Article

Shape analysis of low-level c with overlapping structures

Authors:

Vesal VojdaniAuthors Info & Claims

VMCAI'10: Proceedings of the 11th international conference on Verification, Model Checking, and Abstract Interpretation

Pages 214 - 230

https://doi.org/10.1007/978-3-642-11319-2_17

Published: 17 January 2010 Publication History

Abstract

Device drivers often keep data in multiple data structures simultaneously while embedding list or tree related records into the records containing the actual data; this results in overlapping structures. Shape analyses have traditionally relied on a graph-based representation of memory where a node corresponds to a whole record and edges to pointers. As this is ill-suited for encoding overlapping structures, we propose and formally relate two refined memory models. We demonstrate the appropriateness of these models by implementing shape analyses based on them within the TVLA framework. The implementation is exemplified using code extracted from cache managing kernel modules.

References

[1]

Abdulla, P.A., Bouajjani, A., Cederberg, J., Haziza, F., Rezine, A.: Monotonic abstraction for programs with dynamic memory heaps. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 341-354. Springer, Heidelberg (2008).

Digital Library

[2]

Barnett, M., Chang, B., DeLine, R., Jacobs, B., Leino, K.: Boogie: A modular reusable verifier for Object-Oriented programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 364-387. Springer, Heidelberg (2006).

Digital Library

[3]

Berdine, J., Calcagno, C., Cook, B., Distefano, D., O'Hearn, P.W., Wies, T., Yang, H.: Shape analysis for composite data structures. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 178-192. Springer, Heidelberg (2007).

Digital Library

[4]

Berdine, J., Lev-Ami, T., Manevich, R., Ramalingam, G., Sagiv, M.: Thread quantification for concurrent shape analysis. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 399-413. Springer, Heidelberg (2008).

Digital Library

[5]

Bouajjani, A., Jonsson, B., Nilsson, M., Touili, T.: Regular model checking. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 403-418. Springer, Heidelberg (2000).

Digital Library

[6]

Bouillaguet, C., Kuncak, V., Wies, T., Zee, K., Rinard, M.C.: Using first-order theorem provers in the Jahob data structure verification system. In: Cook, B., Podelski, A. (eds.) VMCAI 2007. LNCS, vol. 4349, pp. 74-88. Springer, Heidelberg (2007).

Digital Library

[7]

Calcagno, C., Distefano, D., O'Hearn, P., Yang, H.: Beyond reachability: Shape abstraction in the presence of pointer arithmetic. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 182-203. Springer, Heidelberg (2006).

Digital Library

[8]

Calcagno, C., Distefano, D., O'Hearn, P., Yang, H.: Compositional shape analysis by means of bi-abduction. In: POPL 2009, pp. 289-300. ACM Press, New York (2009).

Digital Library

[9]

Chang, B.Y.E., Rival, X.: Relational inductive shape analysis. In: POPL 2008, pp. 247-260. ACM Press, New York (2008).

Digital Library

[10]

Chatterjee, S., Lahiri, S., Qadeer, S., Rakamaric, Z.: A low-level memory model and an accompanying reachability predicate. Int. J. Softw. Tools Technol. Transfer 11(2), 105-116 (2009).

Digital Library

[11]

Clarke, D.G., Potter, J.M., Noble, J.: Ownership types for flexible alias protection. In: OOPSLA 1998, pp. 48-64. ACM Press, New York (1998).

Digital Library

[12]

Cohen, E., Dahlweid, M., Hillebrand, M., Leinenbach, D., Moskal, M., Santen, T., Schulte, W., Tobies, S.: VCC: a practical system for verifying concurrent C. In: Urban, C. (ed.) TPHOLs 2009. LNCS, vol. 5674, pp. 23-42. Springer, Heidelberg (2009).

Digital Library

[13]

Cohen, E., Moskal, M., Tobies, S., Schulte, W.: A precise yet efficient memory model for C. In: SSV 2009. ENTCS, vol. 254, pp. 85-103. Elsevier, Amsterdam (2009).

Digital Library

[14]

Condit, J., Hackett, B., Lahiri, S.K., Qadeer, S.: Unifying type checking and property checking for low-level code. In: POPL 2009, pp. 302-314. ACM Press, New York (2009).

Digital Library

[15]

Deutsch, A.: Interprocedural alias analysis for pointers: beyond k-limiting. In: PLDI 1994, pp. 230-241. ACM Press, New York (1994).

Digital Library

[16]

Dor, N.: Automatic Verfication of Program Cleanness. Master's thesis, Tel Aviv University (2003).

[17]

Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: PLDI 2002, pp. 234-245. ACM Press, New York (2002).

Digital Library

[18]

Gulwani, S., Lev-Ami, T., Sagiv, M.: A combination framework for tracking partition sizes. In: POPL 2009, pp. 239-251. ACM Press, New York (2009).

Digital Library

[19]

Gulwani, S., Tiwari, A.: An abstract domain for analyzing heap-manipulating low-level software. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 379-392. Springer, Heidelberg (2007).

Digital Library

[20]

Jonkers, H.B.M.: Abstract storage structures. In: Algorithmic Languages, pp. 321- 343. IFIP (1981).

[21]

Kassios, I.: Dynamic frames: Support for framing, dependencies and sharing without restrictions. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 268-283. Springer, Heidelberg (2006).

Digital Library

[22]

Manevich, R., Lev-Ami, T., Sagiv, M., Ramalingam, G., Berdine, J.: Heap decomposition for concurrent shape analysis. In: Alpuente, M., Vidal, G. (eds.) SAS 2008. LNCS, vol. 5079, pp. 363-377. Springer, Heidelberg (2008).

Digital Library

[23]

Naik, M., Aiken, A.: Conditional must not aliasing for static race detection. In: POPL 2007, pp. 327-338. ACM Press, New York (2007).

Digital Library

[24]

Pratikakis, P., Foster, J.S., Hicks, M.: Existential label flow inference via CFL reachability. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 88-106. Springer, Heidelberg (2006).

Digital Library

[25]

Reps, T.W., Sagiv, S., Loginov, A.: Finite differencing of logical formulas for static analysis. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 380-398. Springer, Heidelberg (2003).

Digital Library

[26]

Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: LICS 2002, pp. 55-74. IEEE Press, Los Alamitos (2002).

Digital Library

[27]

Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. TOPLAS 24(3), 217-298 (2002).

Digital Library

[28]

Seidl, H., Vojdani, V.: Region analysis for race detection. In: SAS 2009. LNCS, vol. 5673, pp. 171-187. Springer, Heidelberg (2009).

Digital Library

[29]

Smans, J., Jacobs, B., Piessens, F.: VeriCool: an automatic verifier for a concurrent Object-Oriented language. In: Barthe, G., de Boer, F.S. (eds.) FMOODS 2008. LNCS, vol. 5051, pp. 220-239. Springer, Heidelberg (2008).

Digital Library

[30]

Smans, J., Jacobs, B., Piessens, F.: Implicit dynamic frames: Combining dynamic frames and separation logic. In: Drossopoulu, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 148-172. Springer, Heidelberg (2009).

Digital Library

[31]

Yang, H., Lee, O., Berdine, J., Calcagno, C., Cook, B., Distefano, D., O'Hearn, P.: Scalable shape analysis for systems code. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 385-398. Springer, Heidelberg (2008).

Digital Library

Cited By

Simonnet JLemerre MSighireanu M(2024)A Dependent Nominal Physical Type System for Static Analysis of Memory in Low Level CodeProceedings of the ACM on Programming Languages10.1145/36897128:OOPSLA2(30-59)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689712
Ghidini RErhard JSchwarz MSeidl HArceri VPasqua M(2024)C-2PO: A Weakly Relational Pointer Domain: “These Are Not the Memory Cells You Are Looking For”Proceedings of the 10th ACM SIGPLAN International Workshop on Numerical and Symbolic Abstract Domains10.1145/3689609.3689994(2-9)Online publication date: 17-Oct-2024
https://dl.acm.org/doi/10.1145/3689609.3689994
Vojdani VApinis KRõtov VSeidl HVene VVogler RLo DApel SKhurshid S(2016)Static race detection for device drivers: the Goblint approachProceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering10.1145/2970276.2970337(391-402)Online publication date: 25-Aug-2016
https://dl.acm.org/doi/10.1145/2970276.2970337
Show More Cited By

Recommendations

Co-hierarchical analysis of shape structures

We introduce an unsupervised co-hierarchical analysis of a set of shapes, aimed at discovering their hierarchical part structures and revealing relations between geometrically dissimilar yet functionally equivalent shape parts across the set. The core ...
Practical and Accurate Low-Level Pointer Analysis
CGO '05: Proceedings of the international symposium on Code generation and optimization

Pointer analysis is traditionally performed once, early in the compilation process, upon an intermediate representation (IR) with source-code semantics. However, performing pointer analysis only once at this level imposes a phase-ordering constraint, ...
Precise shape analysis using field sensitivity

We present a static shape analysis technique to infer the shapes of the heap structures created by a program at run time. Our technique is field sensitive in that it uses field information to compute the shapes. The shapes of the heap structures are ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

VMCAI'10: Proceedings of the 11th international conference on Verification, Model Checking, and Abstract Interpretation

January 2010

396 pages

ISBN:3642113184

Editors:
Gilles Barthe
Facultad de Informatica (UPM), IMDEA Software, Campus Montegancedo, 28660 Boadilla del Monte, Madrid, Spain
,
Manuel Hermenegildo
Facultad de Informatica (UPM), IMDEA Software and Technical University of Madrid, Campus Montegancedo, 28660 Boadilla del Monte, Madrid, Spain

Sponsors

EAPLS: European Assoc for Programming Languages and Systems
IMDEA Software: IMDEA Software
ACM: Association for Computing Machinery

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 17 January 2010

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Simonnet JLemerre MSighireanu M(2024)A Dependent Nominal Physical Type System for Static Analysis of Memory in Low Level CodeProceedings of the ACM on Programming Languages10.1145/36897128:OOPSLA2(30-59)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689712
Ghidini RErhard JSchwarz MSeidl HArceri VPasqua M(2024)C-2PO: A Weakly Relational Pointer Domain: “These Are Not the Memory Cells You Are Looking For”Proceedings of the 10th ACM SIGPLAN International Workshop on Numerical and Symbolic Abstract Domains10.1145/3689609.3689994(2-9)Online publication date: 17-Oct-2024
https://dl.acm.org/doi/10.1145/3689609.3689994
Vojdani VApinis KRõtov VSeidl HVene VVogler RLo DApel SKhurshid S(2016)Static race detection for device drivers: the Goblint approachProceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering10.1145/2970276.2970337(391-402)Online publication date: 25-Aug-2016
https://dl.acm.org/doi/10.1145/2970276.2970337
Tang ZWang HLi BZhai JZhao JLi XMei HLü JMa XWang QYin GLiao X(2015)Analyzing Inductively Defined Properties for Recursive Data StructuresProceedings of the 7th Asia-Pacific Symposium on Internetware10.1145/2875913.2875930(221-228)Online publication date: 6-Nov-2015
https://dl.acm.org/doi/10.1145/2875913.2875930
Hawkins PRinard MAiken ASagiv MFisher K(2012)An introduction to data representation synthesisCommunications of the ACM10.1145/2380656.238067755:12(91-99)Online publication date: 1-Dec-2012
https://dl.acm.org/doi/10.1145/2380656.2380677
Lee OYang HPetersen R(2011)Program analysis for overlaid data structuresProceedings of the 23rd international conference on Computer aided verification10.5555/2032305.2032353(592-608)Online publication date: 14-Jul-2011
https://dl.acm.org/doi/10.5555/2032305.2032353
Hawkins PAiken AFisher KRinard MSagiv MHall MPadua D(2011)Data representation synthesisProceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/1993498.1993504(38-49)Online publication date: 4-Jun-2011
https://dl.acm.org/doi/10.1145/1993498.1993504
Hawkins PAiken AFisher KRinard MSagiv M(2010)Data structure fusionProceedings of the 8th Asian conference on Programming languages and systems10.5555/1947873.1947893(204-221)Online publication date: 28-Nov-2010
https://dl.acm.org/doi/10.5555/1947873.1947893

View Options

View options

Media

Figures

Other

Tables

View Table of Contents