Abstract Heap Relations for a Compositional Shape Analysis. (Abstractions Relationnelles de la Mémoire pour une Analyse Compositionnelle de Structures de Données)

Les analyses statiques ont pour but d’inferer des proprietes semantiques de programmes. Nous distinguons deux importantes classes d’analyses statiques : les analyses d’etats et les analyses relationnelles. Alors que les analyses d’etats calculent une sur-approximation de l’ensemble des etats atteignables d’un programme, les analyses relationnelles calculent des proprietes fonctionnelles entre les etats d’entree et les etats de sortie d’un programme. Les analyses relationnelles offrent plusieurs avantages, comme leur capacite a inferer des proprietes semantiques plus expressives par rapport aux analyses d’etats. De plus, elles offrent egalement la possibilite de rendre l’analyse compositionnelle, en utilisant les relations entree-sortie comme des resumes de procedures, ce qui est un avantage pour le passage a l’echelle. Dans le cas des programmes numeriques, plusieurs analyses ont ete proposees qui utilisent des domaines abstraits numeriques relationnels, pour decrire des relations. D’un autre cote, modeliser des abstractions de relations entre les etats memoires entree-sortie tout en prenant en compte les structures de donnees est difficile. Dans cette These, nous proposons un ensemble de nouveaux connecteurs logiques, reposant sur la logique de separation, pour decrire de telles relations. Ces connecteurs peuvent exprimer qu’une certaine partie de la memoire est inchangee, fraichement allouee, ou desallouee, ou que seulement une seule partie de la memoire est modifiee (et de quelle maniere). En utilisant ces connecteurs, nous construisons un domaine abstrait relationnel et nous concevons une analyse statique compositionnelle par interpretation abstraite qui sur-approxime des relations entre des etats memoires contenant des structures de donnees inductives. Nous avons implemente ces contributions sous la forme d’un plug-in de l’analyseur FRAMA-C. Nous en avons evalue l’impact sur l’analyse de petits programmes ecrits en C manipulant des listes chainees et des arbres binaires, mais egalement sur l’analyse d’un programme plus consequent qui consiste en une partie du code source d’Emacs. Nos resultats experimentaux montrent que notre approche permet d’inferer des proprietes semantiques plus expressives d’un point de vue logique que des analyses d’etats. Elle se revele aussi beaucoup plus rapide sur des programmes avec un nombre consequent d’appels de fonctions sans pour autant perdre en precision.

[1]  Noam Rinetzky,et al.  Interprocedural Shape Analysis for Recursive Programs , 2001, CC.

[2]  Aquinas Hobor,et al.  The ramifications of sharing in data structures , 2013, POPL.

[3]  A Pnueli,et al.  Two Approaches to Interprocedural Data Flow Analysis , 2018 .

[4]  Hongseok Yang,et al.  Modularity in Lattices: A Case Study on the Correspondence Between Top-Down and Bottom-Up Analysis , 2015, SAS.

[5]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[6]  Pietro Ferrara,et al.  TVAL+ : TVLA and Value Analyses Together , 2012, SEFM.

[7]  Isil Dillig,et al.  Precise and compact modular procedure summaries for heap manipulating programs , 2011, PLDI '11.

[8]  Thomas W. Reps,et al.  Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation , 1995, TAPSOFT.

[9]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[10]  Enric Rodríguez-Carbonell,et al.  Automatic generation of polynomial invariants of bounded degree using abstract interpretation , 2007, Sci. Comput. Program..

[11]  Bor-Yuh Evan Chang,et al.  Calling context abstraction with shapes , 2011, POPL '11.

[12]  Alexandru Nicolau,et al.  Abstractions for Recursive Pointer Data Structures: Improving the Analysis of Imperative Programs. , 1992, PLDI 1992.

[13]  Eran Yahav,et al.  Comparison Under Abstraction for Verifying Linearizability , 2007, CAV.

[14]  Nikolai Kosmatov,et al.  Frama-C: A software analysis perspective , 2015, Formal Aspects of Computing.

[15]  Bor-Yuh Evan Chang,et al.  Desynchronized Multi-State Abstractions for Open Programs in Dynamic Languages , 2015, ESOP.

[16]  Michael Karr,et al.  Affine relationships among variables of a program , 1976, Acta Informatica.

[17]  E. Clarke,et al.  Inferring Invariants in Separation Logic for Imperative List-processing Programs , 2005 .

[18]  Edmund M. Clarke,et al.  Arithmetic Strengthening for Shape Analysis , 2007, SAS.

[19]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[20]  Corinne Ancourt,et al.  A Modular Static Analysis Approach to Affine Loop Invariants Detection , 2010, Electron. Notes Theor. Comput. Sci..

[21]  Eran Yahav,et al.  Interprocedural Shape Analysis for Effectively Cutpoint-Free Programs , 2013, Programming Logics.

[22]  Patrick Cousot,et al.  Abstract Interpretation and Application to Logic Programs , 1992, J. Log. Program..

[23]  Shengchao Qin,et al.  Shape Analysis via Second-Order Bi-Abduction , 2014, CAV.

[24]  Sigmund Cherem,et al.  Maintaining Doubly-Linked List Invariants in Shape Analysis with Local Reasoning , 2007, VMCAI.

[25]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[26]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[27]  Bowen Alpern,et al.  Recognizing safety and liveness , 2005, Distributed Computing.

[28]  Torben Amtoft,et al.  A logic for information flow in object-oriented programs , 2006, POPL '06.

[29]  Lars Birkedal,et al.  BI Hyperdoctrines and Higher-Order Separation Logic , 2005, ESOP.

[30]  Adam Dunkels,et al.  Contiki - a lightweight and flexible operating system for tiny networked sensors , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[31]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[32]  George C. Necula,et al.  Shape Analysis with Structural Invariant Checkers , 2007, SAS.

[33]  Wei-Ngan Chin,et al.  Inferring Disjunctive Postconditions , 2006, ASIAN.

[34]  Lauretta O. Osho,et al.  Axiomatic Basis for Computer Programming , 2013 .

[35]  Frédéric Loulergue,et al.  Ghosts for Lists: A Critical Module of Contiki Verified in Frama-C , 2018, NFM.

[36]  David I. August,et al.  Shape analysis with inductive recursion synthesis , 2007, PLDI '07.

[37]  Eran Yahav,et al.  Interprocedural Shape Analysis for Cutpoint-Free Programs , 2005, SAS.

[38]  Philippe Granger Static analysis of arithmetical congruences , 1989 .

[39]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[40]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[41]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[42]  Bertrand Jeannet,et al.  A relational approach to interprocedural shape analysis , 2004, TOPL.

[43]  S. C. Kleene,et al.  Introduction to Metamathematics , 1952 .

[44]  Supratik Chakraborty,et al.  Bottom-Up Shape Analysis , 2009, SAS.

[45]  Arthur Charguéraud,et al.  Temporary Read-Only Permissions for Separation Logic , 2017, ESOP.

[46]  Radu Rugina,et al.  Region-based shape analysis with tracked locations , 2005, POPL '05.

[47]  James R. Larus,et al.  Detecting conflicts between structure accesses , 1988, PLDI '88.

[48]  Arthur Charguéraud,et al.  Characteristic formulae for the verification of imperative programs , 2011, ICFP.

[49]  Alexandru Nicolau,et al.  Parallelizing Programs with Recursive Data Structures , 1989, IEEE Trans. Parallel Distributed Syst..

[50]  A. Deutsch,et al.  A storeless model of aliasing and its abstractions using finite representations of right-regular equivalence relations , 1992, Proceedings of the 1992 International Conference on Computer Languages.

[51]  Bor-Yuh Evan Chang,et al.  Relational inductive shape analysis , 2008, POPL '08.

[52]  Constantin Enea,et al.  On inter-procedural analysis of programs with lists and data , 2011, PLDI '11.

[53]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[54]  Suresh Jagannathan,et al.  Automatically learning shape specifications , 2016, PLDI.

[55]  Peter W. O'Hearn,et al.  Shape Analysis for Composite Data Structures , 2007, CAV.

[56]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[57]  Lukás Holík,et al.  Forester: Shape Analysis Using Tree Automata - (Competition Contribution) , 2015, TACAS.

[58]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[59]  Bor-Yuh Evan Chang,et al.  Semantic-directed clumping of disjunctive abstract states , 2017, POPL.

[60]  Lukás Holík,et al.  Forest Automata for Verification of Heap Manipulation , 2011, CAV.

[61]  Martin Leucker,et al.  A brief account of runtime verification , 2009, J. Log. Algebraic Methods Program..

[62]  Robin Milner,et al.  Principal type-schemes for functional programs , 1982, POPL '82.

[63]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[64]  Edmund M. Clarke,et al.  Characterizing Correctness Properties of Parallel Programs Using Fixpoints , 1980, ICALP.

[65]  Yu Zhang,et al.  Reasoning about Optimistic Concurrency Using a Program Logic for History , 2010, CONCUR.

[66]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .

[67]  Bor-Yuh Evan Chang,et al.  Shape Analysis for Unstructured Sharing , 2015, SAS.

[68]  Anindya Banerjee,et al.  Regional Logic for Local Reasoning about Global Invariants , 2008, ECOOP.

[69]  Joost-Pieter Katoen,et al.  Safety and Liveness in Concurrent Pointer Programs , 2005, FMCO.

[70]  Mana Taghdiri,et al.  Inferring specifications to detect errors in code , 2004, Proceedings. 19th International Conference on Automated Software Engineering, 2004..

[71]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[72]  Constantin Enea,et al.  A Logic-Based Framework for Reasoning about Composite Data Structures , 2009, CONCUR.

[73]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[74]  Yannick Moy,et al.  ACSL: ANSI C Specification Language , 2008 .

[75]  Xin Zhang,et al.  Hybrid top-down and bottom-up interprocedural analysis , 2014, PLDI.

[76]  Arthur Charguéraud Higher-order representation predicates in separation logic , 2016, CPP.

[77]  Reinhard Wilhelm,et al.  A semantics for procedure local heaps and its abstractions , 2005, POPL '05.

[78]  Constantin Enea,et al.  Abstract Domains for Automated Reasoning about List-Manipulating Programs with Infinite Data , 2012, VMCAI.

[79]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[80]  Neil D. Jones,et al.  A flexible approach to interprocedural data flow analysis and programs with recursive data structures , 1982, POPL '82.

[81]  Eran Yahav,et al.  Generating precise and concise procedure summaries , 2008, POPL '08.

[82]  Laurie J. Hendren,et al.  Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C , 1996, POPL '96.

[83]  Peter W. O'Hearn,et al.  Footprint Analysis: A Shape Analysis That Discovers Preconditions , 2007, SAS.

[84]  Patrick Cousot,et al.  Modular Static Program Analysis , 2002, CC.

[85]  Barbara G. Ryder,et al.  Relevant context inference , 1999, POPL '99.

[86]  Neil Immerman,et al.  Abstraction for Shape Analysis with Fast and Precise Transformers , 2006, CAV.

[87]  Barbara G. Ryder,et al.  A safe approximate algorithm for interprocedural aliasing , 1992, PLDI '92.

[88]  Eran Yahav,et al.  Modular Shape Analysis for Dynamically Encapsulated Programs , 2007, ESOP.

[89]  Joost-Pieter Katoen,et al.  Who is Pointing When to Whom? , 2004, FSTTCS.

[90]  Alexey Gotsman,et al.  Interprocedural Shape Analysis with Separated Heap Abstractions , 2006, SAS.

[91]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[92]  Ioannis T. Kassios Dynamic Frames: Support for Framing, Dependencies and Sharing Without Restrictions , 2006, FM.

[93]  Eran Yahav,et al.  Verifying Temporal Heap Properties Specified via Evolution Logic , 2003, Log. J. IGPL.

[94]  Peter W. O'Hearn,et al.  Resources, Concurrency and Local Reasoning , 2004, CONCUR.

[95]  Deepak Kapur,et al.  Efficient Context-Sensitive Shape Analysis with Graph Based Heap Models , 2008, CC.

[96]  Patrick Cousot,et al.  Constructive design of a hierarchy of semantics of a transition system by abstract interpretation , 2002, MFPS.

[97]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.