research-article

Compositional shape analysis by means of bi-abduction

Authors:

Cristiano Calcagno,

Dino Distefano,

Hongseok YangAuthors Info & Claims

POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Pages 289 - 300

https://doi.org/10.1145/1480881.1480917

Published: 21 January 2009 Publication History

Abstract

This paper describes a compositional shape analysis, where each procedure is analyzed independently of its callers. The analysis uses an abstract domain based on a restricted fragment of separation logic, and assigns a collection of Hoare triples to each procedure; the triples provide an over-approximation of data structure usage. Compositionality brings its usual benefits -- increased potential to scale, ability to deal with unknown calling contexts, graceful way to deal with imprecision -- to shape analysis, for the first time.

The analysis rests on a generalized form of abduction (inference of explanatory hypotheses) which we call bi-abduction. Bi-abduction displays abduction as a kind of inverse to the frame problem: it jointly infers anti-frames (missing portions of state) and frames (portions of state not touched by an operation), and is the basis of a new interprocedural analysis algorithm. We have implemented our analysis algorithm and we report case studies on smaller programs to evaluate the quality of discovered specifications, and larger programs (e.g., an entire Linux distribution) to test scalability and graceful imprecision.

References

[1]

P.A. Abdulla, A. Bouajjani, J. Cederberg, F. Haziza, A. Rezine: Monotonic Abstraction for Programs with Dynamic Memory Heaps. In CAV'08, pp. 341--354.

Digital Library

[2]

A.Podelski, A.Rybalchenko, and T.Wies. Heap assumptions on demand. In CAV, 2008.

Digital Library

[3]

I. Balaban, A. Pnueli, and L. D. Zuck. Shape analysis by predicate abstraction. In VMCAI'05, pp. 164--180.

Digital Library

[4]

J. Berdine, C. Calcagno, B. Cook, D. Distefano, P. O'Hearn, T. Wies, and H. Yang. Shape analysis of composite data structures. In CAV'07.

Digital Library

[5]

J. Berdine, C. Calcagno, and P. O'Hearn. Symbolic execution with separation logic. In APLAS'05, pp. 52--68.

Digital Library

[6]

A. Bouajjani, P. Habermehl, A. Rogalewicz, and T. Vojnar. Abstract tree regular model checking of complex dynamic data structures. In SAS'06, pp. 52--70.

Digital Library

[7]

C. Calcagno, D. Distefano, P. O'Hearn, and H. Yang. Footprint analysis: A shape analysis that discovers preconditions. In SAS'07.

Digital Library

[8]

B. Chang and X. Rival. Relational inductive shape analysis. In POPL'08, pp. 247--260.

Digital Library

[9]

B. Chang, X. Rival, and G. Necula. Shape analysis with structural invariant checkers. In SAS'07, pp. 384--401.

Digital Library

[10]

P. Cousot and R. Cousot. Compositional separate modular static analysis of programs by abstract interpretation. In SSGRR'01.% In Proceedings of SSGRR, Compact disk, L'Aquila, Italy, 2001.

[11]

D. Distefano, P. O'Hearn, and H. Yang. A local shape analysis based on separation logic. In TACAS'06, pp. 287--302.

Digital Library

[12]

D. Distefano and M. Parkinson. jStar: Towards Practical Verification for Java. In OOPSLA'08, pp. 213--226.

Digital Library

[13]

N. Dor, M. Rodeh, and M. Sagiv. CSSV: Towards a realistic tool for statically detecting all buffer overflows in C. In PLDI'03, pp. 155--167.

Digital Library

[14]

R. Ghiya and . Hendren. Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C. In POPL'96, pp. 1--15.

Digital Library

[15]

R. Giacobazzi. Abductive analysis of modular logic programs. In SLP'94, pp. 377--392.

Digital Library

[16]

D. Gopan and T. Reps. Low-level library analysis and summarization. In CAV'07, pp. 68--81.

Digital Library

[17]

A. Gotsman, J. Berdine, and B. Cook. Interprocedural shape analysis with separated heap abstractions. In SAS'06, pp. 240--260.

Digital Library

[18]

A. Gotsman, J. Berdine, B. Cook, and M. Sagiv. Thread--modular shape analysis In PLDI'07, pp. 266--277.

Digital Library

[19]

S. Gulwani, B. McCloskey, and A. Tiwari. Lifting Abstract Interpreters to Quantified Logical Domains. In POPL'08, pp. 235--246.

Digital Library

[20]

S. Gulwani and A. Tiwari. Computing procedure summaries for interprocedural analysis. In ESOP'07, pp. 253--267.

Digital Library

[21]

B. Guo, N. Vachharajani, and D. August. Shape analysis with inductive recursion synthesis. In PLDI'07, pp. 256--265.

Digital Library

[22]

B. Hackett and R. Rugina. Region-based shape analysis with tracked locations. In POPL'05, pp. 310--323.

Digital Library

[23]

H.Yang, O.Lee, J.Berdine, C.Calcagno, B.Cook, D.Distefano, and P.O'Hearn. Scalable shape analysis for systems code. In CAV'08.

Digital Library

[24]

A. C. Kakas, R. A. Kowalski, and F. Toni. Abductive logic programming. J. of Logic and Computation, 2(6):719--770, 1992.

[25]

V. Kuncak, P. Lam, and M. Rinard. Role analysis. In POPL'02.

Digital Library

[26]

T. Lev--Ami, N. Immerman, and M. Sagiv. Abstraction for shape analysis with fast and precise transfomers. In CAV'06, pp. 547--561.

Digital Library

[27]

T. Lev--Ami, M. Sagiv, T. Reps, and S. Gulwani:. Backward analysis for inferring quantified preconditions. Tel Aviv University Tech Report TR-2007-12-01, 2007.

[28]

S. Magill, J. Berdine, E. Clarke, and B. Cook. Arithmetic Strengthening for Shape Analysis. In SAS'07, pp. 419--436.

[29]

R. Manevich, J. Berdine, B. Cook, G. Ramalingam, and M. Sagiv. Shape analysis by graph decomposition. In TACAS'07, pp. 3--18.

Digital Library

[30]

M. Marron, M. Hermenegildo, D. Kapur, and D. Stefanovic. Efficient context-sensitive shape analysis with graph based heap models. In CC'08, pp. 245--259.

Digital Library

[31]

Y. Moy. Sufficient preconditions for modular assertion checking. In VMCAI'08, pp. 188--202.

Digital Library

[32]

H. Nguyen, C. David, S. Qin, and W.-N. Chin. Automated verification of shape and size propertiesvia separation logic. In VMCAI'07.

Digital Library

[33]

E. Nystrom, H. Kim, and W. Hwu. Bottom-up and top-down context-sensitive summary-based pointer analysis. SAS'04, pp. 165--180.

[34]

P. O'Hearn, J. Reynolds, and H. Yang. Local reasoning about programs that alter data structures. In CSL'01, pp. 1--19.

Digital Library

[35]

P. O'Hearn, H. Yang and J. Reynolds. Separation and information hiding. In POPL'04, pp. 268--280.

Digital Library

[36]

C. Peirce. Collected papers of Charles Sanders Peirce. Harvard University Press., 1958.

[37]

A. Podelski and T. Wies. Boolean heaps. In SAS'05, pp. 268--283.

Digital Library

[38]

A.Podelski, A.Rybalchenko, and T.Wies. Heap assumptions on demand. In CAV'08, pp. 314--327.

Digital Library

[39]

T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In POPL'95, pp. 49--61.

Digital Library

[40]

J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In LICS'02, pp. 55--74.

Digital Library

[41]

N. Rinetzky, J. Bauer, T. Reps, M. Sagiv, and R. Wilhelm. A semantics for procedure local heaps and its abstractions. In POPL'05.

Digital Library

[42]

N. Rinetzky, M. Sagiv, and E. Yahav. Interprocedural shape analysis for cutpoint-free programs. In SAS'05, pp. 284--302.

Digital Library

[43]

M. Sagiv, T. Reps, R. Wilhelm. Solving shape-analysis problems in languages with destructive updating. ACM TOPLAS, 20(1):1--50,1998.

Digital Library

[44]

M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In S. Muchnick and J. Jones, editors, Program Flow Analysis: Theory and Applications. Prentice-Hall, 1981.

Digital Library

[45]

J. Whaley and M. Rinard. Compositional pointer and escape analysis for Java. In OOPSLA'06, pp. 187--206.\endthebibliography

Digital Library

Cited By

Roth TNäumann JHelm DKeidel SMezini MFilkov VRay BZhou M(2024)AXA: Cross-Language Analysis through Integration of Single-Language AnalysesProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3696193(1195-1205)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3696193
Distefano DMarescotti MAhs CCela SSampaio GGrigore RHajdu AKapus TMao KSuzanne TFilkov VRay BZhou M(2024)Enhancing Compositional Static Analysis with Dynamic AnalysisProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695599(2121-2129)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695599
Yoo JErnst MJust RFilkov VRay BZhou M(2024)Verifying the Option Type with Rely-Guarantee ReasoningProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695036(367-380)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695036
Show More Cited By

Index Terms

Compositional shape analysis by means of bi-abduction

Recommendations

Compositional Shape Analysis by Means of Bi-Abduction

The accurate and efficient treatment of mutable data structures is one of the outstanding problem areas in automatic program verification and analysis. Shape analysis is a form of program analysis that attempts to infer descriptions of the data ...
Compositional shape analysis by means of bi-abduction
POPL '09

This paper describes a compositional shape analysis, where each procedure is analyzed independently of its callers. The analysis uses an abstract domain based on a restricted fragment of separation logic, and assigns a collection of Hoare triples to ...
Interprocedural pointer alias analysis

We present practical approximation methods for computing and representing interprocedural aliases for a program written in a language that includes pointers, reference parameters, and recursion. We present the following contributions: (1) a framework ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

January 2009

464 pages

ISBN:9781605583792

DOI:10.1145/1480881

General Chair:
Zhong Shao
Yale University, USA
,
Program Chair:
Benjamin C. Pierce
University of Pennsylvania, USA

ACM SIGPLAN Notices Volume 44, Issue 1
POPL '09
January 2009
453 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1594834
Issue’s Table of Contents

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 January 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

POPL09

Sponsor:

POPL09: The 36th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

January 21 - 23, 2009

GA, Savannah, USA

Acceptance Rates

Overall Acceptance Rate 824 of 4,130 submissions, 20%

Upcoming Conference

POPL '25

Sponsor:
sigplan

The 52nd Annual ACM SIGPLAN Symposium on Principles of Programming Languages

January 19 - 25, 2025

Denver , CO , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

267
Total Citations
View Citations
1,162
Total Downloads

Downloads (Last 12 months)64
Downloads (Last 6 weeks)7

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Roth TNäumann JHelm DKeidel SMezini MFilkov VRay BZhou M(2024)AXA: Cross-Language Analysis through Integration of Single-Language AnalysesProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3696193(1195-1205)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3696193
Distefano DMarescotti MAhs CCela SSampaio GGrigore RHajdu AKapus TMao KSuzanne TFilkov VRay BZhou M(2024)Enhancing Compositional Static Analysis with Dynamic AnalysisProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695599(2121-2129)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695599
Yoo JErnst MJust RFilkov VRay BZhou M(2024)Verifying the Option Type with Rely-Guarantee ReasoningProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695036(367-380)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695036
Song YFoo DChin W(2024)Specification and Verification for Unrestricted Algebraic Effects and HandlingProceedings of the ACM on Programming Languages10.1145/36746568:ICFP(909-937)Online publication date: 15-Aug-2024
https://dl.acm.org/doi/10.1145/3674656
Ho SFromherz AProtzenko J(2024)Sound Borrow-Checking for Rust via Symbolic SemanticsProceedings of the ACM on Programming Languages10.1145/36746408:ICFP(426-454)Online publication date: 15-Aug-2024
https://dl.acm.org/doi/10.1145/3674640
Spies SGäher LSammler MDreyer D(2024)Quiver: Guided Abductive Inference of Separation Logic Specifications in CoqProceedings of the ACM on Programming Languages10.1145/36564138:PLDI(889-913)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656413
Guo YYao PZhang CChristakis MPradel M(2024)Precise Compositional Buffer Overflow Detection via Heap DisjointnessProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652110(63-75)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652110
Zilberstein NSaliling ASilva A(2024)Outcome Separation Logic: Local Reasoning for Correctness and Incorrectness with Computational EffectsProceedings of the ACM on Programming Languages10.1145/36498218:OOPSLA1(276-304)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649821
Sellami YGirol GRecoules FCouroussé DBardin S(2024)Inference of Robust Reachability ConstraintsProceedings of the ACM on Programming Languages10.1145/36329338:POPL(2731-2760)Online publication date: 5-Jan-2024
https://doi.org/10.1145/3632933
Xie DChen BHuang KWang YPan LChen ZPeng X(2024)Enhancing Field Tracking and Interprocedural Analysis to Find More Null Pointer Exceptions2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00093(849-859)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER60148.2024.00093
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents