Partially Disjunctive Heap Abstraction

One of the continuing challenges in abstract interpretation is the creation of abstractions that yield analyses that are both tractable and precise enough to prove interesting properties about real-world programs. One source of difficulty is the need to handle programs with different behaviors along different execution paths. Disjunctive (powerset) abstractions capture such distinctions in a natural way. However, in general, powerset abstractions increase space and time costs by an exponential factor. Thus, powerset abstractions are generally perceived as very costly.

[1]  Neil D. Jones,et al.  Flow analysis and optimization of LISP-like structures , 1979, POPL.

[2]  Roberto Bagnara,et al.  Widening Operators for Powerset Domains , 2004, VMCAI.

[3]  Thomas Reps,et al.  Automatic verification of a simple mark and sweep garbabge collector , 2001 .

[4]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 2002, TOPL.

[5]  Eran Yahav,et al.  Verifying safety properties using separation and heterogeneous abstractions , 2004, PLDI '04.

[6]  P. Hill,et al.  Widening operators for powerset domains , 2006 .

[7]  Neil D. Jones,et al.  Program Flow Analysis: Theory and Application , 1981 .

[8]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[9]  Gary Lindstrom,et al.  Scanning List Structures Without Stacks or Tag Bits , 1973, Information Processing Letters.

[10]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[11]  Tevfik Bultan,et al.  Automated Verification of Concurrent Linked Lists with Counters , 2002, SAS.

[12]  James R. Larus,et al.  Detecting conflicts between structure accesses , 1988, PLDI '88.

[13]  Deepak Goyal,et al.  Deriving specialized program analyses for certifying component-client conformance , 2002, PLDI '02.

[14]  Marvin V. Zelkowitz,et al.  Programming Languages: Design and Implementation , 1975 .

[15]  Jan Stransky,et al.  A Lattice for Abstract Interpretation of Dynamic (LISP-Like) Structures , 1992, Inf. Comput..

[16]  James R. Larus,et al.  Restructuring symbolic programs for concurrent execution on multiprocessors , 1989 .

[17]  Roberto Giacobazzi,et al.  Optimal Domains for Disjunctive Abstract Intepretation , 1998, Sci. Comput. Program..

[18]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[19]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[20]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[21]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[22]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .