Programs with lists are counter automata

Bouajjani, Ahmed; Bozga, Marius; Habermehl, Peter; Iosif, Radu; Moro, Pierre; Vojnar, Tomáš

doi:10.1007/s10703-011-0111-7

Cited by 64 publications

(112 citation statements)

References 29 publications

Supporting

Mentioning

112

Contrasting

Order By: Relevance

“…Programs with lists [15] proposes a translation of programs manipulating lists to counter automata. This translation is made by making abstraction of lists by some "list segments", all the elements of which having the same behaviour.…”

Section: Name/methodsmentioning

confidence: 99%

Abstract acceleration in linear relation analysis

Gonnord

Schrammel

2014

Science of Computer Programming

View full text Add to dashboard Cite

Linear Relation Analysis [28,39] is now a classical abstract interpretation based on an approximation of reachable numerical states of a program by convex polyhedra. Since it works with a lattice of infinite depth, it makes use of a widening operator to enforce the convergence of fixpoint computations. This paper takes place in the many attempts to improve the precision of the results reached using such a widening. It will first present an extended survey of the existing approaches in that direction. Then it will investigate the cases where the exact (abstract) effect of a loop can be computed. This technique is fully compatible with the use of widening, and whenever it applies, it generally improves both the precision and the performances of the analysis.

show abstract

Section: Name/methodsmentioning

confidence: 99%

Abstract acceleration in linear relation analysis

Gonnord

Schrammel

2014

Science of Computer Programming

View full text Add to dashboard Cite

show abstract

“…We next give an experimentally compare FLATA and ELDARICA on six sets of examples extracted automatically from different sources: (a) C programs with arrays provided as examples of divergence in predicate abstraction [9], (b) INTS extracted from programs with singly-linked lists by the L2CA tool [1], (c) INTS extracted from VHDL models of circuits following the method of [10], (d) verification conditions for programs with arrays, expressed in the SIL logic of [2] and translated to INTS, (e) C programs provided as benchmarks in the NECLA static analysis suite, and (f) C programs with asynchronous procedure calls translated into INTS using the approach of [5] (the examples with extension .optim are obtained via an optimized translation method). Experiments were ran on an Intel R Core TM 2 Duo @ 2.66GHz with 3GB RAM.…”

Section: Experimental Comparison Of the Flata And Eldarica Toolsmentioning

confidence: 99%

“…var i,j : Int l0 : havoc(i ); assume(i >= 0) l1 : havoc(j ); assume(j >= 0) l2 : var x: Int = i ; var y: Int = j l3 : while (x != 0) { l4 : x = x − 1; l5 : [10], programs with singly-linked lists [1], trees [6], and integer arrays [2]. Consider the program in Figure 1(a).…”

Section: Introductionmentioning

confidence: 99%

A Verification Toolkit for Numerical Transition Systems

Hojjat

Konecny

Garnier

et al. 2012

FM 2012: Formal Methods

Self Cite

View full text Add to dashboard Cite

Abstract. This paper presents a publicly available toolkit and a benchmark suite for rigorous verification of Integer Numerical Transition Systems (INTS), which can be viewed as control-flow graphs whose edges are annotated by Presburger arithmetic formulas. We present FLATA and ELDARICA, two verification tools for INTS. The FLATA system is based on precise acceleration of the transition relation, while the ELDARICA system is based on predicate abstraction with interpolation-based counterexample-driven refinement. The ELDARICA verifier uses the PRINCESS theorem prover as a sound and complete interpolating prover for Presburger arithmetic. Both systems can solve several examples for which previous approaches failed, and present a useful baseline for verifying integer programs. The infrastructure is a starting point for rigorous benchmarking, competitions, and standardized communication between tools.

show abstract

“…In [10,3,17], an initial transformation converts pointer-manipulating programs into integer programs to allow integer analysis to check the desired properties. These "reduction-based approaches" uses various integer analyzers on the resulting program.…”

Section: Related Workmentioning

confidence: 99%

“…These "reduction-based approaches" uses various integer analyzers on the resulting program. For proving simple properties of singly linked lists, it was shown in [3] that there is no loss of precision; however, the approach may lose precision in cases where the heap and integers interact in complicated ways. The main problem with the approach is that the proof of the integer program cannot use any quantification.…”

Section: Related Workmentioning

confidence: 99%

Statically Inferring Complex Heap, Array, and Numeric Invariants

2010

View full text Add to dashboard Cite

Abstract. We describe Deskcheck, a parametric static analyzer that is able to establish properties of programs that manipulate dynamically allocated memory, arrays, and integers. Deskcheck can verify quantified invariants over mixed abstract domains, e.g., heap and numeric domains. These domains need only minor extensions to work with our domain combination framework.The technique used for managing the communication between domains is reminiscent of the Nelson-Oppen technique for combining decision procedures, in that the two domains share a common predicate language to exchange shared facts. However, whereas the Nelson-Oppen technique is limited to a common predicate language of shared equalities, the technique described in this paper uses a common predicate language in which shared facts can be quantified predicates expressed in first-order logic with transitive closure. We explain how we used Deskcheck to establish memory safety of the thttpd web server's cache data structure, which uses linked lists, a hash table, and reference counting in a single composite data structure. Our work addresses some of the most complex data-structure invariants considered in the shape-analysis literature.

show abstract

Programs with lists are counter automata

Cited by 64 publications

References 29 publications

Abstract acceleration in linear relation analysis

Abstract acceleration in linear relation analysis

A Verification Toolkit for Numerical Transition Systems

Statically Inferring Complex Heap, Array, and Numeric Invariants

Contact Info

Product

Resources

About