Interprocedural Functional Shape Analysis using Local Heaps

We present a framework for interprocedural shape analysis, which is contextand flow-sensitive with the ability to perform destructive pointer updates. Instances of the framework are precise enough to prove the absence of program errors such as null dereferences, memory leaks and verify conformance to API specifications. Technically, our analysis computes procedure summaries as transformers from inputs to outputs while ignoring parts of the heap not relevant to the procedure. This makes the analysis modular in the heap and thus allows reusing the effect of a procedure at different call-sites and even between different contexts occurring at the same call-site. A prototype of our framework was implemented and used to verify interesting properties of heap manipulating programs.

[1]  Deepak Goyal,et al.  Deriving specialized program analyses for certifying component-client conformance , 2002, PLDI '02.

[2]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[3]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software, invited chapter , 2002 .

[4]  Roman Manevich,et al.  Partially Disjunctive Heap Abstraction , 2004, SAS.

[5]  Thomas W. Reps,et al.  Putting static analysis to work for verification: A case study , 2000, ISSTA '00.

[6]  Eran Yahav,et al.  Verifying safety properties using separation and heterogeneous abstractions , 2004, PLDI '04.

[7]  Noam Rinetzky,et al.  Interprocedural Shape Analysis for Recursive Programs , 2001, CC.

[8]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software , 2002, The Essence of Computation.

[9]  Eran Yahav,et al.  Verifying safety properties of concurrent Java programs using 3-valued logic , 2001, POPL '01.

[10]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[11]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[12]  Bernhard Steffen,et al.  The Interprocedural Coincidence Theorem , 1992, CC.

[13]  Reinhard Wilhelm,et al.  A semantics for procedure local heaps and its abstractions , 2005, POPL '05.

[14]  Bertrand Jeannet,et al.  A Relational Approach to Interprocedural Shape Analysis , 2004, SAS.

[15]  Sriram K. Rajamani,et al.  Bebop: a path-sensitive interprocedural dataflow engine , 2001, PASTE '01.

[16]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[17]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[18]  Stephen Chong,et al.  Static Analysis of Accessed Regions in Recursive Data Structures , 2003, SAS.

[19]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[20]  Monica S. Lam,et al.  Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.

[21]  Patrick Cousot,et al.  Static Determination of Dynamic Properties of Recursive Procedures , 1977, Formal Description of Programming Concepts.