Thread-Modular Static Analysis for Relaxed Memory Models

We propose a memory-model-aware static program analysis method for accurately analyzing the behavior of concurrent software running on processors with weak consistency models such as x86-TSO, SPARC-PSO, and SPARC-RMO. At the center of our method is a unified framework for deciding the feasibility of inter-thread interferences to avoid propagating spurious data flows during static analysis and thus boost the performance of the static analyzer. We formulate the checking of interference feasibility as a set of Datalog rules which are both efficiently solvable and general enough to capture a range of hardware-level memory models. Compared to existing techniques, our method can significantly reduce the number of bogus alarms as well as unsound proofs. We implemented the method and evaluated it on a large set of multithreaded C programs. Our experiments showthe method significantly outperforms state-of-the-art techniques in terms of accuracy with only moderate run-time overhead.Comment: revised version of the ESEC/FSE 2017 pape

Automatic Inference of Heap Properties Exploiting Value Domains

Effective static analysis of heap manipulating programs is required to track precise information about the heap structures and values computed by the program. In this paper, we introduce a combined heap and value analysis that infers complex invariants for recursive data structures like lists and trees, in particular relations between value fields of heap-allocated objects. Our analysis does not require any manual annotation of the program. Different performance/precision ratios are achieved by selecting different value domains. The analysis has been implemented in the generic static analyzer Sample. The experimental results show that the analysis infers invariants automatically that required manual annotations in the state-of-the-art analyses

Automatic inference of heap properties exploiting value domains

Eective static analyses of heap-manipulating programs need to track precise information about the heap structures and the values computed by the program. Most existing heap analyses rely on man- ual annotations to precisely analyze general and, in particular, recursive, heap structures. Moreover, they either do not exploit value information to obtain more precise heap information or require more annotations for this purpose. In this paper, we present a combined heap and value anal- ysis that infers complex invariants for recursive heap structures such as lists and trees, including relations between value elds of heap-allocated objects. Our analysis uses a novel notion of edge-local identiers to track value information about the source and target of a pointer, even if these are summary nodes. With each potential pointer in the heap, our analysis associates value information that describes in which states the pointer may exist, and uses this information to improve the precision of the analysis by pruning infeasible heap structures. Our analysis has been implemented in the static analyzer Sample; experimental results show that it can automatically infer invariants for data structures, for which state-of-the-art analyses require manual annotations