Abstract
Reachability from a program variable v to a program variable w states that from v, it is possible to follow a path of memory locations that leads to the object bound to w. We present a new abstract domain for the static analysis of possible reachability between program variables or, equivalently, definite unreachability between them. This information is important for improving the precision of other static analyses, such as side-effects, field initialization, cyclicity and path-length analysis, as well as more complex analyses built upon them, such as nullness and termination analysis. We define and prove correct our reachability analysis for Java bytecode, defined as a constraint-based analysis, where the constraint is a graph whose nodes are the program points and whose arcs propagate reachability information in accordance to the abstract semantics of each bytecode instruction. For each program point p, our reachability analysis produces an overapproximation of the ordered pairs of variables 〈v, w〉 such that v might reach w at p. Seen the other way around, if a pair 〈v, w〉 is not present in the overapproximation at p, then v definitely does not reach w at p. We have implemented the analysis inside the Julia static analyzer. Our experiments of analysis of nontrivial Java and Android programs show the improvement of precision due to the presence of reachability information. Moreover, reachability analysis actually reduces the overall cost of nullness and termination analysis.
- Albert, E., Arenas, P., Genaim, S., Puebla, G., and Zanardini, D. 2007. Cost analysis of Java bytecode. In Proceedings of the 16th European Symposium on Programming (ESOP). Lecture Notes in Computer Science, vol. 4421, Springer, Berlin, 157--172. Google Scholar
Digital Library
- Balaban, I., Pnueli, A., and Zuck, L. D. 2005. Shape analysis by predicate abstraction. In Proceedings of the 6th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI). Lecture Notes in Computer Science, vol. 3385, Springer, 164--180. Google Scholar
Digital Library
- Ball, T., Majumdar, R., Millstein, T., and Rajamani, S. K. 2001. Automatic predicate abstraction of C programs. In Proceedings of the 22nd Conference on Programming Language Design and Implementation (PLDI). Vol. 36, ACM, New York, 203--213. Google Scholar
Digital Library
- Ball, T., Millstein, T., and Rajamani, S. K. 2005. Polymorphic predicate abstraction. ACM Trans. Program. Lang. Syst. (TOPLAS) 27, 314--343. Google Scholar
Digital Library
- Berdine, J., Calcagno, C., Cook, B., Distefano, D., O'Hearn, P., Wies, T., and Yang, H. 2007. Shape analysis for composite data structures. In Proceedings of the 19th International Conference on Computer Aided Verification (CAV). Lecture Notes in Computer Science, vol. 4590, Springer, 178--192. Google Scholar
Digital Library
- Bryant, R. E. 1986. Graph-based algorithms for boolean function manipulation. IEEE Trans. Comput. 8, 35, 677--691. Google Scholar
Digital Library
- Calcagno, C., Distefano, D., O'Hearn, P., and Yang, H. 2009. Compositional shape analysis by means of bi-abduction. In Proceedings of the 36th Symposium on Principles of Programming Languages (POPL). ACM, New York, 289--300. Google Scholar
Digital Library
- Chatterjee, S., Lahiri, S., Qadeer, S., and Rakamaric, Z. 2009. A low-level memory model and an accompanying reachability predicate. Int. J. Softw. Tools Technol. Transfer 11, 2, 105--116. Google Scholar
Digital Library
- Corbett, J. C. 2000. Using shape analysis to reduce finite-state models of concurrent Java programs. ACM Trans. Softw. Eng. Methodo. 9, 1, 51--93. Google Scholar
Digital Library
- Cousot, P. and Cousot, R. 1977. Abstract Interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4th Symposium on Principles of Programming Languages (POPL). ACM, 238--252. Google Scholar
Digital Library
- Cousot, P. and Cousot, R. 1979. Systematic design of program analysis frameworks. In Proceedings of the 6th Symposium on Principles of Programming Languages (POPL). ACM, 269--282. Google Scholar
Digital Library
- Dams, D. and Namjoshi, K. S. 2003. Shape analysis through predicate abstraction and model checking. In Proceedings of the 4th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI). Springer, Berlin, 310--324. Google Scholar
Digital Library
- Distefano, D., O'Hearn, P., and Yang, H. 2006. A local shape analysis based on separation logic. In Proceedings of the 2nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS). Lecture Notes in Computer Science, vol. 3920, Springer, 287--302. Google Scholar
Digital Library
- Genaim, S. and Zanardini, D. 2010. The acyclicity inference of COSTA. In Proceedings of the International Workshop on Termination (WST). Edinburgh.Google Scholar
- Genaim, S. and Zanardini, D. 2012. Reachability-based acyclicity analysis by abstract interpretation. Theoretical Comput. Sci. 474, 25, 60--79. Google Scholar
Digital Library
- Hardekopf, B. C. 2009. Pointer analysis: Building a foundation for effective program analysis. Ph.D. thesis, University of Texas, Austin. Google Scholar
Digital Library
- Hind, M. 2001. Pointer analysis: Haven't we solved this problem yet? In Proceedings of the Workshop on Program Analysis for Software Tools and Engineering (PASTE). ACM, New York, 54--61. Google Scholar
Digital Library
- Jump, M. and McKinley, K. S. 2009. Dynamic shape analysis via degree metrics. In Proceedings of the 8th International Symposium on Memory Management (ISMM). H. Kolodner and G. L. J. Steele, Eds., ACM, 119--128. Google Scholar
Digital Library
- Lhoták, O. 2006. Program analysis using binary decision Diagrams. Ph.D. thesis, McGill University.Google Scholar
- Lhoták, O. and Chung, K.-C. A. 2011. Points-to analysis with efficient strong updates. In Proceedings of the 38th Symposium on Principles of Programming Languages (POPL). ACM, 3--16. Google Scholar
Digital Library
- Lhoták, O. and Hendren, L. 2003. Scaling Java points-to analysis using SPARK. In Proceedings of the 12th International Conference on Compiler Construction. Lecture Notes in Computer Science, vol. 2622. Springer, Berlin, 153--169. Google Scholar
Digital Library
- Lindholm, T. and Yellin, F. 1999. The Java#8482; Virtual Machine Specification 2nd Ed. Addison-Wesley. Google Scholar
Digital Library
- Marron, M., Hermenegildo, M. V., Kapur, D., and Stefanovic, D. 2008. Efficient context-sensitive shape analysis with graph based heap models. In Proceedings of the 17th International Conference on Compiler Construction (CC). L. J. Hendren, Ed., Lecture Notes in Computer Science, vol. 4959, Springer, 245--259. Google Scholar
Digital Library
- Nelson, G. 1983. Verifying reachability invariants of linked structures. In Proceedings of the 8th Symposium on Principles of Programming Languages (POPL). 38--47. Google Scholar
Digital Library
- Nikolić, Đ. 2013. A general framework for constraint-based static analyses of Java bytecode programs. Ph.D. thesis, University of Verona.Google Scholar
- Nikolić, Đ. and Spoto, F. 2012a. Automaton-based array initialization analysis. In Proceedings of the 6th International Conference on Language and Automata Theory and Applications (LATA'12). Lecture Notes in Computer Science, vol. 7183. Springer, Berlin, 420--432. Google Scholar
Digital Library
- Nikolić, Đ. and Spoto, F. 2012b. Definite expression aliasing analysis for Java bytecode. In Proceedings of the 9th International Colloquium on Theoretical Aspects of Computing (ICTAC'12). Lecture Notes in Computer Science, vol. 7521, Springer-Verlag, Berlin, 74--89. Google Scholar
Digital Library
- Nikolić, Đ. and Spoto, F. 2012c. Reachability analysis of program variables. In Proceedings of the 6th International Joint Conference on Automated Reasoning (IJCAR'12). Lecture Notes in Artificial Intelligence, vol. 7364, Springer-Verlag, Berlin, 423--438. Google Scholar
Digital Library
- Nikolić, Đ. and Spoto, F. 2013. Inferring complete initialization of arrays. Theor. Comput. Sci. 484, 16--40. Google Scholar
Digital Library
- Palsberg, J. and Schwartzbach, M. I. 1991. Object-oriented type inference. In Proceedings of the ACM Conference on Object-Oriented Programming: Systems, Languages & Applications (OOPSLA). ACM SIGPLAN Notices, vol. 26, 11, ACM, 146--161. Google Scholar
Digital Library
- Papi, M. M., Ali, M., Correa, T. L., Perkins, J. H., and Ernst, M. D. 2008. Practical pluggable types for Java. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA). ACM, 201--212. Google Scholar
Digital Library
- Payet, É. and Spoto, F. 2007. Magic-sets transformation for the analysis of Java bytecode. In Proceedings of the 14th International Static Analysis Symposium (SAS). Lecture Notes in Computer Science, vol. 4634, Springer, 452--467. Google Scholar
Digital Library
- Pheng, S. and Verbrugge, C. 2005. Dynamic shape and data structure analysis in Java. Tech. rep., School of Computer Science, McGill University.Google Scholar
- Rossignoli, S. and Spoto, F. 2006. Detecting non-cyclicity by abstract compilation into boolean functions. In Proceedings of the 7th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI). Lecture Notes in Computer Science, vol. 3855, Springer, 95--110. Google Scholar
Digital Library
- Rountev, A., Milanova, A., and Ryder, B. G. 2001. Points-to analysis for Java using annotated constraints. In Proceedings of the 16th ACM Conference on of Object-Oriented Programming: Systems, Languages & Applications (OOPSLA). ACM, 43--55. Google Scholar
Digital Library
- Sagiv, M., Reps, T., and Wilhelm, R. 1998. Solving shape-analysis problems in languages with destructive updating. ACM Trans. Program. Lang. Syst. 20, 1--50. Google Scholar
Digital Library
- Sagiv, M., Reps, T., and Wilhelm, R. 2002. Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24, 217--298. Google Scholar
Digital Library
- Salcianu, A. D. 2006. Pointer analysis for Java programs: Novel techniques and applications. Ph.D. thesis, MIT, Cambridge, MA. Google Scholar
Digital Library
- Secci, S. and Spoto, F. 2005. Pair-sharing analysis of object-oriented programs. In Proceedings of the 12th International Static Analysis Symposium (SAS). Lecture Notes in Computer Science, vol. 3672, Springer, 320--335. Google Scholar
Digital Library
- Smaragdakis, Y., Bravenboer, M., and Lhoták, O. 2011. Pick your contexts well: Understanding object-sensitivity. In Proceedings of the 38th Symposium on Principles of Programming Languages (POPL). ACM, 17--30. Google Scholar
Digital Library
- Spoto, F. 2008. Nullness analysis in boolean form. In Proceedings of the 6th IEEE International Conference on Software Engineering and Formal Methods. IEEE, Los Alamitos, CA, 21--30. Google Scholar
Digital Library
- Spoto, F. 2011. Precise null-pointer analysis. Softw. Syst. Model. 10, 2, 219--252. Google Scholar
Digital Library
- Spoto, F. and Ernst, M. D. 2011. Inference of field initialization. In Proceedings of the 33rd International Conference on Software Engineering (ICSE). ACM, 231--240. Google Scholar
Digital Library
- Spoto, F., Mesnard, F., and Payet, E. 2010. A termination analyzer for Java bytecode based on path-length. ACM Trans. Program. Lang. Syst. 32, 3, 1--70. Google Scholar
Digital Library
Index Terms
Reachability analysis of program variables
Recommendations
Precise null-pointer analysis
In Java, C or C++, attempts to dereference the null value result in an exception or a segmentation fault. Hence, it is important to identify those program points where this undesired behaviour might occur or prove the other program points (and possibly ...
Precise flow-insensitive may-alias analysis is NP-hard
Determining aliases is one of the foundamental static analysis problems, in part because the precision with which this problem is solved can affect the precision of other analyses such as live variables, available expressions, and constant propagation. ...
Field-sensitive unreachability and non-cyclicity analysis
Field-sensitive static analyses of object-oriented code use approximations of the computational states where fields are taken into account, for better precision. This article presents a novel and sound definite analysis of Java bytecode that ...






Comments