Hierarchical Shape Abstraction of Dynamic Structures in Static Blocks

We propose a hierarchical shape abstract domain, so as to infer structural invariants of dynamic structures such as lists living inside static structures, such as arrays. This programming pattern is often used in safety critical embedded software as an alternative to dynamic memory allocation. Our abstract domain precisely describes such hierarchies of structures. It combines several instances of simple shape abstract domains, dedicated to the representation of elementary shape properties, and also embeds a numerical abstract domain. This modular construction greatly simplifies the design and the implementation of the abstract domain. We provide an implementation, and show the effectiveness of our approach on a problem taken from a real code.

[1]  Mike Elliott Object-oriented Software Considerations in Airborne Systems and Equipment Certification. DO-178C and Object-oriented Technology , 2011 .

[2]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[3]  Isil Dillig,et al.  Precise reasoning for programs using containers , 2011, POPL '11.

[4]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[5]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[6]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[7]  George C. Necula,et al.  Shape Analysis with Structural Invariant Checkers , 2007, SAS.

[8]  Thomas W. Reps,et al.  A framework for numeric analysis of array operations , 2005, POPL '05.

[9]  Bor-Yuh Evan Chang,et al.  Relational inductive shape analysis , 2008, POPL '08.

[10]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[11]  Nicolas Halbwachs,et al.  Discovering properties about arrays in simple programs , 2008, PLDI '08.

[12]  Bor-Yuh Evan Chang,et al.  Separating Shape Graphs , 2010, ESOP.

[13]  Deepak Kapur,et al.  Heap analysis in the presence of collection libraries , 2007, PASTE '07.

[14]  Antoine Miné,et al.  Static Analysis of Run-Time Errors in Embedded Critical Parallel C Programs , 2011, ESOP.

[15]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[16]  Philippe Granger,et al.  Static Analysis of Linear Congruence Equalities among Variables of a Program , 1991, TAPSOFT, Vol.1.

[17]  Peter W. O'Hearn,et al.  Shape Analysis for Composite Data Structures , 2007, CAV.

[18]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[19]  Peter W. O'Hearn,et al.  Beyond Reachability: Shape Abstraction in the Presence of Pointer Arithmetic , 2006, SAS.

[20]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[21]  Hongseok Yang,et al.  Program Analysis for Overlaid Data Structures , 2011, CAV.

[22]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[23]  David Monniaux,et al.  Verification of device drivers and intelligent controllers: a case study , 2007, EMSOFT '07.

[24]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[25]  Sumit Gulwani,et al.  A combination framework for tracking partition sizes , 2009, POPL '09.

[26]  Patrick Cousot,et al.  A parametric segmentation functor for fully automatic and scalable array content analysis , 2011, POPL '11.

[27]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.