d Abstract) Bruno Blanchet∗ § Patrick Cousot§ Radhia Cousot∗¶ J´erˆome Feret§ Laurent Mauborgne§ Antoine Min´e§ David Monniaux∗§ Xavier Rival§ that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement of a general purpose static analyzer and later adaptation to particular programs of the family by the end-user through parametrization. This is applied to the proof of soundness of data manipulation operations at the machine level for periodic synchronous safety critical embedded software. The main novelties are the design principle of static analyzers by refinement and adaptation through parametrization (Sect. 3 and 7), the symbolic manipulation of expresimprove the precision of abstract transfer functions (Sect. 6.3), the octagon (Sect. 6.2.2), ellipsoid (Sect. 6.2.3), sion tree (Sect. 6.2.4) abs...