Targeted Update – Aggressive Memory Abstraction Beyond Common Sense and Its Application on Static Numeric Analysis

  • Zhoulai Fu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8410)

Abstract

Abstract. Summarizing techniques are widely used in the reasoning of unbounded data structures. These techniques prohibit strong update unless certain restricted safety conditions are satisfied. We find that by setting and enforcing the analysis boundaries to a limited scope of program identifiers, called targets in this paper, more cases of strong update can be shown sound, not with regard to the entire heap, but with regard to the targets. We have implemented the analysis for inferring numeric properties in Java programs. The experimental results show a tangible precision enhancement compared with classical approaches while preserving a high scalability.

Keywords

abstract interpretation points-to analysis abstract numeric domain abstract semantics strong update 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Balakrishnan, G., Reps, T.W.: Recency-abstraction for heap-allocated storage. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 221–239. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. Blanchet, B., Cousot, P., Cousot, R.: A static analyzer for large safety-critical software. In: PLDI, pp. 196–207 (2003a)Google Scholar
  3. Blanchet, B., Cousot, P., Cousot, R., et al.: A static analyzer for large safety-critical software. In: PLDI, pp. 196–207 (2003b)Google Scholar
  4. Chase, D.R., Wegman, M.N., Zadeck, F.K.: Analysis of pointers and structures (with retrospective). In: Best of PLDI, pp. 343–359 (1990)Google Scholar
  5. Chen, P.S., Hung, M.Y., Hwang, Y.S.: et al. Compiler support for speculative multithreading architecture with probabilistic points-to analysis. In: PPoPP, pp. 25–36 (2003)Google Scholar
  6. Cortesi, A., Zanioli, M.: Widening and narrowing operators for abstract interpretation. Computer Languages, Systems & Structures 37(1), 24–42 (2011)CrossRefMATHGoogle Scholar
  7. Cousot, P., Cousot, R.: Comparing the Galois connection and widening/narrowing approaches to Abstract interpretation. In: Bruynooghe, M., Wirsing, M. (eds.) PLILP 1992. LNCS, vol. 631, pp. 269–295. Springer, Heidelberg (1992)CrossRefGoogle Scholar
  8. Cousot, P., Cousot, R., Mauborgne, L.: A scalable segmented decision tree abstract domain. In: Manna, Z., Peled, D.A. (eds.) Pnueli Fetschrift. LNCS, vol. 6200, pp. 72–95. Springer, Heidelberg (2010)Google Scholar
  9. Dillig, I., Dillig, T., Aiken, A.: Fluid updates: Beyond strong vs. weak updates. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 246–266. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. Dillig, I., Dillig, T., Aiken, A.: Precise reasoning for programs using containers. In: POPL, pp. 187–200 (2011)Google Scholar
  11. Emami, M., Ghiya, R., Hendren, L.J.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: PLDI, pp. 242–256 (1994)Google Scholar
  12. Fink, S.J., Yahav, E., Dor, N., et al.: Effective typestate verification in the presence of aliasing. ACM Trans. Softw. Eng. Methodol. 17(2) (2008)Google Scholar
  13. Fu, Z.: Static Analysis of Numerical Properties in the Presence of Pointers. PhD thesis, Université de Rennes 1 – INRIA, Rennes, France (2013)Google Scholar
  14. Fu, Z.: Modularly combining numeric abstract domains with points-to analysis, and a scalable static numeric analyzer for java. In: McMillan, K.L., Rival, X. (eds.) VMCAI 2014. LNCS, vol. 8318, pp. 282–301. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  15. Gopan, D., DiMaio, F., Dor, N., Reps, T., Sagiv, M.: Numeric domains with summarized dimensions. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 512–529. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. Landi, W., Ryder, B.G.: A safe approximate algorithm for interprocedural pointer aliasing. In: PLDI, pp. 235–248 (1992)Google Scholar
  17. Lev-Ami, T., Sagiv, M.: TVLA: A system for implementing static analyses. In: SAS 2000. LNCS, vol. 1824, pp. 280–302. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  18. Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. In: POPL, pp. 105–118 (1999)Google Scholar
  19. Vallée-Rai, R., Co, P., Gagnon, E., Hendren, L.J., Lam, P., Sundaresan, V.: Soot - a Java bytecode optimization framework. In: CASCON, p. 13 (1999)Google Scholar
  20. Wilson, R.P., Lam, M.S.: Efficient Context-Sensitive Pointer Analysis for C Programs. In: PLDI, pp. 1–12 (1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Zhoulai Fu
    • 1
  1. 1.IMDEA SoftwareSpain

Personalised recommendations