Team abstraction

Overall Objectives
Scientific Foundations
Application Domains
New Results
Contracts and Grants with Industry
Other Grants and Activities

Section: New Results

Shape Analysis

We have extended the Xisa (eXtensible Inductive Shape Analysis) framework, in order to better deal with low level coding styles and programming languages, and in order to analyze recursive programs in a context dependent way. We also introduced a classification for semantic memory models.

Separating Shape Graphs

Participants : Bor-Yuh Evan Chang [University of Colorado at Boulder (USA)] , Vincent Laviron, Xavier Rival.

Detailed memory models that expose individual fields are necessary to precisely analyze code that makes use of low-level aspects such as, pointers to fields and untagged unions. Yet, higher-level representations that collect fields into records are often used because they are typically more convenient and efficient in modeling the program heap. In this [27] , we presented a shape graph representation of memory that exposes individual fields while largely retaining the convenience of an object-level model. This representation has a close connection to particular kinds of formulas in separation logic. Then, with this representation, we showed how to extend the Xisa shape analyzer for low-level aspects, including pointers to fields, C-style nested structures and unions, malloc and free, and array values, with minimal changes to the core algorithms (e.g., materialization and summarization).

Concrete Memory Models for Shape Analysis

Participants : Bertrand Jeannet [INRIA Rhône-Alpes, POP'ART Team] , Xavier Rival, Pascal Sotin [INRIA Rhône-Alpes, POP'ART Team] .

In [31] , we discussed four store-based concrete memory models. We characterized memory models by the class of pointers they support and whether they use numerical or symbolic offsets to address values in a block. We gave the semantics of a C-like language within each of these memory models to illustrate their differences. Considering a fragment of Leroy’s Clight, including arrays, pointer arithmetics but excluding casts, we linked these concrete memory models with existing shape analyses.

Abstracting Calling-Context with Shapes

Participants : Bor-Yuh Evan Chang [University of Colorado at Boulder (USA)] , Xavier Rival.

Interprocedural program analysis is often performed by computing procedure summaries. While possible, computing adequate summaries is difficult, particularly in the presence of recursive procedures. In [29] , we propose a complementary framework for interprocedural analysis based on a direct abstraction of the calling context. Specifically, our approach exploits the inductive structure of a calling context by treating it directly as a stack of activation records. We built an abstraction based on separation logic with inductive definitions. A key element of this abstract domain is the use of parameters to refine the meaning of such call stack summaries and thus express relations across activation records and with the heap. In essence, we define an abstract interpretation-based analysis framework for recursive programs that permits a fluid per call site abstraction of the call stack—much like how shape analyzers enable a fluid per program point abstraction of the heap.


Logo Inria