Shape Analysis and Applications

A shape-analysis algorithm statically analyzes a program to determine information about the heapallocated data structures that the programmanipulates. The results can be used to understand programs or to verify properties of programs. Shape analysis also recovers information that is valuable for debugging, compile-time garbage collection, instruction scheduling, and parallelization. 1Portions of this paper were adapted from [65] (©Springer-Verlag) and excerpted from [58] (©ACM). 2Supported inpartbyNSFGrantsCCR-9619219,CCR-9986308,CCF-0540955,andCCF-0524051;byONRGrantsN0001401-1-0796 andN00014-01-1-0708; by the Alexander vonHumboldt Foundation; and by the John SimonGuggenheimMemorial Foundation. Address: Comp. Sci. Dept.; Univ. of Wisconsin; 1210 W. Dayton St.; Madison, WI 53706. 3Address: School of Comp. Sci.; Tel Aviv Univ.; Tel Aviv 69978; Israel. 4Address: Fachrichtung Informatik, Univ. des Saarlandes; 66123 Saarbrücken; Germany.

[1]  John C. Reynolds,et al.  Automatic computation of data set definitions , 1968, IFIP Congress.

[2]  Herbert B. Enderton,et al.  A mathematical introduction to logic , 1972 .

[3]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[4]  Neil D. Jones,et al.  Flow analysis and optimization of LISP-like structures , 1979, POPL.

[5]  David A. Padua,et al.  Dependence graphs and compiler optimizations , 1981, POPL '81.

[6]  Joseph M. Morris Assignment and Linked Data Structures , 1982 .

[7]  Greg Nelson,et al.  Verifying reachability invariants of linked structures , 1983, POPL '83.

[8]  Thomas W. Reps,et al.  Incremental Context-Dependent Analysis for Language-Based Editors , 1983, TOPL.

[9]  Eugene W. Myers,et al.  Efficient applicative data types , 1984, POPL.

[10]  Karl J. Ottenstein,et al.  The program dependence graph in a software development environment , 1984, SDE 1.

[11]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[12]  Joe D. Warren,et al.  The program dependence graph and its use in optimization , 1987, TOPL.

[13]  James R. Larus,et al.  Detecting conflicts between structure accesses , 1988, PLDI '88.

[14]  Jeffrey D. Ullman,et al.  Principles of database and knowledge-base systems, Vol. I , 1988 .

[15]  Jeffrey D. Uuman Principles of database and knowledge- base systems , 1989 .

[16]  Phil Pfeiffer,et al.  Dependence analysis for pointer variables , 1989, PLDI '89.

[17]  Abstractions for Recursive Pointer Data Structures: Improving the Analysis of Imperative Programs , 1992, PLDI.

[18]  Alexandru Nicolau,et al.  Abstractions for recursive pointer data structures: improving the analysis and transformation of imperative programs , 1992, PLDI '92.

[19]  A. Prasad Sistla,et al.  Symmetry and model checking , 1993, Formal Methods Syst. Des..

[20]  Laurie J. Hendren,et al.  Context-sensitive interprocedural points-to analysis in the presence of function pointers , 1994, PLDI '94.

[21]  Somesh Jha,et al.  Symmetry and Induction in Model Checking , 1995, Computer Science Today.

[22]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[23]  Reinhard Wilhelm,et al.  Solving shape-analysis problems in languages with destructive updating , 1998, TOPL.

[24]  Susan Horwitz,et al.  Fast and accurate flow-insensitive points-to analysis , 1997, POPL '97.

[25]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[26]  Joel H. Saltz,et al.  Identifying DEF/USE Information of Statements that Construct and Traverse Dynamic Recursive Data Structures , 1997, LCPC.

[27]  Shmuel Sagiv,et al.  Building a Bridge between Pointer Aliases and Program Dependences , 1998, Nord. J. Comput..

[28]  Rajiv Gupta,et al.  Complete removal of redundant expressions , 1998, PLDI 1998.

[29]  Michael Rodeh,et al.  Detecting memory errors via static pointer analysis (preliminary experience) , 1998, PASTE '98.

[30]  Michael Rodeh,et al.  Detecting memory errors via static pointer analysis , 1998 .

[31]  Reinhard Wilhelm,et al.  A logic-based approach to program flow analysis , 1998, Acta Informatica.

[32]  Rajiv Gupta,et al.  Complete Removal of Redundant Computations , 1998, PLDI.

[33]  Alexander Aiken,et al.  Partial online cycle elimination in inclusion constraint graphs , 1998, PLDI.

[34]  Rafael Asenjo,et al.  New shape analysis techniques for automatic parallelization of C codes , 1999, ICS '99.

[35]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[36]  Bernhard Möller Calculating with Acyclic and Cyclic Lists , 1999, Inf. Sci..

[37]  Thomas W. Reps,et al.  Putting static analysis to work for verification: A case study , 2000, ISSTA '00.

[38]  Suresh Jagannathan,et al.  Concurrency Analysis for Java , 2000, SAS.

[39]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[40]  Sriram K. Rajamani,et al.  Bebop: A Symbolic Model Checker for Boolean Programs , 2000, SPIN.

[41]  Michael Rodeh,et al.  Checking Cleanness in Linked Lists , 2000, SAS.

[42]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[43]  Olivier Tardieu,et al.  Ultra-fast aliasing analysis using CLA: a million lines of C code in a second , 2001, PLDI '01.

[44]  Radha Jagadeesan,et al.  Modal Transition Systems: A Foundation for Three-Valued Program Analysis , 2001, ESOP.

[45]  Noam Rinetzky,et al.  Interprocedural Shape Analysis for Recursive Programs , 2001, CC.

[46]  Eran Yahav,et al.  Verifying safety properties of concurrent Java programs using 3-valued logic , 2001, POPL '01.

[47]  Roman Manevich,et al.  Compactly Representing First-Order Structures for Static Analysis , 2002, SAS.

[48]  Deepak Goyal,et al.  Deriving specialized program analyses for certifying component-client conformance , 2002, PLDI '02.

[49]  Priti Shankar,et al.  The Compiler Design Handbook: Optimizations and Machine Code Generation , 2002, The Compiler Design Handbook.

[50]  Eran Yahav,et al.  Automatically Verifying Concurrent Queue Algorithms , 2003, SoftMC@CAV.

[51]  Eran Yahav,et al.  Verifying Temporal Heap Properties Specified via Evolution Logic , 2003, Log. J. IGPL.

[52]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[53]  Eran Yahav,et al.  Verifying safety properties using separation and heterogeneous abstractions , 2004, PLDI '04.

[54]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[55]  Thomas W. Reps,et al.  Numeric Domains with Summarized Dimensions , 2004, TACAS.

[56]  Roman Manevich,et al.  Partially Disjunctive Heap Abstraction , 2004, SAS.

[57]  Thomas W. Reps,et al.  A framework for numeric analysis of array operations , 2005, POPL '05.

[58]  Reinhard Wilhelm,et al.  A semantics for procedure local heaps and its abstractions , 2005, POPL '05.

[59]  Eran Yahav,et al.  Establishing local temporal heap safety properties with applications to compile-time memory management , 2003, Sci. Comput. Program..

[60]  J. Ross Quinlan,et al.  Learning logical definitions from relations , 1990, Machine Learning.

[61]  Michael Wolfe,et al.  Data dependence and its application to parallel processing , 2005, International Journal of Parallel Programming.

[62]  Eran Yahav,et al.  Predicate Abstraction and Canonical Abstraction for Singly-Linked Lists , 2005, VMCAI.

[63]  Thomas W. Reps,et al.  Abstraction Refinement via Inductive Learning , 2005, CAV.

[64]  Bertrand Jeannet,et al.  A Relational Abstraction for Functions , 2005, SAS.

[65]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[66]  Eran Yahav,et al.  Interprocedural Shape Analysis for Cutpoint-Free Programs , 2005, SAS.

[67]  Thomas Reps,et al.  Refinement-based program verification via three-valued-logic analysis , 2006 .

[68]  Roman Manevich,et al.  Combining Shape Analyses by Intersecting Abstractions , 2006, VMCAI.

[69]  Jan Maluszy¿ski Verification, Model Checking, and Abstract Interpretation , 2009, Lecture Notes in Computer Science.