A combination framework for tracking partition sizes

We describe an abstract interpretation based framework for proving relationships between sizes of memory partitions. Instances of this framework can prove traditional properties such as memory safety and program termination but can also establish upper bounds on usage of dynamically allocated memory. Our framework also stands out in its ability to prove properties of programs manipulating both heap and arrays which is considered a difficult task. Technically, we define an abstract domain that is parameterized by an abstract domain for tracking memory partitions (sets of memory locations) and by a numerical abstract domain for tracking relationships between cardinalities of the partitions. We describe algorithms to construct the transfer functions for the abstract domain in terms of the corresponding transfer functions of the parameterized abstract domains. A prototype of the framework was implemented and used to prove interesting properties of realistic programs, including programs that could not have been automatically analyzed before.

[1]  Eran Yahav,et al.  Predicate Abstraction and Canonical Abstraction for Singly-Linked Lists , 2005, VMCAI.

[2]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[3]  Roman Manevich,et al.  Partially Disjunctive Heap Abstraction , 2004, SAS.

[4]  Michael Rodeh,et al.  CSSV: towards a realistic tool for statically detecting all buffer overflows in C , 2003, PLDI '03.

[5]  SagivMooly,et al.  A combination framework for tracking partition sizes , 2009 .

[6]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[7]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[8]  Viktor Kuncak,et al.  Towards Efficient Satisfiability Checking for Boolean Algebra with Presburger Arithmetic , 2007, CADE.

[9]  Alain Deutsch,et al.  On determining lifetime and aliasing of dynamically allocated data in higher-order functional specifications , 1989, POPL '90.

[10]  Antoine Mid The Octagon Abstract Domain , 2001 .

[11]  Michael Karr,et al.  Affine relationships among variables of a program , 1976, Acta Informatica.

[12]  Thomas W. Reps,et al.  Numeric Domains with Summarized Dimensions , 2004, TACAS.

[13]  Greg Nelson,et al.  Fast Decision Procedures Based on Congruence Closure , 1980, JACM.

[14]  Ahmed Bouajjani,et al.  Programs with lists are counter automata , 2011, Formal Methods Syst. Des..

[15]  Sumit Gulwani,et al.  Combining abstract interpreters , 2006, PLDI '06.

[16]  Radu Rugina Shape Analysis Quantitative Shape Analysis , 2004, SAS.

[17]  Roberto Bagnara,et al.  The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems , 2006, Sci. Comput. Program..

[18]  Thomas W. Reps,et al.  A framework for numeric analysis of array operations , 2005, POPL '05.

[19]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[20]  Tevfik Bultan,et al.  Automated Verification of Concurrent Linked Lists with Counters , 2002, SAS.

[21]  John Hughes,et al.  Recursion and dynamic data-structures in bounded space: towards embedded ML programming , 1999, ICFP '99.

[22]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[23]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[24]  Peter W. O'Hearn,et al.  Beyond Reachability: Shape Abstraction in the Presence of Pointer Arithmetic , 2006, SAS.

[25]  Edmund M. Clarke,et al.  Arithmetic Strengthening for Shape Analysis , 2007, SAS.

[26]  A. Rybalchenko,et al.  Transition invariants , 2004, LICS 2004.

[27]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[28]  Henny B. Sipma,et al.  The Polyranking Principle , 2005, ICALP.

[29]  Shengchao Qin,et al.  Automated Verification of Shape and Size Properties Via Separation Logic , 2007, VMCAI.

[30]  Martin Hofmann,et al.  Static prediction of heap space usage for first-order functional programs , 2003, POPL '03.

[31]  A. M. Turing,et al.  Checking a large routine , 1989 .

[32]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[33]  Andreas Podelski,et al.  Boolean Heaps , 2005, SAS.

[34]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.