Skip to main content
SpringerLink
Log in
Book cover

International Conference on Verification, Model Checking, and Abstract Interpretation

VMCAI 2017: Verification, Model Checking, and Abstract Interpretation pp 539–558Cite as

Partitioned Memory Models for Program Analysis

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10145))

Abstract

Scalability is a key challenge in static analysis. For imperative languages like C, the approach taken for modeling memory can play a significant role in scalability. In this paper, we explore a family of memory models called partitioned memory models which divide memory up based on the results of a points-to analysis. We review Steensgaard’s original and field-sensitive points-to analyses as well as Data Structure Analysis (DSA), and introduce a new cell-based points-to analysis which more precisely handles heap data structures and type-unsafe operations like pointer arithmetic and pointer casting. We give experimental results on benchmarks from the software verification competition using the program verification framework in Cascade. We show that a partitioned memory model using our cell-based points-to analysis outperforms models using other analyses.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    A formal presentation of the semantics of the partitioned memory model is presented in [28].

  2. 2.

    We borrow this term from Miné [19], but use it in a different context. Miné aimed to build a cell-based abstract domain for value analysis, while we target a cell-based points-to analysis.

  3. 3.

    They can be handled using a straightforward adaptation of Steensgaard’s approach.

  4. 4.

    Cascade placed 3rd in the Heap Data Structures category of SV-COMP 2016 [4].

  5. 5.

    We used a context-insensitive version of DSA to make a fair comparison because the other analyses are also context-insensitive. Context sensitivity could be added to any of them, improving the results.

References

  1. Andersen, L.O.: Program analysis and specialization for the C programming language. Ph.D. thesis, University of Copenhagen, May 1994

    Google Scholar 

  2. Balatsouras, G., Smaragdakis, Y.: Structure-sensitive points-to analysis for C and C++. In: Static Analysis Symposium (SAS) (2016)

    Google Scholar 

  3. Barrett, C., Stump, A., Tinelli, C.: The SMT-LIB standard - version 2.0. In: Proceedings of the 8th International Workshop on Satisfiability Modulo Theories (SMT) (2010)

    Google Scholar 

  4. Beyer, D.: Reliable and reproducible competition results with benchexec and witnesses (reported on SV-COMP 2016). In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS) (2016)

    Google Scholar 

  5. Böhme, S., Moskal, M.: Heaps, data structures: a challenge for automated provers. In: Conference on Automated Deduction (CADE) (2011)

    Google Scholar 

  6. Burstall, R.M.: Some techniques for proving correctness of programs which alter data structures. Mach. Intell. 7, 23–50 (1972)

    MATH  Google Scholar 

  7. Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS) (2004)

    Google Scholar 

  8. Cohen, E., Moskal, M., Tobies, S., Schulte, W.: A precise yet efficient memory model for C. Electron. Notes Theor. Comput. Sci. (ENTCS) 254, 85–103 (2009)

    Article  Google Scholar 

  9. Condit, J., Hackett, B., Lahiri, S.K., Qadeer, S.: Unifying type checking and property checking for low-level code. In: Principles of Programming Languages (POPL) (2009)

    Google Scholar 

  10. Conway, C.L., Dams, D., Namjoshi, K.S., Barrett, C.: Pointer analysis, conditional soundness, and proving the absence of errors. In: Static Analysis Symposium (SAS) (2008)

    Google Scholar 

  11. Cuoq, P., Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C a software analysis perspective. In: Software Engineering and Formal Methods (SEFM) (2012)

    Google Scholar 

  12. Foster, J.S., Fähndrich, M., Aiken, A.: Flow-insensitive points-to analysis with term and set constraints. Technical report CSD-97-964, University of California, Berkeley (1997)

    Google Scholar 

  13. Gurfinkel, A., Kahsai, T., Komuravelli, A., Navas, J.A.: The SeaHorn verification framework. In: Computer Aided Verification (CAV) (2015)

    Google Scholar 

  14. Hind, M.: Pointer analysis: haven’t we solved this problem yet? In: Program Analysis for Software Tools and Engineering (PASTE) (2001)

    Google Scholar 

  15. Lahiri, S.K., Qadeer, S.: Back to the future: revisiting precise program verification using SMT solvers. In: Principles of Programming Languages (POPL) (2008)

    Google Scholar 

  16. Lahiri, S.K., Qadeer, S., Rakamarić, Z.: Static and precise detection of concurrency errors in systems code using SMT solvers. In: Computer Aided Verification (CAV) (2009)

    Google Scholar 

  17. Lal, A., Qadeer, S.: Powering the static driver verifier using Corral. In: Foundations of Software Engineering (FSE) (2014)

    Google Scholar 

  18. Lattner, C., Lenharth, A., Adve, V.: Making context-sensitive points-to analysis with heap cloning practical for the real world. In: Programming Language Design and Implementation (PLDI) (2007)

    Google Scholar 

  19. Miné, A.: Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics. In: Language, Compilers, and Tool Support for Embedded Systems (LCTES) (2006)

    Google Scholar 

  20. Morse, J., Ramalho, M., Cordeiro, L., Nicole, D., Fischer, B.: ESBMC 1.22 (competition contribution). In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS) (2014)

    Google Scholar 

  21. Necula, G.C., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy code. In: Principles of Programming Languages (POPL) (2002)

    Google Scholar 

  22. Pearce, D.J., Kelly, P.H.J., Hankin, C.: Efficient field-sensitive pointer analysis for C. In: Program Analysis for Software Tools and Engineering (PASTE) (2004)

    Google Scholar 

  23. Pearce, D.J., Kelly, P.H.J., Hankin, C.: Efficient field-sensitive pointer analysis of C. ACM Trans. Program. Lang. Syst. 30(1), 4 (2007)

    Article  Google Scholar 

  24. Rakamarić, Z., Emmi, M.: SMACK: decoupling source language details from verifier implementations. In: Computer Aided Verification (CAV) (2015)

    Google Scholar 

  25. Rakamarić, Z., Hu, A.J.: A scalable memory model for low-level code. In: Verification, Model Checking, and Abstract Interpretation (VMCAI) (2009)

    Google Scholar 

  26. Steensgaard, B.: Points-to analysis by type inference of programs with structures and unions. In: Compiler Construction (CC) (1996)

    Google Scholar 

  27. Steensgaard, B.: Points-to analysis in almost linear time. In: Principles of Programming Languages (POPL) (1996)

    Google Scholar 

  28. Wang, W.: Partition memory models for program analysis. Ph.D. thesis, New York University, May 2016

    Google Scholar 

  29. Wang, W., Barrett, C., Wies, T.: Cascade 2.0. In: Verification, Model Checking, and Abstract Interpretation (VMCAI) (2014)

    Google Scholar 

  30. Yong, S.H., Horwitz, S., Reps, T.: Pointer analysis for programs with structures and casting. In: Programming Language Design and Implementation (PLDI) (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. New York University, New York City, USA

    Wei Wang & Thomas Wies

  2. Stanford University, Stanford, USA

    Clark Barrett

Authors
  1. Wei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Clark Barrett
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Wies
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wei Wang .

Editor information

Editors and Affiliations

  1. IRIF, Université Paris Diderot, Paris, France

    Ahmed Bouajjani

  2. VERIMAG, CNRS & Université Grenoble Alpes, Grenoble, France

    David Monniaux

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Wang, W., Barrett, C., Wies, T. (2017). Partitioned Memory Models for Program Analysis. In: Bouajjani, A., Monniaux, D. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2017. Lecture Notes in Computer Science(), vol 10145. Springer, Cham. https://doi.org/10.1007/978-3-319-52234-0_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-52234-0_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-52233-3

  • Online ISBN: 978-3-319-52234-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation