The undefined domain: Precise relational information for entities that do not exist

Abstract

Verification by static analysis often hinges on the inference of relational numeric information. In real-world programs, the set of active variables is often not fixed for a given program point due to, for instance, heap-allocated cells or recursive function calls. For these program points, an invariant has to summarize values for traces E where a variable x exists and values for traces N where x does not exist. Non-relational domains solve this problem by copying all information on x in traces E to those in N . Relational domains face the challenge that the relations in traces E between x and other variables cannot simply be replicated for the traces N . This work illustrates this problem and proposes a general solution in form of a co-fibered abstract domain that forwards each domain operation to operations on a child domain. By tracking which variables are undefined, it transparently stores suitable values in the child domain thus minimizing the loss of relational information. We present applications in heap abstractions and function summaries. © Springer International Publishing 2013.