Compositional shape analysis
File(s)DTR08-12.pdf (241.22 KB)
Published version
Author(s)
Calcagno, Cristiano
Distefano, Dino
O'Hearn, Peter
Yang, Hongseok
Type
Report
Abstract
This paper describes a compositional shape analysis, where each
procedure is analyzed independently of its callers. The analysis
uses an abstract domain based on a restricted fragment of separation
logic, and assigns a collection of Hoare triples to each procedure;
the triples provide an over-approximation of data structure
usage. Compositionality brings its usual benefits – increased potential
to scale, ability to deal with unknown calling contexts, graceful
way to deal with imprecision – to shape analysis, for the first time.
The analysis rests on a generalized form of abduction (inference
of explanatory hypotheses) which we call bi-abduction. Biabduction
displays abduction as a kind of inverse to the frame problem:
it jointly infers anti-frames (missing portions of state) and
frames (portions of state not touched by an operation), and is the
basis of a new interprocedural analysis algorithm. We have implemented
our analysis algorithm and we report case studies on
smaller programs to evaluate the quality of discovered specifications,
and larger programs (e.g., an entire Linux distribution) to test
scalability and graceful imprecision.
procedure is analyzed independently of its callers. The analysis
uses an abstract domain based on a restricted fragment of separation
logic, and assigns a collection of Hoare triples to each procedure;
the triples provide an over-approximation of data structure
usage. Compositionality brings its usual benefits – increased potential
to scale, ability to deal with unknown calling contexts, graceful
way to deal with imprecision – to shape analysis, for the first time.
The analysis rests on a generalized form of abduction (inference
of explanatory hypotheses) which we call bi-abduction. Biabduction
displays abduction as a kind of inverse to the frame problem:
it jointly infers anti-frames (missing portions of state) and
frames (portions of state not touched by an operation), and is the
basis of a new interprocedural analysis algorithm. We have implemented
our analysis algorithm and we report case studies on
smaller programs to evaluate the quality of discovered specifications,
and larger programs (e.g., an entire Linux distribution) to test
scalability and graceful imprecision.
Date Issued
2008-01-01
Citation
Departmental Technical Report: 08/12, 2008, pp.1-13
Publisher
Department of Computing, Imperial College London
Start Page
1
End Page
13
Journal / Book Title
Departmental Technical Report: 08/12
Copyright Statement
© 2008 The Author(s). This report is available open access under a CC-BY-NC-ND (https://creativecommons.org/licenses/by-nc-nd/4.0/)
Publication Status
Published
Article Number
08/12