Nonuniform Alias Analysis of Recursive Data Structures and Arrays

In this paper we present an alias analysis which is able to infer position-dependent equality relationships between pointers in recursively defined data structures or arrays. Our work is based on a semantic model of the execution of a program in which every allocated object is identified by a timestamp which represents the state of the program at the instant of the object creation. We provide a simple numerical abstraction of timestamps which is accurate enough to distinguish between elements of arrays or list-like structures. We follow the methodology of Abstract Interpretation to derive a sound approximation of the program semantics from this abstraction. The computability of our analysis is then guaranteed by using an abstract numerical lattice to represent relations between timestamps.

[1]  Bjarne Steensgaard Points-to Analysis by Type Inference of Programs with Structures and Unions , 1996, CC.

[2]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[3]  Michael Karr,et al.  Affine relationships among variables of a program , 1976, Acta Informatica.

[4]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[5]  Michael Hind,et al.  Evaluating the effectiveness of pointer alias analyses , 2001, Sci. Comput. Program..

[6]  Arnaud Venet,et al.  Abstract Cofibered Domains: Application to the Alias Analysis of Untyped Programs , 1996, SAS.

[7]  A. Deutsch,et al.  A storeless model of aliasing and its abstractions using finite representations of right-regular equivalence relations , 1992, Proceedings of the 1992 International Conference on Computer Languages.

[8]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[9]  Patrick Cousot,et al.  Semantic foundations of program analysis , 1981 .

[10]  Jong-Deok Choi,et al.  Interprocedural pointer alias analysis , 1999, TOPL.

[11]  Philippe Granger Static analysis of arithmetical congruences , 1989 .

[12]  François Bourdoncle,et al.  Efficient chaotic iteration strategies with widenings , 1993, Formal Methods in Programming and Their Applications.

[13]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[14]  Arnaud Venet,et al.  Automatic Analysis of Pointer Aliasing for Untyped Programs , 1999, Sci. Comput. Program..

[15]  Neil D. Jones,et al.  Program Flow Analysis: Theory and Application , 1981 .

[16]  Antoine Miné,et al.  A New Numerical Abstract Domain Based on Difference-Bound Matrices , 2001, PADO.

[17]  Laurie J. Hendren,et al.  Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C , 1996, POPL '96.

[18]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[19]  Alain Deutsch,et al.  On determining lifetime and aliasing of dynamically allocated data in higher-order functional specifications , 1989, POPL '90.

[20]  Philippe Granger,et al.  Static Analysis of Linear Congruence Equalities among Variables of a Program , 1991, TAPSOFT, Vol.1.