2013
DOI: 10.1007/978-3-642-35873-9_23
|View full text |Cite
|
Sign up to set email alerts
|

Reduced Product Combination of Abstract Domains for Shapes

Abstract: Real-world data structures are often enhanced with additional pointers capturing alternative paths through a basic inductive skeleton (e.g., back pointers, head pointers). From the static analysis point of view, we must obtain several interlocking shape invariants. At the same time, it is well understood in abstract interpretation design that supporting a separation of concerns is critically important to designing powerful static analyses. Such a separation of concerns is often obtained via a reduced product o… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
22
0

Year Published

2014
2014
2022
2022

Publication Types

Select...
6

Relationship

4
2

Authors

Journals

citations
Cited by 23 publications
(22 citation statements)
references
References 24 publications
0
22
0
Order By: Relevance
“…Note that, in the case of path traversals, memory safety requires the analysis to localize the cursor as a valid graph node, at all times (the strongest set property, captured by the graph inductive definitions of Figure 2). The analysis time spent in the shape domain is in line with those usually observed in the analyzer [26,27], yet the BDD-based set domain proves inefficient in this situation and accounts for most of the analysis time for two reasons: (1) it is far too expressive and keeps properties that are not relevant to the analysis and (2) set variables renaming (required after joins) necessitate full recomputation of BDDs. By contrast, the "LIN" set domain is tailored for the predicates required in the analysis, and produces very quick analysis run-times.…”
Section: Empirical Evaluationmentioning
confidence: 72%
See 1 more Smart Citation
“…Note that, in the case of path traversals, memory safety requires the analysis to localize the cursor as a valid graph node, at all times (the strongest set property, captured by the graph inductive definitions of Figure 2). The analysis time spent in the shape domain is in line with those usually observed in the analyzer [26,27], yet the BDD-based set domain proves inefficient in this situation and accounts for most of the analysis time for two reasons: (1) it is far too expressive and keeps properties that are not relevant to the analysis and (2) set variables renaming (required after joins) necessitate full recomputation of BDDs. By contrast, the "LIN" set domain is tailored for the predicates required in the analysis, and produces very quick analysis run-times.…”
Section: Empirical Evaluationmentioning
confidence: 72%
“…We implemented inductive definitions with set predicates into the MemCAD static analyzer [26,27] and integrated set constraints as part of the numerical domain [6], so as to assess (1) whether it achieves the verification of structure preservation in the presence of sharing, and (2) if the memory abstract domain efficiency is preserved. The analysis takes a set abstract domain as a parameter to represent set constraints.…”
Section: Empirical Evaluationmentioning
confidence: 99%
“…In previous work [22], we proposed a reduced product for memory abstractions as a generic abstract domain combinator. This combinator does not rely on separation and provides a different form of separation of concerns than our separating combinator: in [22], sub-domains express a collection of properties of the same structure whereas the separating conjunction operator combines domains representing distinct structures.…”
Section: Related Workmentioning
confidence: 99%
“…This combinator does not rely on separation and provides a different form of separation of concerns than our separating combinator: in [22], sub-domains express a collection of properties of the same structure whereas the separating conjunction operator combines domains representing distinct structures. Moreover, we introduced a hierarchical memory abstraction to abstract structures allocated inside other structures [21]; in that work the whole memory is abstracted in the main domain, and a sub-domain describes nested structures.…”
Section: Related Workmentioning
confidence: 99%
“…-Parametric abstraction combinators -Effective reasoning about sets enables the construction of new domain combinators that do not yet exist today without relational set abstractions. When combining abstract domains [21,22], it is often useful to be able to express relationships between an unbounded number of elements in each abstract domain. With a relational domain for sets it is possible to express these relationships efficiently and effectively.…”
Section: Introductionmentioning
confidence: 99%