Abstract
We address the problem of automatic synthesis of assertions on sequential programs with singly-linked lists containing data over infinite domains such as integers or reals. Our approach is based on an accurate abstract inter-procedural analysis. Program configurations are represented by graphs where nodes represent list segments without sharing. The data in these list segments are characterized by constraints in abstract domains. We consider a domain where constraints are in a universally quantified fragment of the first-order logic over sequences, as well as a domain constraining the multisets of data in sequences.
Our analysis computes the effect of each procedure in a local manner, by considering only the reachable part of the heap from its actual parameters. In order to avoid losses of information, we introduce a mechanism based on unfolding/folding operations allowing to strengthen the analysis in the domain of first-order formulas by the analysis in the multisets domain.
The same mechanism is used for strengthening the sound (but incomplete) entailment operator of the domain of first-order formulas. We have implemented our techniques in a prototype tool and we have shown that our approach is powerful enough for automatic (1) generation of non-trivial procedure summaries, (2) pre/post-condition reasoning, and (3) procedure equivalence checking.
- D. Beyer, T.A. Henzinger, R. Majumdar, and A. Rybalchenko. Invariant synthesis for combined theories. In VMCAI, volume 4349 of LNCS, pages 378--394. Springer, 2007. Google Scholar
Digital Library
- A. Bouajjani, C. Drăgoi, C. Enea, A. Rezine, and M. Sighireanu. Invariant synthesis for programs manipulating lists with unbounded data. In CAV, volume 6174 of LNCS, pages 72--88. Springer, 2010. Google Scholar
- C. Calcagno, D. Distefano, P.W. O'Hearn, and H. Yang. Compositional shape analysis by means of bi-abduction. In POPL, pages 289--300. ACM, 2009. Google Scholar
Digital Library
- CEA. Frama-C Platform. htp://frama-c.com.Google Scholar
- Celia plugin. http://www.liafa.jussieu.fr/celia.Google Scholar
- B.-Y.E. Chang and X. Rival. Relational inductive shape analysis. In POPL, pages 247--260. ACM, 2008. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, pages 238--252. ACM, 1977. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Static determination of dynamic properties of recursive procedures. In IFIP Conf. on Formal Description of Programming Concepts, pages 237--277. North-Holland Publishing Company, 1977.Google Scholar
- P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In POPL, pages 269--282. ACM, 1979. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation frameworks. Journal of Logic and Computation, 2(4):511--547, 1992.Google Scholar
Cross Ref
- A. Deutsch. On determining lifetime and aliasing of dynamically allocated data in higher-order functional specifications. In POPL, pages 157--168. ACM, 1990. Google Scholar
Digital Library
- S. Gulwani, T. Lev-Ami, and S. Sagiv. A combination framework for tracking partition sizes. In POPL, pages 239--251. ACM, 2009. Google Scholar
Digital Library
- S. Gulwani, B. McCloskey, and A. Tiwari. Lifting abstract interpreters to quantified logical domains. In POPL, pages 235--246. ACM, 2008. Google Scholar
Digital Library
- A. Gupta, R. Majumdar, and A. Rybalchenko. From tests to proofs. In TACAS, volume 5505 of LNCS, pages 262--276. Springer, 2009. Google Scholar
- N. Halbwachs and M. Péron. Discovering properties about arrays in simple programs. In PLDI, pages 339--348. ACM, 2008. Google Scholar
Digital Library
- B. Jeannet. Fixpoint. http://gforge.inria.fr/.Google Scholar
- B. Jeannet and A. Miné. Apron: A library of numerical abstract domains for static analysis. In CAV, volume 5643 of LNCS, pages 661--667. Springer, 2009. Google Scholar
- R. Jhala and K.L. McMillan. Array abstractions from proofs. In CAV, volume 4590 of LNCS, pages 193--206. Springer, 2007. Google Scholar
Digital Library
- R. Manevich, E. Yahav, G. Ramalingam, and S. Sagiv. Predicate abstraction and canonical abstraction for singly-linked lists. In VMCAI, volume 3385 of LNCS, pages 181--198. Springer, 2005. Google Scholar
- B. McCloskey, T.W. Reps, and S. Sagiv. Statically inferring complex heap, array, and numeric invariants. In SAS, volume 6337 of LNCS, pages 71--99. Springer, 2010. Google Scholar
Digital Library
- V. Perrelle and N. Halbwachs. An analysis of permutations in arrays. In VMCAI, volume 5944 of LNCS, pages 279--294, 2010. Google Scholar
Digital Library
- J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In LICS, pages 55--74. IEEE Computer Society, 2002. Google Scholar
Digital Library
- N. Rinetzky, J. Bauer, T.W. Reps, S. Sagiv, and R. Wilhelm. A semantics for procedure local heaps and its abstractions. In POPL, pages 296--309. ACM, 2005. Google Scholar
Digital Library
- N. Rinetzky, S. Sagiv, and E. Yahav. Interprocedural shape analysis for cutpoint-free programs. In SAS, volume 3672 of LNCS, pages 284--302. Springer, 2005. Google Scholar
- X. Rival and B.-Y.E. Chang. Calling context abstraction with shapes. In POPL, pages 173--186. ACM, 2011. Google Scholar
Digital Library
- X. Rival and L. Mauborgne. The trace partitioning abstract domain. ACM Transactions on Programming Languages and Systems, 29, 2007. Google Scholar
Digital Library
- S. Sagiv, T.W. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. ACM Transactions on Programming Languages and Systems, 24(3):217--298, 2002. Google Scholar
Digital Library
- M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In Program Flow Analysis: Theory and Applications, pages 189--234. New York University, 1981.Google Scholar
- V. Vafeiadis. Shape-value abstraction for verifying linearizability. In VMCAI, volume 5403 of LNCS, pages 335--348. Springer, 2009. Google Scholar
Index Terms
On inter-procedural analysis of programs with lists and data
Recommendations
On inter-procedural analysis of programs with lists and data
PLDI '11: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and ImplementationWe address the problem of automatic synthesis of assertions on sequential programs with singly-linked lists containing data over infinite domains such as integers or reals. Our approach is based on an accurate abstract inter-procedural analysis. Program ...
Interprocedural pointer alias analysis
We present practical approximation methods for computing and representing interprocedural aliases for a program written in a language that includes pointers, reference parameters, and recursion. We present the following contributions: (1) a framework ...
Precise and efficient integration of interprocedural alias information into data-flow analysis
Data-flow analysis is a basis for program optimization and parallelizing transformations. The mechanism of passing reference parameters at call sites generates interprocedural aliases which complicate this analysis. Solutions have been developed for ...







Comments