Astrée by AbsInt: Advanced Static Analysis for Safety-Critical Software

Astrée is a state-of-the-art static analyzer developed and distributed by AbsInt, under license from the prestigious CNRS/ENS research institutions. It is designed to analyze safety-critical embedded software to prove the absence of runtime errors and data races that can cause software failures, crashes, or unpredictable behavior. Astrée has been successfully applied across multiple demanding industries including aerospace, automotive, and nuclear energy, where software reliability is paramount.

The Challenge of Ensuring Software Safety

Safety-critical software must operate flawlessly because failures can lead to catastrophic consequences. Despite rigorous testing, proving that a program is free of runtime errors remains a fundamental challenge. Software testing can uncover bugs, but it cannot guarantee their absence, largely due to incomplete test coverage and the complexity of modern software systems.

Runtime errors such as out-of-bounds accesses, pointer errors, or arithmetic faults can cause a system crash or corrupted state. In concurrent software, data races between threads may lead to nondeterministic and difficult-to-reproduce errors. Static analysis based on Abstract Interpretation provides a mathematical framework to analyze all possible execution paths and states in a program, thereby enabling the formal proof of error absence.

How Astrée Addresses These Challenges

Astrée applies a sound and precise static analysis engine founded on Abstract Interpretation. This enables it to detect a broad range of runtime errors while minimizing false alarms that can overwhelm developers and reduce productivity.

The key to Astrée’s success lies in its ability to deliver 100% control and data coverage, meaning it analyzes every possible program path and data state. This comprehensive approach guarantees that if Astrée does not report an error, that error cannot occur at runtime—a property known as soundness.

Examples of Errors Detected by Astrée

Astrée excels at identifying critical error classes including, but not limited to:

• Out-of-bound array accesses: Prevents invalid memory access that could crash the system or corrupt data.
• Pointer misuse: Detects erroneous pointer dereferencing, including NULL pointers, uninitialized pointers, and dangling references.
• Division by zero: Flags integer and floating-point divisions that could cause undefined behavior.
• Arithmetic overflows: Identifies cases where integer or floating-point arithmetic exceeds the representable range.
• Uninitialized variable reads: Finds variables that may be read before being properly initialized.
• User-specified assertion violations: Checks if assertions written in the code may be violated.
• Data races between concurrent threads: Detects unsynchronized access to shared data, a major source of subtle bugs in multi-threaded software.
• Locking inconsistencies: Flags inconsistent use of synchronization primitives that can cause deadlocks or race conditions.

Additionally, Astrée detects security-related issues by reporting violations of MISRA guidelines, CERT-C standards, and CWE rules. It also identifies non-terminating loops, unreachable code, and potentially dangerous accesses to shared variables.

Core Features of Astrée

• Soundness and Completeness: Astrée proves the absence of runtime errors when it does not report any issues, providing strong guarantees required in safety-critical certification.
• High Precision with Low False Alarms: Its advanced analysis engine carefully balances precision and scalability, resulting in very low false alarm rates and efficient validation.
• Scalability: Astrée has been successfully applied to industrial avionics projects exceeding 500,000 lines of code (KLOC), performing thorough analysis within a few hours on standard PC hardware, with zero false alarms.
• Floating-Point Support: Astrée incorporates precise modeling of floating-point arithmetic, including rounding errors, which is critical for control software in aerospace and automotive domains.
• Customizable Precision: Developers can tune the analysis precision to the characteristics of their software, safely eliminating any remaining false alarms.
• Interactive Exploration: Users can interactively investigate analysis results, improving understanding of potential issues and verification coverage.
• Qualification Support Kit: Astrée includes a support kit to facilitate automatic tool qualification, easing compliance with standards up to the highest criticality levels such as DO-178C DAL A.
• OS and Platform Awareness: It automatically integrates with operating system configurations like ARINC653, OSEK, and AUTOSAR, reflecting the true runtime environment in the analysis.
• Seamless Integration with dSPACE TargetLink: Dedicated domains ensure that Astrée can analyze code generated by TargetLink with unmatched precision, supporting the entire embedded software development workflow.

Why Choose Astrée?

For industries where safety, reliability, and certification are non-negotiable, Astrée provides a mathematically rigorous and practical tool that enhances software assurance. Its ability to detect subtle and complex errors before software deployment reduces costly failures and rework, saving time and resources.

With Astrée, companies in aerospace, automotive, nuclear, and other high-assurance sectors gain a trusted partner for software verification that aligns with industry standards and certification processes.

Conclusion

Astrée by AbsInt represents a breakthrough in static analysis technology for safety-critical embedded systems. Combining sound theoretical foundations with industrial-scale performance and usability, it enables developers and verification engineers to prove the absence of runtime errors and data races with unmatched confidence. Its wide adoption across multiple industries underscores its value as a cornerstone of modern software safety assurance.