skip to main content
10.1145/1250734.1250764acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
Article

Shape analysis with inductive recursion synthesis

Published:10 June 2007Publication History

ABSTRACT

Separation logic with recursively defined predicates allows for concise yet precise description of the shapes of data structures. However, most uses of separation logic for program analysis rely on pre-defined recursive predicates, limiting the class of programs analyzable to those that manipulate only a priori data structures. This paper describes a general algorithm based on inductive program synthesis that automatically infers recursive shape invariants, yielding a shape analysis based on separation logic that can be applied to any program.

A key strength of separation logic is that it facilitates, via explicit expression of structural separation, local reasoning about heap where the effects of altering one part of a data structure are analyzed in isolation from the rest. The interaction between local reasoning and the global invariants given by recursive predicates is a difficult area, especially in the presence of complex internal sharing in the data structures. Existing approaches, using logic rules specifically designed for the list predicate to unfold and fold linked-lists, again require a priori knowledge about the shapes of the data structures and do not easily generalize to more complex data structures. We introduce a notion of "truncation points" in a recursive predicate, which gives rise to generic algorithms for unfolding and folding arbitrary data structures.

References

  1. D. R. Chase, M. Wegman, and F. K. Zadeck, "Analysis of pointers and structures," in Proceedings of the ACM SIGPLAN '90 Conference on Programming Language Design and Implementation, pp. 296--310, June 1990. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. N. D. Jones and S. S. Muchnick, "Flow analysis and optimization of Lisp-like structures," in Program Flow Analysis: Theory and Applications (S. S. Muchnick and N. D. Jones, eds.), pp. 102--131, Englewood Cliffs, NJ: Prentice-Hall, 1981.Google ScholarGoogle Scholar
  3. J. Reynolds, "Separation logic: A logic for shared mutable data structures," in Proceedings of the 7th Annual IEEE Symposium on Logic in Computer Science, July 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. D. Distefano, P. W. O'Hearn, and H. Yang, "A local shape analysis based on separation logic," in Lecture Notes in Computer Science, vol. 3920, pp. 287--302, Springer-Verlag, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. S. Magill, A. Nanevski, E. Clarke, and P. Lee, "Inferring invariants in separation logic for imperative list-processing programs," in Workshop on Semantics, Program Analysis, and Computing Environments for Memory Management (SPACE), January 2006.Google ScholarGoogle Scholar
  6. O. Lee, H. Yang, and K. Yi, "Automatic verification of pointer programs using grammar-based shape analysis," in Prceedings of the 2005 European Symposium on Programming (ESOP), 2005.Google ScholarGoogle Scholar
  7. P. Summers, "A methodology for Lisp program construction from examples," Journal ACM, vol. 24(1), pp. 162--175, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. U. Schmid, Inductive synthesis of functional programs. Berlin, Germany: Springer-Verlag, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. A. Møller and Schwartzbach, "The pointer assertion logic engine," in Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation, pp. 221--231, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. A. Gotsman, J. Berdine, and B. Cook, "Interprocedural shape analysis with separated heap abstractions," in Proceedings of the 13th International Static Analysis Symposium (SAS), August 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. N. Rinetzky, J., Bauer, T. Reps, M. Sagiv, and R. Wilhelm, "A semantics for procedure local heaps and its abstractions," in Proceedings of the 32nd ACM Symposium on Principles of Programming Languages, pp. 296--309, January 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. B. Guo, M. J. Bridges, S. Triantafyllis, G. Ottoni, E. Raman, and D. I. August, "Practical and accurate low-level pointer analysis," in Proceedings of the 3rd International Symposium on Code Generation and Optimization, March 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. Berdine, C. Calcagno, and P. W. O'Hearn, "Symbolic execution with separation logic," in Lecture Notes in Computer Science, vol. 3780, pp. 52--68, Springer-Verlag, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. P. W. O'Hearn, H. Yang, and J. Reynolds, "Separation and information hiding," in Proceedings of the 31st ACM symposium on Principles of Programming Languages, pp. 268--280, January 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. J. Berdine, C. Calcagno, and P. W. O'Hearn, "A decidable fragment of separation logic," in Lecture Notes in Computer Science, vol. 3328, pp. 97--109, Springer-Verlag, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. G. Tan and A. W. Appel, "A compositional logic for control flow," in Lecture Notes in Computer Science, vol. 3855, pp. 80--94, Springer-Verlag, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. B. Steensgaard, "Points-to analysis by type inference in programs with structures and unions," in Lecture Notes in Computer Science, 1060, pp. 136--150, Springer-Verlag, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. N. Rinetzky, M. Sagiv, and E. Yahav, "Interprocedural shape analysis for cutpoint-free programs," Tech. Rep. 26, Tel Aviv University, November 2004.Google ScholarGoogle Scholar
  19. C. Calcagno, D. Distefano, P. W. O'Hearn, and H. Yang, "Beyong reachability: Shape abstraction in the presence of pointer arithmeetic," in Lecture Notes in Computer Science, vol. 4134, pp. 182--203, Springer-Verlag, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. A. Loginov, T. Reps, and M. Sagiv, "Abstraction refinement via inductive learning," in Proceedings of the 17th International Conference on Computer Aided Verification, pp. 519--533, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Shape analysis with inductive recursion synthesis

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!