A Relational Approach to Interprocedural Shape Analysis

DOI: 10.1007/978-3-540-27864-1_19

ABSTRACT This paper addresses the verification of properties of imperative programs with recursive procedure calls, heap-allocated
storage, and destructive updating of pointer-valued fields – i.e., interprocedural shape analysis. It presents a way to harness some previously known approaches to interprocedural dataflow analysis – which in past work
have been applied only to much less rich settings – for interprocedural shape analysis.

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Abstract interpretation provides an elegant formalism for performing program analysis. Unfortunately, designing and implementing a sound, precise, scalable, and extensible abstract interpreter is difficult. In this paper, we describe an approach to creating correct-by-construction abstract interpreters that also attain the fundamental limits on precision that abstract-interpretation theory establishes. Our approach requires the analysis designer to implement only a small number of operations. In particular, we describe a systematic method for implementing an abstract interpreter that solves the following problem:
    Electronic Notes in Theoretical Computer Science 02/2015; 311. DOI:10.1016/j.entcs.2015.02.003
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We present a proof system for reasoning about data structures. The specification language models memory explicitly as an array, and models pointers and data elements uniformly as integers, used here as an abstraction of a machine word. There are three distinguishing features: the use of recursive definitions, the use of set variables representing explicit footprints in order to implement the concept of separation, and finally, the language can express the strongest postcondition of a loop-free program. This provides a basis for im-plementing a Floyd-Hoare-style program verifier which generates verification conditions for an external theorem prover. We then present a prover in the form of inference rules that are systematically applied. We argue that a large class of verification conditions can thus be automatically proven. The prover comprises two main parts in order to reason about the interplay between re-cursive definitions, arrays, sets and integers. In the first, recursive definitions are disposed by means of an unfolding process termi-nated by a concept of induction. Second, the remaining nonrecur-sive formulas are reduced into purely integer formulas, which we can finally dispense with using a standard system.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we present a new heap abstraction that seeks to strike a balance be-tween the use of non-local (transitive) properties to gain precision and exploiting heap-locality. The abstraction represents the heap as an (evolving) tree of heap-components, with only a single heap-component being accessible at any time. The representation is tailored to yield several benefits: (a) It localizes the effect of heap mutation, enabling more efficient processing of heap mutations; (b) The represen-tation is more space-efficient as it permits heap-components with isomorphic con-tents to use a shared representation; (c) It enables a more precise identification of the "input heap" to a procedure, increasing the reuse of summaries in a tabulation-based interprocedural analysis, making it more efficient. Furthermore, based on our new abstraction, an analysis can compute parameterized summaries which can be re-used for analyzing clients of instantiations of the generic data-structures.

Full-text (4 Sources)

Available from
May 31, 2014