Skip to main content
SpringerLink
Log in

A relational shape abstract domain

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

Static analyses aim at inferring semantic properties of programs. We distinguish two important classes of static analyses: state analyses and relational analyses. While state analyses aim at computing an over-approximation of reachable states of programs, relational analyses aim at computing functional properties over the input–output states of programs. Several advantages of relational analyses are their ability to analyze incomplete programs, such as libraries or classes, but also to make the analysis modular, using input–output relations as composable summaries for procedures. In the case of numerical programs, several analyses have been proposed that utilize relational numerical abstract domains to describe relations. On the other hand, designing abstractions for relations over input–output memory states and taking shapes into account is challenging. In this paper, we propose a set of novel logical connectives to describe such relations, which are inspired by separation logic. This logic can express that certain memory areas are unchanged, freshly allocated, or freed, or that only part of the memory was modified. Using these connectives, we build an abstract domain and design a static analysis that over-approximates relations over memory states containing inductive structures. We implement this analysis and report on the analysis of basic libraries of programs manipulating lists and trees.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Amit D, Rinetzky N, Reps T, Sagiv M, Yahav E (2007) Comparison under abstraction for verifying linearizability. In: Conference on computer aided verification (CAV). Springer, Berlin, pp 477–490

  2. Baudin P, Filliâtre J-C, Marché C, Monate B, Moy Y, Prevosto V (2008) ACSL: ANSI C specification language

  3. Bengtson J, Jensen JB, Birkedal L (2012) Charge! a framework for higher-order separation logic in coq. In: International conference on interactive theorem proving (ITP). Springer, Berlin, pp 315–331

  4. Blanchard A, Kosmatov N, Loulergue F (2018) Ghosts for lists: a critical module of contiki verified in frama-c. In: NASA formal methods symposium (NFM). Springer, Berlin

  5. Bouajjani A, Drăgoi C, Enea C, Rezine A, Sighireanu M (2010) Invariant synthesis for programs manipulating lists with unbounded data. In: Conference on computer aided verification (CAV). Springer, pp 72–88

  6. Bouajjani A, Dragoi C, Enea C, Sighireanu M (2011) On inter-procedural analysis of programs with lists and data. In: Conference on programming language design and implementation (PLDI). ACM, pp 578–589

  7. Calcagno C, Distefano D, O’Hearn P, Yang H (2007) Footprint analysis: a shape analysis that discovers preconditions. In: Static analysis symposium (SAS). Springer, Berlin, pp 402–418

  8. Calcagno C, Distefano D, O’Hearn P, Yang H (2009) Compositional shape analysis by means of bi-abduction. In: Symposium on principles of programming languages (POPL). ACM, pp 289–300

  9. Castelnuovo G, Naik M, Rinetzky N, Sagiv M, Yang H (2015) Modularity in lattices: a case study on the correspondence between top-down and bottom-up analysis. In: Static analysis symposium (SAS). Springer, Berlin, pp 252–274

  10. Chang B-YE, Rival X (2008) Relational inductive shape analysis. In: Symposium on principles of programming languages (POPL). ACM, pp 247–260

  11. Chang B-YE, Rival X (2013) Modular construction of shape-numeric analyzers. In: Electronic proceedings in theoretical computer science. OPA, pp 161–185

  12. Charguéraud A, Pottier F (2017) Temporary read-only permissions for separation logic. In: European symposium on programming (ESOP). Springer, pp 260–286

  13. Chatterjee R, Ryder BG, Landi WA (1999) Relevant context inference. In: Symposium on principles of programming languages (POPL). ACM, pp 133–146

  14. Costea A, Sharma A, David C (2014) Hipimm: verifying granular immutability guarantees. In: Workshop on partial evaluation and program manipulation (PEPM), New York, NY, USA. ACM, pp 189–193

  15. Cousot P, Halbwachs N (1978) Automatic discovery of linear restraints among variables of a program. In: Symposium on principles of programming languages (POPL). ACM, pp 84–97

  16. Cousot P, Cousot R (1976) Static determination of dynamic properties of programs. In: Proceedings of the 2nd international symposium on programming, Paris, France. Dunod

  17. Cousot P, Cousot R (1977) Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Symposium on principles of programming languages (POPL)

  18. Cousot P, Cousot R (1979) Systematic design of program analysis frameworks. In: Symposium on principles of programming languages (POPL). ACM

  19. Cousot P, Cousot R (2002) Modular static program analysis. In: Conference on compiler construction (cc). Springer, Berlin, pp 159–179

  20. Cox A, Chang B-YE, Rival X (2015) Desynchronized multi-state abstractions for open programs in dynamic languages. In: European symposium on programming (esoP). Springer, Berlin, pp 483–509

  21. David C, Chin W-N (2011) Immutable specifications for more concise and precise verification. In: Conference on object oriented programming systems languages and applications (OOPSLA), New York, NY, USA. ACM, pp 359–374

  22. Dillig I, Dillig T, Aiken A, Sagiv M (2011) Precise and compact modular procedure summaries for heap manipulating programs. In: Conference on programming language design and implementation (PLDI). ACM, pp 567–577

  23. Distefano D, Katoen J-P, Rensik A (2004) Who is pointing when to whom? In: Foundations of software technology and theoretical (FSTTCS). Springer, Berlin, pp 250–262

  24. Distefano D, Katoen J-P, Rensik A (2005) Safety and liveness in concurrent pointer programs. In: Formal methods for components and objects (FMCO). Springer, Berlin, pp 280–312

  25. Distefano D, O’Hearn P, Yang H (2006) A local shape analysis based on separation logic. In: Conference on tools and algorithms for the construction and analysis of systems (TACAS). Springer, Berlin, pp 287–302

  26. Dunkels A, Gronvall B, Voigt T (2004) Contiki—a lightweight and flexible operating system for tiny networked sensors. In: 29th annual IEEE international conference on local computer networks, 2004. IEEE, pp 455–462

  27. Fu M, Li Y, Feng X, Shao Z, Zhang Y (2010) Reasoning about optimistic concurrency using a program logic for history. In: International conference on concurrency theory (ICC). Springer, Berlin, pp 388–402

  28. Gulavani BS, Chakraborty S, Ramalingam G, Nori AV (2009) Bottom-up shape analysis. In: Static analysis symposium (SAS). Springer, Berlin, pp 188–204

  29. Jacobs B, Piessens F (2008) The verifast program verifier. Technical report, Department of Computer Science, KU Leuven, Belgium

  30. Jeannet Bertrand, Loginov Alexey, Reps Thomas, Sagiv Mooly (2010) A relational approach to interprocedural shape analysis. ACM Trans Program Lang Syst (TOPLAS) 32(2):5

    Article  Google Scholar 

  31. Kaki G, Jagannathan S (2014) A relational framework for higher-order shape analysis. In: International conference on functional programming (ICFP). ACM, pp 311–324

  32. Kirchner Florent, Kosmatov Nikolai, Prevosto Virgile, Signoles Julien, Yakobowski Boris (2015) Frama-c: A software analysis perspective. Formal Aspects Comput 27(3):573–609

    Article  MathSciNet  Google Scholar 

  33. Le QL, Gherghina C, Qin S, Chin W-N (2014) Shape analysis via second-order bi-abduction. In: Conference on computer aided verification (CAV). Springer, Berlin, pp 52–68

  34. Leavens GT, Baker AL, Ruby C (1998) Jml: a java modeling language. In: Formal underpinnings of java workshop (at OOPSLA’98), pp 404–420

  35. Li H, Berenger F, Chang B-YE, Rival X (2017) Semantic-directed clumping of disjunctive abstract states. In: Symposium on principles of programming languages (POPL). ACM, vol 52, pp 32–45

  36. Nguyen HH, David C, Qin S, Chin W-N (2007) Automated verification of shape and size properties via separation logic. In: Conference on verification, model checking, and abstract interpretation (VMCAI). Springer, Berlin, pp 251–266

  37. O’Hearn Peter W (2007) Resources, concurrency, and local reasoning. Theor Comput Sci 375(1–3):271–307

    Article  MathSciNet  Google Scholar 

  38. Popeea C, Chin W-N (2006) Inferring disjunctive postconditions. In: Conference on advances in computer science: secure software and related issues. Springer, Berlin, pp 331–345

  39. Reynolds J (2002) Separation logic: a logic for shared mutable data structures. In: Symposium on logics in computer science (LICS). IEEE, pp 55–74

  40. Sagiv Mooly, Reps Thomas, Wilhelm Reinhard (2002) Parametric shape analysis via 3-valued logic. ACM Trans Program Lang Syst (TOPLAS) 24(3):217–298

    Article  Google Scholar 

  41. Taghdiri Mana, Jackson Daniel (2007) Inferring specifications to detect errors in code. Autom Softw Eng (ASE) 14(1):87–121

    Article  Google Scholar 

  42. Yahav E, Reps T, Sagiv M, Wilhelm R (2003) Verifying temporal heap properties specified via evolution logic. In: European symposium on programming (ESOP). Springer, Berlin, pp 204–222

  43. Zhu H, Petri G, Jagannathan S (2016) Automatically learning shape specifications. In: Conference on programming language design and implementation (PLDI). ACM, pp 491–507

Download references

Acknowledgements

We acknowledge the anonymous reviewers for their constructive comments.

Author information

Authors and Affiliations

  1. CEA, LIST, Software Reliability and Security Laboratory, P.C. 174, Gif-sur-Yvette, 91191, France

    Hugo Illous & Matthieu Lemerre

  2. INRIA Paris, CNRS, École Normale Supérieure, PSL Research University, Paris, France

    Hugo Illous & Xavier Rival

Authors
  1. Hugo Illous
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Matthieu Lemerre
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xavier Rival
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Matthieu Lemerre.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Illous, H., Lemerre, M. & Rival, X. A relational shape abstract domain. Form Methods Syst Des 57, 343–400 (2021). https://doi.org/10.1007/s10703-021-00366-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10703-021-00366-4

Keywords

Search

Navigation