Shape Analysis for Composite Data Structures

Berdine, Josh; Calcagno, Cristiano; Cook, Byron; Distefano, Dino; O’Hearn, Peter W.; Wies, Thomas; Yang, Hongseok

doi:10.1007/978-3-540-73368-3_22

Cited by 148 publications

(241 citation statements)

References 16 publications

Supporting

Mentioning

241

Contrasting

Order By: Relevance

“…It first finds the "centre" node in the list (root), where the difference between numbers of nodes to the left and to the right of the centre node is at most one (lines 5-10), as Fig 3 (a) shows. It then applies the algorithm recursively on both list segments to the left and to the right of the centre node, and regards the centre node as the tree's root, whose left and right children are the resulting subtrees' roots from the recursive calls (lines [11][12][13][14][15][16][17], as in Fig 3 (b) and (c). As the data structures of doubly-linked list and binary tree are homomorphic (line 0), the algorithm reuses the nodes in the input instead of creating a new tree, making itself in-place.…”

Section: Another Illustrative Examplementioning

confidence: 99%

“…Gotsman et al [16] proposed an interprocedural shape analysis for the SLAyer tool. Berdine et al [17] extended the local shape analysis [4] to handle higher-order list predicate so that more complicated real-world data structures can be analysed. Yang et al [5] proposed a novel abstraction operation which significantly improves the scalability of the analysis.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Automatically refining partial specifications for heap-manipulating programs

Qin

Luo

et al. 2014

Science of Computer Programming

View full text Add to dashboard Cite

Automatically verifying heap-manipulating programs is a challenging task, especially when dealing with complex data structures with strong invariants, such as sorted lists and AVL/red-black trees. The verification process can greatly benefit from human assistance through specification annotations, but this process requires intellectual effort from users and is error-prone. In this paper, we propose a new approach to program verification that allows users to provide only partial specification to methods. Our approach will then refine the given annotation into a more complete specification by discovering missing constraints. The discovered constraints may involve both numerical and multi-set properties that could be later confirmed or revised by users. We further augment our approach by requiring partial specification to be given only for primary methods. Specifications for loops and auxiliary methods can then be systematically discovered by our augmented mechanism, with the help of information propagated from the primary methods. Our work is aimed at verifying beyond shape properties, with the eventual goal of analysing full functional properties for pointer-based data structures. Initial experiments have confirmed that we can automatically refine partial specifications with non-trivial constraints, thus making it easier for users to handle specifications with richer properties.

show abstract

Section: Another Illustrative Examplementioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Automatically refining partial specifications for heap-manipulating programs

Qin

Luo

et al. 2014

Science of Computer Programming

View full text Add to dashboard Cite

show abstract

“…The system is publicly available online [18]. (3) Along with the work of Berdine et al [2], our work addresses the most complex data-structure invariants considered in the shape-analysis literature. The problems addressed in the two papers are complementary: Berdine et al handle complex structural invariants for nests of linked structures (such as "cyclic doubly linked lists of acyclic singly linked lists"), whereas our work handles complex mixed-domain invariants for data structures with both linkage and numeric constraints, such as the structure depicted in Fig.…”

Section: Inv2mentioning

confidence: 99%

Statically Inferring Complex Heap, Array, and Numeric Invariants

2010

View full text Add to dashboard Cite

Abstract. We describe Deskcheck, a parametric static analyzer that is able to establish properties of programs that manipulate dynamically allocated memory, arrays, and integers. Deskcheck can verify quantified invariants over mixed abstract domains, e.g., heap and numeric domains. These domains need only minor extensions to work with our domain combination framework.The technique used for managing the communication between domains is reminiscent of the Nelson-Oppen technique for combining decision procedures, in that the two domains share a common predicate language to exchange shared facts. However, whereas the Nelson-Oppen technique is limited to a common predicate language of shared equalities, the technique described in this paper uses a common predicate language in which shared facts can be quantified predicates expressed in first-order logic with transitive closure. We explain how we used Deskcheck to establish memory safety of the thttpd web server's cache data structure, which uses linked lists, a hash table, and reference counting in a single composite data structure. Our work addresses some of the most complex data-structure invariants considered in the shape-analysis literature.

show abstract

“…The tool demonstrated that SL could be used to automatically verify memory safety of linked list and tree manipulating programs. Based on the success of Smallfoot, this approach has been extended to allow automatic inference of specifications of systems code [1,4], to reason about object-oriented programs [7,12], and even to reason about non-blocking concurrent programs [3]. But fundamentally all these tools are based on the same style of syntactic proof theory.…”

Section: Introductionmentioning

confidence: 99%

Tractable Reasoning in a Fragment of Separation Logic

Cook¹,

Haase²,

Ouaknine³

et al. 2011

Lecture Notes in Computer Science

Self Cite

100

View full text Add to dashboard Cite

Abstract. In 2004, Berdine, Calcagno and O'Hearn introduced a fragment of separation logic that allows for reasoning about programs with pointers and linked lists. They showed that entailment in this fragment is in coNP, but the precise complexity of this problem has been open since. In this paper, we show that the problem can actually be solved in polynomial time. To this end, we represent separation logic formulae as graphs and show that every satisfiable formula is equivalent to one whose graph is in a particular normal form. Entailment between two such formulae then reduces to a graph homomorphism problem. We also discuss natural syntactic extensions that render entailment intractable.

show abstract

Shape Analysis for Composite Data Structures

Cited by 148 publications

References 16 publications

Automatically refining partial specifications for heap-manipulating programs

Automatically refining partial specifications for heap-manipulating programs

Statically Inferring Complex Heap, Array, and Numeric Invariants

Tractable Reasoning in a Fragment of Separation Logic

Contact Info

Product

Resources

About