skip to main content
research-article

Compositional shape analysis by means of bi-abduction

Authors Info & Claims
Published:21 January 2009Publication History
Skip Abstract Section

Abstract

This paper describes a compositional shape analysis, where each procedure is analyzed independently of its callers. The analysis uses an abstract domain based on a restricted fragment of separation logic, and assigns a collection of Hoare triples to each procedure; the triples provide an over-approximation of data structure usage. Compositionality brings its usual benefits -- increased potential to scale, ability to deal with unknown calling contexts, graceful way to deal with imprecision -- to shape analysis, for the first time.

The analysis rests on a generalized form of abduction (inference of explanatory hypotheses) which we call bi-abduction. Bi-abduction displays abduction as a kind of inverse to the frame problem: it jointly infers anti-frames (missing portions of state) and frames (portions of state not touched by an operation), and is the basis of a new interprocedural analysis algorithm. We have implemented our analysis algorithm and we report case studies on smaller programs to evaluate the quality of discovered specifications, and larger programs (e.g., an entire Linux distribution) to test scalability and graceful imprecision.

References

  1. P.A. Abdulla, A. Bouajjani, J. Cederberg, F. Haziza, A. Rezine: Monotonic Abstraction for Programs with Dynamic Memory Heaps. In CAV'08, pp. 341--354. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. A.Podelski, A.Rybalchenko, and T.Wies. Heap assumptions on demand. In CAV, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. I. Balaban, A. Pnueli, and L. D. Zuck. Shape analysis by predicate abstraction. In VMCAI'05, pp. 164--180. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. J. Berdine, C. Calcagno, B. Cook, D. Distefano, P. O'Hearn, T. Wies, and H. Yang. Shape analysis of composite data structures. In CAV'07. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. J. Berdine, C. Calcagno, and P. O'Hearn. Symbolic execution with separation logic. In APLAS'05, pp. 52--68. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. A. Bouajjani, P. Habermehl, A. Rogalewicz, and T. Vojnar. Abstract tree regular model checking of complex dynamic data structures. In SAS'06, pp. 52--70. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. C. Calcagno, D. Distefano, P. O'Hearn, and H. Yang. Footprint analysis: A shape analysis that discovers preconditions. In SAS'07. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. B. Chang and X. Rival. Relational inductive shape analysis. In POPL'08, pp. 247--260. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. B. Chang, X. Rival, and G. Necula. Shape analysis with structural invariant checkers. In SAS'07, pp. 384--401. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. P. Cousot and R. Cousot. Compositional separate modular static analysis of programs by abstract interpretation. In SSGRR'01.% In Proceedings of SSGRR, Compact disk, L'Aquila, Italy, 2001.Google ScholarGoogle Scholar
  11. D. Distefano, P. O'Hearn, and H. Yang. A local shape analysis based on separation logic. In TACAS'06, pp. 287--302. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. D. Distefano and M. Parkinson. jStar: Towards Practical Verification for Java. In OOPSLA'08, pp. 213--226. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. N. Dor, M. Rodeh, and M. Sagiv. CSSV: Towards a realistic tool for statically detecting all buffer overflows in C. In PLDI'03, pp. 155--167. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. R. Ghiya and . Hendren. Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C. In POPL'96, pp. 1--15. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. R. Giacobazzi. Abductive analysis of modular logic programs. In SLP'94, pp. 377--392. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. D. Gopan and T. Reps. Low-level library analysis and summarization. In CAV'07, pp. 68--81. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. A. Gotsman, J. Berdine, and B. Cook. Interprocedural shape analysis with separated heap abstractions. In SAS'06, pp. 240--260. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. A. Gotsman, J. Berdine, B. Cook, and M. Sagiv. Thread--modular shape analysis In PLDI'07, pp. 266--277. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. S. Gulwani, B. McCloskey, and A. Tiwari. Lifting Abstract Interpreters to Quantified Logical Domains. In POPL'08, pp. 235--246. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. S. Gulwani and A. Tiwari. Computing procedure summaries for interprocedural analysis. In ESOP'07, pp. 253--267. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. B. Guo, N. Vachharajani, and D. August. Shape analysis with inductive recursion synthesis. In PLDI'07, pp. 256--265. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. B. Hackett and R. Rugina. Region-based shape analysis with tracked locations. In POPL'05, pp. 310--323. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. H.Yang, O.Lee, J.Berdine, C.Calcagno, B.Cook, D.Distefano, and P.O'Hearn. Scalable shape analysis for systems code. In CAV'08. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. A. C. Kakas, R. A. Kowalski, and F. Toni. Abductive logic programming. J. of Logic and Computation, 2(6):719--770, 1992.Google ScholarGoogle ScholarCross RefCross Ref
  25. V. Kuncak, P. Lam, and M. Rinard. Role analysis. In POPL'02. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. T. Lev--Ami, N. Immerman, and M. Sagiv. Abstraction for shape analysis with fast and precise transfomers. In CAV'06, pp. 547--561. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. T. Lev--Ami, M. Sagiv, T. Reps, and S. Gulwani:. Backward analysis for inferring quantified preconditions. Tel Aviv University Tech Report TR-2007-12-01, 2007.Google ScholarGoogle Scholar
  28. S. Magill, J. Berdine, E. Clarke, and B. Cook. Arithmetic Strengthening for Shape Analysis. In SAS'07, pp. 419--436.Google ScholarGoogle Scholar
  29. R. Manevich, J. Berdine, B. Cook, G. Ramalingam, and M. Sagiv. Shape analysis by graph decomposition. In TACAS'07, pp. 3--18. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. M. Marron, M. Hermenegildo, D. Kapur, and D. Stefanovic. Efficient context-sensitive shape analysis with graph based heap models. In CC'08, pp. 245--259. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Y. Moy. Sufficient preconditions for modular assertion checking. In VMCAI'08, pp. 188--202. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. H. Nguyen, C. David, S. Qin, and W.-N. Chin. Automated verification of shape and size propertiesvia separation logic. In VMCAI'07. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. E. Nystrom, H. Kim, and W. Hwu. Bottom-up and top-down context-sensitive summary-based pointer analysis. SAS'04, pp. 165--180.Google ScholarGoogle Scholar
  34. P. O'Hearn, J. Reynolds, and H. Yang. Local reasoning about programs that alter data structures. In CSL'01, pp. 1--19. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. P. O'Hearn, H. Yang and J. Reynolds. Separation and information hiding. In POPL'04, pp. 268--280. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. C. Peirce. Collected papers of Charles Sanders Peirce. Harvard University Press., 1958.Google ScholarGoogle Scholar
  37. A. Podelski and T. Wies. Boolean heaps. In SAS'05, pp. 268--283. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. A.Podelski, A.Rybalchenko, and T.Wies. Heap assumptions on demand. In CAV'08, pp. 314--327. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In POPL'95, pp. 49--61. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In LICS'02, pp. 55--74. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. N. Rinetzky, J. Bauer, T. Reps, M. Sagiv, and R. Wilhelm. A semantics for procedure local heaps and its abstractions. In POPL'05. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. N. Rinetzky, M. Sagiv, and E. Yahav. Interprocedural shape analysis for cutpoint-free programs. In SAS'05, pp. 284--302. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. M. Sagiv, T. Reps, R. Wilhelm. Solving shape-analysis problems in languages with destructive updating. ACM TOPLAS, 20(1):1--50,1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In S. Muchnick and J. Jones, editors, Program Flow Analysis: Theory and Applications. Prentice-Hall, 1981. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. J. Whaley and M. Rinard. Compositional pointer and escape analysis for Java. In OOPSLA'06, pp. 187--206.\endthebibliography Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Compositional shape analysis by means of bi-abduction

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              • Published in

                cover image ACM SIGPLAN Notices
                ACM SIGPLAN Notices  Volume 44, Issue 1
                POPL '09
                January 2009
                453 pages
                ISSN:0362-1340
                EISSN:1558-1160
                DOI:10.1145/1594834
                Issue’s Table of Contents
                • cover image ACM Conferences
                  POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
                  January 2009
                  464 pages
                  ISBN:9781605583792
                  DOI:10.1145/1480881

                Copyright © 2009 ACM

                Publisher

                Association for Computing Machinery

                New York, NY, United States

                Publication History

                • Published: 21 January 2009

                Check for updates

                Qualifiers

                • research-article

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!