On inter-procedural analysis of programs with lists and data

Bouajjani, Ahmed; Drăgoi, Cezara; Enea, Constantin; Sighireanu, Mihaela

doi:10.1145/1993316.1993566

Cited by 17 publications

(22 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To allow the fixed-point iteration to converge, in addition to the abstraction operators, specifically designed join and widen operators over the combined domain are also proposed. 3 At the beginning, we initialise the iteration variable (i) and the states to record the computed pre-and postconditions (Pre i and Post i ). We use emp as the initial precondition because we know nothing about the footprint of the code.…”

Section: Analysis Algorithmmentioning

confidence: 99%

“…Hackett and Rugina [17] can deal with AVL-trees but is customised to handle only tree-like structures with height property. Bouajjani et al [3,4] propose a program analysis in an abstract domain with SL3 (Singly-Linked List Logic) and size, sortedness and multi-set properties. However, their heap domain is restricted to singly-linked list only, and their shape analysis is separated from numerical and mutli-set analyses.…”

Section: Related Work and Conclusionmentioning

confidence: 99%

“…A formula p2 is weaker than a formula p2 if the following entailment holds: p1 p2 * true 3. Our analysis uses lifted versions of these operations (indicated by †), which will be explained in more details later.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Automated specification inference in a combined domain via user-defined predicates

Qin

Chin

et al. 2017

Science of Computer Programming

View full text Add to dashboard Cite

Discovering program specifications automatically for heap-manipulating programs is a challenging task due to the complexity of aliasing and mutability of data structures. This task is further complicated by an expressive domain that combines shape, numerical and bag information. In this paper, we propose a compositional analysis framework that would derive the summary for each method in the expressive abstract domain, independently from its callers. We propose a novel abstraction method with a bi-abduction technique in the combined domain to discover pre-/post-conditions that could not be automatically inferred before. The analysis does not only infer memory safety properties, but also finds relationships between pure and shape domains towards full functional correctness of programs. A prototype of the framework has been implemented and initial experiments have shown that our approach can discover interesting properties for non-trivial programs.

show abstract

Section: Analysis Algorithmmentioning

confidence: 99%

Section: Related Work and Conclusionmentioning

confidence: 99%

See 1 more Smart Citation

Automated specification inference in a combined domain via user-defined predicates

Qin

Chin

et al. 2017

Science of Computer Programming

View full text Add to dashboard Cite

show abstract

“…These logics are usually FOLs with restricted quantifiers, and usually are decided using SMT solvers. The logics Lisbq [22] and CSL [9,10] offer such reasoning with restricted reachability predicates and quantification; see also the logics in [1,7,30,[33][34][35]. Strand is a relatively expressive logic that can handle some data-structure properties (like BSTs) and admits decidable fragments [25,26], but is again not expressive enough for more complex properties of inductive datastructures.…”

Section: Related Workmentioning

confidence: 99%

Natural proofs for structure, data, and separation

Qiu

Garg

Ștefănescu

et al. 2013

Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

We propose natural proofs for reasoning with programs that manipulate data-structures against specifications that describe the structure of the heap, the data stored within it, and separation and framing of sub-structures. Natural proofs are a subclass of proofs that are amenable to completely automated reasoning, that provide sound but incomplete procedures, and that capture common reasoning tactics in program verification. We develop a dialect of separation logic over heaps, called Dryad, with recursive definitions that avoids explicit quantification. We develop ways to reason with heaplets using classical logic over the theory of sets, and develop natural proofs for reasoning using proof tactics involving disciplined unfoldings and formula abstractions. Natural proofs are encoded into decidable theories of first-order logic so as to be discharged using SMT solvers.We also implement the technique and show that a large class of more than 100 correct programs that manipulate data-structures are amenable to full functional correctness using the proposed natural proof method. These programs are drawn from a variety of sources including standard data-structures, the Schorr-Waite algorithm for garbage collection, a large number of low-level C routines from the Glib library and OpenBSD library, the Linux kernel, and routines from a secure verified OS-browser project. Our work is the first that we know of that can handle such a wide range of full functional verification properties of heaps automatically, given pre/post and loop invariant annotations. We believe that this work paves the way for deductive verification technology to be used by programmers who do not (and need not) understand the internals of the underlying logic solvers, significantly increasing their applicability in building reliable systems.

show abstract

“…Combined shape-data properties are both difficult for the programmer to maintain and challenging for fully-automatic static analysis to verify. While modern shape analyzers can reason effectively about pointer-shape properties-especially for structures with limited sharing, such as lists and trees-shape-data analyzers are limited by their dependency on and interaction with base data-value abstract domains or solvers [6,7,16,17].…”

Section: Introductionmentioning

confidence: 99%

Synthesizing Short-Circuiting Validation of Data Structure Invariants

Tsai¹,

Coughlin²,

Chang³

et al. 2015

Preprint

View full text Add to dashboard Cite

This paper presents incremental verification-validation, a novel approach for checking rich data structure invariants expressed as separation logic assertions. Incremental verification-validation combines static verification of separation properties with efficient, shortcircuiting dynamic validation of arbitrarily rich data constraints. A data structure invariant checker is an inductive predicate in separation logic with an executable interpretation; a short-circuiting checker is an invariant checker that stops checking whenever it detects at run time that an assertion for some sub-structure has been fully proven statically. At a high level, our approach does two things: it statically proves the separation properties of data structure invariants using a static shape analysis in a standard way but then leverages this proof in a novel manner to synthesize short-circuiting dynamic validation of the data properties. As a consequence, we enable dynamic validation to make up for imprecision in sound static analysis while simultaneously leveraging the static verification to make the remaining dynamic validation efficient. We show empirically that short-circuiting can yield asymptotic improvements in dynamic validation, with low overhead over no validation, even in cases where static verification is incomplete.

show abstract

On inter-procedural analysis of programs with lists and data

Cited by 17 publications

References 31 publications

Automated specification inference in a combined domain via user-defined predicates

Automated specification inference in a combined domain via user-defined predicates

Natural proofs for structure, data, and separation

Synthesizing Short-Circuiting Validation of Data Structure Invariants

Contact Info

Product

Resources

About