A Local Shape Analysis Based on Separation Logic

Distefano, Dino; O’Hearn, Peter W.; Yang, Hongseok

doi:10.1007/11691372_19

Cited by 242 publications

(263 citation statements)

References 16 publications

Supporting

Mentioning

263

Contrasting

Order By: Relevance

“…We highlight some of them here. The local shape analysis by Distefano et al [4] was able to infer automatically loop invariants for list-processing programs, which formed the early-version SpaceInvader tool. Gotsman et al [16] proposed an interprocedural shape analysis for the SLAyer tool.…”

Section: Related Workmentioning

confidence: 99%

“…This is an improvement over previous works [1,2] where users must provide full specifications for each method and invariants for each loop. This is also significantly different from compositional shape analysis [3,4,5]. In spite of a higher level of automation, their analysis focuses on pointer safety only and deals primarily with a few built-in predicates over the shape domain only.…”

Section: Introductionmentioning

confidence: 99%

“…For example, with a singly-linked list structure data node { int val; node next; }, a user interested in pointer-safety may define a list shape predicate (as in [3,4]):…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Automatically refining partial specifications for heap-manipulating programs

Qin

Luo

et al. 2014

Science of Computer Programming

View full text Add to dashboard Cite

Automatically verifying heap-manipulating programs is a challenging task, especially when dealing with complex data structures with strong invariants, such as sorted lists and AVL/red-black trees. The verification process can greatly benefit from human assistance through specification annotations, but this process requires intellectual effort from users and is error-prone. In this paper, we propose a new approach to program verification that allows users to provide only partial specification to methods. Our approach will then refine the given annotation into a more complete specification by discovering missing constraints. The discovered constraints may involve both numerical and multi-set properties that could be later confirmed or revised by users. We further augment our approach by requiring partial specification to be given only for primary methods. Specifications for loops and auxiliary methods can then be systematically discovered by our augmented mechanism, with the help of information propagated from the primary methods. Our work is aimed at verifying beyond shape properties, with the eventual goal of analysing full functional properties for pointer-based data structures. Initial experiments have confirmed that we can automatically refine partial specifications with non-trivial constraints, thus making it easier for users to handle specifications with richer properties.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Automatically refining partial specifications for heap-manipulating programs

Qin

Luo

et al. 2014

Science of Computer Programming

View full text Add to dashboard Cite

show abstract

“…Furthermore, the pure part of a symbolic heap does not contain membership expressions e ∈ α; all memberships are implicitly expressed using the subscript formulae − α . These and other syntactic restrictions in symbolic heaps (such as the absence of disjunction and negation) are imposed so that we can reuse the core components of existing separation-logic based shape analyses, such as abstraction algorithms and transfer functions [6]. We write SH for the set of all symbolic heaps.…”

Section: Abstract Statesmentioning

confidence: 99%

“…Hence, if our intentions are properly implemented, the reasoning steps necessary for inserting trans and move(e, α) can be done using R r and R p . 6 The definitions of c r and c p in Figure 5 follow our intentions. The only exception is in the use of deref and gen r (x:=e.f, X).…”

Section: Pre-analysismentioning

confidence: 99%

Program Analysis for Overlaid Data Structures

Lee

Yang

Petersen

2011

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Abstract. We call a data structure overlaid, if a node in the structure includes links for multiple data structures and these links are intended to be used at the same time. In this paper, we present a static program analysis for overlaid data structures. Our analysis implements two main ideas. The first is to run multiple sub-analyses that track information about non-overlaid data structures, such as lists. Each sub-analysis infers shape properties of only one component of an overlaid data structure, but the results of these sub-analyses are later combined to derive the desired safety properties about the whole overlaid data structure. The second idea is to control the communication among the sub-analyses using ghost states and ghost instructions. The purpose of this control is to achieve a high level of efficiency by allowing only necessary information to be transferred among sub-analyses and at as few program points as possible. Our analysis has been successfully applied to prove the memory safety of the Linux deadline IO scheduler and AFS server.

show abstract

Automatic Termination Proofs for Programs with Shape-Shifting Heaps

Berdine

Cook

Distefano

et al. 2006

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

We describe a new program termination analysis designed to handle imperative programs whose termination depends on the mutation of the program's heap. We first describe how an abstract interpretation can be used to construct a finite number of relations which, if each is well-founded, implies termination. We then give an abstract interpretation based on separation logic formulae which tracks the depths of pieces of heaps. Finally, we combine these two techniques to produce an automatic termination prover. We show that the analysis is able to prove the termination of loops extracted from Windows device drivers that could not be proved terminating before by other means; we also discuss a previously unknown bug found with the analysis.

show abstract

A Local Shape Analysis Based on Separation Logic

Abstract: Abstract. We describe a program analysis for linked list programs where the abstract domain uses formulae from separation logic.

Cited by 242 publications

References 16 publications

Automatically refining partial specifications for heap-manipulating programs

Automatically refining partial specifications for heap-manipulating programs

Program Analysis for Overlaid Data Structures

Automatic Termination Proofs for Programs with Shape-Shifting Heaps

Contact Info

Product

Resources

About