On Modular Pluggable Analyses Using Set Interfaces

We present a technique that enables the focused applicationof multiple analyses to different modules in the same program. Our researchhas two goals: 1) to address the scalability limitations of preciseanalyses by focusing the analysis on only those parts of the program thatare relevant to the properties that the analysis is designed to verify, and2) to enable the application of specialized analyses that verify propertiesof specifc classes of data structures to programs that simultaneouslymanipulate several dfferent kinds of data structures.In our approach, each module encapsulates a data structure and usesmembership in abstract sets to characterize how objects participate inits data structure. Each analysis verifies that the implementation of themodule 1) preserves important internal data structure representationinvariants and 2) conforms to a specification that uses formulas in a setalgebra to characterize the effects of operations on the data structure.The analyses use the common set abstraction to 1) characterize howobjects participate in multiple data structures and to 2) enable the interanalysiscommunication required to verify properties that depend onmultiple modules analyzed by different analyses.We characterize the key soundness property that an analysis plugin mustsatisfy to successfully participate in our system and present several analysisplugins that satisfy this property: a flag plugin that analyzes modulesin which abstract set membership is determined by a flag field in eachobject, and a graph types plugin that analyzes modules in which abstractset membership is determined by reachability properties of objects storedin tree-like data structures.