A general data dependence test for dynamic, pointer-based data structures
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Solving shape-analysis problems in languages with destructive updating
ACM Transactions on Programming Languages and Systems (TOPLAS)
Parametric shape analysis via 3-valued logic
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficient points-to analysis for whole-program analysis
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
Putting static analysis to work for verification: A case study
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Scalable context-sensitive flow analysis using instantiation constraints
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Verifying safety properties of concurrent Java programs using 3-valued logic
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
BI as an assertion language for mutable data structures
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Demand-driven pointer analysis
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Incrementalized pointer and escape analysis
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Enforcing high-level protocols in low-level software
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Parallelizing Programs with Recursive Data Structures
IEEE Transactions on Parallel and Distributed Systems
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Checking Cleanness in Linked Lists
SAS '00 Proceedings of the 7th International Symposium on Static Analysis
TVLA: A System for Implementing Static Analyses
SAS '00 Proceedings of the 7th International Symposium on Static Analysis
A practical flow-sensitive and context-sensitive C and C++ memory leak detector
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Separation and information hiding
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Verifying safety properties using separation and heterogeneous abstractions
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Low-overhead memory leak detection using adaptive statistical profiling
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Static analysis of accessed regions in recursive data structures
SAS'03 Proceedings of the 10th international conference on Static analysis
Context- and path-sensitive memory leak detection
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Verifying properties of well-founded linked lists
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Recursive data structure profiling
Proceedings of the 2005 workshop on Memory system performance
A specification-based approach to reasoning about pointers
SAVCBS '05 Proceedings of the 2005 conference on Specification and verification of component-based systems
Compile-time deallocation of individual objects
Proceedings of the 5th international symposium on Memory management
SAFECode: enforcing alias analysis for weakly typed languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Static detection of leaks in polymorphic containers
Proceedings of the 28th international conference on Software engineering
HeapMD: identifying heap-based bugs using anomaly detection
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Saturn: A scalable framework for error detection using Boolean satisfiability
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special issue on POPL 2005
Making context-sensitive points-to analysis with heap cloning practical for the real world
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
CGCExplorer: a semi-automated search procedure for provably correct concurrent collectors
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Practical memory leak detection using guarded value-flow analysis
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Heap analysis in the presence of collection libraries
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Heap reference analysis using access graphs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Detecting and eliminating memory leaks using cyclic memory allocation
Proceedings of the 6th international symposium on Memory management
Uniqueness inference for compile-time object deallocation
Proceedings of the 6th international symposium on Memory management
Effective typestate verification in the presence of aliasing
ACM Transactions on Software Engineering and Methodology (TOSEM)
Shape Analysis by Refining on Abstract Evaluation Path
Electronic Notes in Theoretical Computer Science (ENTCS)
Precise memory leak detection for java software using container profiling
Proceedings of the 30th international conference on Software engineering
Conditional correlation analysis for safe region-based memory management
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Heap Decomposition for Concurrent Shape Analysis
SAS '08 Proceedings of the 15th international symposium on Static Analysis
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Scalable Shape Analysis for Systems Code
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Typestate-like analysis of multiple interacting objects
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Finding programming errors earlier by evaluating runtime monitors ahead-of-time
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Semi-sparse flow-sensitive pointer analysis
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Compositional shape analysis by means of bi-abduction
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficient alias set analysis using SSA form
Proceedings of the 2009 international symposium on Memory management
Identification of logically related heap regions
Proceedings of the 2009 international symposium on Memory management
GC assertions: using the garbage collector to check heap properties
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Demand-driven memory leak detection based on flow- and context-sensitive pointer analysis
Journal of Computer Science and Technology
Region Analysis for Race Detection
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
A static heap analysis for shape and connectivity: unified memory analysis: the base framework
LCPC'06 Proceedings of the 19th international conference on Languages and compilers for parallel computing
Modular shape analysis for dynamically encapsulated programs
ESOP'07 Proceedings of the 16th European conference on Programming
Maintaining doubly-linked list invariants in shape analysis with local reasoning
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Shape analysis by graph decomposition
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Shape analysis for composite data structures
CAV'07 Proceedings of the 19th international conference on Computer aided verification
An overview of the Jahob analysis system: project goals and current status
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Loop invariant synthesis in a combined domain
ICFEM'10 Proceedings of the 12th international conference on Formal engineering methods and software engineering
Infer: an automatic program verifier for memory safety of C programs
NFM'11 Proceedings of the Third international conference on NASA Formal methods
Automatically refining partial specifications for program verification
FM'11 Proceedings of the 17th international conference on Formal methods
Compositional Shape Analysis by Means of Bi-Abduction
Journal of the ACM (JACM)
Recency-Abstraction for heap-allocated storage
SAS'06 Proceedings of the 13th international conference on Static Analysis
Interprocedural shape analysis with separated heap abstractions
SAS'06 Proceedings of the 13th international conference on Static Analysis
Memory leak analysis by contradiction
SAS'06 Proceedings of the 13th international conference on Static Analysis
Memory leaks detection in java by bi-abductive inference
FASE'10 Proceedings of the 13th international conference on Fundamental Approaches to Software Engineering
A type system for reachability and acyclicity
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Data structure specifications via local equality axioms
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Interprocedural shape analysis for cutpoint-free programs
SAS'05 Proceedings of the 12th international conference on Static Analysis
Precise shape analysis using field sensitivity
Proceedings of the 27th Annual ACM Symposium on Applied Computing
A data dependence test based on the projection of paths over shape graphs
Journal of Parallel and Distributed Computing
Shape analysis with structural invariant checkers
SAS'07 Proceedings of the 14th international conference on Static Analysis
Footprint analysis: a shape analysis that discovers preconditions
SAS'07 Proceedings of the 14th international conference on Static Analysis
Loop invariant synthesis in a combined abstract domain
Journal of Symbolic Computation
Interprocedural path-sensitive resource leaks detection for C programs
Proceedings of the Fourth Asia-Pacific Symposium on Internetware
Dynamically validating static memory leak warnings
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Precise memory leak detection for java software using container profiling
ACM Transactions on Software Engineering and Methodology (TOSEM) - In memoriam, fault detection and localization, formal methods, modeling and design
Precise shape analysis using field sensitivity
Innovations in Systems and Software Engineering
LeakChecker: Practical Static Memory Leak Detection for Managed Languages
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
Invariants synthesis over a combined domain for automated program verification
Theories of Programming and Formal Methods
Automatically refining partial specifications for heap-manipulating programs
Science of Computer Programming
| Hi-index | 0.01 |
This paper proposes a novel approach to shape analysis: using local reasoning about individual heap locations instead of global reasoning about entire heap abstractions. We present an inter-procedural shape analysis algorithm for languages with destructive updates. The key feature is a novel memory abstraction that differs from traditional abstractions in two ways. First, we build the shape abstraction and analysis on top of a pointer analysis. Second, we decompose the shape abstraction into a set of independent configurations, each of which characterizes one single heap location. Our approach: 1) leads to simpler algorithm specifications, because of local reasoning about the single location; 2) leads to efficient algorithms, because of the smaller granularity of the abstraction; and 3) makes it easier to develop context-sensitive, demand-driven, and incremental shape analyses.We also show that the analysis can be used to enable the static detection of memory errors in programs with explicit deallocation. We have built a prototype tool that detects memory leaks and accesses through dangling pointers in C programs. The experiments indicate that the analysis is sufficiently precise to detect errors with low false positive rates; and is sufficiently lightweight to scale to larger programs. For a set of three popular C programs, the tool has analyzed about 70K lines of code in less than 2 minutes and has produced 97 warnings, 38 of which were actual errors.