Reachability Analysis of Program Variables

  • Đurica Nikolić
  • Fausto Spoto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7364)

Abstract

A variable v reaches a variable w if there is a path from the memory location bound to v to the one bound to w. This information is important for improving the precision of other static analyses, such as side-effects, field initialization, cyclicity and path-length, as well as of more complex analyses built upon them, such as nullness and termination. We present a provably correct constraint-based reachability analysis for Java bytecode. Our constraint is a graph whose nodes are program points and whose arcs propagate reachability information according to the semantics of bytecodes. The analysis has been implemented in the Julia static analyzer. Experiments that we performed on non-trivial Java and Android programs show a gain in precision due to a reachability information, whose presence also reduces the cost of nullness and termination analyses.

Keywords

Abstract Interpretation Program Variable Reachability Analysis Exception Handler Predicate Abstraction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Balaban, I., Pnueli, A., Zuck, L.D.: Shape Analysis by Predicate Abstraction. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 164–180. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Ball, T., Millstein, T., Rajamani, S.K.: Polymorphic Predicate Abstraction. ACM Trans. on Programming Languages and Systems 27, 314–343 (2005)CrossRefGoogle Scholar
  3. 3.
    Calcagno, C., Distefano, D., O’Hearn, P., Yang, H.: Compositional Shape Analysis by Means of Bi-Abduction. In: Proc. of the 36th POPL, pp. 289–300. ACM, New York (2009)Google Scholar
  4. 4.
    Chatterjee, S., Lahiri, S., Qadeer, S., Rakamaric, Z.: A Low-Level Memory Model and an Accompanying Reachability Predicate. STTT 11(2), 105–116 (2009)CrossRefGoogle Scholar
  5. 5.
    Cousot, P., Cousot, R.: Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In: Proceedings of the 4th POPL, pp. 238–252. ACM (1977)Google Scholar
  6. 6.
    Dams, D.R., Namjoshi, K.S.: Shape Analysis through Predicate Abstraction and Model Checking. In: Zuck, L.D., Attie, P.C., Cortesi, A., Mukhopadhyay, S. (eds.) VMCAI 2003. LNCS, vol. 2575, pp. 310–323. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Distefano, D., O’Hearn, P.W., Yang, H.: A Local Shape Analysis Based on Separation Logic. In: Hermanns, H. (ed.) TACAS 2006. LNCS, vol. 3920, pp. 287–302. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Hardekopf, B.C.: Pointer Analysis: Building a Foundation for Effective Program Analysis. Ph.D. thesis, University of Texas at Austin, Austin, TX, USA (2009)Google Scholar
  9. 9.
    Hind, M.: Pointer Analysis: Haven’t We Solved This Problem Yet? In: Proceedings of PASTE 2001, pp. 54–61. ACM, New York (2001)Google Scholar
  10. 10.
    Lhoták, O.: Program Analysis Using Binary Decision Diagrams. Ph.D. thesis, McGill University (2006)Google Scholar
  11. 11.
    Lhoták, O., Chung, K.C.A.: Points-to Analysis with Efficient Strong Updates. In: Proceedings of the 38th POPL, pp. 3–16. ACM (2011)Google Scholar
  12. 12.
    Lindholm, T., Yellin, F.: The JavaTM Virtual Machine Specification, 2nd edn. Addison-Wesley (1999)Google Scholar
  13. 13.
    Nelson, G.: Verifying Reachability Invariants of Linked Structures. In: Proc. of the 10th POPL, pp. 38–47 (1983)Google Scholar
  14. 14.
    Nikolić, D., Spoto, F.: Reachability Analysis of Program Variables, http://profs.sci.univr.it/~nikolic/download/IJCAR2012/IJCAR2012Ext.pdf
  15. 15.
    Papi, M.M., Ali, M., Correa, T.L., Perkins, J.H., Ernst, M.D.: Practical Pluggable Types for Java. In: Proceedings of the ISSTA 2008, pp. 201–212. ACM, Seattle (2008)CrossRefGoogle Scholar
  16. 16.
    Rossignoli, S., Spoto, F.: Detecting Non-cyclicity by Abstract Compilation into Boolean Functions. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 95–110. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Rountev, A., Milanova, A., Ryder, B.G.: Points-to Analysis for Java Using Annotated Constraints. In: Proceedings of the 16th OOPSLA, pp. 43–55. ACM (2001)Google Scholar
  18. 18.
    Sagiv, M., Reps, T., Wilhelm, R.: Solving Shape-Analysis Problems in Languages with Destructive Updating. ACM Trans. on Programming Languages and Systems 20, 1–50 (1998)CrossRefGoogle Scholar
  19. 19.
    Sagiv, M., Reps, T., Wilhelm, R.: Parametric Shape Analysis via 3-Valued Logic. ACM Trans. Program. Lang. Syst. 24, 217–298 (2002)CrossRefGoogle Scholar
  20. 20.
    Salcianu, A.D.: Pointer Analysis for Java Programs: Novel Techniques and Applications. Ph.D. thesis, Massachusetts Institute of Technology, Cambridge, MA, USA (2006)Google Scholar
  21. 21.
    Secci, S., Spoto, F.: Pair-Sharing Analysis of Object-Oriented Programs. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 320–335. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Spoto, F., Ernst, M.D.: Inference of Field Initialization. In: Proceedings of the 33rd ICSE, pp. 231–240. ACM, Waikiki (2011)Google Scholar
  23. 23.
    Spoto, F., Mesnard, F., Payet, E.: A Termination Analyzer for Java Bytecode Based on Path-Length. ACM Trans. on Programming Languages and Systems 32(3), 1–70 (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Đurica Nikolić
    • 1
    • 2
  • Fausto Spoto
    • 1
  1. 1.Dipartimento di InformaticaUniversity of VeronaItaly
  2. 2.Centre for Computational and Systems BiologyMicrosoft Research - University of TrentoItaly

Personalised recommendations