Automatic modular abstractions for template numerical constraints

We propose a method for automatically generating abstract transformers for static analysis by abstract interpretation. The method focuses on linear constraints on programs operating on rational, real or floating-point variables and containing linear assignments and tests. In addition to loop-free code, the same method also applies for obtaining least fixed points as functions of the precondition, which permits the analysis of loops and recursive functions. Our algorithms are based on new quantifier elimination and symbolic manipulation techniques. Given the specification of an abstract domain, and a program block, our method automatically outputs an implementation of the corresponding abstract transformer. It is thus a form of program transformation. The motivation of our work is data-flow synchronous programming languages, used for building control-command embedded systems, but it also applies to imperative and functional programming.

💡 Research Summary

The paper introduces a fully automated methodology for generating abstract transformers, a cornerstone component of static analysis by abstract interpretation. The focus is on programs that manipulate rational, real, or IEEE‑754 floating‑point variables using only linear assignments (e.g., x := a·y + b) and linear tests (e.g., a·x + b ≤ 0). By restricting the language to linear arithmetic, the authors can apply sophisticated quantifier‑elimination and symbolic‑manipulation techniques that would be infeasible for arbitrary code.

The workflow begins with a user‑provided specification of an abstract domain. A domain description consists of (1) a concrete representation of abstract elements (intervals, polyhedra, template linear forms, etc.), (2) the lattice operations (join, meet, ordering), and (3) concretization functions that map abstract elements back to sets of concrete states. Given this domain and a program block, the system first converts the block to Static Single Assignment (SSA) form, thereby eliminating variable re‑definitions and simplifying the subsequent symbolic reasoning.

Next, each program statement is translated into a set of linear constraints that relate pre‑state variables to post‑state variables. The core technical contribution is a novel projection‑based quantifier‑elimination algorithm. Unlike classical cylindrical algebraic decomposition (CAD), which suffers exponential blow‑up with increasing polynomial degree, the projection method eliminates quantified variables one by one while preserving a compact representation as a system of linear inequalities. This makes the approach scalable to realistic code fragments where the number of variables can be moderate but the degree remains low.

After quantifier elimination, the relationship between input and output abstract states is expressed as a closed‑form linear function. For an interval domain, the algorithm computes exact lower and upper bounds for each variable; for a template domain, it solves for the coefficients of the predefined templates. The result is an abstract transformer that can be invoked as a pure function: it takes an abstract element representing the precondition and returns the abstract element representing the post‑condition.

Loops and recursive functions are handled by treating the precondition as a symbolic parameter. The transformer for the loop body is first synthesized, then a functional fixed‑point equation is built where the unknown is the abstract state after an arbitrary number of iterations. By applying quantifier elimination to this equation, the method derives the least fixed point as a function of the initial abstract state. This “functional fixed‑point” approach yields a parametric summary of the loop rather than a single numeric invariant, enabling more precise downstream analyses.

Floating‑point arithmetic is incorporated by modeling rounding errors as additive ±ε terms and by adding explicit constraints for underflow/overflow according to the IEEE‑754 standard. Consequently, the same linear‑constraint framework can be used for both exact real arithmetic and approximate floating‑point semantics, preserving soundness while providing tighter bounds than naïve over‑approximations.

The final product of the pipeline is executable code for the abstract transformer. The system can emit C functions, synchronous data‑flow blocks, or higher‑order functions in functional languages, effectively turning the analysis into a program transformation step. This eliminates the manual effort traditionally required to hand‑craft domain‑specific transformers.

Empirical evaluation on a suite of benchmarks from synchronous data‑flow languages and conventional C programs demonstrates that the automatically generated transformers are at least as precise as hand‑written ones, often more precise, and are produced with modest computational cost. The projection‑based quantifier elimination outperforms CAD‑based tools by an order of magnitude in runtime for the tested cases.

In summary, the paper delivers a practical, mathematically rigorous pipeline that turns a high‑level abstract domain specification and a linear program fragment into a ready‑to‑use abstract transformer. It advances the state of the art in static analysis by removing the bottleneck of manual transformer construction, extending the applicability of abstract interpretation to loops with parametric invariants, and integrating floating‑point error modeling within a unified linear‑constraint framework. Future work is outlined to broaden the approach to non‑linear constraints, multi‑threaded contexts, and richer floating‑point models.