skip to main content
research-article
Free Access

A relational approach to interprocedural shape analysis

Published:08 February 2010Publication History
Skip Abstract Section

Abstract

This article addresses the verification of properties of imperative programs with recursive procedure calls, heap-allocated storage, and destructive updating of pointer-valued fields, that is, interprocedural shape analysis. The article makes three contributions.

— It introduces a new method for abstracting relations over memory configurations for use in abstract interpretation.

— It shows how this method furnishes the elements needed for a compositional approach to shape analysis. In particular, abstracted relations are used to represent the shape transformation performed by a sequence of operations, and an overapproximation to relational composition can be performed using the meet operation of the domain of abstracted relations.

— It applies these ideas in a new algorithm for context-sensitive interprocedural shape analysis. The algorithm creates procedure summaries using abstracted relations over memory configurations, and the meet-based composition operation provides a way to apply the summary transformer for a procedure P at each call site from which P is called.

The algorithm has been applied successfully to establish properties of both (i) recursive programs that manipulate lists and (ii) recursive programs that manipulate binary trees.

References

  1. Arnold, G. 2006. Specialized 3-valued logic shape analysis using structure-based refinement and loose embedding. In Proceedings of the Static Analysis Symposium (SAS'06). Lecture Notes in Computer Science, vol. 4134, Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Arnold, G., Manevich, R., Sagiv, M., and Shaham, R. 2006. Combining shape analyses by intersecting abstractions. In Proceedings of the International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'06). Lecture Notes in Computer Science, vol. 3855, Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Ball, T. and Rajamani, S. 2001. Bebop: A path-sensitive interprocedural dataflow engine. Prog. Anal. Softw. Tools Engin, 97--103. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Berdine, J., Calcagno, C., and O'Hearn, P. W. 2005. Smallfoot: Modular automatic assertion checking with separation logic. In Proceedings of the Symposium on Formal Methods for Components and Objects (FMCO'05). Lecture Notes in Computer Science, vol. 4111, Springer, 115--137. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Bogudlov, I., Lev-Ami, T., Reps, T., and Sagiv, M. 2007a. Revamping TVLA: Making parametric shape analysis competitive. Tech. rep. TR-2007--01-01, Tel-Aviv University, Tel-Aviv, Israel.Google ScholarGoogle Scholar
  6. Bogudlov, I., Lev-Ami, T., Reps, T., and Sagiv, M. 2007b. Revamping TVLA: Making parametric shape analysis competitive (tool paper). In Proceedings of the International Conference on Computer Aided Verification. Lecture Notes in Computer Science, vol. 4590, Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Bouajjani, A., Esparza, J., and Maler, O. 1997. Reachability analysis of pushdown automata: Application to model checking. In Proceedings of the International Conference on Concurrency Theory (CONCUR'97). Lecture Notes in Computer Science, vol. 1243, Springer, 135--150. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Bouajjani, A., Esparza, J., and Touili, T. 2003. A generic approach to the static analysis of concurrent programs with procedures. In Principles of Programming Languange, ACM Press, New York, 62--73. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Clarke, Jr., E., Grumberg, O., and Peled, D. 1999. Model Checking. The MIT Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Cousot, P. and Cousot, R. 1977. Static determination of dynamic properties of recursive procedures. In Formal Descriptions of Programming Concepts, E. Neuhold, Ed. North-Holland, 237--277.Google ScholarGoogle Scholar
  11. Cousot, P. and Halbwachs, N. 1978. Automatic discovery of linear constraints among variables of a program. In Principles of Programming Language, ACM Press, New York, 84--96. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Finkel, A., B. Willems, and Wolper, P. 1997. A direct symbolic approach to model checking pushdown systems. Electron. Notes Theor. Comput. Sci. 9.Google ScholarGoogle Scholar
  13. Gopan, D., DiMaio, F., N.Dor, Reps, T., and Sagiv, M. 2004. Numeric domains with summarized dimensions. In Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science, vol. 2988, Springer, 512--529.Google ScholarGoogle ScholarCross RefCross Ref
  14. Gotsman, A., Berdine, J., and Cook, B. 2006. Interprocedural shape analysis with separated heap abstractions. In Proceedings of the Static Analysis Symposium (SAS'06). Lecture Notes in Computer Science, vol. 4134, Springer, 240--260. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Gries, D. 1981. The Science of Programming. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Jeannet, B., Loginov, A., Reps, T., and Sagiv, M. 2004. A relational approach to interprocedural shape analysis. In Proceedings of the Static Analysis Symposium (SAS'04). Lecture Notes in Computer Science, vol. 3148, Springer.Google ScholarGoogle Scholar
  17. Jeannet, B. and Serwe, W. 2004. Abstracting call-stacks for interprocedural verification of imperative programs. In Proceedings of the Workshop on Algebraic Methodology and Software Technology (AMAST'04). Lecture Notes in Computer Science, vol. 3116, Springer.Google ScholarGoogle Scholar
  18. Knoop, J. and Steffen, B. 1992. The interprocedural coincidence theorem. In Computing Construction. Lecture Notes in Computer Science, vol. 641, Springer, 125--140. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Lahiri, S. K. and Qadeer, S. 2008. Back to the future: Revisiting precise program verification using smt solvers. In Principles of Programming Language. ACM Press, New York. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Lev-Ami, T., Reps, T., Sagiv, M., and Wilhelm, R. 2000. Putting static analysis to work for verification: A case study. In Proceedings of the International Symposium on Software Testing and Analysis. 26--38. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Lev-Ami, T. and Sagiv, M. 2000. TVLA: A system for implementing static analyses. In Proceedings of the Static Analysis Symposium (SAS'00). Lecture Notes in Computer Science, vol. 1824, Springer, 280--301. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Loginov, A. 2006. Refinement-based program verification via three-valued-logic analysis. Ph.D. thesis, Tech. rep. 1574. Computer Science Department, University of Wisconsin, Madison, WI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Loginov, A., Reps, T., and Sagiv, M. 2005. Abstraction refinement via inductive learning. In Proceedings of the International Conference on Computer Aided Verification. Lecture Notes in Computer Science, vol. 3576, Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Manna, Z. and Pnueli, A. 1995. Temporal Verification of Reactive Systems: Safety, Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Marron, M., Hermenegildo, M. V., Kapur, D., and Stefanovic, D. 2008. Efficient context-sensitive shape analysis with graph based heap models. In Computer Construction. Lecture Notes in Computer Science, vol. 4959, Springer, 245--259. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Miné, A. 2006. The octagon abstract domain. Higher-Order Symb. Comput. 19, 1, 31--100. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Møller, A. and Schwartzbach, M. I. 2001. The pointer assertion logic engine. In Programming Language Design and Implementation. 221--231. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Reps, T., Horwitz, S., and Sagiv, M. 1995. Precise interprocedural dataflow analysis via graph reachability. In Principles of Programming Language. ACM Press, New York, 49--61. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Reps, T., Sagiv, M., and Loginov, A. 2003. Finite differencing of logical formulas for static analysis. In Proceedings of the European Symposium on Programming. Lecture Notes in Computer Science, vol. 2618, 380--398. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Reps, T., Schwoon, S., Jha, S., and Melski, D. 2005. Weighted pushdown systems and their application to interprocedural dataflow analysis. Sci. Comput. Program. 58, 1--2, 206--263. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Rinetzky, N., Bauer, J., Reps, T., Sagiv, M., and Wilhelm, R. 2005a. A semantics for procedure local heaps and its abstraction. In Proceedings of the 32nd ACM SIGPLAN -- SIGACT Symposium on Principles of Programming Languages (POPL'05). Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Rinetzky, N. and Sagiv, M. 2001. Interprocedural shape analysis for recursive programs. In Computer Construction. Lecture Notes in Computer Science, vol. 2027, Springer, 133--149. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Rinetzky, N., Sagiv, M., and Yahav, E. 2005b. Interprocedural shape analysis for cutpoint-free programs. In Proceedings of the Static Analysis Symposium (SAS'05). Lecture Notes in Computer Science, vol. 3672, Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Sagiv, M., Reps, T., and Horwitz, S. 1996. Precise interprocedural dataflow analysis with applications to constant propagation. Theor. Comput. Sci. 167, 131--170. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Sagiv, M., Reps, T., and Wilhelm, R. 2002. Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24, 3, 217--298. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Schwoon, S. 2002. Model-checking pushdown systems. Ph.D. thesis, Technical University of Munich, Munich, Germany.Google ScholarGoogle Scholar
  37. Sharir, M. and Pnueli, A. 1981. Two approaches to interprocedural data flow analysis. In Program Flow Analysis: Theory and Applications, S. Muchnick and N. Jones, Eds. Prentice-Hall, Englewood Cliffs, NJ. Chapter 7, 189--234.Google ScholarGoogle Scholar
  38. Yorsh, G., Reps, T., and Sagiv, M. 2004. Symbolically computing most-precise abstract operations for shape analysis. In Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science, vol. 2988, Springer, 530--545.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. A relational approach to interprocedural shape analysis

                              Recommendations

                              Comments

                              Login options

                              Check if you have access through your login credentials or your institution to get full access on this article.

                              Sign in

                              Full Access

                              PDF Format

                              View or Download as a PDF file.

                              PDF

                              eReader

                              View online with eReader.

                              eReader
                              About Cookies On This Site

                              We use cookies to ensure that we give you the best experience on our website.

                              Learn more

                              Got it!