Parametric shape analysis via 3-valued logic

We present a family of abstract-interpretation algorithms that are capable of determining "shape invariants" of programs that perform destructive updating on dynamically allocated storage. The main idea is to represent the stores that can passibly arise during execution using three-valued logical structures.Questions about properties of stores can be answered by evaluating predicate-logic formulae using Kleene's semantics of three-valued logic: ¿If a formula evaluates to true, then the formula holds in every store represented by the three-valued structure. ¿If a formula evaluates to false, then the formula does not hold in any store represented by the three-valued structure. ¿If a formula evaluates to unknown, then we do not know if this formula always holds, never holds, or sometimes holds and sometimes does not hold in the stores represented by the three-valued structure. Three-valued logical structures are thus a conservative representation of memory stores.The approach described is a parametric framework: It provides the basis for generating a family of shape-analysis algorithms by varying the vocabulary used in the three-valued logic.

[1]  Alexandru Nicolau,et al.  Abstractions for recursive pointer data structures: improving the analysis and transformation of imperative programs , 1992, PLDI '92.

[2]  Robert L. Constable,et al.  An Introduction to the PL/CV2 Programming Logic , 1982, Lecture Notes in Computer Science.

[3]  Reinhard Wilhelm,et al.  Solving shape-analysis problems in languages with destructive updating , 1998, TOPL.

[4]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[5]  Neil D. Jones,et al.  A flexible approach to interprocedural data flow analysis and programs with recursive data structures , 1982, POPL '82.

[6]  David E. Evans,et al.  Static detection of dynamic memory errors , 1996, PLDI '96.

[7]  David Gries,et al.  The Science of Programming , 1981, Text and Monographs in Computer Science.

[8]  Somesh Jha,et al.  Symmetry and Induction in Model Checking , 1995, Computer Science Today.

[9]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[10]  Barbara G. Ryder,et al.  Pointer-induced aliasing: a problem classification , 1991, POPL '91.

[11]  A. Prasad Sistla,et al.  Symmetry and model checking , 1993, Formal Methods Syst. Des..

[12]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[13]  Paul N. Hilfinger,et al.  Analysis of recursive types in an imperative language , 1994 .

[14]  James R. Larus,et al.  Detecting conflicts between structure accesses , 1988, PLDI '88.

[15]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[16]  Alexandru Nicolau,et al.  Abstractions for Recursive Pointer Data Structures: Improving the Analysis of Imperative Programs. , 1992, PLDI 1992.

[17]  Reinhard Wilhelm,et al.  A Logic-Based Approach to Data Flow Analysis Problem , 1990, PLILP.

[18]  Neil D. Jones,et al.  Flow analysis and optimization of LISP-like structures , 1979, POPL.

[19]  David L. Dill,et al.  Experience with Predicate Abstraction , 1999, CAV.

[20]  Eran Yahav,et al.  Verifying safety properties of concurrent Java programs using 3-valued logic , 2001, POPL '01.

[21]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[22]  Alexandru Nicolau,et al.  Parallelizing Programs with Recursive Data Structures , 1989, IEEE Trans. Parallel Distributed Syst..

[23]  Todd C. Mowry,et al.  Compiler-based prefetching for recursive data structures , 1996, ASPLOS VII.

[24]  A. Deutsch,et al.  A storeless model of aliasing and its abstractions using finite representations of right-regular equivalence relations , 1992, Proceedings of the 1992 International Conference on Computer Languages.

[25]  Phil Pfeiffer,et al.  Dependence analysis for pointer variables , 1989, PLDI '89.

[26]  Jianwen Su,et al.  Incremental and Decremental Evaluation of Transitive Closure by First-Order Queries , 1995, Inf. Comput..

[27]  S. C. Kleene,et al.  Introduction to Metamathematics , 1952 .

[28]  Neil Immerman,et al.  Dyn-FO: A Parallel, Dynamic Complexity Class , 1997, J. Comput. Syst. Sci..

[29]  Joseph M. Morris Assignment and Linked Data Structures , 1982 .

[30]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[31]  Pascal Fradet,et al.  Shape types , 1997, POPL '97.

[32]  Andrew A. Chien,et al.  Analysis of Dynamic Structures for Efficient Parallel Execution , 1993, LCPC.

[33]  Michael Benedikt,et al.  A Decidable Logic for Describing Linked Data Structures , 1999, ESOP.

[34]  Jan Stransky,et al.  A Lattice for Abstract Interpretation of Dynamic (LISP-Like) Structures , 1992, Information and Computation.

[35]  James C. King,et al.  A Program Verifier , 1971, IFIP Congress.

[36]  Thomas W. Reps,et al.  Putting static analysis to work for verification: A case study , 2000, ISSTA '00.

[37]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[38]  Jianwen Su,et al.  Arity Bounds in First-Order Incremental Evaluation and Definition of Polynomial Time Database Queries , 1998, J. Comput. Syst. Sci..

[39]  Nils Klarlund,et al.  Automatic verification of pointer programs using monadic second-order logic , 1997, PLDI '97.

[40]  Markus Weinhardt,et al.  Interprocedural heap analysis for parallelizing imperative programs , 1993, Proceedings of Workshop on Programming Models for Massively Parallel Computers.

[41]  Michael I. Schwartzbach,et al.  Compile-Time Debugging of C Programs Working on Trees , 2000, ESOP.

[42]  John L. Bell,et al.  A course in mathematical logic , 1977 .

[43]  Matthew L. Ginsberg,et al.  Multivalued logics: a uniform approach to reasoning in artificial intelligence , 1988, Comput. Intell..

[44]  Flemming Nielson,et al.  A Kleene Analysis of Mobile Ambients , 2000, ESOP.