Abstract
This article concerns mechanisms for maintaining the value of an instrumentation relation (also known as a derived relation or view), defined via a logical formula over core relations, in response to changes in the values of the core relations. It presents an algorithm for transforming the instrumentation relation's defining formula into a relation-maintenance formula that captures what the instrumentation relation's new value should be. The algorithm runs in time linear in the size of the defining formula.
The technique applies to program analysis problems in which the semantics of statements is expressed using logical formulas that describe changes to core relation values. It provides a way to obtain values of the instrumentation relations that reflect the changes in core relation values produced by executing a given statement.
We present experimental evidence that our technique is an effective one: for a variety of benchmarks, the relation-maintenance formulas produced automatically using our approach yield the same precision as the best available hand-crafted ones.
Supplemental Material
Available for Download
Online appendix to finite differencing of logical formulas for static analysis on article 24.
- Akers, Jr., S. 1959. On a theory of Boolean functions. J. Soc. Indust. Appl. Math. 7, 4, 487--498.Google Scholar
Cross Ref
- Ball, T., Majumdar, R., Millstein, T., and Rajamani, S. 2001. Automatic predicate abstraction of C programs. In Proceedings of the Conference on Programming Language Design and Implementation. 203--213. Google Scholar
Digital Library
- Ball, T. and Rajamani, S. 2001. Automatically validating temporal safety properties of interfaces. In Proceedings of the SPIN Workshop. 103--122. Google Scholar
Digital Library
- Berdine, J., Calcagno, C., Cook, B., Distefano, D., O'Hearn, P., Wies, T., and Yang, H. 2007. Shape analysis for composite data structures. In Proceedings of the Conference on Computer-Aided Verification. 178--192. Google Scholar
Digital Library
- Boerger, E. and Staerk, R. 2003. Abstract State Machines: A Method for High-Level System Design and Analysis. Springer. Google Scholar
Digital Library
- Bogudlov, I., Lev-Ami, T., Reps, T., and Sagiv, M. 2007a. Revamping TVLA: Making parametric shape analysis competitive. Tech. rep. TR-2007-01-01, Tel-Aviv University, Tel-Aviv, Israel.Google Scholar
- Bogudlov, I., Lev-Ami, T., Reps, T., and Sagiv, M. 2007b. Revamping TVLA: Making parametric shape analysis competitive (tool paper). In Proceedings of the Conference on Computer-Aided Verification. 221--225. Google Scholar
Digital Library
- Chaki, S., Clarke, E., Groce, A., Jha, S., and Veith, H. 2003. Modular verification of software components in C. In Proceedings of the International Conference on Software Engineering. 385--395. Google Scholar
Digital Library
- Clarke, E., Grumberg, O., Jha, S., Lu, Y., and Veith, H. 2000. Counterexample-guided abstraction refinement. In Proceedings of the Conference on Computer-Aided Verification. 154--169. Google Scholar
Digital Library
- Cousot, P. 2003. Verification by abstract interpretation. In Verification: Theory and Practice. 243--268.Google Scholar
- Cousot, P. and Cousot, R. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximation of fixed points. In Proceedings of the Conference on Principles of Programming Languages. 238--252. Google Scholar
Digital Library
- Cousot, P. and Cousot, R. 1979. Systematic design of program analysis frameworks. In Proceedings of the Conference on Principles of Programming Languages. 269--282. Google Scholar
Digital Library
- Das, S., Dill, D., and Park, S. 1999. Experience with predicate abstraction. In Proceedings of the Conference on Computer-Aided Verification. 160--171. Google Scholar
Digital Library
- Distefano, D., O'Hearn, P., and Yang, H. 2006. A local shape analysis based on separation logic. In Proceedings of the Conference on Tools and Algorithms for the Construction and Analysis of Systems. 287--302. Google Scholar
Digital Library
- Dong, G. and Su, J. 1995. Incremental and decremental evaluation of transitive closure by first-order queries. Inform. Comput. 120, 101--106. Google Scholar
Digital Library
- Dong, G. and Su, J. 2000. Incremental maintenance of recursive views using relational calculus/SQL. SIGMOD Rec. 29, 1, 44--51. Google Scholar
Digital Library
- Dor, N., Rodeh, M., and Sagiv, M. 2000. Checking cleanness in linked lists. In Proceedings of the Static Analysis Symposium. 115--134. Google Scholar
Digital Library
- Goldstine, H. 1977. A History of Numerical Analysis. Springer.Google Scholar
- Gopan, D., DiMaio, F., Dor, N., Reps, T., and Sagiv, M. 2004. Numeric domains with summarized dimensions. In Proceedings of the Conference on Tools and Algorithms for the Construction and Analysis of Systems. 512--529.Google Scholar
- Gopan, D., Reps, T., and Sagiv, M. 2005. A framework for numeric analysis of array operations. In Proceedings of the Conference on Principles of Programming Languages. 338--350. Google Scholar
Digital Library
- Graf, S. and Saïdi, H. 1997. Construction of abstract state graphs with PVS. In Proceedings of the Conference on Computer-Aided Verification. 72--83. Google Scholar
Digital Library
- Gupta, A. and Mumick, I., Eds. 1999. Materialized Views: Techniques, Implementations, and Applications. MIT Press, Cambridge, MA. Google Scholar
Digital Library
- Henzinger, T., Jhala, R., Majumdar, R., and Sutre, G. 2002. Lazy abstraction. In Proceedings of the Conference on Principles of Programming Languages. 58--70. Google Scholar
Digital Library
- Hesse, W. 2003. Dynamic computational complexity. Ph.D. thesis, Department of Computer Science, University of Massachusetts, Amherst, MA. Google Scholar
Digital Library
- Immerman, N., Rabinovich, A., Reps, T., Sagiv, M., and Yorsh, G. 2004. Verification via structure simulation. In Proceedings of the Conference on Computer-Aided Verification. 281--294.Google Scholar
- Ishtiaq, S. and O'Hearn, P. 2001. BI as an assertion language for mutable data structures. In Proceedings of the Conference on Principles of Programming Languages. 14--26. Google Scholar
Digital Library
- Jackson, D. 2006. Software Abstractions: Logic, Language, and Analysis. MIT Press, Cambridge, MA. Google Scholar
Digital Library
- Jeannet, B., Loginov, A., Reps, T., and Sagiv, M. 2004. A relational approach to interprocedural shape analysis. In Proceedings of the Static Analysis Symposium. 246--264.Google Scholar
- Jeannet, B., Loginov, A., Reps, T., and Sagiv, M. 2010. A relational approach to interprocedural shape analysis. Trans. Program. Lang. Syst. 32, 2. Google Scholar
Digital Library
- Klarlund, N. and Schwartzbach, M. 1993. Graph types. In Proceedings of the Conference on Principles of Programming Languages. 196--205. Google Scholar
Digital Library
- Kurshan, R. 1994. Computer-Aided Verification of Coordinating Processes. Princeton University Press. Google Scholar
Digital Library
- Lahiri, S. and Qadeer, S. 2006. Verifying properties of well-founded linked lists. In Proceedings of the Conference on Principles of Programming Languages. 115--126. Google Scholar
Digital Library
- Lev-Ami, T., Reps, T., Sagiv, M., and Wilhelm, R. 2000. Putting static analysis to work for verification: A case study. In Proceedings of the International Symposium on Software Testing and Analysis. 26--38. Google Scholar
Digital Library
- Lev-Ami, T. and Sagiv, M. 2000. TVLA: A system for implementing static analyses. In Proceedings of the Static Analysis Symposium. 280--301. Google Scholar
Digital Library
- Lim, J. and Reps, T. 2008. A system for generating static analyzers for machine instructions. In Proceedings of the Conference on Compiler Construction. 36--52. Google Scholar
Digital Library
- Liu, Y., Stoller, S., and Teitelbaum, T. 1996. Discovering auxiliary information for incremental computation. In Proceedings of the Conference on Principles of Programming Languages. 157--170. Google Scholar
Digital Library
- Liu, Y. and Teitelbaum, T. 1995. Systematic derivation of incremental programs. Sci. Comput. Program. 24, 2, 1--39. Google Scholar
Digital Library
- Loginov, A. 2006. Refinement-based program verification via three-valued-logic analysis. Ph.D. thesis, Tech. rep. 1574. Computer Science Department, University of Wisconsin, Madison, WI. Google Scholar
Digital Library
- Loginov, A., Reps, T., and Sagiv, M. 2005. Abstraction refinement via inductive learning. In Proceedings of the Conference on Computer-Aided Verification. 519--533. Google Scholar
Digital Library
- Loginov, A., Reps, T., and Sagiv, M. 2006. Automated verification of the Deutsch-Schorr-Waite tree-traversal algorithm. In Proceedings of the Static Analysis Symposium. 261--279. Google Scholar
Digital Library
- Loginov, A., Reps, T., and Sagiv, M. 2007. Refinement-based verification for possibly-cyclic lists. In Program Analysis and Compilation, Theory and Practice: Essays Dedicated to Reinhard Wilhelm. 247--272. Google Scholar
Digital Library
- Malmkjær, K. 1993. Abstract interpretation of partial-evaluation algorithms. Ph.D. thesis, Department of Computer and Information Science, Kansas State University, Manhattan, KS.Google Scholar
- Manevich, R., Yahav, E., Ramalingam, G., and Sagiv, M. 2005. Predicate abstraction and canonical abstraction for singly-linked lists. In Proceedings of the Conference on Verification, Model Checking, and Abstract Interpretation. 181--198. Google Scholar
Digital Library
- McMillan, K. 1999. Verification of infinite state systems by compositional model checking. In Proceedings of the Conference on Correct Hardware Design and Verification Methods (CHARME'99). 219--234. Google Scholar
Digital Library
- Michie, D. 1968. Memo functions and machine learning. Nature 218, 19--22.Google Scholar
Cross Ref
- Møller, A. and Schwartzbach, M. 2001. The pointer assertion logic engine. In Proceedings of the Conference on Programming Language Design and Implementation. 221--231. Google Scholar
Digital Library
- Mycroft, A. and Jones, N. 1985. A relational framework for abstract interpretation. In Programs as Data Objects. 156--171. Google Scholar
Digital Library
- Mycroft, A. and Jones, N. 1986. Data flow analysis of applicative programs using minimal function graphs. In Proceedings of the Conference on Principles of Programming Languages. 296--306. Google Scholar
Digital Library
- Nelson, G. 1983. Verifying reachability invariants of linked structures. In Proceedings of the Conference on Principles of Programming Languages. 38--47. Google Scholar
Digital Library
- Nielson, F. 1989. Two-level semantics and abstract interpretation. Theor. Comput. Sci. 69, 2, 117--242. Google Scholar
Digital Library
- Paige, R. and Koenig, S. 1982. Finite differencing of computable expressions. Trans. Program. Lang. Syst. 4, 3, 402--454. Google Scholar
Digital Library
- Patnaik, S. and Immerman, N. 1997. Dyn-FO: A parallel, dynamic complexity class. J. Comput. Syst. Sci. 55, 2, 199--209. Google Scholar
Digital Library
- Reps, T., Loginov, A., and Sagiv, M. 2002. Semantic minimization of 3-valued propositional formulae. In Proceedings of the Conference on Logic in Computer Science. 40--54. Google Scholar
Digital Library
- Reps, T., Sagiv, M., and Loginov, A. 2003. Finite differencing of logical formulas for static analysis. In Proceedings of the European Symposium on Programming. 380--398. Google Scholar
Digital Library
- Reps, T., Sagiv, M., and Wilhelm, R. 2004a. Static program analysis via 3-valued logic. In Proceedings of the Conference on Computer-Aided Verification. 15--30.Google Scholar
- Reps, T., Sagiv, M., and Yorsh, G. 2004b. Symbolic implementation of the best transformer. In Proceedings of the Conference on Verification, Model Checking, and Abstract Interpretation. 252--266.Google Scholar
- Reynolds, J. 2002. Separation logic: A logic for shared mutable data structures. In Proceedings of the Conference on Logic in Computer Science. 55--74. Google Scholar
Digital Library
- Rinetzky, N., Bauer, J., Reps, T., Sagiv, M., and Wilhelm, R. 2005. A semantics for procedure local heaps and its abstractions. In Proceedings of the Conference on Principles of Programming Languages. 296--309. Google Scholar
Digital Library
- Rinetzky, N. and Sagiv, M. 2001. Interprocedural shape analysis for recursive programs. In Proceedings of the Conference on Compiler Construction. 133--149. Google Scholar
Digital Library
- Sagiv, M., Reps, T., and Wilhelm, R. 2002. Parametric shape analysis via 3-valued logic. Trans. Program. Lang. Syst. 24, 3, 217--298. Google Scholar
Digital Library
- Scherpelz, E., Lerner, S., and Chambers, C. 2007. Automatic inference of optimizer flow functions from semantic meanings. In Proceedings of the Conference on Programming Language Design and Implementation. 135--145. Google Scholar
Digital Library
- Sharir, M. 1982. Some observations concerning formal differentiation of set theoretic expressions. Trans. Program. Lang. Syst. 4, 2, 196--225. Google Scholar
Digital Library
- TVLA. TVLA system. www.cs.tau.ac.il/~tvla/.Google Scholar
- van Fraassen, B. 1966. Singular terms, truth-value gaps, and free logic. J. Phil. 63, 17, 481--495.Google Scholar
Cross Ref
- Yorsh, G., Reps, T., and Sagiv, M. 2004. Symbolically computing most-precise abstract operations for shape analysis. In Proceedings of the Conference on Tools and Algorithms for the Construction and Analysis of Systems. 530--545.Google Scholar
- Yorsh, G., Reps, T., Sagiv, M., and Wilhelm, R. 2007. Logical characterizations of heap abstractions. Trans. Comput. Logic 8, 1. Google Scholar
Digital Library
Index Terms
Finite differencing of logical formulas for static analysis
Recommendations
A relational approach to interprocedural shape analysis
This article addresses the verification of properties of imperative programs with recursive procedure calls, heap-allocated storage, and destructive updating of pointer-valued fields, that is, interprocedural shape analysis. The article makes three ...
Parametric shape analysis via 3-valued logic
Shape analysis concerns the problem of determining "shape invariants" for programs that perform destructive updating on dynamically allocated storage. This article presents a parametric framework for shape analysis that can be instantiated in different ...
Selective X-Sensitive Analysis Guided by Impact Pre-Analysis
We present a method for selectively applying context-sensitivity during interprocedural program analysis. Our method applies context-sensitivity only when and where doing so is likely to improve the precision that matters for resolving given queries. ...






Comments