Lifted (family-based) static analysis based on abstract interpretation is capable of analyzing all variants of a program family (or any other configurable software system), simultaneously, in a single run without generating any of the variants explicitly. The elements of the underlying lifted domain are tuples, which maintain one property per system variant. Still, explicit property enumeration in tuples, one by one for all variants, immediately yields combinatorial explosion. This is particularly apparent in the case of program families that, apart from Boolean features, contain also numerical features with large domains, thus giving rise to astronomical configuration spaces.

The key for an efficient lifted analysis is a proper handling of variability-specific constructs of the language (e.g., feature-based runtime tests and #if directives). In this work, we introduce new symbolic representations of the lifted domain that can efficiently analyze program families with numerical features. This makes sharing between property elements corresponding to different variants explicitly possible. In the first approach, elements of the new lifted domain are decision trees, in which decision nodes are labeled with linear constraints defined over numerical features and the leaf nodes belong to an existing single-program analysis domain. The lifted domain is parametric in the choice of the domains for representing linear constraints and leaf nodes. Furthermore, we propose another alternative approach for efficient lifted analysis. We encode a program family with numerical features as a family with only Boolean features, and then use a BDD lifted domain to analyze the resulting program family.

To illustrate the potential of our representations, we have implemented an experimental lifted static analyzer, called SPLNum²Analyzer, for inferring invariants of #if-annotated C programs. The tool implements all three approaches for lifted analysis based on abstract interpretation: tuple-based, decision tree-based, and BDD-based. It uses existing numerical abstract domains (e.g., intervals, octagons, polyhedra) from the APRON library as parameters. An empirical evaluation on benchmarks from SV-COMP and BusyBox yields promising results indicating that our tool can be successfully used for analyzing program families with very large configuration spaces.

基于抽象解释的提升（基于族）静态分析能够在单次运行中同时分析程序族（或任何其他可配置软件系统）的所有变体，而无需显式生成任何变体。底层提升域的元素是元组，每个系统变体维护一个属性。尽管如此，元组中的显式属性枚举，对所有变体一一列举，立即产生组合爆炸。这在程序族的情况下尤其明显，除了布尔特征外，还包含具有大域的数值特征，从而产生天文配置空间。

有效提升分析的关键是正确处理语言的特定于可变性的构造（例如，基于功能的运行时测试和#if指令）。在这项工作中，我们引入了提升域的新符号表示，可以有效地分析具有数值特征的程序族。这使得在对应于不同变体的属性元素之间共享明确成为可能。在第一种方法中，新提升域的元素是决策树，其中决策节点用在数值特征上定义的线性约束标记，叶节点属于现有的单程序分析域。提升域在用于表示线性约束和叶节点的域的选择中是参数化的。此外，我们提出了另一种有效提升分析的替代方法。我们将具有数值特征的程序族编码为仅具有布尔特征的族，然后使用 BDD 提升域来分析生成的程序族。

为了说明我们表示的潜力，我们实现了一个实验性提升静态分析器，称为SPLNum ² Analyzer，用于推断#if注释的 C 程序的不变量。该工具实现了所有三种基于抽象解释的提升分析方法：基于元组、基于决策树和基于 BDD。它使用来自APRON库的现有数字抽象域（例如，间隔、八边形、多面体）作为参数。对 SV-COMP 和 BusyBox 基准的实证评估产生了有希望的结果，表明我们的工具可以成功用于分析具有非常大配置空间的程序系列。