Field-sensitive sharing

Abstract

In static analysis of programming languages with dynamic memory, sharing analysis tries to infer if two variables point to data structures which are not disjoint. I.e., two variables share at a certain program point if there is a memory cell which can be accessed from both via two converging paths in the heap.Sharing information is used as an auxiliary component in a number of static analysis techniques: to know that two variables do not share any memory cell allows to guarantee that any modification to the first variable has no effect on the data structure accessible from the second. On the other hand, if it cannot be guaranteed that the data structures accessible from two variables x and y are disjoint, then a loss of information occurs in that any update to x must be considered as a possible update of y, thus making the inference of interesting program properties much harder.This paper introduces a novel sharing analysis which takes into account the fields involved in converging paths. For every two variables and every program point, a propositional formula, called a path-formula, is computed, that describes which fields may or may not be traversed by converging paths in the heap. Let x point to an object representing a phone contact, x.f point to the beginning of a single-linked list (the user's phone numbers), and x.g point to other information. On the other hand, let y point to the second element of the number list. In this case, x and y share, so that existing analyses based on sharing have to admit that an update of x.g may modify y, thus invalidating previous information about it. However, field-sensitive information like “for every two converging paths πx and πy from x and y, respectively, πx does not traverse field f ” allows to infer that the data structure pointed to by y will not be modified by updating x.g.Besides improving existing static analysis techniques, the field-sensitive sharing analysis is interesting in itself, and can be formalized in the framework of abstract interpretation as a refinement of traditional sharing.