Abstract
Static analyses aim at inferring semantic properties of programs. We distinguish two important classes of static analyses: state analyses and relational analyses. While state analyses aim at computing an over-approximation of reachable states of programs, relational analyses aim at computing functional properties over the input–output states of programs. Several advantages of relational analyses are their ability to analyze incomplete programs, such as libraries or classes, but also to make the analysis modular, using input–output relations as composable summaries for procedures. In the case of numerical programs, several analyses have been proposed that utilize relational numerical abstract domains to describe relations. On the other hand, designing abstractions for relations over input–output memory states and taking shapes into account is challenging. In this paper, we propose a set of novel logical connectives to describe such relations, which are inspired by separation logic. This logic can express that certain memory areas are unchanged, freshly allocated, or freed, or that only part of the memory was modified. Using these connectives, we build an abstract domain and design a static analysis that over-approximates relations over memory states containing inductive structures. We implement this analysis and report on the analysis of basic libraries of programs manipulating lists and trees.
Similar content being viewed by others
References
Amit D, Rinetzky N, Reps T, Sagiv M, Yahav E (2007) Comparison under abstraction for verifying linearizability. In: Conference on computer aided verification (CAV). Springer, Berlin, pp 477–490
Baudin P, Filliâtre J-C, Marché C, Monate B, Moy Y, Prevosto V (2008) ACSL: ANSI C specification language
Bengtson J, Jensen JB, Birkedal L (2012) Charge! a framework for higher-order separation logic in coq. In: International conference on interactive theorem proving (ITP). Springer, Berlin, pp 315–331
Blanchard A, Kosmatov N, Loulergue F (2018) Ghosts for lists: a critical module of contiki verified in frama-c. In: NASA formal methods symposium (NFM). Springer, Berlin
Bouajjani A, Drăgoi C, Enea C, Rezine A, Sighireanu M (2010) Invariant synthesis for programs manipulating lists with unbounded data. In: Conference on computer aided verification (CAV). Springer, pp 72–88
Bouajjani A, Dragoi C, Enea C, Sighireanu M (2011) On inter-procedural analysis of programs with lists and data. In: Conference on programming language design and implementation (PLDI). ACM, pp 578–589
Calcagno C, Distefano D, O’Hearn P, Yang H (2007) Footprint analysis: a shape analysis that discovers preconditions. In: Static analysis symposium (SAS). Springer, Berlin, pp 402–418
Calcagno C, Distefano D, O’Hearn P, Yang H (2009) Compositional shape analysis by means of bi-abduction. In: Symposium on principles of programming languages (POPL). ACM, pp 289–300
Castelnuovo G, Naik M, Rinetzky N, Sagiv M, Yang H (2015) Modularity in lattices: a case study on the correspondence between top-down and bottom-up analysis. In: Static analysis symposium (SAS). Springer, Berlin, pp 252–274
Chang B-YE, Rival X (2008) Relational inductive shape analysis. In: Symposium on principles of programming languages (POPL). ACM, pp 247–260
Chang B-YE, Rival X (2013) Modular construction of shape-numeric analyzers. In: Electronic proceedings in theoretical computer science. OPA, pp 161–185
Charguéraud A, Pottier F (2017) Temporary read-only permissions for separation logic. In: European symposium on programming (ESOP). Springer, pp 260–286
Chatterjee R, Ryder BG, Landi WA (1999) Relevant context inference. In: Symposium on principles of programming languages (POPL). ACM, pp 133–146
Costea A, Sharma A, David C (2014) Hipimm: verifying granular immutability guarantees. In: Workshop on partial evaluation and program manipulation (PEPM), New York, NY, USA. ACM, pp 189–193
Cousot P, Halbwachs N (1978) Automatic discovery of linear restraints among variables of a program. In: Symposium on principles of programming languages (POPL). ACM, pp 84–97
Cousot P, Cousot R (1976) Static determination of dynamic properties of programs. In: Proceedings of the 2nd international symposium on programming, Paris, France. Dunod
Cousot P, Cousot R (1977) Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Symposium on principles of programming languages (POPL)
Cousot P, Cousot R (1979) Systematic design of program analysis frameworks. In: Symposium on principles of programming languages (POPL). ACM
Cousot P, Cousot R (2002) Modular static program analysis. In: Conference on compiler construction (cc). Springer, Berlin, pp 159–179
Cox A, Chang B-YE, Rival X (2015) Desynchronized multi-state abstractions for open programs in dynamic languages. In: European symposium on programming (esoP). Springer, Berlin, pp 483–509
David C, Chin W-N (2011) Immutable specifications for more concise and precise verification. In: Conference on object oriented programming systems languages and applications (OOPSLA), New York, NY, USA. ACM, pp 359–374
Dillig I, Dillig T, Aiken A, Sagiv M (2011) Precise and compact modular procedure summaries for heap manipulating programs. In: Conference on programming language design and implementation (PLDI). ACM, pp 567–577
Distefano D, Katoen J-P, Rensik A (2004) Who is pointing when to whom? In: Foundations of software technology and theoretical (FSTTCS). Springer, Berlin, pp 250–262
Distefano D, Katoen J-P, Rensik A (2005) Safety and liveness in concurrent pointer programs. In: Formal methods for components and objects (FMCO). Springer, Berlin, pp 280–312
Distefano D, O’Hearn P, Yang H (2006) A local shape analysis based on separation logic. In: Conference on tools and algorithms for the construction and analysis of systems (TACAS). Springer, Berlin, pp 287–302
Dunkels A, Gronvall B, Voigt T (2004) Contiki—a lightweight and flexible operating system for tiny networked sensors. In: 29th annual IEEE international conference on local computer networks, 2004. IEEE, pp 455–462
Fu M, Li Y, Feng X, Shao Z, Zhang Y (2010) Reasoning about optimistic concurrency using a program logic for history. In: International conference on concurrency theory (ICC). Springer, Berlin, pp 388–402
Gulavani BS, Chakraborty S, Ramalingam G, Nori AV (2009) Bottom-up shape analysis. In: Static analysis symposium (SAS). Springer, Berlin, pp 188–204
Jacobs B, Piessens F (2008) The verifast program verifier. Technical report, Department of Computer Science, KU Leuven, Belgium
Jeannet Bertrand, Loginov Alexey, Reps Thomas, Sagiv Mooly (2010) A relational approach to interprocedural shape analysis. ACM Trans Program Lang Syst (TOPLAS) 32(2):5
Kaki G, Jagannathan S (2014) A relational framework for higher-order shape analysis. In: International conference on functional programming (ICFP). ACM, pp 311–324
Kirchner Florent, Kosmatov Nikolai, Prevosto Virgile, Signoles Julien, Yakobowski Boris (2015) Frama-c: A software analysis perspective. Formal Aspects Comput 27(3):573–609
Le QL, Gherghina C, Qin S, Chin W-N (2014) Shape analysis via second-order bi-abduction. In: Conference on computer aided verification (CAV). Springer, Berlin, pp 52–68
Leavens GT, Baker AL, Ruby C (1998) Jml: a java modeling language. In: Formal underpinnings of java workshop (at OOPSLA’98), pp 404–420
Li H, Berenger F, Chang B-YE, Rival X (2017) Semantic-directed clumping of disjunctive abstract states. In: Symposium on principles of programming languages (POPL). ACM, vol 52, pp 32–45
Nguyen HH, David C, Qin S, Chin W-N (2007) Automated verification of shape and size properties via separation logic. In: Conference on verification, model checking, and abstract interpretation (VMCAI). Springer, Berlin, pp 251–266
O’Hearn Peter W (2007) Resources, concurrency, and local reasoning. Theor Comput Sci 375(1–3):271–307
Popeea C, Chin W-N (2006) Inferring disjunctive postconditions. In: Conference on advances in computer science: secure software and related issues. Springer, Berlin, pp 331–345
Reynolds J (2002) Separation logic: a logic for shared mutable data structures. In: Symposium on logics in computer science (LICS). IEEE, pp 55–74
Sagiv Mooly, Reps Thomas, Wilhelm Reinhard (2002) Parametric shape analysis via 3-valued logic. ACM Trans Program Lang Syst (TOPLAS) 24(3):217–298
Taghdiri Mana, Jackson Daniel (2007) Inferring specifications to detect errors in code. Autom Softw Eng (ASE) 14(1):87–121
Yahav E, Reps T, Sagiv M, Wilhelm R (2003) Verifying temporal heap properties specified via evolution logic. In: European symposium on programming (ESOP). Springer, Berlin, pp 204–222
Zhu H, Petri G, Jagannathan S (2016) Automatically learning shape specifications. In: Conference on programming language design and implementation (PLDI). ACM, pp 491–507
Acknowledgements
We acknowledge the anonymous reviewers for their constructive comments.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Illous, H., Lemerre, M. & Rival, X. A relational shape abstract domain. Form Methods Syst Des 57, 343–400 (2021). https://doi.org/10.1007/s10703-021-00366-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10703-021-00366-4