FixBag: A Fixpoint Calculator for Quantified Bag Constraints

Pham, Tuan-Hung; Trinh, Minh-Thai; Truong, Anh-Hoang; Chin, Wei-Ngan

doi:10.1007/978-3-642-22110-1_53

Cited by 11 publications

(14 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Secondly, instead of a direct fixpoint computation in the combined abstract domain (with shape, numerical and bag information), a "pure" constraint abstraction (without heap shape information) is derived from the generated constraint abstraction. This pure constraint abstraction is then solved by fixpoint solvers in pure (numerical and bag) domains, such as [9,10,11].…”

Section: An Illustrative Examplementioning

confidence: 99%

“…It first finds the "centre" node in the list (root), where the difference between numbers of nodes to the left and to the right of the centre node is at most one (lines 5-10), as Fig 3 (a) shows. It then applies the algorithm recursively on both list segments to the left and to the right of the centre node, and regards the centre node as the tree's root, whose left and right children are the resulting subtrees' roots from the recursive calls (lines [11][12][13][14][15][16][17], as in Fig 3 (b) and (c). As the data structures of doubly-linked list and binary tree are homomorphic (line 0), the algorithm reuses the nodes in the input instead of creating a new tree, making itself in-place.…”

Section: Another Illustrative Examplementioning

confidence: 99%

“…The termination of fixpoint solver has been proved [10,11]. The non-termination problem of abduction may be caused by infinite number of unrolling in rule (R2), or infinitely recursive application of rule (R3).…”

Section: Theorem 1 (Termination) Our Analysis Terminates In a Finitementioning

confidence: 99%

See 2 more Smart Citations

Automatically refining partial specifications for heap-manipulating programs

Qin

Luo

et al. 2014

Science of Computer Programming

Self Cite

View full text Add to dashboard Cite

Automatically verifying heap-manipulating programs is a challenging task, especially when dealing with complex data structures with strong invariants, such as sorted lists and AVL/red-black trees. The verification process can greatly benefit from human assistance through specification annotations, but this process requires intellectual effort from users and is error-prone. In this paper, we propose a new approach to program verification that allows users to provide only partial specification to methods. Our approach will then refine the given annotation into a more complete specification by discovering missing constraints. The discovered constraints may involve both numerical and multi-set properties that could be later confirmed or revised by users. We further augment our approach by requiring partial specification to be given only for primary methods. Specifications for loops and auxiliary methods can then be systematically discovered by our augmented mechanism, with the help of information propagated from the primary methods. Our work is aimed at verifying beyond shape properties, with the eventual goal of analysing full functional properties for pointer-based data structures. Initial experiments have confirmed that we can automatically refine partial specifications with non-trivial constraints, thus making it easier for users to handle specifications with richer properties.

show abstract

Section: An Illustrative Examplementioning

confidence: 99%

Section: Another Illustrative Examplementioning

confidence: 99%

See 1 more Smart Citation

Automatically refining partial specifications for heap-manipulating programs

Qin

Luo

et al. 2014

Science of Computer Programming

Self Cite

View full text Add to dashboard Cite

show abstract

“…Therefore, when verifying programs, it is vital to support containers as well as scalar values. In the decision procedures community, this is widely recognized with support for arrays, sets, and maps [1][2][3], but when invariant generation is concerned, such as in abstract interpretation [4], only arrays have been carefully considered [5][6][7][8][9][10][11], leaving other containers rarely explored [12][13][14]. Given that there is a plethora of abstract domains for reasoning about scalars [15,16], it is necessary to build abstract domains that not only reason about containers, but also interact efficiently and precisely with existing domains for scalars.…”

Section: Introductionmentioning

confidence: 99%

QUICr: A Reusable Library for Parametric Abstraction of Sets and Numbers

Cox

Chang

Sriram

2014

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. This paper introduces QUICr, an abstract domain combinator library that lifts any domain for numbers into an efficient domain for numbers and sets of numbers. As a library, it is useful for inferring relational data invariants in programs that manipulate data structures. As a testbed, it allows easy extension of widening and join heuristics, enabling adaptations to new and varied applications. In this paper we present the architecture of the library, guidelines on how to select heuristics, and an example instantiation of the library using the Apron library to verify set-manipulating programs.

show abstract

“…On the flip side, the pure container-as-a-whole approach would track relations directly between X and Y without characterizing their contents. Some existing containersas-a-whole approaches incorporate some fixed content reasoning (e.g., [23]). In this paper, we present a tight integration of these two approaches with domains for reasoning about scalar variables and their relations to the set elements.…”

Section: Introductionmentioning

confidence: 99%

QUIC Graphs: Relational Invariant Generation for Containers

Cox

Chang

Sankaranarayanan

2013

ECOOP 2013 – Object-Oriented Programming

View full text Add to dashboard Cite

Abstract. Programs written in modern languages perform intricate manipulations of containers such as arrays, lists, dictionaries, and sets. We present an abstract interpretation-based framework for automatically inferring relations between the set of values stored in these containers. Relations include inclusion relations over unions and intersections, as well as quantified relationships with scalar variables. We develop an abstract domain constructor that builds a container domain out of a Quantified Union-Intersection Constraint (QUIC) graph parameterized by an arbitrary base domain. We instantiate our domain with a polyhedral base domain and evaluate it on programs extracted from the Python test suite. Over traditional, non-relational domains, we find significant precision improvements with minimal performance cost.

show abstract

FixBag: A Fixpoint Calculator for Quantified Bag Constraints

Cited by 11 publications

References 12 publications

Automatically refining partial specifications for heap-manipulating programs

Automatically refining partial specifications for heap-manipulating programs

QUICr: A Reusable Library for Parametric Abstraction of Sets and Numbers

QUIC Graphs: Relational Invariant Generation for Containers

Contact Info

Product

Resources

About