A relational shape abstract domain

Static analyses aim at inferring semantic properties of programs. We distinguish two important classes of static analyses: state analyses and relational analyses. While state analyses aim at computing an over-approximation of reachable states of programs, relational analyses aim at computing functional properties over the input–output states of programs. Several advantages of relational analyses are their ability to analyze incomplete programs, such as libraries or classes, but also to make the analysis modular, using input–output relations as composable summaries for procedures. In the case of numerical programs, several analyses have been proposed that utilize relational numerical abstract domains to describe relations. On the other hand, designing abstractions for relations over input–output memory states and taking shapes into account is challenging. In this paper, we propose a set of novel logical connectives to describe such relations, which are inspired by separation logic. This logic can express that certain memory areas are unchanged, freshly allocated, or freed, or that only part of the memory was modified. Using these connectives, we build an abstract domain and design a static analysis that over-approximates relations over memory states containing inductive structures. We implement this analysis and report on the analysis of basic libraries of programs manipulating lists and trees.

[1]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[2]  Lars Birkedal,et al.  Charge! - A Framework for Higher-Order Separation Logic in Coq , 2012, ITP.

[3]  Bor-Yuh Evan Chang,et al.  Semantic-directed clumping of disjunctive abstract states , 2017, POPL.

[4]  Barbara G. Ryder,et al.  Relevant context inference , 1999, POPL '99.

[5]  Wei-Ngan Chin,et al.  Immutable specifications for more concise and precise verification , 2011, OOPSLA '11.

[6]  Supratik Chakraborty,et al.  Bottom-Up Shape Analysis , 2009, SAS.

[7]  Isil Dillig,et al.  Precise and compact modular procedure summaries for heap manipulating programs , 2011, PLDI '11.

[8]  Mana Taghdiri,et al.  Inferring specifications to detect errors in code , 2004, Proceedings. 19th International Conference on Automated Software Engineering, 2004..

[9]  Yu Zhang,et al.  Reasoning about Optimistic Concurrency Using a Program Logic for History , 2010, CONCUR.

[10]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[11]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 2002, TOPL.

[12]  Hongseok Yang,et al.  Modularity in Lattices: A Case Study on the Correspondence Between Top-Down and Bottom-Up Analysis , 2015, SAS.

[13]  Cristina David,et al.  HIPimm: verifying granular immutability guarantees , 2014, PEPM '14.

[14]  Constantin Enea,et al.  Invariant Synthesis for Programs Manipulating Lists with Unbounded Data , 2010, CAV.

[15]  Suresh Jagannathan,et al.  Automatically learning shape specifications , 2016, PLDI.

[16]  Hongseok Yang,et al.  Compositional shape analysis by means of bi-abduction , 2009, POPL.

[17]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[18]  Eran Yahav,et al.  Comparison Under Abstraction for Verifying Linearizability , 2007, CAV.

[19]  Constantin Enea,et al.  On inter-procedural analysis of programs with lists and data , 2011, PLDI '11.

[20]  Shengchao Qin,et al.  Automated Verification of Shape and Size Properties Via Separation Logic , 2007, VMCAI.

[21]  Nikolai Kosmatov,et al.  Frama-C: A software analysis perspective , 2015, Formal Aspects of Computing.

[22]  Peter W. O'Hearn,et al.  Resources, concurrency, and local reasoning , 2007 .

[23]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[24]  Arthur Charguéraud,et al.  Temporary Read-Only Permissions for Separation Logic , 2017, ESOP.

[25]  Patrick Cousot,et al.  Modular Static Program Analysis , 2002, CC.

[26]  Eran Yahav,et al.  Verifying Temporal Heap Properties Specified via Evolution Logic , 2003, Log. J. IGPL.

[27]  Bor-Yuh Evan Chang,et al.  Desynchronized Multi-State Abstractions for Open Programs in Dynamic Languages , 2015, ESOP.

[28]  Bertrand Jeannet,et al.  A relational approach to interprocedural shape analysis , 2004, TOPL.

[29]  Frédéric Loulergue,et al.  Ghosts for Lists: A Critical Module of Contiki Verified in Frama-C , 2018, NFM.

[30]  Peter W. O'Hearn,et al.  Footprint Analysis: A Shape Analysis That Discovers Preconditions , 2007, SAS.

[31]  Suresh Jagannathan,et al.  A relational framework for higher-order shape analysis , 2014, ICFP.