Team Abstraction

Overall Objectives
Scientific Foundations
Application Domains
New Results
Contracts and Grants with Industry
Other Grants and Activities

Section: Software

The Astrée Static Analyzer

Participants : Patrick Cousot [ project leader, correspondent ] , Radhia Cousot, Jérôme Feret, Laurent Mauborgne, Antoine Miné, Xavier Rival.

The Astrée static analyzer [76] , [83] aims at proving the absence of runtime errors in programs written in the C programming language.

Astrée analyzes structured C programs, with complex memory usages, but without dynamic memory allocation and recursion. This encompasses many embedded programs as found in earth transportation, nuclear energy, medical instrumentation and aerospace applications, in particular synchronous control/command. The whole analysis process is entirely automatic.

Astrée discovers all runtime errors including:

The analyzer performs an abstract interpretation of the programs being analyzed, using a parametric domain (Astrée is able to choose the right instantiation of the domain for wide families of software). This analysis produces abstract invariants, which over-approximate the reachable states of the program, so that it is possible to derive an over -approximation of the dangerous states (defined as states where any runtime error mentioned above may occur) that the program may reach, and produces alarms for each such possible runtime error. Thus the analysis is sound (it correctly discovers all runtime errors), yet incomplete, that is it may report false alarms (i.e. , alarms that correspond to no real program execution). However, the design of the analyzer ensures a high level of precision on domain-specific families of software, which means that the analyzer produces few or no false alarms on such programs.

In order to achieve this high level of precision, Astrée uses a large number of expressive abstract domains, which allow expressing and inferring complex properties about the programs being analyzed, such as numerical properties (digital filters, floating-point computations), boolean control properties, and properties based on the history of program executions.

Astrée has achieved the following two unprecedented results:

These research and development successes have led to consider the inclusion of Astrée in the production of the critical software for the A350. Astrée is currently industrialized by AbsInt Angewandte Informatik GmbH and should be commercially available in December 2009.


Logo Inria