Skip to main content
Log in

Precise shape analysis using field sensitivity

  • SI: SAC-SVT'12
  • Published:
Innovations in Systems and Software Engineering Aims and scope Submit manuscript

Abstract

We present a static shape analysis technique to infer the shapes of the heap structures created by a program at run time. Our technique is field sensitive in that it uses field information to compute the shapes. The shapes of the heap structures are computed using two components: (a) Boolean functions that capture the shape transitions due to the update of a field in a structure, and (b) through path matrices that store approximate path information between two pointer variables. We classify the shapes as one of Tree, Directed Acyclic Graph (DAG) and Cycle. The novelty of our approach lies in the way we use field information to remember the fields that cause a heap structure to have a particular shape (Tree, DAG or Cycle). This allows us to easily identify the field updates that cause shape transitions from Cycle to DAG, from Cycle to Tree and from DAG to Tree. This makes our analysis more precise as compared to earlier shape analyses that ignore the fields participating in the formation of a shape. We implemented our analysis in GCC as a dynamic plug-in as an interprocedural data-flow analysis and evaluated it on some standard benchmarks against a field-insensitive shape analysis technique as a baseline approach. We are able to achieve significant precision as compared to the baseline analysis (at the cost of increase in analysis time). In particular, we are able to infer more precise shapes for 4 out 7 Olden benchmarks, and never detect more cycles than the baseline analysis. We further suggest enhancements to improve the precision of our analysis under some constraints and to improve the analysis time at the cost of precision.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. Fields that are used only for diagnostic or debugging purpose, or unused by a significant part of the program.

  2. The functions and values shown in this example and in Fig. 2 are simplified to avoid references to concepts not defined yet.

    Fig. 2
    figure 2

    Paths computed by our analysis for the program in Fig. 1a as path matrix \(P_F\). The entry \(P_F[x,y]\) lists the paths between pointer variables \(x\) and \(y\)

  3. The decision to use only first field is guided by the fact that in many intermediate languages (for example, GIMPLE for GCC), a statement is allowed to use at most one field, i.e. p \(\rightarrow \) f = ... or ...= p \(\rightarrow \) f. Therefore, a long path is broken into several small paths. While it is possible to use prefixes of any fixed length by reconstructing the path, the process is complex and does not add any fundamental value to our analysis.

  4. Note that for our analysis, for a given field \(f\), these sets contain at most one entry of type \(f^D\) and at most one entry of type \(f^I\).

  5. The notation \(X[q/p]\) means a copy of Boolean equation \(X\) with all occurrences of \(q\)replaced by \(p\).

References

  1. GCC, the gnu compiler collection. http://gcc.gnu.org. Last accessed July 2012

  2. Aho AV, Lam MS, Sethi R, Ullman JD (2006) Compilers: principles, techniques, and tools, 2nd edn. Prentice Hall, Englewood Cliffs

  3. Berdine J, Calcagno C, Cook B, Distefano D, O’hearn PW, Yang H, Mary Q (2007) Shape analysis for composite data structures. In: CAV ’07, pp 178–192. Springer, Berlin

  4. Bryant Randal E (1992) Symbolic boolean manipulation with ordered binary-decision diagrams. ACM Comput Surv 24(3): 293–318

    Google Scholar 

  5. Carlisle MC (1995) Olden benchmarks. http://www.martincarlisle.com/olden_benchmarks.tar.Z

  6. Chase DR, Wegman M, Kenneth Zadeck F (1990) Analysis of pointers and structures. In: Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation. ACM, New York, pp 296–310

  7. Cherem S, Rugina R (2007) Maintaining doubly-linked list invariants in shape analysis with local reasoning. In: Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation. Springer, Berlin, pp 234–250

  8. Cherini R, Rearte L, Blanco J (2010) A shape analysis for non-linear data structures. In: Proceedings of the 17th international conference on static analysis. Springer, Berlin, pp 201–217

  9. Dasgupta S, Karkare A (2012) Precise shape analysis using field sensitivity. In: Proceedings of the 27th annual ACM symposium on applied computing, SAC ’12, ACM, New York, pp 1300–1307

  10. Distefano D, O’Hearn P, Yang H (2006) A local shape analysis based on separation logic. In: TACAS ’06. Springer, Berlin, pp 287–302

  11. Ghiya R, Hendren LJ (1996) Is it a tree, a dag, or a cyclic graph? A shape analysis for heap-directed pointers in c. In POPL ’96, pp 1–15

  12. Ghiya R, Hendren LJ (1998) Putting pointer analysis to work. In: Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on principles of programming languages. ACM, New York, pp 121–133

  13. Ghiya R, Hendren LJ, Zhu Y (1998) Detecting parallelism in c programs with recursive data structures. In: CC ’98, pp 159–173

  14. Hackett B, Rugina R (2005) Region-based shape analysis with tracked locations. In: Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM, New York, pp 310–323

  15. Hecht MS (1997) Flow analysis of computer programs. Elsevier Science Inc., New York

  16. Jones ND, Muchnick SS (1979) Flow analysis and optimization of lisp-like structures. In: Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on principles of programming languages. ACM, New York, pp 244–256

  17. Jump M, McKinley KS (2009) Dynamic shape analysis via degree metrics. In: Proceedings of the 2009 international symposium on memory management. ACM, New York, pp 119–128

  18. Kam John B, Ullman Jeffrey D (1977) Monotone data flow analysis frameworks. Acta Inform 7:305–317

    Article  MathSciNet  MATH  Google Scholar 

  19. Lind-Nielsen J (2012) BuDDy: A Binary Decision Diagram library. http://buddy.sourceforge.net, last accessed July 2012

  20. Marron M, Kapur D, Stefanovic D, Hermenegildo M (2006) A static heap analysis for shape and connectivity: unified memory analysis: the base framework. In: Proceedings of the 19th international conference on Languages and compilers for parallel computing. Springer, Berlin, pp 345–363

  21. Mattson T, Wrinn M (2008) Parallel programming: can we please get it right this time? In: Proceedings of the 45th annual Design Automation Conference, DAC ’08. ACM, New York, pp 7–11

  22. Puneli MSA (1976) Two approaches to inter procedural data flow analysis. In: Program flow analysis: theory and applications. pp 189–234

  23. Pavlu V (2010) Basic operations on linked lists (c++). http://www.complang.tuwien.ac.at/vpavlu/2010/list-benchmark.tgz

  24. Sagiv M, Reps T, Wilhelm R (1996) Solving shape-analysis problems in languages with destructive updating. In: Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on principles of programming languages. ACM, New York, pp 16–31

  25. Sagiv Shmuel, Reps Thomas W, Wilhelm Reinhard (2002) Parametric shape analysis via 3-valued logic. ACM TOPLAS 24(3):217–298

    Article  Google Scholar 

  26. Sessions R (2009) The IT Complexity Crisis: Danger and Opportunity. http://www.objectwatch.com/whitepapers/ITComplexityWhitePaper.pdf. Last accessed July 2012

  27. Shaham R, Yahav E, Kolodner EK, Sagiv S (2003) Establishing local temporal heap safety properties with applications to compile-time memory management. In: Proceedings of the 10th international symposium on static analysis. Springer, London, pp 483–503

  28. Wrinn M (2008) Top 10 challenges in parallel computing. http://software.intel.com/en-us/blogs/2008/12/31/top-10-challenges-in-p. Last accessed July 2012

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Amey Karkare.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Dasgupta, S., Karkare, A. & Reddy, V.K. Precise shape analysis using field sensitivity. Innovations Syst Softw Eng 9, 79–93 (2013). https://doi.org/10.1007/s11334-013-0198-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11334-013-0198-7

Keywords

Navigation