Low-Level Bi-Abduction

TL;DR

This paper introduces a novel static analysis method for open programs with complex pointer structures, utilizing an extended bi-abduction approach to generate function contracts without initialising data structures.

Contribution

It develops an advanced bi-abduction-based analysis for open programs with low-level pointer operations, enabling analysis without prior data structure initialization.

Findings

Successfully analyzed complex pointer-linked programs

Generated accurate function contracts without initial data setup

Extended bi-abduction methods for low-level pointer operations

Abstract

The paper proposes a new static analysis designed to handle open programs, i.e., fragments of programs, with dynamic pointer-linked data structures - in particular, various kinds of lists - that employ advanced low-level pointer operations. The goal is to allow such programs be analysed without a need of writing analysis harnesses that would first initialise the structures being handled. The approach builds on a special flavour of separation logic and the approach of bi-abduction. The code of interest is analyzed along the call tree, starting from its leaves, with each function analysed just once without any call context, leading to a set of contracts summarizing the behaviour of the analysed functions. In order to handle the considered programs, methods of abduction existing in the literature are significantly modified and extended in the paper. The proposed approach has been implemented in a tool prototype and successfully evaluated on not large but complex programs.