skip to main content
research-article

Semantic-directed clumping of disjunctive abstract states

Published:01 January 2017Publication History
Skip Abstract Section

Abstract

To infer complex structural invariants, shape analyses rely on expressive families of logical properties. Many such analyses manipulate abstract memory states that consist of separating conjunctions of basic predicates describing atomic blocks or summaries. Moreover, they use finite disjunctions of abstract memory states in order to account for dissimilar shapes. Disjunctions should be kept small for the sake of scalability, though precision often requires to keep additional case splits. In this context, deciding when and how to merge case splits and to replace them with summaries is critical both for the precision and for the efficiency. Existing techniques use sets of syntactic rules, which are tedious to design and prone to failure. In this paper, we design a semantic criterion to clump abstract states based on their silhouette which applies not only to the conservative union of disjuncts, but also to the weakening of separating conjunction of memory predicates into inductive summaries. Our approach allows to define union and widening operators that aim at preserving the case splits that are required for the analysis to succeed. We implement this approach in the MemCAD analyzer, and evaluate it on real-world C codes from existing libraries, including programs dealing with doubly linked lists, red-black trees and AVL-trees.

References

  1. A. Appel. Modern Compiler Implementation in C. Cambridge University Press, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. G. Arnold. Specialized 3-valued logic shape analysis using structurebased refinement and loose embedding. In SAS, pages 204–220. Springer, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. R. Bagnara, P. M. Hill, and E. Zaffanella. Widening operators for powerset domains. In VMCAI, pages 135–148. Springer, 2004.Google ScholarGoogle Scholar
  4. J. Berdine, C. Calcagno, and P. O’Hearn. Symbolic execution with separation logic. In APLAS, pages 52–68. Springer, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. J. Berdine, C. Calcagno, B. Cook, D. Distefano, P. O’Hearn, T. Wies, and H. Yang. Shape analysis for composite data structures. In CAV, pages 178–192. Springer, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. In PLDI, pages 196–207, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. A. Bouajjani, C. Drăgoi, C. Enea, and M. Sighireanu. Abstract domains for automated reasoning about list-manipulating programs with infinite data. In VMCAI, pages 1–22. Springer, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. B.-Y. E. Chang and X. Rival. Relational inductive shape analysis. In POPL, pages 247–260. ACM, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. B.-Y. E. Chang, X. Rival, and G. Necula. Shape analysis with structural invariant checkers. In SAS, pages 384–401. Springer, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, pages 238–252, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In POPL, pages 269–282, 1979. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. P. Cousot and R. Cousot. Abstract interpretation and application to logic programs. Journal of Logic Programming, 13(2&3):103–179, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. P. Cousot, R. Cousot, and F. Logozzo. A parametric segmentation functor for fully automatic and scalable array content analysis. In POPL, pages 105–118, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. A. Cox, B.-Y. E. Chang, and X. Rival. Automatic analysis of open objects in dynamic language programs. In SAS, pages 134–150, 2014.Google ScholarGoogle ScholarCross RefCross Ref
  15. I. Dillig, T. Dillig, and A. Aiken. Symbolic heap abstraction with demand-driven axiomatization of memory invariants. In OOPSLA, pages 397–410. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. I. Dillig, T. Dillig, and A. Aiken. Precise reasoning for programs using containers. In POPL, pages 187–200, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. D. Distefano, P. O’Hearn, and H. Yang. A local shape analysis based on separation logic. In TACAS, pages 287–302. Springer, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. K. Dudka, P. Peringer, and T. Vojnar. Predator: A practical tool for checking manipulation of dynamic data structures using separation logic. In CAV, pages 372–378. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. R. Giacobazzi and F. Ranzato. Optimal domains for disjunctive abstract interpretation. Science of Computer Programming, 32(1):177–210, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. S. Gulwani, B. McCloskey, and A. Tiwari. Lifting abstract interpreters to quantified logical domains. In POPL, pages 235–246. ACM, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. N. Halbwachs and M. Péron. Discovering properties about arrays in simple programs. In PLDI, pages 339–348, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. M. Handjieva and S. Tzolovski. Refining static analyses by trace-based partitioning using control flow. In SAS, pages 200–214. Springer, 1998.Google ScholarGoogle Scholar
  23. B. Jeannet, N. Halbwachs, and P. Raymond. Dynamic partitioning in analyses of numerical properties. In SAS, pages 39–50. Springer, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. M. Kawaguchi, P. Rondon, and R. Jhala. Type-based data structure verification. In PLDI, pages 304–315. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. T. Lev-Ami and S. Sagiv. TVLA: A system for implementing static analyses. In SAS, pages 280–301. Springer, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. P. Liang, O. Tripp, and M. Naik. Learning minimal abstractions. In POPL, pages 31–42. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. R. Manevich, M. Sagiv, G. Ramalingam, and J. Field. Partially disjunctive heap abstraction. In SAS, pages 265–279. Springer, 2004.Google ScholarGoogle Scholar
  28. H. Oh, W. Lee, K. Heo, H. Yang, and K. Yi. Selective context-sensitivity guided by impact pre-analysis. In PLDI, pages 475–484. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. H. Oh, H. Yang, and K. Yi. Learning a strategy for adapting a program analysis via bayesian optimisation. In OOPSLA, pages 572–588. ACM, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. T. Pham, M. Trinh, A. Truong, and W. Chin. Fixbag: A fixpoint calculator for quantified bag constraints. In CAV, pages 656–662. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. C. Popeea and W.-N. Chin. Inferring disjunctive postconditions. In ASIAN, pages 331–345. Springer, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. J. Reynolds. Separation logic: A logic for shared mutable data structures. In LICS, pages 55–74. IEEE, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. X. Rival and L. Mauborgne. The trace partitioning abstract domain. TOPLAS, 29(5), 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. P. M. Rondon, M. Kawaguchi, and R. Jhala. Low-level liquid types. In POPL, pages 131–144. ACM, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. TOPLAS, 24(3):217–298, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. P. Sotin and X. Rival. Hierarchical shape abstraction of dynamic structures in static blocks. In APLAS, pages 131–147, 2012.Google ScholarGoogle ScholarCross RefCross Ref
  37. J. Walker. AVL balanced tree library, 2003. http://www. eternallyconfuzzled.com/libs/jsw_avltree.zip.Google ScholarGoogle Scholar
  38. H. Yang, O. Lee, J. Berdine, C. Calcagno, B. Cook, D. Distefano, and P. W. O’Hearn. Scalable shape analysis for systems code. In CAV, pages 385–398. Springer, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Semantic-directed clumping of disjunctive abstract states

                Recommendations

                Comments

                Login options

                Check if you have access through your login credentials or your institution to get full access on this article.

                Sign in

                Full Access

                PDF Format

                View or Download as a PDF file.

                PDF

                eReader

                View online with eReader.

                eReader
                About Cookies On This Site

                We use cookies to ensure that we give you the best experience on our website.

                Learn more

                Got it!