Access Analysis-Based Tight Localization of Abstract Memories

On-the-fly localization of abstract memory states is vital for economical abstract interpretation of imperative programs. Such localization is sometimes called "abstract garbage collection" or "framing". In this article we present a new memory localization technique that is more effective than the conventional reachability-based approach. Our technique is based on a key observation that collecting the reachable memory parts is too conservative and the accessed parts are usually tiny subsets of the reachable. Our technique first estimates, by an efficient pre-analysis, the set of locations that will be accessed during the analysis of each code block. Then the main analysis uses the access-set results to trim the memory entries before analyzing code blocks. In experiments with an industrial-strength global C static analyzer, the technique is applied right before analyzing each procedure's body and reduces the average analysis time and memory by 92.1% and 71.2%, respectively, without sacrificing the analysis precision. Localizing more frequently such as at loop bodies and basic blocks as well as procedure bodies, the generalized localization additionally reduces analysis time by an average of 31.8%.

[1]  Xavier Allamigeon,et al.  Static Analysis of String Manipulations in Critical Embedded C Programs , 2006, SAS.

[2]  Sophia Drossopoulou ECOOP 2009 - Object-Oriented Programming, 23rd European Conference, Genoa, Italy, July 6-10, 2009. Proceedings , 2009, ECOOP.

[3]  Sorin Lerner,et al.  Speeding Up Dataflow Analysis Using Flow-Insensitive Pointer Analysis , 2002, SAS.

[4]  Li-Ling Chen,et al.  An efficient approach to computing fixpoints for complex program analysis , 1994, ICS '94.

[5]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[6]  Pierre Deransart,et al.  Programming Languages Implementation and Logic Programming , 1989, Lecture Notes in Computer Science.

[7]  Peter W. O'Hearn,et al.  On Scalable Shape Analysis , 2007 .

[8]  Kwangkeun Yi,et al.  Practical memory leak detector based on parameterized procedural summaries , 2008, ISMM '08.

[9]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[10]  Eran Yahav,et al.  Interprocedural Shape Analysis for Cutpoint-Free Programs , 2005, SAS.

[11]  Matthew Might,et al.  Model Checking Via GammaCFA , 2007, VMCAI.

[12]  Hakjoo Oh,et al.  An algorithmic mitigation of large spurious interprocedural cycles in static analysis , 2010 .

[13]  Matthew Might,et al.  Improving flow analyses via ΓCFA: abstract garbage collection and counting , 2006, ICFP '06.

[14]  François Bourdoncle,et al.  Efficient chaotic iteration strategies with widenings , 1993, Formal Methods in Programming and Their Applications.

[15]  Suresh Jagannathan,et al.  Single and loving it: must-alias analysis for higher-order languages , 1998, POPL '98.

[16]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[17]  Williams Ludwell Harrison,et al.  The interprocedural analysis and automatic parallelization of Scheme programs , 1990, LISP Symb. Comput..

[18]  Williams Ludwell HarrisonIII The interprocedural analysis and automatic parallelization of Scheme programs , 1989 .

[19]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[20]  Reinhard Wilhelm,et al.  A semantics for procedure local heaps and its abstractions , 2005, POPL '05.

[21]  Antoine Mid The Octagon Abstract Domain , 2001 .

[22]  Alexey Gotsman,et al.  Interprocedural Shape Analysis with Separated Heap Abstractions , 2006, SAS.

[23]  Stephen Chong,et al.  Static Analysis of Accessed Regions in Recursive Data Structures , 2003, SAS.

[24]  Deepak Kapur,et al.  Efficient Context-Sensitive Shape Analysis with Graph Based Heap Models , 2008, CC.

[25]  Peter W. O'Hearn,et al.  Scalable Shape Analysis for Systems Code , 2008, CAV.

[26]  Hakjoo Oh Large Spurious Cycle in Global Static Analyses and Its Algorithmic Mitigation , 2009, APLAS.

[27]  Manu Sridharan,et al.  Scaling CFL-Reachability-Based Points-To Analysis Using Context-Sensitive Must-Not-Alias Analysis , 2009, ECOOP.

[28]  Kwangkeun Yi,et al.  Taming False Alarms from a Domain-Unaware C Analyzer by a Bayesian Statistical Post Analysis , 2005, SAS.