Abstract
This paper describes a compositional shape analysis, where each procedure is analyzed independently of its callers. The analysis uses an abstract domain based on a restricted fragment of separation logic, and assigns a collection of Hoare triples to each procedure; the triples provide an over-approximation of data structure usage. Compositionality brings its usual benefits -- increased potential to scale, ability to deal with unknown calling contexts, graceful way to deal with imprecision -- to shape analysis, for the first time.
The analysis rests on a generalized form of abduction (inference of explanatory hypotheses) which we call bi-abduction. Bi-abduction displays abduction as a kind of inverse to the frame problem: it jointly infers anti-frames (missing portions of state) and frames (portions of state not touched by an operation), and is the basis of a new interprocedural analysis algorithm. We have implemented our analysis algorithm and we report case studies on smaller programs to evaluate the quality of discovered specifications, and larger programs (e.g., an entire Linux distribution) to test scalability and graceful imprecision.
- P.A. Abdulla, A. Bouajjani, J. Cederberg, F. Haziza, A. Rezine: Monotonic Abstraction for Programs with Dynamic Memory Heaps. In CAV'08, pp. 341--354. Google Scholar
Digital Library
- A.Podelski, A.Rybalchenko, and T.Wies. Heap assumptions on demand. In CAV, 2008. Google Scholar
Digital Library
- I. Balaban, A. Pnueli, and L. D. Zuck. Shape analysis by predicate abstraction. In VMCAI'05, pp. 164--180. Google Scholar
Digital Library
- J. Berdine, C. Calcagno, B. Cook, D. Distefano, P. O'Hearn, T. Wies, and H. Yang. Shape analysis of composite data structures. In CAV'07. Google Scholar
Digital Library
- J. Berdine, C. Calcagno, and P. O'Hearn. Symbolic execution with separation logic. In APLAS'05, pp. 52--68. Google Scholar
Digital Library
- A. Bouajjani, P. Habermehl, A. Rogalewicz, and T. Vojnar. Abstract tree regular model checking of complex dynamic data structures. In SAS'06, pp. 52--70. Google Scholar
Digital Library
- C. Calcagno, D. Distefano, P. O'Hearn, and H. Yang. Footprint analysis: A shape analysis that discovers preconditions. In SAS'07. Google Scholar
Digital Library
- B. Chang and X. Rival. Relational inductive shape analysis. In POPL'08, pp. 247--260. Google Scholar
Digital Library
- B. Chang, X. Rival, and G. Necula. Shape analysis with structural invariant checkers. In SAS'07, pp. 384--401. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Compositional separate modular static analysis of programs by abstract interpretation. In SSGRR'01.% In Proceedings of SSGRR, Compact disk, L'Aquila, Italy, 2001.Google Scholar
- D. Distefano, P. O'Hearn, and H. Yang. A local shape analysis based on separation logic. In TACAS'06, pp. 287--302. Google Scholar
Digital Library
- D. Distefano and M. Parkinson. jStar: Towards Practical Verification for Java. In OOPSLA'08, pp. 213--226. Google Scholar
Digital Library
- N. Dor, M. Rodeh, and M. Sagiv. CSSV: Towards a realistic tool for statically detecting all buffer overflows in C. In PLDI'03, pp. 155--167. Google Scholar
Digital Library
- R. Ghiya and . Hendren. Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C. In POPL'96, pp. 1--15. Google Scholar
Digital Library
- R. Giacobazzi. Abductive analysis of modular logic programs. In SLP'94, pp. 377--392. Google Scholar
Digital Library
- D. Gopan and T. Reps. Low-level library analysis and summarization. In CAV'07, pp. 68--81. Google Scholar
Digital Library
- A. Gotsman, J. Berdine, and B. Cook. Interprocedural shape analysis with separated heap abstractions. In SAS'06, pp. 240--260. Google Scholar
Digital Library
- A. Gotsman, J. Berdine, B. Cook, and M. Sagiv. Thread--modular shape analysis In PLDI'07, pp. 266--277. Google Scholar
Digital Library
- S. Gulwani, B. McCloskey, and A. Tiwari. Lifting Abstract Interpreters to Quantified Logical Domains. In POPL'08, pp. 235--246. Google Scholar
Digital Library
- S. Gulwani and A. Tiwari. Computing procedure summaries for interprocedural analysis. In ESOP'07, pp. 253--267. Google Scholar
Digital Library
- B. Guo, N. Vachharajani, and D. August. Shape analysis with inductive recursion synthesis. In PLDI'07, pp. 256--265. Google Scholar
Digital Library
- B. Hackett and R. Rugina. Region-based shape analysis with tracked locations. In POPL'05, pp. 310--323. Google Scholar
Digital Library
- H.Yang, O.Lee, J.Berdine, C.Calcagno, B.Cook, D.Distefano, and P.O'Hearn. Scalable shape analysis for systems code. In CAV'08. Google Scholar
Digital Library
- A. C. Kakas, R. A. Kowalski, and F. Toni. Abductive logic programming. J. of Logic and Computation, 2(6):719--770, 1992.Google Scholar
Cross Ref
- V. Kuncak, P. Lam, and M. Rinard. Role analysis. In POPL'02. Google Scholar
Digital Library
- T. Lev--Ami, N. Immerman, and M. Sagiv. Abstraction for shape analysis with fast and precise transfomers. In CAV'06, pp. 547--561. Google Scholar
Digital Library
- T. Lev--Ami, M. Sagiv, T. Reps, and S. Gulwani:. Backward analysis for inferring quantified preconditions. Tel Aviv University Tech Report TR-2007-12-01, 2007.Google Scholar
- S. Magill, J. Berdine, E. Clarke, and B. Cook. Arithmetic Strengthening for Shape Analysis. In SAS'07, pp. 419--436.Google Scholar
- R. Manevich, J. Berdine, B. Cook, G. Ramalingam, and M. Sagiv. Shape analysis by graph decomposition. In TACAS'07, pp. 3--18. Google Scholar
Digital Library
- M. Marron, M. Hermenegildo, D. Kapur, and D. Stefanovic. Efficient context-sensitive shape analysis with graph based heap models. In CC'08, pp. 245--259. Google Scholar
Digital Library
- Y. Moy. Sufficient preconditions for modular assertion checking. In VMCAI'08, pp. 188--202. Google Scholar
Digital Library
- H. Nguyen, C. David, S. Qin, and W.-N. Chin. Automated verification of shape and size propertiesvia separation logic. In VMCAI'07. Google Scholar
Digital Library
- E. Nystrom, H. Kim, and W. Hwu. Bottom-up and top-down context-sensitive summary-based pointer analysis. SAS'04, pp. 165--180.Google Scholar
- P. O'Hearn, J. Reynolds, and H. Yang. Local reasoning about programs that alter data structures. In CSL'01, pp. 1--19. Google Scholar
Digital Library
- P. O'Hearn, H. Yang and J. Reynolds. Separation and information hiding. In POPL'04, pp. 268--280. Google Scholar
Digital Library
- C. Peirce. Collected papers of Charles Sanders Peirce. Harvard University Press., 1958.Google Scholar
- A. Podelski and T. Wies. Boolean heaps. In SAS'05, pp. 268--283. Google Scholar
Digital Library
- A.Podelski, A.Rybalchenko, and T.Wies. Heap assumptions on demand. In CAV'08, pp. 314--327. Google Scholar
Digital Library
- T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In POPL'95, pp. 49--61. Google Scholar
Digital Library
- J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In LICS'02, pp. 55--74. Google Scholar
Digital Library
- N. Rinetzky, J. Bauer, T. Reps, M. Sagiv, and R. Wilhelm. A semantics for procedure local heaps and its abstractions. In POPL'05. Google Scholar
Digital Library
- N. Rinetzky, M. Sagiv, and E. Yahav. Interprocedural shape analysis for cutpoint-free programs. In SAS'05, pp. 284--302. Google Scholar
Digital Library
- M. Sagiv, T. Reps, R. Wilhelm. Solving shape-analysis problems in languages with destructive updating. ACM TOPLAS, 20(1):1--50,1998. Google Scholar
Digital Library
- M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In S. Muchnick and J. Jones, editors, Program Flow Analysis: Theory and Applications. Prentice-Hall, 1981. Google Scholar
Digital Library
- J. Whaley and M. Rinard. Compositional pointer and escape analysis for Java. In OOPSLA'06, pp. 187--206.\endthebibliography Google Scholar
Digital Library
Index Terms
Compositional shape analysis by means of bi-abduction
Recommendations
Compositional Shape Analysis by Means of Bi-Abduction
The accurate and efficient treatment of mutable data structures is one of the outstanding problem areas in automatic program verification and analysis. Shape analysis is a form of program analysis that attempts to infer descriptions of the data ...
Compositional shape analysis by means of bi-abduction
POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesThis paper describes a compositional shape analysis, where each procedure is analyzed independently of its callers. The analysis uses an abstract domain based on a restricted fragment of separation logic, and assigns a collection of Hoare triples to ...
Interprocedural pointer alias analysis
We present practical approximation methods for computing and representing interprocedural aliases for a program written in a language that includes pointers, reference parameters, and recursion. We present the following contributions: (1) a framework ...







Comments