A Relational Approach to Interprocedural Shape Analysis

University of Wisconsin–Madison, Madison, Wisconsin, United States
DOI: 10.1007/978-3-540-27864-1_19 In book: Static Analysis, pp.23-26


This paper addresses the verification of properties of imperative programs with recursive procedure calls, heap-allocated storage, and destructive updating of pointer-valued fields—i.e.,interprocedural shape analysis. The paper makes three contributions: — It introduces a new method for abstracting relations over memory configurations for use in abstract interpretation. — It shows how this method furnishes the elements needed for a compositional approach to shape analysis. In particular, abstracted relations are used to represent the shape transformation performed by a sequence of operations, and an over-approximation to relational composition can be performed using the meet operation of the domain of abstracted relations. — It applies these ideas in a new algorithm for context-sensitive interprocedural shape analysis. The algorithm creates procedure summaries using abstracted relations over memory configurations, and the meet-based composition operation provides a way to apply the summary transformer for a procedure P at each call site from which P is called. The algorithm has been applied successfully to establish properties of both (i) recursive programs that manipulate lists, and (ii) recursive programs that manipulate binary trees.

Download full-text


Available from: Alexey Loginov
  • Source
    • "Alg. 2 adopts the ideas used in an anytime algorithm for symbolic abstraction [29, §3]. In interprocedural dataflow analysis, the idea of specializing the abstract value of an enter node has been used in a few earlier algorithms [24] [27] [15] [14]. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Abstract interpretation provides an elegant formalism for performing program analysis. Unfortunately, designing and implementing a sound, precise, scalable, and extensible abstract interpreter is difficult. In this paper, we describe an approach to creating correct-by-construction abstract interpreters that also attain the fundamental limits on precision that abstract-interpretation theory establishes. Our approach requires the analysis designer to implement only a small number of operations. In particular, we describe a systematic method for implementing an abstract interpreter that solves the following problem:
    Preview · Article · Feb 2015 · Electronic Notes in Theoretical Computer Science
  • Source
    • "Furthermore, in large software systems, due to modular design, a large number of procedures may be called many times and there may be recursive procedures. Furthermore, the modular, summary-based analysis [5], [6], [7], [8] offers three key advantages over the whole program analysis: such as reuse of analysis results, scalability and parallelizability. Procedures in programs are analyzed in a particular context, and thus, an additional caller to the same procedure may require re-analysis of the whole procedure. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Heap-manipulating programs allow flexible manipulations over dynamically allocated, shared, and mutable heap cells via pointers that point to not only linked data structures but also their pointer fields. Therefore, memory leak detection for these programs requires precise field-sensitive pointer alias information, which make the problem more challenging. In this paper, we present a field and context sensitive algorithm for detecting memory leaks in heap-manipulating programs. First, we propose a modular heap abstraction based on member-access distances and alias bit-vector domain as the escape model of each procedure, Then, based on procedural summaries characterized by this modular heap abstraction, an efficient context-sensitive memory leak detection is proposed in an on-demand way. Experimental evaluation about a set of large C benchmark programs shows that the proposed approach is scalable with satisfied precision as expected.
    Full-text · Conference Paper · Dec 2012
  • Source
    • "Broadly speaking, there are two main approaches to interprocedural analysis with different strengths and weaknesses. The first approach is to compute procedure summaries (e.g., [4] [16] [20]). "
    [Show abstract] [Hide abstract]
    ABSTRACT: Interprocedural program analysis is often performed by computing procedure summaries. While possible, computing adequate sum-maries is difficult, particularly in the presence of recursive proce-dures. In this paper, we propose a complementary framework for interprocedural analysis based on a direct abstraction of the calling context. Specifically, our approach exploits the inductive structure of a calling context by treating it directly as a stack of activation records. We then build an abstraction based on separation logic with inductive definitions. A key element of this abstract domain is the use of parameters to refine the meaning of such call stack summaries and thus express relations across activation records and with the heap. In essence, we define an abstract interpretation-based analysis framework for recursive programs that permits a fluid per call site abstraction of the call stack—much like how shape analyz-ers enable a fluid per program point abstraction of the heap.
    Preview · Conference Paper · Jan 2011
Show more