Automatically refining partial specifications for heap-manipulating programs

Existing implementations of dynamic memory allocators (DMA) employ a large spectrum of policies and techniques. The formal specifications of these techniques are quite complicated in isolation and very complex when combined. Therefore, the formal reasoning on a specific DMA implementation is difficult for automatic tools and mostly single-use. This paper proposes a solution to this problem by providing formal models for a full class of DMA, the class using various kinds of lists to manage the memory blocks controlled by the DMA. To obtain reusable formal models and tractable formal reasoning, we organise these models in a hierarchy ranked by refinement relations. We prove the soundness of models and the refinement relations using the modeling framework Event-B and the theorem prover Rodin. We demonstrate that our hierarchy is a basis for an algorithm theory for list based DMA: it abstracts various existing implementations of DMA and leads to new DMA implementations. The applications of this formalisation include model-based code generation, testing, and static analysis.

show abstract

“…It could motivate the extension or the direct application of general purpose methods based on SL, e.g., Refs. [26,27].…”

Section: Related Work and Conclusionmentioning

confidence: 99%

Formal modelling of list based dynamic memory allocators

Fang

Sighireanu

et al. 2018

Sci. China Inf. Sci.

View full text Add to dashboard Cite

show abstract

“…Another direction that we want to pursuit is related with inference and scalability. Although the specifications written so far have been supplied by us, recent developments [25,26,28,27] in Hip/Sleek will allow the automatic inference of properties, making our approach more scalable.…”

Section: Future Workmentioning

confidence: 99%

Automated verification of the FreeRTOS scheduler in Hip/Sleek

Ferreira

Gherghina

et al. 2014

Int J Softw Tools Technol Transfer

Self Cite

View full text Add to dashboard Cite

Automated verification of operating system kernels is a challenging problem, partly due to the use of shared mutable data structures. In this paper, we show how we can automatically verify memory safety and functional correctness properties of the task sched-uler component of the FreeRTOS kernel using the verification system Hip/Sleek. We show how some of Hip/Sleek features like user-defined predicates and lemmas make the specifications highly expressive and the verification process viable. To the best of our knowledge , this is the first code-level verification of memory safety and functional correctness properties of the FreeRTOS scheduler. The outcome of our experiment confirms that Hip/Sleek can indeed be used to verify code that is used in production. Moreover, since the properties that we verify are quite general, we envisage that the same approach can be adopted to verify components of other operating systems.

show abstract

“…More recently, Qin et al [7,33,34] propose a separation logic based approach to synthesize loop invariants involving both shape and numerical properties by utilizing a combined separation and numerical domain to enhance the Hip/Sleek [35,36] system which previously relied on users to provide annotations describing loop invariants. Due to the usage of separation logic, their approach enjoys the benefit from the frame rule and thus supports local reasoning, but relies on a separation logic prover for entailment checking over the heap domain.…”

Section: Related Workmentioning

confidence: 99%

Static analysis of lists by combining shape and numerical abstractions

Chen

et al. 2014

Science of Computer Programming

View full text Add to dashboard Cite

h i g h l i g h t s• We propose a light-weight shape abstraction for lists based on bit vectors. • We use numerical abstractions to infer relations among sizes of list segments. • We combine shape and numerical abstractions to analyze programs with lists.• We extend our approach to fit for analyzing circular lists.• Experiments show that our approach find intricate length properties for lists. a r t i c l e i n f o a b s t r a c t Abstract interpretation Lists Abstract domains Shape analysisWe present an approach in the framework of abstract interpretation to analyze listmanipulating programs by combining shape and numerical abstractions. The analysis automatically divides a list into non-overlapping list segments according to the reachability property of pointer variables to list nodes. The list nodes in each segment are abstracted by a bit-vector wherein each bit corresponds to a pointer variable and indicates whether the nodes can be reached by that pointer variable. Moreover, for each bit-vector, we introduce an auxiliary integer variable, namely a counter variable, to record the number of nodes in the segment abstracted by that bit-vector. On this basis, we leverage the power of numerical abstractions to discover numerical relations among counter variables, so as to infer relational length properties among list segments. Furthermore, we show how our approach works for circular lists. Our approach stands out in its ability to find intricate properties that involve both shape and numerical information, which are important for checking program properties such as memory safety. A prototype is implemented and preliminary experimental results are encouraging.

show abstract

Automatically refining partial specifications for heap-manipulating programs

Cited by 7 publications

References 50 publications

Formal modelling of list based dynamic memory allocators

Formal modelling of list based dynamic memory allocators

Automated verification of the FreeRTOS scheduler in Hip/Sleek

Static analysis of lists by combining shape and numerical abstractions

Contact Info

Product

Resources

About