Bottom-up shape analysis using LISF

In this article, we present a new shape analysis algorithm. The key distinguishing aspect of our algorithm is that it is completely compositional, bottom-up and noniterative. We present our algorithm as an inference system for computing Hoare triples summarizing heap manipulating programs. Our infer...

Full description

Saved in:
Bibliographic Details
Published inACM transactions on programming languages and systems Vol. 33; no. 5; pp. 1 - 41
Main Authors Gulavani, Bhargav S., Chakraborty, Supratik, Ramalingam, G., Nori, Aditya V.
Format Journal Article
LanguageEnglish
Published New York, NY Association for Computing Machinery 01.11.2011
Subjects
Algorithms
Applied sciences
Computer science; control theory; systems
Computer systems performance. Reliability
Exact sciences and technology
Language processing and microprogramming
Software
Theory
Abstract
Inference
Verification
Program analysis
Program verification
Stack
Algorithms
Compositional analysis
Boolean logic
separation logic
Abduction
Morphological analysis
Bottom up method
Compositionality
Inference rule
Algorithm analysis
Satisfiability
Hoare logic
Online AccessGet full text

Cover

More Information
Summary:In this article, we present a new shape analysis algorithm. The key distinguishing aspect of our algorithm is that it is completely compositional, bottom-up and noniterative. We present our algorithm as an inference system for computing Hoare triples summarizing heap manipulating programs. Our inference rules are compositional: Hoare triples for a compound statement are computed from the Hoare triples of its component statements. These inference rules are used as the basis for bottom-up shape analysis of programs. Specifically, we present a Logic of Iterated Separation Formulae (LISF), which uses the iterated separating conjunct of Reynolds [2002] to represent program states. A key ingredient of our inference rules is a strong bi-abduction operation between two logical formulas. We describe sound strong bi-abduction and satisfiability procedures for LISF. We have built a tool called S p I n E that implements these inference rules and have evaluated it on standard shape analysis benchmark programs. Our experiments show that S p I n E can generate expressive summaries, which are complete functional specifications in many cases.
Bibliography:ObjectType-Article-2
SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 23
ISSN:0164-0925
1558-4593
DOI:10.1145/2039346.2039349