ABSTRACT
We present a framework for generating procedure summaries that are (a) precise - applying the summary in a given context yields the same result as re-analyzing the procedure in that context, and(b) concise - the summary exploits the commonalitiesin the ways the procedure manipulates abstract values, and does not contain superfluous context information.
The use of a precise and concise procedure summary inmodular analyses provides a way to capture infinitely many possible contexts in a finite way; in interprocedural analyses, it provides a compact representation of an explicit input-output summary table without loss of precision.
We define a class of abstract domains and transformers for which precise and concise summaries can be efficiently generated using our framework. Our framework is rich enough to encode a wide range of problems, including all IFDS and IDE problems. In addition, we show how the framework is instantiated to provide novel solutions to two hard problems: modular linear constant propagation and modular typestate verification, both in the presence of aliasing. We implemented a prototype of our framework that computes summaries for the typestate domain, and report on preliminary experimental results.
- T. Ball, T.D. Millstein, and S.K. Rajamani. Polymorphic predicate abstraction. ACM Trans. Program. Lang. Syst., 27(2): 314--343, 2005. Google Scholar
Digital Library
- R. Chatterjee, B.G. Ryder, and W.A. Landi. Relevant context inference. In POPL, pages 133--146, 1999. Google Scholar
Digital Library
- B.-C. Cheng and W.-M.W. Hwu. Modular interprocedural pointer analysis using access paths: design, implementation, and evaluation. In PLDI, pages 57--69, 2000. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Modular static program analysis. In CC, pages 159--178, 2002. ISBN 3-540-43369-4. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximation of fixed points. In POPL, 1977. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Static determination of dynamic properties of recursive procedures. In E.J. Neuhold, editor, Formal Descriptions of Programming Concepts, (IFIP WG 2.2, St. Andrews, Canada, August 1977), pages 237--277. North-Holland, 1978.Google Scholar
- P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In POPL, pages 269--282, 1979. Google Scholar
Digital Library
- P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In POPL, pages 84--96, 1978. Google Scholar
Digital Library
- M. Das, S. Lerner, and M. Seigle. ESP: Path-sensitive program verification in polynomial time. In PLDI, pages 57--68, 2002. Google Scholar
Digital Library
- R. DeLine and M. Fähndrich. Adoption and focus: Practical linear types for imperative programming. In PDLI, pages 13--24, June 2002.Google Scholar
- R. DeLine and M. Fähndrich. Typestates for objects. In ECOOP, pages 465--490, 2004.Google Scholar
Cross Ref
- N. Dor, S. Adams, M. Das, and Z. Yang. Software validation via scalable path--sensitive value flow analysis. In ISSTA, 2004. URL http://doi.acm.org/10.1145/1007515. Google Scholar
Digital Library
- J. Field, D. Goyal, G. Ramalingam, and E. Yahav. Typestate verification: Abstraction techniques and complexity results. In SAS, pages 439--462, 2003. Google Scholar
Digital Library
- S. Fink, E. Yahav, N. Dor, G. Ramalingam, and E. Geay. Effective typestate verification in the presence of aliasing. In ISSTA, pages 133--144, 2006. Google Scholar
Digital Library
- J. S. Foster, T. Terauchi, and A. Aiken. Flow-sensitive type qualifiers. In PLDI, pages 1--12, 2002. Google Scholar
Digital Library
- Ganymed SSH-2 for java. http://www.ganymed.ethz.ch/ssh2/.Google Scholar
- S. Gulwani and A. Tiwari. Computing procedure summaries for interprocedural analysis. In ESOP, pages 253--267, 2007. Google Scholar
Digital Library
- R. Jhala and R. Majumdar. Interprocedural analysis of asynchronous programs. In POPL, pages 339--350, 2007. Google Scholar
Digital Library
- M. Müller-Olm and H. Seidl. Precise interprocedural analysis through linear algebra. In POPL, pages 330--341, 2004. Google Scholar
Digital Library
- G. Nelson and D.C. Oppen. Fast decision procedures based on congruence closure. J. ACM, 27(2):356--364, 1980. Google Scholar
Digital Library
- S. Qadeer and D. Wu. Kiss: keep it simple and sequential. In PLDI, pages 14--24, 2004. Google Scholar
Digital Library
- T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In POPL, pages 49--61, 1995. Google Scholar
Digital Library
- T. Reps, S. Schwoon, S. Jha, and D. Melski. Weighted pushdown systems and their application to interprocedural dataflow analysis. Sci. Comput. Program., 58(1-2):206--263, 2005. Google Scholar
Digital Library
- N. Rinetzky, M. Sagiv, and E. Yahav. Interprocedural shape analysis for cutpoint-free programs. In Proc. Static Analysis Symp., 2005. Google Scholar
Digital Library
- M. Sagiv, T. Reps, and S. Horwitz. Precise interprocedural dataflow analysis with applications to constant propagation. Theor. Comput. Sci., 167(1-2):131--170, 1996. ISSN 0304-3975. http://dx.doi.org/10.1016/0304-3975(96)00072-2. Google Scholar
Digital Library
- M. Sagiv, T.W. Reps, and S. Horwitz. Precise interprocedural dataflow analysis with applications to constant propagation. Theor. Comput. Sci., 167(1&2):131--170, 1996. Google Scholar
Digital Library
- A. Salcianu. Pointer Analysis for Java Programs: Novel Techniques and Applications. PhD thesis, Massachusetts Institute of Technology, Cambridge, Massachusetts, USA, 2006. Google Scholar
Digital Library
- M. Sharir and A. Pnueli. Two approaches to interprocedural data ow analysis. In S.S. Muchnick and N.D. Jones, editors, Program Flow Analysis: Theory and Applications, chapter 7, pages 189--234. Prentice-Hall, Englewood Cliffs, NJ, 1981.Google Scholar
- R.E. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Software Eng., 12(1):157--171, 1986. Google Scholar
Digital Library
- The Ashes suite. The ashes suite. http://www.sable.mcgill.ca/ashes/.Google Scholar
- J. Whaley and M. Rinard. Compositional pointer and escape analysis for java programs. In OOPSLA, pages 187--206, 1999. Google Scholar
Digital Library
- Y. Xie and A. Aiken. Scalable error detection using boolean satisfiability. In POPL, pages 351--363, 2005. Google Scholar
Digital Library
Index Terms
Generating precise and concise procedure summaries
Recommendations
Precise and compact modular procedure summaries for heap manipulating programs
PLDI '11We present a strictly bottom-up, summary-based, and precise heap analysis targeted for program verification that performs strong updates to heap locations at call sites. We first present a theory of heap decompositions that forms the basis of our ...
Generating precise and concise procedure summaries
POPL '08We present a framework for generating procedure summaries that are (a) precise - applying the summary in a given context yields the same result as re-analyzing the procedure in that context, and(b) concise - the summary exploits the commonalitiesin the ...
Precise flow-insensitive may-alias analysis is NP-hard
Determining aliases is one of the foundamental static analysis problems, in part because the precision with which this problem is solved can affect the precision of other analyses such as live variables, available expressions, and constant propagation. ...







Comments