skip to main content
research-article
Free Access

Bottom-up shape analysis using LISF

Published:23 November 2011Publication History
Skip Abstract Section

Abstract

In this article, we present a new shape analysis algorithm. The key distinguishing aspect of our algorithm is that it is completely compositional, bottom-up and noniterative. We present our algorithm as an inference system for computing Hoare triples summarizing heap manipulating programs. Our inference rules are compositional: Hoare triples for a compound statement are computed from the Hoare triples of its component statements. These inference rules are used as the basis for bottom-up shape analysis of programs.

Specifically, we present a Logic of Iterated Separation Formulae (LISF), which uses the iterated separating conjunct of Reynolds [2002] to represent program states. A key ingredient of our inference rules is a strong bi-abduction operation between two logical formulas. We describe sound strong bi-abduction and satisfiability procedures for LISF.

We have built a tool called SpInE that implements these inference rules and have evaluated it on standard shape analysis benchmark programs. Our experiments show that SpInE can generate expressive summaries, which are complete functional specifications in many cases.

References

  1. Abdulla, P., Bouajjani, A., Cederberg, J., Haziza, F., and Rezine, A. 2008. Monotonic abstraction for programs with dynamic memory heaps. In Proceedings of the International Conference on Computer Aided Verification (CAV). 341--354. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Abdulla, P. A., Jonsson, B., Nilsson, M., and Saksena, M. 2004. A survey of regular model checking. In Proceedings of the International Conference on Concurrency Theory (CONCUR). Springer, 35--48.Google ScholarGoogle Scholar
  3. Bardin, S., Finkel, A., Leroux, J., and Schnoebelen, Ph. 2005. Flat acceleration in symbolic model checking. In Proceedings of the International Symposium on Automated Technology for Verification and Analysis (ATVA). 474--488. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Berdine, J., Calcagno, C., Cook, B., Distefano, D., O'Hearn, P. W., Wies, T., and Yang, H. 2007. Shape analysis for composite data structures. In Proceedings of the International Conference on Computer Aided Verification (CAV). 178--192. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Biering, B., Birkedal, L., and Torp-Smith, N. 2005. Bi-hyperdoctrines and higher-order separation logic. In Proceedings of the European Symposium on Programming Languages and Systems (ESOP). 233--247. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Boigelot, B., Legay, A., and Wolper, P. 2003. Iterating transducers in the large. In Proceedings of the International Conference on Computer Aided Verification (CAV). Springer, 223--235.Google ScholarGoogle Scholar
  7. Bouajjani, A., Habermehl, P., Moro, P., and Vojnar, T. 2005. Verifying programs with dynamic 1-selector-linked structures in regular model checking. In Proceedings of the Tools and Algorithms for the Construction and Analysis of Systems (TACAS). Springer, 13--29. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Bouajjani, A., Habermehl, P., and Rogalewicz, A. 2006. Abstract regular tree model checking of complex dynamic data struct ures. In Proceedings of the International Symposium on Static Analysis (SAS). Springer, 52--70. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Bouajjani, A., Habermehl, P., and Tomas, V. 2004. Abstract regular model checking. In Proceedings of the International Conference on Computer Aided Verification (CAV). Springer, 372--386.Google ScholarGoogle Scholar
  10. Calcagno, C., Distefano, D., O'Hearn, P., and Yang, H. 2009. Compositional shape analysis by means of bi-abduction. In Proceedings of the Annual Symposium on Principles of Programming Languages (POPL). Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Calcagno, C., Distefano, D., O'Hearn, P. W., and Yang, H. 2007. Footprint analysis: A shape analysis that discovers preconditions. In Proceedings of the International Symposium on Static Analysis (SAS). 402--418. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Cousot, P. 1990. Methods and logics for proving programs. In Formal Models and Semantics, J. van Leeuwen, Ed., Handbook of Theoretical Computer Science, vol. B. Elsevier Science Publishers B.V., Chapter 15, 843--993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Distefano, D., O'Hearn, P. W., and Yang, H. 2006. A local shape analysis based on separation logic. In Proceedings of the Tools and Algorithms for the Construction and Analysis of Systems (TACAS). 287--302. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Gulavani, B. S., Chakraborty, S., Ramalingam, G., and Nori, A. V. 2009. Bottom-up shape analysis using lisf. Tech. rep. TR-09-31, CFDVS, IIT Bombay. www.cfdvs.iitb.ac.in/~bhargav/spine.html.Google ScholarGoogle Scholar
  15. Guo, B., Vachharajani, N., and August, D. I. 2007. Shape analysis with inductive recursion synthesis. In Proceedings of the Conference on Programming Languages Design and Implementation (PLDI). 256--265. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Jeannet, B., Loginov, A., Reps, T. W., and Sagiv, S. 2004. A relational approach to interprocedural shape analysis. In Proceedings of the International Symposium on Static Analysis (SAS). 246--264.Google ScholarGoogle Scholar
  17. Lev-Ami, T., Sagiv, M., Reps, T., and Gulwani, S. 2007. Backward analysis for inferring quantified preconditions. Tech. rep. TR-2007-12-01, Tel-Aviv University.Google ScholarGoogle Scholar
  18. Møller, A. and Schwartzbach, M. I. 2001. The pointer assertion logic engine. In Proceedings of the Conference on Programming Languages Design and Implementation (PLDI). (Also in SIGPLAN Notices 36, 5). Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. O'Hearn, P. W., Reynolds, J. C., and Yang, H. 2001. Local reasoning about programs that alter data structures. In Proceedings of the Symposium on Computer Science Logic (CSL). Lecture Notes in Computer Science, vol. 2142, Springer 1--19. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Podelski, A., Rybalchenko, A., and Wies, T. 2008. Heap assumptions on demand. In Proceedings of the International Conference on Computer Aided Verification (CAV). 314--327. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Reynolds, J. C. 2002. Separation logic: A logic for shared mutable data structures. In Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science (LICS). 55--74. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Rinetzky, N., Bauer, J., Reps, T. W., Sagiv, S., and Wilhelm, R. 2005a. A semantics for procedure local heaps and its abstractions. In Proceedings of the Symposium on Principles of Programming Languages (POPL). 296--309. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Rinetzky, N., Sagiv, M., and Yahav, E. 2005b. Interprocedural shape analysis for cutpoint-free programs. In Proceedings of the International Symposium on Static Analysis (SAS). 284--302. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Rinetzky, N. and Sagiv, S. 2001. Interprocedural shape analysis for recursive programs. In Proceedings of the Conference on Computer Construction (CC). Lecture Notes in Computer Science, vol. 2027. Springer, 133--149. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Sagiv, M., Reps, T., and Wilhelm, R. 1999. Parametric shape analysis via 3-valued logic. Trans. Prog. Lang. Syst. 24, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Touili, T. 2001. Regular model checking using widening techniques. In Proceedings of the Conference on Verification of Parameterized Systems (VEPAS'01). 342--356.Google ScholarGoogle ScholarCross RefCross Ref
  27. Yorsh, G., Rabinovich, A. M., Sagiv, M., Meyer, A., and Bouajjani, A. 2006. A logic of reachable patterns in linked data-structures. In Proceedings of the Foundations of Software Science and Computation Structures (FoSSaCS). 94--110. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Bottom-up shape analysis using LISF

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            • Published in

              cover image ACM Transactions on Programming Languages and Systems
              ACM Transactions on Programming Languages and Systems  Volume 33, Issue 5
              November 2011
              115 pages
              ISSN:0164-0925
              EISSN:1558-4593
              DOI:10.1145/2039346
              Issue’s Table of Contents

              Copyright © 2011 ACM

              Publisher

              Association for Computing Machinery

              New York, NY, United States

              Publication History

              • Published: 23 November 2011
              • Accepted: 1 July 2011
              • Revised: 1 July 2010
              • Received: 1 December 2009
              Published in toplas Volume 33, Issue 5

              Permissions

              Request permissions about this article.

              Request Permissions

              Check for updates

              Qualifiers

              • research-article
              • Research
              • Refereed

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!