Shape analysis with inductive recursion synthesis

Separation logic with recursively defined predicates allows for concise yet precise description of the shapes of data structures. However, most uses of separation logic for program analysis rely on pre-defined recursive predicates, limiting the class of programs analyzable to those that manipulate only a priori data structures. This paper describes a general algorithm based on inductive program synthesis that automatically infers recursive shape invariants, yielding a shape analysis based on separation logic that can be applied to any program. A key strength of separation logic is that it facilitates, via explicit expression of structural separation, local reasoning about heap where the effects of altering one part of a data structure are analyzed in isolation from the rest. The interaction between local reasoning and the global invariants given by recursive predicates is a difficult area, especially in the presence of complex internal sharing in the data structures. Existing approaches, using logic rules specifically designed for the list predicate to unfold and fold linked-lists, again require a priori knowledge about the shapes of the data structures and do not easily generalize to more complex data structures. We introduce a notion of "truncation points" in a recursive predicate, which gives rise to generic algorithms for unfolding and folding arbitrary data structures.

[1]  David I. August,et al.  Decoupled software pipelining with the synchronization array , 2004, Proceedings. 13th International Conference on Parallel Architecture and Compilation Techniques, 2004. PACT 2004..

[2]  Easwaran Raman,et al.  Practical and accurate low-level pointer analysis , 2005, International Symposium on Code Generation and Optimization.

[3]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[4]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[5]  Ron Cytron,et al.  Doacross: Beyond Vectorization for Multiprocessors , 1986, ICPP.

[6]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[7]  Phillip D. Summers,et al.  A Methodology for LISP Program Construction from Examples , 1977, J. ACM.

[8]  Arnaud Venet,et al.  Nonuniform Alias Analysis of Recursive Data Structures and Arrays , 2002, SAS.

[9]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[10]  Hongseok Yang,et al.  Automatic Verification of Pointer Programs Using Grammar-Based Shape Analysis , 2005, ESOP.

[11]  Guilherme Ottoni,et al.  Automatic thread extraction with decoupled software pipelining , 2005, 38th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'05).

[12]  Laurie J. Hendren,et al.  Detecting Parallelism in C Programs with Recursive Darta Structures , 1998, CC.

[13]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[14]  Peter W. O'Hearn,et al.  A Decidable Fragment of Separation Logic , 2004, FSTTCS.

[15]  Peter W. O'Hearn,et al.  Beyond Reachability: Shape Abstraction in the Presence of Pointer Arithmetic , 2006, SAS.

[16]  Thomas W. Reps,et al.  Abstraction Refinement via Inductive Learning , 2005, CAV.

[17]  Eran Yahav,et al.  Interprocedural Shape Analysis for Cutpoint-Free Programs , 2005, SAS.

[18]  Alexey Gotsman,et al.  Interprocedural Shape Analysis with Separated Heap Abstractions , 2006, SAS.

[19]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[20]  Reinhard Wilhelm,et al.  A semantics for procedure local heaps and its abstractions , 2005, POPL '05.

[21]  Peter W. O'Hearn,et al.  Separation and information hiding , 2004, POPL.

[22]  Bjarne Steensgaard Points-to Analysis by Type Inference of Programs with Structures and Unions , 1996, CC.

[23]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[24]  David Alejandro Padua Haiek Multiprocessors: discussion of some theoretical and practical problems , 1980 .

[25]  Andrew W. Appel,et al.  A Compositional Logic for Control Flow , 2006, VMCAI.

[26]  Ute Schmid,et al.  Inductive Synthesis of Functional Programs , 2003, Lecture Notes in Computer Science.

[27]  David L. Kuck,et al.  The Structure of Computers and Computations , 1978 .

[28]  Yoichi Muraoka,et al.  Parallelism exposure and exploitation in programs , 1971 .

[29]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 2002, TOPL.

[30]  E. Clarke,et al.  Inferring Invariants in Separation Logic for Imperative List-processing Programs , 2005 .

[31]  Neil D. Jones,et al.  Flow analysis and optimization of LISP-like structures , 1979, POPL.

[32]  Arnaud Venet,et al.  Automatic Analysis of Pointer Aliasing for Untyped Programs , 1999, Sci. Comput. Program..

[33]  Ute Schmid Inductive Synthesis of Functional Programs , 2003, Lecture Notes in Computer Science.

[34]  Michael I. Schwartzbach,et al.  The pointer assertion logic engine , 2000, PLDI '01.