Bottom-Up Shape Analysis
In this paper we present a new shape analysis algorithm. The key distinguishing aspect of our algorithm is that it is completely compositional, bottom-up and non-iterative. We present our algorithm as an inference system for computing Hoare triples summarizing heap manipulating programs. Our inference rules are compositional: Hoare triples for a compound statement are computed from the Hoare triples of its component statements. These inference rules are used as the basis for a bottom-up shape analysis of programs.
Specifically, we present a logic of iterated separation formula (LISF) which uses the iterated separating conjunct of Reynolds  to represent program states. A key ingredient of our inference rules is a strong bi-abduction operation between two logical formulas. We describe sound strong bi-abduction and satisfiability decision procedures for LISF.
We have built a prototype tool that implements these inference rules and have evaluated it on standard shape analysis benchmark programs. Preliminary results show that our tool can generate expressive summaries, which are complete functional specifications in many cases.
KeywordsModel Check Inference Rule Auxiliary Variable Shape Analysis Compose Rule
Unable to display preview. Download preview PDF.
- 8.Calcagno, C., Distefano, D., O’Hearn, P., Yang, H.: Compositional shape analysis by means of bi-abduction. In: Proc. of POPL (2009)Google Scholar
- 10.Cousot, P.: Methods and logics for proving programs. In: van Leeuwen, J. (ed.) Formal Models and Semantics. Handbook of Theoretical Computer Science, vol. B, Ch. 15., pp. 843–993. Elsevier Science Publishers B.V., Amsterdam (1990)Google Scholar
- 11.Gulavani, B.S., Chakraborty, S., Ramalingam, G., Nori, A.V.: Bottom-up shape analysis. Technical Report TR-09-27, CFDVS, IIT Bombay (2009), www.cfdvs.iitb.ac.in/~bhargav/shape-analysis.html
- 12.Guo, B., Vachharajani, N., August, D.I.: Shape analysis with inductive recursion synthesis. In: Proc. of PLDI, pp. 256–265 (2007)Google Scholar
- 13.Lev-Ami, T., Sagiv, M., Reps, T., Gulwani, S.: Backward analysis for inferring quantified preconditions. Technical Report TR-2007-12-01, Tel Aviv University (2007)Google Scholar
- 14.Møller, A., Schwartzbach, M.I.: The pointer assertion logic engine. In: Proc. of PLDI (June 2001); also in SIGPLAN Notices 36(5) (May 2001) Google Scholar
- 17.Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: Proc. of LICS, pp. 55–74 (2002)Google Scholar
- 18.Touili, T.: Regular model checking using widening techniques. In: Proc. of VEPAS 2001 (2001)Google Scholar