SLING: using dynamic analysis to infer program invariants in separation logic

Le, Ton Chanh; Zheng, Guolong; Nguyen, ThanhVu

doi:10.1145/3314221.3314634

Cited by 13 publications

(7 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The experimental results show that our tool enhances the capability of existing program verifiers to verify nontrivial heap-based programs. In the future, we might apply our tool to more verifiers and more test subjects as well as compare our tool with other tools, e.g., Predator [13], Forester [21,22], S2 [26], and SLING [30].…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Compositional Verification of Heap-Manipulating Programs Through Property-Guided Learning

Pham

Sun

2019

Programming Languages and Systems

View full text Add to dashboard Cite

Analyzing and verifying heap-manipulating programs automatically is challenging. A key for fighting the complexity is to develop compositional methods. For instance, many existing verifiers for heap-manipulating programs require user-provided specification for each function in the program in order to decompose the verification problem. The requirement, however, often hinders the users from applying such tools. To overcome the issue, we propose to automatically learn heap-related program invariants in a property-guided way for each function call. The invariants are learned based on the memory graphs observed during test execution and improved through memory graph mutation. We implemented a prototype of our approach and integrated it with two existing program verifiers. The experimental results show that our approach enhances existing verifiers effectively in automatically verifying complex heap-manipulating programs with multiple function calls.

show abstract

Section: Discussionmentioning

confidence: 99%

“…The closest to our work is approach for invariant inference using dynamic analysis with separation logic abstraction [30]. Similar to our work, it generates invariant based on user-defined predicates (i.e., features in our work).…”

Section: Related Workmentioning

confidence: 99%

Compositional Verification of Heap-Manipulating Programs Through Property-Guided Learning

Pham

Sun

2019

Programming Languages and Systems

View full text Add to dashboard Cite

show abstract

“…Furthermore, we aim to ease the requirement of providing program specifications from users. To do that, we could either leverage static analyzers that do not require program specifications, e.g., Infer [2,3], or incorporate specification inference techniques, such as [24,27], to automatically infer program specifications. Finally, as discussed in Sect.…”

Section: Limitation and Future Workmentioning

confidence: 99%

Automated Repair of Heap-Manipulating Programs Using Deductive Synthesis

Nguyen

Sergey

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We propose a novel method to automatically repairing buggy heap-manipulating programs using constraint solving and deductive synthesis. Given an input program C and its formal specification in the form of a Hoare triple: {P} C {Q}, we use a separation-logic-based verifier to verify if program C is correct w.r.t. its specifications. If program C is found buggy, we then repair it in the following steps. First, we rely on the verification results to collect a list of suspicious statements of the buggy program. For each suspicious statement, we temporarily replace it with a template patch representing the desired statements. The template patch is also formally specified using a pair of unknown pre-and postcondition. Next, we use the verifier to analyze the temporarily patched program to collect constraints related to the pre-and postcondition of the template patch. Then, these constraints are solved by our constraint solving technique to discover the suitable specifications of the template patch. Subsequently, these specifications can be used to synthesize program statements of the template patch, consequently creating a candidate program. Finally, if the candidate program is validated, it is returned as the repaired program. We demonstrate the effectiveness of our approach by evaluating our implementation and a state-of-the-art approach on a benchmark of 231 buggy programs. The experimental results show that our tool successfully repairs 223 buggy programs and considerably outperforms the compared tool.

show abstract

“…In this work, our approach uses a testing oracle instead of a verifier for practical reasons (see also discussion regarding verification oracles in Section 3). There have been various approaches to mining specifications based on automata learning [Alur et al 2005;Ammons et al 2002;Henzinger et al 2005;Whaley et al 2002;Xie et al 2006] or dynamic and symbolic analysis [Astorga et al 2018;Csallner et al 2008;DeFreez et al 2019;Le et al 2019]. The predicate synthesis aspect of our work is similar to the PIE approach [Padhi et al 2016] that proposes feature expression synthesis in order to learn preconditions as well as loop invariants, but not strong/tight contracts.…”

Section: Related Workmentioning

confidence: 99%

Synthesizing contracts correct modulo a test generator

Astorga

Saha

Dinkins

et al. 2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We present an approach to learn contracts for object-oriented programs where guarantees of correctness of the contracts are made with respect to a test generator. Our contract synthesis approach is based on a novel notion of tight contracts and an online learning algorithm that works in tandem with a test generator to synthesize tight contracts. We implement our approach in a tool called Precis and evaluate it on a suite of programs written in C#, studying the safety and strength of the synthesized contracts, and compare them to those synthesized by Daikon.

show abstract

SLING: using dynamic analysis to infer program invariants in separation logic

Cited by 13 publications

References 40 publications

Compositional Verification of Heap-Manipulating Programs Through Property-Guided Learning

Compositional Verification of Heap-Manipulating Programs Through Property-Guided Learning

Automated Repair of Heap-Manipulating Programs Using Deductive Synthesis

Synthesizing contracts correct modulo a test generator

Contact Info

Product

Resources

About