Inference of Field-Sensitive Reachability and Cyclicity

In heap-based languages, knowing that a variable x points to an acyclic data structure is useful for analyzing termination. This information guarantees that the depth of the data structure to which x points is greater than the depth of the structure pointed to by x.fld, and allows bounding the number of iterations of a loop that traverses the data structure on fld. In general, proving termination needs acyclicity, unless program-specific or nonautomated reasoning is performed. However, recent work could prove that certain loops terminate even without inferring acyclicity, because they traverse data structures “acyclically.” Consider a double-linked list: if it is possible to demonstrate that every cycle involves both the “next” and the “prev” field, then a traversal on “next” terminates since no cycle will be traversed completely. This article develops a static analysis inferring field-sensitive reachability and cyclicity information, which is more general than existing approaches. Propositional formulæ are computed, which describe which fields may or may not be traversed by paths in the heap. Consider a tree with edges “left” and “right” to the left and right subtrees, and “parent” to the parent node: termination of a loop traversing leaf-up cannot be guaranteed by state-of-the-art analyses. Instead, propositional formulæ computed by this analysis indicate that cycles must traverse “parent” and at least one between “left” and “right”: termination is guaranteed, as no cycle is traversed completely. This work defines the necessary abstract domains and builds an abstract semantics on them. A prototypical implementation provides the expected result on relevant examples.

• Publication year

  2013

• Venue

  TOCL

• Publication date

  2013-06-27

• Fields of study

  Mathematics, Computer Science

• Identifiers
  DOI 10.1145/2629478arXiv 1306.6526
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Field-sensitive unreachability and non-cyclicity analysis

  2014influential reference
• On the Inference of Resource Usage Upper and Lower Bounds

  2013cited by this paper
• Interprocedural Shape Analysis for Effectively Cutpoint-Free Programs

  2013cited by this paper
• Reachability-based acyclicity analysis by Abstract Interpretation

  2012cited by this paper
• Reachability analysis of program variables

  2012cited by this paper
• Cost analysis of object-oriented bytecode programs

  2012cited by this paper
• Automated Termination Proofs for Java Programs with Cyclic Data

  2012cited by this paper
• The Acyclicity Inference of COSTA

  2010cited by this paper
• A Termination Analyser for Java Bytecode Based on Path-Length

  2009cited by this paper
• Constancy Analysis

  2008cited by this paper
• Cyclic proofs of program termination in separation logic

  2008cited by this paper
• Termination Analysis of Java Bytecode

  2008cited by this paper
• Shape Analysis of Single-Parent Heaps

  2007cited by this paper
• Automatic Termination Proofs for Programs with Shape-Shifting Heaps

  2006cited by this paper
• Automatic Termination Proofs in the Dependency Pair Framework

  2006cited by this paper
• Termination proofs for systems code

  2006cited by this paper
• Detecting Non-cyclicity by Abstract Compilation into Boolean Functions

  2006cited by this paper
• A brief survey of program slicing

  2005cited by this paper
• A semantics for procedure local heaps and its abstractions

  2005cited by this paper
• Shape Analysis by Predicate Abstraction

  2005cited by this paper
• Pair-Sharing Analysis of Object-Oriented Programs

  2005cited by this paper
• Toward Symbolic Verification of Programs Handling Pointers

  2004cited by this paper
• Class analyses as abstract interpretations of trace semantics

  2003cited by this paper
• Separation logic: a logic for shared mutable data structures

  2002cited by this paper
• Pointer analysis: haven't we solved this problem yet?

  2001cited by this paper
• Shape Analysis

  2000cited by this paper
• Parametric shape analysis via 3-valued logic

  1999cited by this paper
• Model-Checking: A Tutorial Introduction

  1999cited by this paper
• Construction of Abstract State Graphs with PVS

  1997cited by this paper
• Garbage collection: algorithms for automatic dynamic memory management

  1996cited by this paper
• Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C

  1996cited by this paper
• Cost analysis of logic programs

  1993cited by this paper
• Verifying reachability invariants of linked structures

  1983cited by this paper
• Systematic design of program analysis frameworks

  1979cited by this paper
• Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

  1977cited by this paper
• Mechanical program analysis

  1975cited by this paper
• Centrum Voor Wiskunde En Informatica the S-semantics Approach: Theory and Applications

  year unknowncited by this paper

• Automated reasoning and randomization in separation logic

  2020cites this paper
• Field-sensitive sharing

  2018cites this paper
• Harrsh: A Tool for Unied Reasoning about Symbolic-Heap Separation Logic

  2018cites this paper
• Modular Heap Shape Analysis for Java Programs ∗

  2017cites this paper
• Unified Reasoning About Robustness Properties of Symbolic-Heap Separation Logic

  2016cites this paper