Incremental Algorithms for Inter-procedural Analysis of Safety Properties

  • Christopher L. Conway
  • Kedar S. Namjoshi
  • Dennis Dams
  • Stephen A. Edwards
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3576)


Automaton-based static program analysis has proved to be an effective tool for bug finding. Current tools generally re-analyze a program from scratch in response to a change in the code, which can result in much duplicated effort. We present an inter-procedural algorithm that analyzes incrementally in response to program changes and present experiments for a null-pointer dereference analysis. It shows a substantial speed-up over re-analysis from scratch, with a manageable amount of disk space used to store information between analysis runs.


Model Check Safety Property Garbage Collection Automaton State Incremental Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Hallem, S., Chelf, B., Xie, Y., Engler, D.: A system and language for building system-specific, static analyses. In: PLDI, Berlin, Germany, pp. 69–82 (2002)Google Scholar
  2. 2.
    Holzmann, G.: Static source code checking for user-defined properties. In: Integrated Design and Process Technology (IDPT), Pasadena, CA (2002)Google Scholar
  3. 3.
    Ball, T., Rajamani, S.K.: The SLAM toolkit. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 260–264. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Reps, T., Horwitz, S., Sagiv, S.: Precise interprocedural dataflow analysis via graph reachability. In: POPL, San Francisco, CA, pp. 49–61 (1995)Google Scholar
  5. 5.
    Esparza, J., Schwoon, S.: A BDD-based model checker for recursive programs. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 324–336. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Alur, R., Etessami, K., Yannakakis, M.: Analysis of recursive state machines. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 207–220. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Benedikt, M., Godefroid, P., Reps, T.: Model checking of unrestricted hierarchical state machines. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 652–666. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Dams, D., Namjoshi, K.S.: Orion: High-precision static error analysis for C and C++ programs. Technical report, Bell Labs (2003)Google Scholar
  9. 9.
    Saff, D., Ernst, M.D.: An experimental evaluation of continuous testing during development. In: ISSTA, Boston, MA, pp. 76–85 (2004)Google Scholar
  10. 10.
    Dijkstra, E.: Guarded commands, nondeterminacy, and formal derivation of programs. Communications of the ACM 18 (1975)Google Scholar
  11. 11.
    Conway, C.L., Namjoshi, K.S., Dams, D., Edwards, S.A.: Incremental algorithms for inter-procedural analysis of safety properties. Technical Report CUCS-018-05, Columbia University, New York, NY (2005)Google Scholar
  12. 12.
    Reps, T.: Optimal-time incremental semantic analysis for syntax-directed editors. In: POPL, Albuquerque, NM, pp. 169–176 (1982)Google Scholar
  13. 13.
    Ramalingam, G., Reps, T.: On the computational complexity of dynamic graph problems. Theoretical Computer Science 158, 233–277 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Hesse, W.: The dynamic complexity of transitive closure is in DynTC0. Theoretical Computer Science 3, 473–485 (2003)CrossRefMathSciNetGoogle Scholar
  15. 15.
    Schmidt, D., Steffen, B.: Program analysis as model checking of abstract interpretations. In: Levi, G. (ed.) SAS 1998. LNCS, vol. 1503, pp. 351–380. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  16. 16.
    McCarthy, J.: Recursive functions of symbolic expressions and their computation by machine. Communications of the ACM 3, 184–195 (1960)zbMATHCrossRefGoogle Scholar
  17. 17.
    Wilson, P.: Uniprocessor garbage collection techniques. In: International Workshop on Memory Management (IWMM), Saint-Malo, France, pp. 1–42 (1992)Google Scholar
  18. 18.
    Yur, J.S., Ryder, B., Landi, W., Stocks, P.: Incremental analysis of side effects for C software systems. In: ICSE, Los Angeles, CA, pp. 422–432 (1997)Google Scholar
  19. 19.
    Yur, J.S., Ryder, B., Landi, W.: An incremental flow- and context-sensitive pointer aliasing analysis. In: ICSE, Boston, MA, pp. 442–451 (1999)Google Scholar
  20. 20.
    Vivien, F., Rinard, M.: Incrementalized pointer and escape analysis. In: PLDI, Snowbird, Utah, pp. 69–82 (2001)Google Scholar
  21. 21.
    Ramalingam, G., Reps, T.: A categorized bibliography on incremental computation. In: POPL, Charleston, SC, pp. 502–510 (1993)Google Scholar
  22. 22.
    Sittampalam, G., de Moor, O., Larsen, K.: Incremental execution of transformation specifications. In: POPL, Venice, Italy, pp. 26–38 (2004)Google Scholar
  23. 23.
    Liu, Y.A., Stoller, S.D., Teitelbaum, T.: Static caching for incremental computation. ACM Trans. on Programming Languages and Systems 20, 546–585 (1998)CrossRefGoogle Scholar
  24. 24.
    Horwitz, S., Demers, A., Teitelbaum, T.: An efficient general iterative algorithm for dataflow analysis. Acta Informatica 24, 679–694 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Ryder, B., Marlowe, T.: An efficient hybrid algorithm for incremental data flow analysis. In: POPL, San Francisco, CA, pp. 184–196 (1990)Google Scholar
  26. 26.
    Saha, D., Ramakrishnan, C.: Incremental evaluation of tabled logic programs. In: Palamidessi, C. (ed.) ICLP 2003. LNCS, vol. 2916, pp. 392–406. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. 27.
    Saha, D., Ramakrishnan, C.: Incremental and demand driven points to analysis using logic programming. Provided by authors (2004)Google Scholar
  28. 28.
    Doyle, J.: A truth maintenance system. Artificial Intelligence 12, 231–272 (1979)CrossRefMathSciNetGoogle Scholar
  29. 29.
    Sokolsky, O., Smolka, S.: Incremental model checking in the modal mu-calculus. In: CAV, Stanford, CA, pp. 351–363 (1994)Google Scholar
  30. 30.
    Henzinger, T., Jhala, R., Majumdar, R., Sanvido, M.: Extreme model checking. In: Verification: Theory and Practice, Sicily, Italy, pp. 332–358 (2003)Google Scholar
  31. 31.
    Chen, H., Wagner, D.: MOPS: an infrastructure for examining security properties of software. In: CCS, Washington, DC, pp. 235–244 (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Christopher L. Conway
    • 1
  • Kedar S. Namjoshi
    • 2
  • Dennis Dams
    • 2
  • Stephen A. Edwards
    • 1
  1. 1.Department of Computer ScienceColumbia University 
  2. 2.Bell LabsLucent Technologies 

Personalised recommendations