Advertisement

Side-Effecting Constraint Systems: A Swiss Army Knife for Program Analysis

  • Kalmer Apinis
  • Helmut Seidl
  • Vesal Vojdani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7705)

Abstract

Side-effecting constraint systems were originally introduced for the analysis of multi-threaded code [22]. In this paper, we show how this formalism provides a unified framework for realizing efficient interprocedural analyses where the amount of context-sensitivity can be tweaked and where the context-sensitive analyses of local properties can be combined with flow-insensitive analyses of global properties, e.g., about the heap. Side-effecting constraint systems thus form the ideal basis for building general-purpose infrastructures for static analysis. One such infrastructure is the analyzer generator Goblint, which we used to practically evaluate this approach on real-world examples.

Keywords

Complete Lattice Constraint System Procedure Call Constraint Variable Program Point 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. Ph.D. thesis, DIKU, University of Copenhagen (1994)Google Scholar
  2. 2.
    Apinis, K., Seidl, H., Vojdani, V.: Side-Effecting Constraint Systems: A Swiss Army Knife for Program Analysis. Tech. Rep. TUM-I1213, Technische Universität München, Institut für Informatik (2012)Google Scholar
  3. 3.
    Calcagno, C., Distefano, D., O’Hearn, P., Yang, H.: Compositional shape analysis by means of bi-abduction. In: POPL 2009, pp. 289–300. ACM Press (2009)Google Scholar
  4. 4.
    Cousot, P., Cousot, R.: Abstract Interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL 1977, pp. 238–252. ACM Press (1977)Google Scholar
  5. 5.
    Cousot, P., Cousot, R.: Static Determination of Dynamic Properties of Recursive Procedures. In: IFIP Conf. on Formal Description of Programming Concepts, pp. 237–277. North-Holland (1977)Google Scholar
  6. 6.
    Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: The ASTREÉ Analyzer. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL 1978, pp. 84–96. ACM Press (1978)Google Scholar
  8. 8.
    Das, M., Lerner, S., Seigle, M.: ESP: Path-sensitive program verification in polynomial time. In: PLDI 2002, pp. 57–68. ACM Press (2002)Google Scholar
  9. 9.
    Fecht, C.: Abstrakte Interpretation logischer Programme: Theorie, Implementierung, Generierung. Ph.D. thesis, Universität des Saarlandes (1997)Google Scholar
  10. 10.
    Fecht, C., Seidl, H.: A Faster Solver for General Systems of Equations. Sci. Comput. Program. 35(2), 137–161 (1999)MathSciNetzbMATHCrossRefGoogle Scholar
  11. 11.
    Flexeder, A., Mihaila, B., Petter, M., Seidl, H.: Interprocedural Control Flow Reconstruction. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 188–203. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Guyer, S.Z., Lin, C.: Client-Driven Pointer Analysis. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 214–236. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Hofmann, M., Karbyshev, A., Seidl, H.: Verifying a Local Generic Solver in Coq. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 340–355. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Jørgensen, N.: Finding Fixpoints in Finite Function Spaces Using Neededness Analysis and Chaotic Iteration. In: LeCharlier, B. (ed.) SAS 1994. LNCS, vol. 864, pp. 329–345. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  15. 15.
    Kildall, G.: A unified approach to global program optimization. In: POPL 1973, pp. 194–206. ACM Press (1973)Google Scholar
  16. 16.
    Lattner, C., Adve, V.: LLVM: A compilation framework for lifelong program analysis & transformation. In: CGO 2004, pp. 75–88. IEEE Press (2004)Google Scholar
  17. 17.
    Lhoták, O., Chung, K.C.A.: Points-to analysis with efficient strong updates. In: POPL 2011, pp. 3–16. ACM Press (2011)Google Scholar
  18. 18.
    Milanova, A., Rountev, A., Ryder, B.G.: Parameterized object sensitivity for points-to analysis for Java. ACM Transactions on Software Engineering and Methodology 14, 1–41 (2005)CrossRefGoogle Scholar
  19. 19.
    Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, pp. 213–228. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: POPL 1995, pp. 49–61. ACM Press (1995)Google Scholar
  21. 21.
    Rinetzky, N., Bauer, J., Reps, T.W., Sagiv, S., Wilhelm, R.: A semantics for procedure local heaps and its abstractions. In: POPL 2005, pp. 296–309 (2005)Google Scholar
  22. 22.
    Seidl, H., Vene, V., Müller-Olm, M.: Global invariants for analyzing multithreaded applications. Proc. of the Estonian Academy of Sciences: Phys., Math. 52(4), 413–436 (2003)zbMATHGoogle Scholar
  23. 23.
    Seidl, H., Vojdani, V.: Region Analysis for Race Detection. In: Palsberg, J., Su, Z. (eds.) SAS 2009. LNCS, vol. 5673, pp. 171–187. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Shapiro, M., Horwitz, S.: Fast and accurate flow-insensitive points-to analysis. In: POPL 1997, pp. 1–14. ACM Press (1997)Google Scholar
  25. 25.
    Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Muchnick, S., Jones, N. (eds.) Program Flow Analysis: Theory and Application, pp. 189–233. Prentice-Hall (1981)Google Scholar
  26. 26.
    Steensgaard, B.: Points-to analysis in almost linear time. In: POPL 1996, pp. 32–41. ACM Press (1996)Google Scholar
  27. 27.
    Vallée-Rai, R., Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot: A Java bytecode optimization framework. In: CASCON 1999. IBM Press (1999)Google Scholar
  28. 28.
    Vergauwen, B., Wauman, J., Lewi, J.: Efficient Fixpoint Computation. In: LeCharlier, B. (ed.) SAS 1994. LNCS, vol. 864, pp. 314–328. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  29. 29.
    Vojdani, V.: Static Data Race Analysis of Heap-Manipulating C Programs. Ph.D. thesis, University of Tartu (2010)Google Scholar
  30. 30.
    Wilson, R.P., French, R.S., Wilson, C.S., Amarasinghe, S.P., Anderson, J.M., Tjiang, S.W.K., Liao, S.W., Tseng, C.W., Hall, M.W., Lam, M.S., Hennessy, J.L.: SUIF: An infrastructure for research on parallelizing and optimizing compilers. SIGPLAN Not. 29, 31–37 (1994)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Kalmer Apinis
    • 1
  • Helmut Seidl
    • 1
  • Vesal Vojdani
    • 1
  1. 1.Lehrstuhl für Informatik IITechnische Universität MünchenGarching b. MünchenGermany

Personalised recommendations