Quantified Heap Invariants for Object-Oriented Programs

Kahsai, Temesghen; Kersten, Rody; Rümmer, Philipp; Schäf, Martin

doi:10.29007/zrct

Cited by 11 publications

(23 citation statements)

References 24 publications

(40 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For example, one can represent the memory state as a pair of an array h and an index sp indicating the maximum index that has been allocated so far. Finding quantified invariants is known to be difficult in general despite active studies on it [41,2,36,26,19] and most current array-supporting CHC solvers give up finding quantified invariants. In general, much more complex operations on pointers can naturally take place, which makes the universally quantified invariants highly involved and hard to automatically find.…”

Section: Challenges In Verifying Pointer-manipulating Programsmentioning

confidence: 99%

See 1 more Smart Citation

RustHorn: CHC-Based Verification for Rust Programs

Matsushita¹,

Tsukada²,

Kobayashi³

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Reduction to the satisfiablility problem for constrained Horn clauses (CHCs) is a widely studied approach to automated program verification. The current CHC-based methods for pointer-manipulating programs, however, are not very scalable. This paper proposes a novel translation of pointer-manipulating Rust programs into CHCs, which clears away pointers and heaps by leveraging ownership. We formalize the translation for a simplified core of Rust and prove its correctness. We have implemented a prototype verifier for a subset of Rust and confirmed the effectiveness of our method. 17 The first character of each variable indicates the pointer kind (o/m corresponds to own/mutα). We swap the branches of the match statement in take-max, to fit the order to C/Rust's if.

show abstract

Section: Challenges In Verifying Pointer-manipulating Programsmentioning

confidence: 99%

“…Another approach is taken by JayHorn [37,36], which translates Java programs (possibly using object pointers) to CHCs. They represent store invariants using special predicates pull and push.…”

Section: Related Workmentioning

confidence: 99%

RustHorn: CHC-Based Verification for Rust Programs

Matsushita¹,

Tsukada²,

Kobayashi³

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Однако практическая применимость таких подходов сопряжена с большим количеством ложноположительных срабатываний. Существуют также работы, основанные на идее сведения задачи верификации программ с динамической памятью к решению системы рекурсивно-логических ограничений [3,20]. Такие подходы, как и наш, используют SMT-решатели [19] для решения ограничений и вывода индуктивных инвариантов системы.…”

Section: обзорunclassified

Automatic verification of heap-manipulating programs

Kostyukov¹,

Batoev²,

Mordvinov³

et al. 2019

Proceedings of ISP RAS

View full text Add to dashboard Cite

Аннотация. В данной работе изучаются теоретические основы автоматической модульной верификации императивных программ с динамической памятью. Вводится формализм композициональной символьной памяти, который используется для построения композиционального алгоритма, порождающего обобщённые кучи. Они являются термами исчисления символьных куч, которые описывают состояния произвольных циклических фрагментов программы. Выводимые в этом исчислении кучи соответствуют достижимым состояниям исходной программы. В работе также устанавливается соответствие между выводом в этом исчислении и исполнением функциональных программ второго порядка без эффектов.

show abstract

“…In particular, refinement types [9,21,24,64], which refine base types with logical predicates, have been shown to be a practical approach for program verification that are amenable to (sometimes full) automation [47,60,61,62]. Despite promising advances [26,32,46], the sound and precise application of refinement types (and program verification in general) in settings with mutability and aliasing (e.g., Java, Ruby, etc.) remains difficult.…”

Section: Introductionmentioning

confidence: 99%

ConSORT: Context- and Flow-Sensitive Ownership Refinement Types for Imperative Programs

Toman

Siqi

Suenaga

et al. 2020

Programming Languages and Systems

View full text Add to dashboard Cite

We present ConSORT, a type system for safety verification in the presence of mutability and aliasing. Mutability requires strong updates to model changing invariants during program execution, but aliasing between pointers makes it difficult to determine which invariants must be updated in response to mutation. Our type system addresses this difficulty with a novel combination of refinement types and fractional ownership types. Fractional ownership types provide flow-sensitive and precise aliasing information for reference variables. ConSORT interprets this ownership information to soundly handle strong updates of potentially aliased references. We have proved ConSORT sound and implemented a prototype, fully automated inference tool. We evaluated our tool and found it verifies non-trivial programs including data structure implementations.

show abstract

Quantified Heap Invariants for Object-Oriented Programs

Cited by 11 publications

References 24 publications

RustHorn: CHC-Based Verification for Rust Programs

RustHorn: CHC-Based Verification for Rust Programs

Automatic verification of heap-manipulating programs

ConSORT: Context- and Flow-Sensitive Ownership Refinement Types for Imperative Programs

Contact Info

Product

Resources

About