Combining Forward and Backward Abstract Interpretation of Horn Clauses

TL;DR

This paper introduces a new backward collecting semantics for alternating forward and backward abstract interpretation of Horn clauses, improving analysis precision and effectiveness in proving unreachability in program states.

Contribution

It proposes a novel semantics for combining forward and backward analysis, addressing limitations of query-answer transformation in Horn clause analysis.

Findings

Combining forward and backward analysis improves reachability analysis.

The new semantics enhances the precision of abstract interpretation.

Experimental results show improved analysis of C program systems.

Abstract

Alternation of forward and backward analyses is a standard technique in abstract interpretation of programs, which is in particular useful when we wish to prove unreachability of some undesired program states. The current state-of-the-art technique for combining forward (bottom-up, in logic programming terms) and backward (top-down) abstract interpretation of Horn clauses is query-answer transformation. It transforms a system of Horn clauses, such that standard forward analysis can propagate constraints both forward, and backward from a goal. Query-answer transformation is effective, but has issues that we wish to address. For that, we introduce a new backward collecting semantics, which is suitable for alternating forward and backward abstract interpretation of Horn clauses. We show how the alternation can be used to prove unreachability of the goal and how every subsequent run of an analysis yields a refined model of the system. Experimentally, we observe that combining forward and backward analyses is important for analysing systems that encode questions about reachability in C programs. In particular, the combination that follows our new semantics improves the precision of our own abstract interpreter, including when compared to a forward analysis of a query-answer-transformed system.