Model and Proof Generation for Heap-Manipulating Programs

Brain, Martin; David, Cristina; Kroening, Daniel; Schrammel, Peter

doi:10.1007/978-3-642-54833-8_23

Cited by 3 publications

(4 citation statements)

References 23 publications

(39 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lahiri and Qadeer introduce the Logic of Interpreted Sets and Bounded Quantification (LISBQ) capable to express properties on the shape and data of composite data structures [14]. In [15], Brain et al propose a decision procedure for reasoning about aliasing and reachability based on Abstract Conflict Driven Clause Learning (ACDCL) [16]. As they don't capture the lengths of lists, these logics are better suited for safety and less for termination proving.…”

Section: Methodsmentioning

confidence: 99%

Propositional Reasoning about Safety and Termination of Heap-Manipulating Programs

David

Kroening

Lewis

2015

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

Abstract. This paper shows that it is possible to reason about the safety and termination of programs handling potentially cyclic, singlylinked lists using propositional reasoning even when the safety invariants and termination arguments depend on constraints over the lengths of lists. For this purpose, we propose the theory SLH of singly-linked lists with length, which is able to capture non-trivial interactions between shape and arithmetic. When using the theory of bit-vector arithmetic as a background, SLH is efficiently decidable via a reduction to SAT. We show the utility of SLH for software verification by using it to express safety invariants and termination arguments for programs manipulating potentially cyclic, singly-linked lists with unrestricted, unspecified sharing. We also provide an implementation of the decision procedure and use it to check safety and termination proofs for several heap-manipulating programs.

show abstract

Section: Methodsmentioning

confidence: 99%

Propositional Reasoning about Safety and Termination of Heap-Manipulating Programs

David

Kroening

Lewis

2015

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…In order to use the base shape domain in our approach, we have to augment it with information about the guard variables that encode the program's control flow in the SSA. The guards express when an appropriate loop-back control edge is executed and the loop-back pointer has a defined value 7 . A row of a guarded shape template is defined as a formula…”

Section: B Guarded Shape Templatesmentioning

confidence: 99%

“…All the above methods are store-based, i.e., they describe the heap explicitly by a graph encoded in different ways. Other approaches are inspired by storeless semantics [24] using pointer access paths [12], [33], [28], [7] to describe reachability properties on the heap. This idea proved most suitable for our purposes.…”

Section: Related Workmentioning

confidence: 99%

Template-Based Verification of Heap-Manipulating Programs

Malík

Hruška

Schrammel³

et al. 2018

2018 Formal Methods in Computer Aided Design (FMCAD)

Self Cite

View full text Add to dashboard Cite

We propose a shape analysis suitable for analysis engines that perform automatic invariant inference using an SMT solver. The proposed solution includes an abstract template domain that encodes the shape of the program heap based on logical formulae over bit-vectors. It is based on computing a points-to relation between pointers and symbolic addresses of abstract memory objects. Our abstract heap domain can be combined with value domains in a straightforward manner, which particularly allows us to reason about shapes and contents of heap structures at the same time. The information obtained from the analysis can be used to prove memory safety and reachability properties, expressed by user assertions, of programs manipulating dynamic data structures, mainly linked lists. The solution has been implemented in the 2LS framework and compared against state-of-the-art tools that perform the best in heap-related categories of the well-known Software Verification Competition (SV-COMP). Results show that 2LS outperforms these tools on benchmarks requiring combined reasoning about unbounded data structures and their numerical contents.

show abstract

“…To the best of our knowledge, there is no existing logic that meets all the criteria above. The majority of recently developed decidable heap logics are not expressive enough (fail points 1 and 2) [4,5,10,18,25,28], whereas very expressive logics such as FOL with transitive closure are not concise and easily translatable to stream code (fail point 3).…”

Section: B Java Stream Theorymentioning

confidence: 99%

Kayak: Safe Semantic Refactoring to Java Streams

David,

Kesseli,

Kroening

2017

Preprint

Self Cite

View full text Add to dashboard Cite

Refactorings are structured changes to existing software that leave its externally observable behaviour unchanged. Their intent is to improve readability, performance or other non-behavioural properties. State-of-the-art automatic refactoring tools are syntax-driven and, therefore, overly conservative. In this paper we explore semantics-driven refactoring, which enables much more sophisticated refactoring schemata. As an exemplar of this broader idea, we present Kayak, an automatic refactoring tool that transforms Java with external iteration over collections into code that uses Streams, a new abstraction introduced by Java 8. Our refactoring procedure performs semantic reasoning and search in the space of possible refactorings using automated program synthesis. Our experimental results support the conjecture that semantics-driven refactorings are more precise and are able to rewrite more complex code scenarios when compared to syntax-driven refactorings.

show abstract

Model and Proof Generation for Heap-Manipulating Programs

Cited by 3 publications

References 23 publications

Propositional Reasoning about Safety and Termination of Heap-Manipulating Programs

Propositional Reasoning about Safety and Termination of Heap-Manipulating Programs

Template-Based Verification of Heap-Manipulating Programs

Kayak: Safe Semantic Refactoring to Java Streams

Contact Info

Product

Resources

About