Greta Yorsh
Eran Yahav
Satish Chandra
ABSTRACT
We present a framework for generating procedure summaries that are (a) precise - applying the summary in a given context yields the same result as re-analyzing the procedure in that context, and(b) concise - the summary exploits the commonalitiesin the ways the procedure manipulates abstract values, and does not contain superfluous context information.
The use of a precise and concise procedure summary inmodular analyses provides a way to capture infinitely many possible contexts in a finite way; in interprocedural analyses, it provides a compact representation of an explicit input-output summary table without loss of precision.
We define a class of abstract domains and transformers for which precise and concise summaries can be efficiently generated using our framework. Our framework is rich enough to encode a wide range of problems, including all IFDS and IDE problems. In addition, we show how the framework is instantiated to provide novel solutions to two hard problems: modular linear constant propagation and modular typestate verification, both in the presence of aliasing. We implemented a prototype of our framework that computes summaries for the typestate domain, and report on preliminary experimental results.
- T. Ball, T.D. Millstein, and S.K. Rajamani. Polymorphic predicate abstraction. ACM Trans. Program. Lang. Syst., 27(2): 314--343, 2005. Google Scholar
Digital Library
- R. Chatterjee, B.G. Ryder, and W.A. Landi. Relevant context inference. In POPL, pages 133--146, 1999. Google ScholarDigital Library
- B.-C. Cheng and W.-M.W. Hwu. Modular interprocedural pointer analysis using access paths: design, implementation, and evaluation. In PLDI, pages 57--69, 2000. Google ScholarDigital Library
- P. Cousot and R. Cousot. Modular static program analysis. In CC, pages 159--178, 2002. ISBN 3-540-43369-4. Google ScholarDigital Library
- P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximation of fixed points. In POPL, 1977. Google ScholarDigital Library
- P. Cousot and R. Cousot. Static determination of dynamic properties of recursive procedures. In E.J. Neuhold, editor, Formal Descriptions of Programming Concepts, (IFIP WG 2.2, St. Andrews, Canada, August 1977), pages 237--277. North-Holland, 1978.Google Scholar
- P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In POPL, pages 269--282, 1979. Google ScholarDigital Library
- P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In POPL, pages 84--96, 1978. Google ScholarDigital Library
- M. Das, S. Lerner, and M. Seigle. ESP: Path-sensitive program verification in polynomial time. In PLDI, pages 57--68, 2002. Google ScholarDigital Library
- R. DeLine and M. Fähndrich. Adoption and focus: Practical linear types for imperative programming. In PDLI, pages 13--24, June 2002.Google Scholar
- R. DeLine and M. Fähndrich. Typestates for objects. In ECOOP, pages 465--490, 2004.Google ScholarCross Ref
- N. Dor, S. Adams, M. Das, and Z. Yang. Software validation via scalable path--sensitive value flow analysis. In ISSTA, 2004. URL http://doi.acm.org/10.1145/1007515. Google ScholarDigital Library
- J. Field, D. Goyal, G. Ramalingam, and E. Yahav. Typestate verification: Abstraction techniques and complexity results. In SAS, pages 439--462, 2003. Google ScholarDigital Library
- S. Fink, E. Yahav, N. Dor, G. Ramalingam, and E. Geay. Effective typestate verification in the presence of aliasing. In ISSTA, pages 133--144, 2006. Google ScholarDigital Library
- J. S. Foster, T. Terauchi, and A. Aiken. Flow-sensitive type qualifiers. In PLDI, pages 1--12, 2002. Google ScholarDigital Library
- Ganymed SSH-2 for java. http://www.ganymed.ethz.ch/ssh2/.Google Scholar
- S. Gulwani and A. Tiwari. Computing procedure summaries for interprocedural analysis. In ESOP, pages 253--267, 2007. Google ScholarDigital Library
- R. Jhala and R. Majumdar. Interprocedural analysis of asynchronous programs. In POPL, pages 339--350, 2007. Google ScholarDigital Library
- M. Müller-Olm and H. Seidl. Precise interprocedural analysis through linear algebra. In POPL, pages 330--341, 2004. Google ScholarDigital Library
- G. Nelson and D.C. Oppen. Fast decision procedures based on congruence closure. J. ACM, 27(2):356--364, 1980. Google ScholarDigital Library
- S. Qadeer and D. Wu. Kiss: keep it simple and sequential. In PLDI, pages 14--24, 2004. Google ScholarDigital Library
- T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In POPL, pages 49--61, 1995. Google ScholarDigital Library
- T. Reps, S. Schwoon, S. Jha, and D. Melski. Weighted pushdown systems and their application to interprocedural dataflow analysis. Sci. Comput. Program., 58(1-2):206--263, 2005. Google ScholarDigital Library
- N. Rinetzky, M. Sagiv, and E. Yahav. Interprocedural shape analysis for cutpoint-free programs. In Proc. Static Analysis Symp., 2005. Google ScholarDigital Library
- M. Sagiv, T. Reps, and S. Horwitz. Precise interprocedural dataflow analysis with applications to constant propagation. Theor. Comput. Sci., 167(1-2):131--170, 1996. ISSN 0304-3975. http://dx.doi.org/10.1016/0304-3975(96)00072-2. Google ScholarDigital Library
- M. Sagiv, T.W. Reps, and S. Horwitz. Precise interprocedural dataflow analysis with applications to constant propagation. Theor. Comput. Sci., 167(1&2):131--170, 1996. Google ScholarDigital Library
- A. Salcianu. Pointer Analysis for Java Programs: Novel Techniques and Applications. PhD thesis, Massachusetts Institute of Technology, Cambridge, Massachusetts, USA, 2006. Google ScholarDigital Library
- M. Sharir and A. Pnueli. Two approaches to interprocedural data ow analysis. In S.S. Muchnick and N.D. Jones, editors, Program Flow Analysis: Theory and Applications, chapter 7, pages 189--234. Prentice-Hall, Englewood Cliffs, NJ, 1981.Google Scholar
- R.E. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Software Eng., 12(1):157--171, 1986. Google ScholarDigital Library
- The Ashes suite. The ashes suite. http://www.sable.mcgill.ca/ashes/.Google Scholar
- J. Whaley and M. Rinard. Compositional pointer and escape analysis for java programs. In OOPSLA, pages 187--206, 1999. Google ScholarDigital Library
- Y. Xie and A. Aiken. Scalable error detection using boolean satisfiability. In POPL, pages 351--363, 2005. Google ScholarDigital Library
Index Terms
- Generating precise and concise procedure summaries
Recommendations
Precise and compact modular procedure summaries for heap manipulating programs
PLDI '11We present a strictly bottom-up, summary-based, and precise heap analysis targeted for program verification that performs strong updates to heap locations at call sites. We first present a theory of heap decompositions that forms the basis of our ...
Generating precise and concise procedure summaries
POPL '08We present a framework for generating procedure summaries that are (a) precise - applying the summary in a given context yields the same result as re-analyzing the procedure in that context, and(b) concise - the summary exploits the commonalitiesin the ...
Precise flow-insensitive may-alias analysis is NP-hard
Determining aliases is one of the foundamental static analysis problems, in part because the precision with which this problem is solved can affect the precision of other analyses such as live variables, available expressions, and constant propagation. ...
Comments