Side-Effecting Constraint Systems: A Swiss Army Knife for Program Analysis

  • Kalmer Apinis
  • Helmut Seidl
  • Vesal Vojdani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7705)

Abstract

Side-effecting constraint systems were originally introduced for the analysis of multi-threaded code [22]. In this paper, we show how this formalism provides a unified framework for realizing efficient interprocedural analyses where the amount of context-sensitivity can be tweaked and where the context-sensitive analyses of local properties can be combined with flow-insensitive analyses of global properties, e.g., about the heap. Side-effecting constraint systems thus form the ideal basis for building general-purpose infrastructures for static analysis. One such infrastructure is the analyzer generator Goblint, which we used to practically evaluate this approach on real-world examples.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. Ph.D. thesis, DIKU, University of Copenhagen (1994)Google Scholar
  2. 2.
    Apinis, K., Seidl, H., Vojdani, V.: Side-Effecting Constraint Systems: A Swiss Army Knife for Program Analysis. Tech. Rep. TUM-I1213, Technische Universität München, Institut für Informatik (2012)Google Scholar
  3. 3.
    Calcagno, C., Distefano, D., O’Hearn, P., Yang, H.: Compositional shape analysis by means of bi-abduction. In: POPL 2009, pp. 289–300. ACM Press (2009)Google Scholar
  4. 4.
    Cousot, P., Cousot, R.: Abstract Interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL 1977, pp. 238–252. ACM Press (1977)Google Scholar
  5. 5.
    Cousot, P., Cousot, R.: Static Determination of Dynamic Properties of Recursive Procedures. In: IFIP Conf. on Formal Description of Programming Concepts, pp. 237–277. North-Holland (1977)Google Scholar
  6. 6.
    Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: The ASTREÉ Analyzer. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL 1978, pp. 84–96. ACM Press (1978)Google Scholar
  8. 8.
    Das, M., Lerner, S., Seigle, M.: ESP: Path-sensitive program verification in polynomial time. In: PLDI 2002, pp. 57–68. ACM Press (2002)Google Scholar
  9. 9.
    Fecht, C.: Abstrakte Interpretation logischer Programme: Theorie, Implementierung, Generierung. Ph.D. thesis, Universität des Saarlandes (1997)Google Scholar
  10. 10.
    Fecht, C., Seidl, H.: A Faster Solver for General Systems of Equations. Sci. Comput. Program. 35(2), 137–161 (1999)MathSciNetMATHCrossRefGoogle Scholar
  11. 11.
    Flexeder, A., Mihaila, B., Petter, M., Seidl, H.: Interprocedural Control Flow Reconstruction. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 188–203. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Guyer, S.Z., Lin, C.: Client-Driven Pointer Analysis. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 214–236. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Hofmann, M., Karbyshev, A., Seidl, H.: Verifying a Local Generic Solver in Coq. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 340–355. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Jørgensen, N.: Finding Fixpoints in Finite Function Spaces Using Neededness Analysis and Chaotic Iteration. In: LeCharlier, B. (ed.) SAS 1994. LNCS, vol. 864, pp. 329–345. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  15. 15.
    Kildall, G.: A unified approach to global program optimization. In: POPL 1973, pp. 194–206. ACM Press (1973)Google Scholar
  16. 16.
    Lattner, C., Adve, V.: LLVM: A compilation framework for lifelong program analysis & transformation. In: CGO 2004, pp. 75–88. IEEE Press (2004)Google Scholar
  17. 17.
    Lhoták, O., Chung, K.C.A.: Points-to analysis with efficient strong updates. In: POPL 2011, pp. 3–16. ACM Press (2011)Google Scholar
  18. 18.
    Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. ACM Transactions on Software Engineering and Methodology 14, 1–41 (2005)CrossRefGoogle Scholar
  19. 19.
    Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, pp. 213–228. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: POPL 1995, pp. 49–61. ACM Press (1995)Google Scholar
  21. 21.
    Rinetzky, N., Bauer, J., Reps, T.W., Sagiv, S., Wilhelm, R.: A semantics for procedure local heaps and its abstractions. In: POPL 2005, pp. 296–309 (2005)Google Scholar
  22. 22.
    Seidl, H., Vene, V., Müller-Olm, M.: Global invariants for analyzing multithreaded applications. Proc. of the Estonian Academy of Sciences: Phys., Math. 52(4), 413–436 (2003)MATHGoogle Scholar
  23. 23.
    Seidl, H., Vojdani, V.: Region Analysis for Race Detection. In: Palsberg, J., Su, Z. (eds.) SAS 2009. LNCS, vol. 5673, pp. 171–187. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Shapiro, M., Horwitz, S.: Fast and accurate flow-insensitive points-to analysis. In: POPL 1997, pp. 1–14. ACM Press (1997)Google Scholar
  25. 25.
    Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Muchnick, S., Jones, N. (eds.) Program Flow Analysis: Theory and Application, pp. 189–233. Prentice-Hall (1981)Google Scholar
  26. 26.
    Steensgaard, B.: Points-to analysis in almost linear time. In: POPL 1996, pp. 32–41. ACM Press (1996)Google Scholar
  27. 27.
    Vallée-Rai, R., Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot: A Java bytecode optimization framework. In: CASCON 1999. IBM Press (1999)Google Scholar
  28. 28.
    Vergauwen, B., Wauman, J., Lewi, J.: Efficient Fixpoint Computation. In: LeCharlier, B. (ed.) SAS 1994. LNCS, vol. 864, pp. 314–328. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  29. 29.
    Vojdani, V.: Static Data Race Analysis of Heap-Manipulating C Programs. Ph.D. thesis, University of Tartu (2010)Google Scholar
  30. 30.
    Wilson, R.P., French, R.S., Wilson, C.S., Amarasinghe, S.P., Anderson, J.M., Tjiang, S.W.K., Liao, S.W., Tseng, C.W., Hall, M.W., Lam, M.S., Hennessy, J.L.: SUIF: An infrastructure for research on parallelizing and optimizing compilers. SIGPLAN Not. 29, 31–37 (1994)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Kalmer Apinis
    • 1
  • Helmut Seidl
    • 1
  • Vesal Vojdani
    • 1
  1. 1.Lehrstuhl für Informatik IITechnische Universität MünchenGarching b. MünchenGermany

Personalised recommendations