Full functional verification of linked data structures

ZeeKaren,; KuncakViktor,; RinardMartin,

doi:10.1145/1379022.1375624

Cited by 62 publications

(49 citation statements)

References 65 publications

(43 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The previously defined query contains comes in handy to reduce the size of the specification. During a verification attempt, when applying the method contract rule, 8 the contains query (likewise isSorted) is replaced by its contract. This contract is defined using reach as the only query.…”

Section: The Modifier Methods Addmentioning

confidence: 99%

See 1 more Smart Citation

Specifying linked data structures in JML for combining formal verification and testing

Gladisch

Tyszberowicz

2015

Science of Computer Programming

View full text Add to dashboard Cite

We show how to write concise and readable specifications of linked data structures that are applicable for both formal deductive verification and testing. A singly linked list and a binary search tree are provided as examples. The main characteristic of the specifications is the use of observer methods, in particular to express reachability of elements in a data structure. The specifications are written in the Java Modeling Language (JML) and do not require extensions of that language. This paper addresses a mixed audience of users and developers in the fields of formal verification, testing, and specification language design. We provide an in-depth description of the proposed specifications and analyze the implications both for verification and testing. Based on this analysis we have developed verification techniques that are implemented in the deductive verification tool KeY and enable fully automatic verification of the linked list example. This techniques are also described in this paper.

show abstract

Section: The Modifier Methods Addmentioning

confidence: 99%

“…Specification using HOL or separation logic Zee et al [8] verify full functional correctness of linked data structure implementations, including mutable lists, trees, graphs, and hash tables. The correctness properties include intractable constructs such as quantifiers and transitive closure.…”

Section: Related Workmentioning

confidence: 99%

Specifying linked data structures in JML for combining formal verification and testing

Gladisch

Tyszberowicz

2015

Science of Computer Programming

View full text Add to dashboard Cite

show abstract

“…Another work that targets verification of programs with dynamic linked data structures, including properties depending on the data stored in them, is [30]. It generates verification conditions in an undecidable fragment of higher-order logic and discharges them using decision procedures, first-order theorem proving, and interactive theorem proving.…”

Section: Related Workmentioning

confidence: 99%

Verification of heap manipulating programs with ordered data by extended forest automata

et al. 2015

View full text Add to dashboard Cite

We present a general framework for verifying programs with complex dynamic linked data structures whose correctness depends on ordering relations between stored data values. The underlying formalism of our framework is that of forest automata (FA), which has previously been developed for verification of heap-manipulating programs. We extend FA with constraints between data elements associated with nodes of the heaps represented by FA, and we present extended versions of all operations needed for using the extended FA in a fully-automated verification approach, based on abstract interpretation. We have implemented our approach as an extension of the Forester tool and successfully applied it This paper is an extended version of a paper published in the proceedings of ATVA'13.

show abstract

“…Shape analysis (Ghiya and Hendren 1996;Sagiv et al 1999;Kuncak et al 2006;Bogudlov et al 2007;Zee et al 2008) is a static analysis technique that discovers and verifies properties of linked, dynamically allocated data structures. It is typically used at compile time to find software bugs or to verify high-level correctness properties of programs.…”

Section: Related Workmentioning

confidence: 99%

Scalable data structure detection and classification for C/C++ binaries

2015

View full text Add to dashboard Cite

Many existing techniques for reversing data structures in C/C++ binaries are limited to low-level programming constructs, such as individual variables or structs. Unfortunately, without detailed information about a program's pointer structures, forensics and reverse engineering are exceedingly hard. To fill this gap, we propose MemPick, a tool that detects and classifies high-level data structures used in stripped binaries. By analyzing how links between memory objects evolve throughout the program execution, it distinguishes between many commonly used data structures, such as singly-or doubly-linked lists, many types of trees (e.g., AVL, red-black trees, B-trees), and graphs. We evaluate the technique on 10 real world applications, 4 file system implementations and 16 popular libraries. The results show that MemPick can identify the data structures with high accuracy.

show abstract

Full functional verification of linked data structures

Cited by 62 publications

References 65 publications

Specifying linked data structures in JML for combining formal verification and testing

Specifying linked data structures in JML for combining formal verification and testing

Verification of heap manipulating programs with ordered data by extended forest automata

Scalable data structure detection and classification for C/C++ binaries

Contact Info

Product

Resources

About