Monotonic Abstraction for Programs with Dynamic Memory Heaps

Abdulla, Parosh Aziz; Bouajjani, Ahmed; Cederberg, Jonathan; Haziza, Frédéric; Rezine, Ahmed

doi:10.1007/978-3-540-70545-1_33

Cited by 32 publications

(43 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Approaches based on regular model checking [5], symbolic backwards reachability analysis [1], or decision procedures such as [6] seem not to have dealt with the analysis of low-level system code, much less with overlapping records. There are a number of approaches that make use of numeric reasoning to deal with pointer arithmetic.…”

Section: Related Workmentioning

confidence: 99%

Shape Analysis of Low-Level C with Overlapping Structures

Kreiker

Seidl

Vojdani

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Device drivers often keep data in multiple data structures simultaneously while embedding list or tree related records into the records containing the actual data; this results in overlapping structures. Shape analyses have traditionally relied on a graph-based representation of memory where a node corresponds to a whole record and edges to pointers. As this is ill-suited for encoding overlapping structures, we propose and formally relate two refined memory models. We demonstrate the appropriateness of these models by implementing shape analyses based on them within the TVLA framework. The implementation is exemplified using code extracted from cache managing kernel modules.

show abstract

Section: Related Workmentioning

confidence: 99%

Shape Analysis of Low-Level C with Overlapping Structures

Kreiker

Seidl

Vojdani

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…As discussed below, various approaches to automated verification of dynamic pointer-linked data structures are currently studied in the literature. One of these approaches is based on using monotonic abstraction and backward reachability [4,2]. This approach has been shown to be very successful in handling systems with complex graph-structured configurations when verifying parameterized systems [3].…”

Section: Introductionmentioning

confidence: 99%

“…Several different approaches have been proposed for automated verification of programs with dynamic linked data structures. The most-known approaches include works based on monadic second-order logic on graph types [10], 3-valued predicate logic with transitive closure [14], separation logic [12,11,15,6], other kinds of logics [16,9], finite tree automata [5,7], forest automata [8], graph grammars [13], upward-closed sets [4,2], as well as other formalisms.…”

Section: Introductionmentioning

confidence: 99%

“…This extension has required a new notion of signatures, a new pre-order on them, as well as new operations manipulating them. Not counting [4,2], the other existing works are based on other formalisms than the one used here, and they use a forward reachability computation whereas the present paper uses a backward reachability computation. Apart from that, when comparing the approach followed in this work with the other existing approaches, one of the most attractive features of our method is its simplicity.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Monotonic Abstraction for Programs With Multiply-Linked Structures

Abdulla

Cederberg

Vojnar

2013

Int. J. Found. Comput. Sci.

Self Cite

View full text Add to dashboard Cite

Abstract. We investigate the use of monotonic abstraction and backward reachability analysis as means of performing shape analysis on programs with multiply pointed structures. By encoding the heap as a vertex-and edge-labeled graph, we can model the low level behaviour exhibited by programs written in the C programming language. Using the notion of signatures, which are predicates that define sets of heaps, we can check properties such as absence of null pointer dereference and shape invariants. We report on the results from running a prototype based on the method on several programs such as insertion into and merging of doubly-linked lists.

show abstract

“…Monotonic abstraction has shown to be useful in the verification of heap manipulating programs [1] and parameterized systems such as mutual exclusion and cache coherence protocols [3,5]. In most of the benchmark examples for these classes, monotonic abstraction can generate abstract transition systems that are safe w.r.t to the desired properties (e.g.…”

Section: Introductionmentioning

confidence: 99%

Constrained Monotonic Abstraction: A CEGAR for Parameterized Verification

Abdulla

Chen

Delzanno

et al. 2010

CONCUR 2010 - Concurrency Theory

Self Cite

View full text Add to dashboard Cite

Abstract. In this paper, we develop a counterexample-guided abstraction refinement (CEGAR) framework for monotonic abstraction, an approach that is particularly useful in automatic verification of safety properties for parameterized systems. The main drawback of verification using monotonic abstraction is that it sometimes generates spurious counterexamples. Our CEGAR algorithm automatically extracts from each spurious counterexample a set of configurations called a "Safety Zone" and use it to refine the abstract transition system of the next iteration. We have developed a prototype based on this idea; and our experimentation shows that the approach allows to verify many of the examples that cannot be handled by the original monotonic abstraction approach.

show abstract

Monotonic Abstraction for Programs with Dynamic Memory Heaps

Cited by 32 publications

References 28 publications

Shape Analysis of Low-Level C with Overlapping Structures

Shape Analysis of Low-Level C with Overlapping Structures

Monotonic Abstraction for Programs With Multiply-Linked Structures

Constrained Monotonic Abstraction: A CEGAR for Parameterized Verification

Contact Info

Product

Resources

About