abstract-domain-explorer
Applies abstract interpretation using different abstract domains (intervals, octagons, polyhedra, sign, congruence) to statically analyze program variables and infer invariants, value ranges, and relationships. Use when analyzing program properties, inferring loop invariants, detecting potential errors, or understanding variable relationships through static analysis.
git clone --depth 1 https://github.com/ArabelaTso/Skills-4-SE /tmp/abstract-domain-explorer && cp -r /tmp/abstract-domain-explorer/skills/abstract-domain-explorer ~/.claude/skills/abstract-domain-explorerSKILL.md
# Abstract Domain Explorer
## Overview
This skill applies abstract interpretation to statically analyze programs using various abstract domains. It infers invariants, value ranges, and relationships between variables without executing the code. Different domains offer different trade-offs between precision and efficiency.
## Analysis Workflow
Follow these steps to analyze programs with abstract domains:
### 1. Select Appropriate Domain(s)
**Choose based on analysis goals:**
**Interval Domain:**
- Use for: Range analysis, bounds checking, array indexing
- Precision: Low to medium
- Cost: Very efficient
- Example: Determine if x ∈ [0, 100]
**Sign Domain:**
- Use for: Sign analysis, division by zero detection
- Precision: Low
- Cost: Very efficient
- Example: Determine if x is positive, negative, or zero
**Congruence Domain:**
- Use for: Modular arithmetic, alignment analysis
- Precision: Medium (for specific patterns)
- Cost: Efficient
- Example: Determine if x ≡ 0 (mod 4)
**Octagon Domain:**
- Use for: Relational analysis, loop invariants with simple relationships
- Precision: Medium to high
- Cost: Moderate (O(n³) operations)
- Example: Infer x ≤ y + 5, x + y ≤ 10
**Polyhedra Domain:**
- Use for: Complex linear relationships, precise invariants
- Precision: High
- Cost: Expensive (exponential worst-case)
- Example: Infer 2x + 3y ≤ z + 10
**Reduced Product:**
- Use for: Combining strengths of multiple domains
- Precision: Higher than individual domains
- Cost: Sum of component costs
- Example: Intervals × Congruence for precise range with modular constraints
### 2. Initialize Abstract State
**Set initial values for program entry:**
- Constants: Exact values (e.g., x = 5 → x ∈ [5, 5])
- Inputs: Top element (e.g., user input → x ∈ [-∞, +∞])
- Uninitialized: Bottom element (unreachable)
**Example:**
```c
int x = 0; // x ∈ [0, 0]
int y = input(); // y ∈ [-∞, +∞]
```
### 3. Apply Transfer Functions
**For each statement, compute abstract semantics:**
**Assignment (x = e):**
- Evaluate expression e in abstract domain
- Update abstract state for x
**Condition (assume c):**
- Refine abstract state based on condition
- Intersect with constraint
**Join (control flow merge):**
- Compute least upper bound of incoming states
- Used after if-else, at loop headers
**Example (Intervals):**
```c
x = y + 5; // If y ∈ [a, b], then x ∈ [a+5, b+5]
assume(x > 10); // If x ∈ [a, b], then x ∈ [max(a, 11), b]
```
### 4. Handle Loops with Widening
**For loops, apply widening to ensure termination:**
1. Compute first iteration
2. Compute second iteration
3. Apply widening operator (∇)
4. Check for convergence
5. Continue until fixpoint reached
**Example:**
```c
int x = 0;
while (x < 100) {
x = x + 1;
}
```
- Iteration 0: x ∈ [0, 0]
- Iteration 1: x ∈ [0, 1]
- Widening: x ∈ [0, +∞]
- Refine with condition: x ∈ [0, 99] in loop
- Exit: x ∈ [100, 100]
### 5. Refine with Narrowing (Optional)
**Apply narrowing to improve precision:**
- Iterate a few more times (typically 1-3)
- Use narrowing operator (△)
- Refine over-approximations from widening
### 6. Extract Invariants
**Identify inferred properties:**
- Value ranges for each variable
- Relationships between variables
- Loop invariants
- Preconditions for safe operations
**Report format:**
- Variable: abstract value
- Invariants: logical formulas
- Safety properties: bounds checks, division by zero, etc.
## Analysis Examples
### Example 1: Range Analysis with Intervals
**Code:**
```c
int x = 0;
int y = 100;
while (x < 10) {
x = x + 1;
y = y - 1;
}
// What are the values of x and y here?
```
**Analysis (Interval Domain):**
- Entry: x ∈ [0, 0], y ∈ [100, 100]
- Loop iterations with widening:
- Iter 0: x ∈ [0, 0], y ∈ [100, 100]
- Iter 1: x ∈ [0, 1], y ∈ [99, 100]
- Widening: x ∈ [0, +∞], y ∈ [-∞, 100]
- Refine with x < 10: x ∈ [0, 9], y ∈ [-∞, 100]
- Narrowing: y ∈ [91, 100]
- Exit: x ∈ [10, 10], y ∈ [90, 90]
**Inferred Invariants:**
- Loop: x ∈ [0, 9], y ∈ [91, 100]
- Exit: x = 10, y = 90
- Implicit: x + y = 100 (not captured by intervals alone)
### Example 2: Relational Analysis with Octagons
**Code:**
```c
int x = 0;
int y = 0;
while (x < 10) {
x = x + 1;
y = y + 1;
}
```
**Analysis (Octagon Domain):**
- Entry: x = 0, y = 0, x - y = 0
- Loop iterations:
- Maintains x - y = 0 throughout
- x ∈ [0, 10], y ∈ [0, 10]
- Exit: x = 10, y = 10, x = y
**Inferred Invariants:**
- x = y (captured by octagon)
- x ∈ [0, 10], y ∈ [0, 10]
**Advantage over Intervals:**
Intervals would only infer x ∈ [0, 10], y ∈ [0, 10] but miss the relationship x = y.
### Example 3: Linear Relationships with Polyhedra
**Code:**
```c
int x = 0, y = 0, z = 0;
while (x < 10) {
x = x + 1;
y = y + 2;
z = x + y;
}
```
**Analysis (Polyhedra Domain):**
- Entry: x = 0, y = 0, z = 0
- Loop iterations:
- Infers: y = 2x, z = x + y, z = 3x
- x ∈ [0, 10]
- Exit: x = 10, y = 20, z = 30
**Inferred Invariants:**
- y = 2x
- z = x + y
- z = 3x
- x ∈ [0, 10]
**Advantage over Octagons:**
Polyhedra can express y = 2x, which octagons cannot.
### Example 4: Modular Arithmetic with Congruence
**Code:**
```c
int sum = 0;
for (int i = 0; i < 100; i++) {
sum = sum + 3;
}
```
**Analysis (Congruence Domain):**
- Entry: sum ≡ 0 (mod 3), i ≡ 0 (mod 1)
- Loop: sum ≡ 0 (mod 3) maintained
- Exit: sum ≡ 0 (mod 3)
**Analysis (Interval Domain):**
- Exit: sum ∈ [0, 300]
**Combined (Reduced Product):**
- sum ∈ [0, 300] and sum ≡ 0 (mod 3)
- Refined: sum ∈ {0, 3, 6, 9, ..., 297, 300}
- Exact: sum = 300
**Inferred Invariants:**
- sum is always divisible by 3
- sum ∈ [0, 300]
### Example 5: Division by Zero Detection with Sign
**Code:**
```c
int x = read_input();
int y = x * x;
int z = 100 / y; // Safe?
```
**Analysis (Sign Domain):**
- x: ⊤ (unknown sign)
- y = x * x: ≥0 (non-negative)
- Problem: y could be 0 if x = 0
- Division 100 / y: **potential division by zero**
**Analysis (Interval Domain):**
- x: [-∞, +∞]
- y:Uses abstract interpretation to automatically infer loop invariants, function preconditions, and postconditions for formal verification. Generates invariants that capture program behavior and support correctness proofs in Dafny, Isabelle, Coq, and other verification systems. Use when adding formal specifications to code, generating verification conditions, inferring contracts for functions, or discovering loop invariants for proofs.
Performs abstract interpretation over source code to infer possible program states, variable ranges, and data properties without executing the program. Reports potential runtime errors including out-of-bounds accesses, null dereferences, type inconsistencies, division by zero, and integer overflows. Use when analyzing code for potential runtime errors, performing static analysis, checking safety properties, or verifying program behavior without execution.
Performs abstract interpretation to produce summarized execution traces and high-level program behavior representations. Highlights key control flow paths, variable relationships, loop invariants, function summaries, and potential runtime states using abstract domains (intervals, signs, nullness, etc.). Use when analyzing program behavior, understanding execution paths, computing loop invariants, tracking variable ranges, detecting potential runtime errors, or generating program summaries without concrete execution.
Create ACSL (ANSI/ISO C Specification Language) formal annotations for C/C++ programs. Use this skill when working with formal verification, adding function contracts (requires/ensures), loop invariants, assertions, memory safety annotations, or any ACSL specifications. Supports Frama-C verification and generates comprehensive formal specifications for C/C++ code.
CLI-based browser automation with persistent page state using ref-based element interaction. Use when users ask to navigate websites, interact with web pages, fill forms, take screenshots, test web applications, or extract information from web pages.
Detects and analyzes ambiguous language in software requirements and user stories. Use when reviewing requirements documents, user stories, specifications, or any software requirement text to identify vague quantifiers, unclear scope, undefined terms, missing edge cases, subjective language, and incomplete specifications. Provides detailed analysis with clarifying questions and suggested improvements.
Design and review APIs with suggestions for endpoints, parameters, return types, and best practices. Use when designing new APIs from requirements, reviewing existing API designs, generating API documentation, or getting implementation guidance. Supports REST APIs with focus on endpoint structure, request/response schemas, authentication, pagination, filtering, versioning, and OpenAPI specifications. Triggers when users ask to design, review, document, or improve APIs.
Generate comprehensive API documentation from repository sources including OpenAPI specs, code comments, docstrings, and existing documentation. Use when documenting APIs, creating API reference guides, or summarizing API functionality from codebases. Extracts endpoint details, request/response schemas, authentication methods, and generates code examples. Triggers when users ask to document APIs, generate API docs, create API reference, or summarize API endpoints from a repository.