Shape Analysis via Second-Order Bi-Abduction

Le, Quang Loc; Gherghina, Cristian; Qin, Shengchao; Chin, Wei-Ngan

doi:10.1007/978-3-319-08867-9_4

Cited by 46 publications

(38 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As such, the soundness of this lemma immediately follows from the soundness of second-order abduction [28,45].…”

Section: Sound Invariant Inferencementioning

confidence: 91%

“…Inferring Predicate Invariant Our invariant inference is based on the principle of secondorder abduction [28,45]. Given the predicate P defined by m branches as P(t) ≡ m i=1 ∆ i , we assume a sound invariant of P as an unknown (second-order ) variable I(t).…”

Section: Sound Invariant Inferencementioning

confidence: 99%

“…We also present an evaluation of S2SATSL in compositional (modular) program verification with the HIP/S2 system [14,28] for a range of data structures.…”

Section: Implementation and Evaluationmentioning

confidence: 99%

“…S2SATSL solver is integrated into the HIP/S2 [14,29,28] system to prune infeasible program paths in symbolic execution. Furthermore, S2SATSL is also used by the entailment procedure SLEEK to discharge verification conditions (VC) generated.…”

Section: Modular Verification With S2satslmentioning

confidence: 99%

See 3 more Smart Citations

Satisfiability Modulo Heap-Based Programs

Sun

Chin

2016

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Abstract. In this work, we present a semi-decision procedure for a fragment of separation logic with user-defined predicates and Presburger arithmetic. To check the satisfiability of a formula, our procedure iteratively unfolds the formula and examines the derived disjuncts. In each iteration, it searches for a proof of either satisfiability or unsatisfiability. Our procedure is further enhanced with automatically inferred invariants as well as detection of cyclic proof. We also identify a syntactically restricted fragment of the logic for which our procedure is terminating and thus complete. This decidable fragment is relatively expressive as it can capture a range of sophisticated data structures with non-trivial pure properties, such as size, sortedness and near-balanced. We have implemented the proposed solver and a new system for verifying heap-based programs. We have evaluated our system on benchmark programs from a software verification competition.

show abstract

“…As such, the soundness of this lemma immediately follows from the soundness of second-order abduction [28,45].…”

Section: Sound Invariant Inferencementioning

confidence: 91%

Section: Sound Invariant Inferencementioning

confidence: 99%

“…We also present an evaluation of S2SATSL in compositional (modular) program verification with the HIP/S2 system [14,28] for a range of data structures.…”

Section: Implementation and Evaluationmentioning

confidence: 99%

Section: Modular Verification With S2satslmentioning

confidence: 99%

See 2 more Smart Citations

Satisfiability Modulo Heap-Based Programs

Sun

Chin

2016

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

show abstract

“…The aforementioned automated program verification tools based on separation logic [7,8,14,16,19,24,28] are all based on symbolic heaps, and increasingly targeted at verifying specifications involving user-defined rather than hard-coded predicates. Indeed, there are now even tools capable of automatically generating the definitions of inductive predicates needed for analysis [11,25]. On the theoretical side, the satisfiability problem for our logic was recently shown decidable [10] and its entailment problem undecidable [4], although decidability results have been obtained for restricted classes of entailments [5,22].…”

Section: Introductionmentioning

confidence: 98%

Model checking for symbolic-heap separation logic with inductive predicates

et al. 2016

View full text Add to dashboard Cite

Copyright and moral rights to this thesis/research project are retained by the author and/or other copyright owners. The work is supplied on the understanding that any use for commercial gain is strictly forbidden. A copy may be downloaded for personal, non-commercial, research or study without prior permission and without charge. Any use of the thesis/research project for private study or research must be properly acknowledged with reference to the work's full bibliographic details.This thesis/research project may not be reproduced in any format or medium, or extensive quotations taken from it, or its content changed in any way, without first obtaining permission in writing from the copyright holder(s).If you believe that any material held in the repository infringes copyright law, please contact the Repository Team at Middlesex University via the following email address:eprints@mdx.ac.ukThe item will be removed from the repository while any claim is being investigated. AbstractWe investigate the model checking problem for symbolic-heap separation logic with user-defined inductive predicates, i.e., the problem of checking that a given stack-heap memory state satisfies a given formula in this language, as arises e.g. in software testing or runtime verification. First, we show that the problem is decidable; specifically, we present a bottom-up fixed point algorithm that decides the problem and runs in exponential time in the size of the problem instance.Second, we show that, while model checking for the full language is EXPTIME-complete, the problem becomes NP-complete or PTIME-solvable when we impose natural syntactic restrictions on the schemata defining the inductive predicates. We additionally present NP and PTIME algorithms for these restricted fragments.Finally, we report on the experimental performance of our procedures on a variety of specifications extracted from programs, exercising multiple combinations of syntactic restrictions.

show abstract

Concolic Testing Heap-Manipulating Programs

Pham

Phan

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Concolic testing is a test generation technique which works effectively by integrating random testing generation and symbolic execution. Existing concolic testing engines focus on numeric programs. Heap-manipulating programs make extensive use of complex heap objects like trees and lists. Testing such programs is challenging due to multiple reasons. Firstly, test inputs for such programs are required to satisfy non-trivial constraints which must be specified precisely. Secondly, precisely encoding and solving path conditions in such programs are challenging and often expensive. In this work, we propose the first concolic testing engine called CSF for heap-manipulating programs based on separation logic. CSF effectively combines specification-based testing and concolic execution for test input generation. It is evaluated on a set of challenging heapmanipulating programs. The results show that CSF generates valid test inputs with high coverage efficiently. Furthermore, we show that CSF can be potentially used in combination with precondition inference tools to reduce the user effort.

show abstract

Shape Analysis via Second-Order Bi-Abduction

Cited by 46 publications

References 37 publications

Satisfiability Modulo Heap-Based Programs

Satisfiability Modulo Heap-Based Programs

Model checking for symbolic-heap separation logic with inductive predicates

Concolic Testing Heap-Manipulating Programs

Contact Info

Product

Resources

About