skip to main content
10.1145/1040305.1040331acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
Article

Region-based shape analysis with tracked locations

Published: 12 January 2005 Publication History

Abstract

This paper proposes a novel approach to shape analysis: using local reasoning about individual heap locations instead of global reasoning about entire heap abstractions. We present an inter-procedural shape analysis algorithm for languages with destructive updates. The key feature is a novel memory abstraction that differs from traditional abstractions in two ways. First, we build the shape abstraction and analysis on top of a pointer analysis. Second, we decompose the shape abstraction into a set of independent configurations, each of which characterizes one single heap location. Our approach: 1) leads to simpler algorithm specifications, because of local reasoning about the single location; 2) leads to efficient algorithms, because of the smaller granularity of the abstraction; and 3) makes it easier to develop context-sensitive, demand-driven, and incremental shape analyses.We also show that the analysis can be used to enable the static detection of memory errors in programs with explicit deallocation. We have built a prototype tool that detects memory leaks and accesses through dangling pointers in C programs. The experiments indicate that the analysis is sufficiently precise to detect errors with low false positive rates; and is sufficiently lightweight to scale to larger programs. For a set of three popular C programs, the tool has analyzed about 70K lines of code in less than 2 minutes and has produced 97 warnings, 38 of which were actual errors.

References

[1]
S. Amarasinghe, J. Anderson, M. Lam, and C. Tseng. The SUIF compiler for scalable parallel machines. In Proceedings of the Eighth SIAM Conference on Parallel Processing for Scientific Computing, San Francisco, CA, February 1995.]]
[2]
T. Ball, R. Majumdar, T. Millstein, and S. Rajamani. Automatic predicate abstraction of C programs. In Proceedings of the SIGPLAN '01 Conference on Program Language Design and Implementation, Snowbird, UT, June 2001.]]
[3]
T. Ball and S. Rajamani. The SLAM project: Debugging system software via static analysis. In Proceedings of the 29th Annual ACM Symposium on the Principles of Programming Languages, Portland, OR, January 2002.]]
[4]
W. Bush, J. Pincus, and D. Sielaff. A static analyzer for finding dynamic programming errors. Software -- Practice and Experience, 30(7):775--802, August 2000.]]
[5]
S. Chong and R. Rugina. Static analysis of accessed regions in recursive data structures. In Proceedings of the 10th International Static Analysis Symposium, San Diego, CA, June 2003.]]
[6]
M. Das, S. Lerner, and M. Seigle. ESP: Path-sensitive program verification in polynomial time. In Proceedings of the SIGPLAN '02 Conference on Program Language Design and Implementation, Berlin, Germany, June 2002.]]
[7]
R. DeLine and M. Fahndrich. Enforcing high-level protocols in low-level software. In Proceedings of the SIGPLAN '01 Conference on Program Language Design and Implementation, Snowbird, UT, June 2001.]]
[8]
N. Dor, M. Rodeh, and M. Sagiv. Checking cleanness in linked lists. In Proceedings of the 7th International Static Analysis Symposium, Santa Barbara, CA, July 2000.]]
[9]
D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the SIGPLAN '02 Conference on Program Language Design and Implementation, Berlin, Germany, June 2002.]]
[10]
M. Fahndrich, J. Rehof, and M. Das. Scalable context-sensitive flow analysis using instantiation constraints. In Proceedings of the SIGPLAN '00 Conference on Program Language Design and Implementation, Vancouver, Canada, June 2000.]]
[11]
R. Ghiya and L. Hendren. Is is a tree, a DAG or a cyclic graph? a shape analysis for heap-directed pointers in C. In Proceedings of the 23rd Annual ACM Symposium on the Principles of Programming Languages, St. Petersburg Beach, FL, January 1996.]]
[12]
B. Hackett and R. Rugina. Region-based shape analysis with tracked locations. Technical Report TR2004-1968, Cornell University, October 2004.]]
[13]
R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the 1992 Winter Usenix Conference, January 1992.]]
[14]
M. Hauswirth and T. Chilimbi. Low-overhead memory leak detection using adaptive statistical profiling. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, Boston, MA, October 2004.]]
[15]
D. Heine and M. Lam. A practical flow-sensitive and context-sensitive C and C++ memory leak detector. In Proceedings of the SIGPLAN '03 Conference on Program Language Design and Implementation, San Diego, CA, June 2003.]]
[16]
N. Heintze and O. Tardieu. Demand-driven pointer analysis. In Proceedings of the SIGPLAN '01 Conference on Program Language Design and Implementation, Snowbird, UT, June 2001.]]
[17]
L. Hendren, J. Hummel, and A. Nicolau. A general data dependence test for dynamic, pointer-based data structures. In Proceedings of the SIGPLAN '94 Conference on Program Language Design and Implementation, Orlando, FL, June 1994.]]
[18]
L. Hendren and A. Nicolau. Parallelizing programs with recursive data structures. IEEE Transactions on Parallel and Distributed Systems, 1(1):35--47, January 1990.]]
[19]
S. Ishtiaq and P. O'Hearn. BI as an assertion language for mutable data structures. In Proceedings of the 28th Annual ACM Symposium on the Principles of Programming Languages, London, UK, January 2001.]]
[20]
B. Jeannet, A. Loginov, T. Reps, and M. Sagiv. A relational approach to interprocedural shape analysis. In Proceedings of the 11th International Static Analysis Symposium, Verona, Italy, August 2004.]]
[21]
V. Kuncak, P. Lam, and M. Rinard. Role analysis. In Proceedings of the 29th Annual ACM Symposium on the Principles of Programming Languages, Portland, OR, January 2002.]]
[22]
T. Lev-ami, T. Reps, M. Sagiv, and R. Wilhelm. Putting static analysis to work for verification: A case study. In 2000 International Symposium on Software Testing and Analysis, August 2000.]]
[23]
T. Lev-Ami and M. Sagiv. TVLA: A system for implementing static analyses. In Proceedings of the 7th International Static Analysis Symposium, Santa Barbara, CA, July 2000.]]
[24]
D. Liang and M.J. Harrold. Efficient points-to analysis for whole-program analysis. In Proceedings of the ACM SIGSOFT '99 Symposium on the Foundations of Software Engineering, Toulouse,France, September 1999.]]
[25]
G. Necula, S. McPeak, and W. Weimer. CCured: type-safe retrofitting of legacy code. In Proceedings of the 29th Annual ACM Symposium on the Principles of Programming Languages, Portland, OR, January 2002.]]
[26]
P. O'Hearn, H. Yang, and J. Reynolds. Separation and information hiding. In Proceedings of the 31th Annual ACM Symposium on the Principles of Programming Languages, Venice, Italy, January 2004.]]
[27]
J. Reynolds. Separation logic: A logic for shared mutable data structures. In Proceedings of the Seventeenth Annual IEEE Symposium on Logic in Computer Science, Copenhagen, Denmark, July 2002.]]
[28]
N. Rinetzky and M. Sagiv. Interprocedural shape analysis for recursive programs. In Proceedings of the 2001 International Conference on Compiler Construction, Genova, Italy, April 2001.]]
[29]
M. Sagiv, T. Reps, and R. Wilhelm. Solving shape-analysis problems in languages with destructive updating. ACM Transactions on Programming Languages and Systems, 20(1):1--50, January 1998.]]
[30]
M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. In Proceedings of the 26th Annual ACM Symposium on the Principles of Programming Languages, San Antonio, TX, January 1999.]]
[31]
M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. ACM Transactions on Programming Languages and Systems, 24(3), May 2002.]]
[32]
Bjarne Steensgaard. Points-to analysis in almost linear time. In Proceedings of the 23rd Annual ACM Symposium on the Principles of Programming Languages, St. Petersburg Beach, FL, January 1996.]]
[33]
F. Vivien and M. Rinard. Incrementalized pointer and escape analysis. In Proceedings of the SIGPLAN '01 Conference on Program Language Design and Implementation, Snowbird, UT, June 2001.]]
[34]
R. Wilhelm, M. Sagiv, and T. Reps. Shape analysis. In Proceedings of the 2000 International Conference on Compiler Construction, Berlin, Germany, April 2000.]]
[35]
E. Yahav. Verifying safety properties of concurrent Java programs using 3-valued logic. In Proceedings of the 28th Annual ACM Symposium on the Principles of Programming Languages, London, UK, January 2001.]]
[36]
E. Yahav and G. Ramalingam. Verifying safety properties using separation and heterogeneous abstractions. In Proceedings of the SIGPLAN '04 Conference on Program Language Design and Implementation, Washington, DC, June 2004.]]

Cited By

View all
  • (2023)Mining Java Memory Errors using Subjective Interesting Subgroups with Hierarchical Targets2023 IEEE International Conference on Data Mining Workshops (ICDMW)10.1109/ICDMW60847.2023.00159(1221-1230)Online publication date: 4-Dec-2023
  • (2020)FairChargeProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/33810034:1(1-25)Online publication date: 18-Mar-2020
  • (2020)Will Online Digital Footprints Reveal Your Relationship Status?Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/33809784:1(1-23)Online publication date: 14-Sep-2020
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
POPL '05: Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
January 2005
402 pages
ISBN:158113830X
DOI:10.1145/1040305
  • General Chair:
  • Jens Palsberg,
  • Program Chair:
  • Martín Abadi
  • cover image ACM SIGPLAN Notices
    ACM SIGPLAN Notices  Volume 40, Issue 1
    Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
    January 2005
    391 pages
    ISSN:0362-1340
    EISSN:1558-1160
    DOI:10.1145/1047659
    Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 January 2005

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. memory leaks
  2. memory management
  3. shape analysis
  4. static error detection

Qualifiers

  • Article

Conference

POPL05

Acceptance Rates

Overall Acceptance Rate 824 of 4,130 submissions, 20%

Upcoming Conference

POPL '26

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)7
  • Downloads (Last 6 weeks)0
Reflects downloads up to 30 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Mining Java Memory Errors using Subjective Interesting Subgroups with Hierarchical Targets2023 IEEE International Conference on Data Mining Workshops (ICDMW)10.1109/ICDMW60847.2023.00159(1221-1230)Online publication date: 4-Dec-2023
  • (2020)FairChargeProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/33810034:1(1-25)Online publication date: 18-Mar-2020
  • (2020)Will Online Digital Footprints Reveal Your Relationship Status?Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/33809784:1(1-23)Online publication date: 14-Sep-2020
  • (2018)A sound abstract memory model for static analysis of C programsInternational Journal of Computational Science and Engineering10.1504/IJCSE.2018.09178216:3(255-264)Online publication date: 1-Jan-2018
  • (2018)TwASProceedings of the 33rd Annual ACM Symposium on Applied Computing10.1145/3167132.3167330(1857-1864)Online publication date: 9-Apr-2018
  • (2017)Automated specification inference in a combined domain via user-defined predicatesScience of Computer Programming10.1016/j.scico.2017.05.007148:C(189-212)Online publication date: 15-Nov-2017
  • (2016)Static race detection for device drivers: the Goblint approachProceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering10.1145/2970276.2970337(391-402)Online publication date: 25-Aug-2016
  • (2015)Safe memory-leak fixing for C programsProceedings of the 37th International Conference on Software Engineering - Volume 110.5555/2818754.2818812(459-470)Online publication date: 16-May-2015
  • (2015)Process Variability and Electrostatic Analysis of Molecular QCAACM Journal on Emerging Technologies in Computing Systems10.1145/273804112:2(1-23)Online publication date: 2-Sep-2015
  • (2015)A Survey on Low-Power Techniques with Emerging TechnologiesACM Journal on Emerging Technologies in Computing Systems10.1145/271456612:2(1-26)Online publication date: 2-Sep-2015
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media