Precise shape analysis using field sensitivity

Programs in high level languages make intensive use of heap to support dynamic data structures. Analyzing these programs requires precise reasoning about the heap structures. Shape analysis refers to the class of techniques that statically approximate the run-time structures created on the heap. In this paper, we present a novel field sensitive shape analysis technique to identify the shapes of the heap structures. The novelty of our approach lies in the way we use field information to remember the paths that result in a particular shape (Tree, DAG, Cycle). We associate the field information with a shape in two ways: (a) through boolean functions that capture the shape transition due to change in a particular field, and (b) through matrices that store the field sensitive path information among two pointer variables. This allows us to easily identify transitions from Cycle to DAG, from Cycle to Tree and from DAG to Tree, thus making the shape more precise.

[1]  Jeffrey D. Ullman,et al.  Monotone data flow analysis frameworks , 1977, Acta Informatica.

[2]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[3]  Neil D. Jones,et al.  Flow analysis and optimization of LISP-like structures , 1979, POPL.

[4]  Eran Yahav,et al.  Establishing local temporal heap safety properties with applications to compile-time memory management , 2003, Sci. Comput. Program..

[5]  Sigmund Cherem,et al.  Maintaining Doubly-Linked List Invariants in Shape Analysis with Local Reasoning , 2007, VMCAI.

[6]  Laurie J. Hendren,et al.  Putting pointer analysis to work , 1998, POPL '98.

[7]  Kathryn S. McKinley,et al.  Dynamic shape analysis via degree metrics , 2009, ISMM '09.

[8]  Peter W. O'Hearn,et al.  Shape Analysis for Composite Data Structures , 2007, CAV.

[9]  Laurie J. Hendren,et al.  Detecting Parallelism in C Programs with Recursive Darta Structures , 1998, CC.

[10]  Javier O. Blanco,et al.  A Shape Analysis for Non-linear Data Structures , 2010, SAS.

[11]  Radu Rugina,et al.  Region-based shape analysis with tracked locations , 2005, POPL '05.

[12]  James R. Larus,et al.  Detecting conflicts between structure accesses , 1988, PLDI '88.

[13]  Reinhard Wilhelm,et al.  Solving shape-analysis problems in languages with destructive updating , 1998, TOPL.

[14]  Deepak Kapur,et al.  A Static Heap Analysis for Shape and Connectivity: Unified Memory Analysis: The Base Framework , 2006, LCPC.

[15]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[16]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 2002, TOPL.

[17]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[18]  Laurie J. Hendren,et al.  Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C , 1996, POPL '96.

[19]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[20]  Timothy G. Mattson,et al.  Parallel programming: Can we PLEASE get it right this time? , 2008, 2008 45th ACM/IEEE Design Automation Conference.

[21]  Matthew S. Hecht,et al.  Flow Analysis of Computer Programs , 1977 .