminism.To show the applicability of the approach, two case studies are described. In these case studies, we used programs of different sizes. All these programs were created by students in lab courses, during diploma theses, or in exercises without the intention to use them for model checking.

show abstract

“…For example, Astrée [12], [13], a successful program analyzer used to verify the absence of run-time errors in Airbus avionic systems, implements a static analysis involving the ellipsoid abstract domain to represent and reason about a class of quadratic inequality invariants. 1 Nonlinear invariants have also been found useful for the analysis of hybrid systems [14], [15].…”

Section: Introductionmentioning

confidence: 99%