Statically Inferring Complex Heap, Array, and Numeric Invariants

McCloskey, Bill; Reps, Thomas; Sagiv, Mooly

doi:10.1007/978-3-642-15769-1_6

Cited by 25 publications

(27 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This would also raise the question of how relational numeric invariants between a summary and its ghost node can be inferred, for instance, to deduce that a list is sorted [12,8]. Future work will address these challenges.…”

Section: Related Approaches To Shape Analysismentioning

confidence: 99%

See 1 more Smart Citation

FESA: Fold- and Expand-Based Shape Analysis

Siegel

Simon

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. A static shape analysis is presented that can prove the absence of NULL-and dangling pointer dereferences in standard algorithms on lists, trees and graphs. It is conceptually simpler than other analyses that use symbolically represented logic to describe the heap. Instead, it represents the heap as a single graph and a Boolean formula. The key idea is to summarize two nodes by calculating their common points-to information, which is done using the recently proposed fold and expand operations. The force of this approach is that both, fold and expand , retain relational information between points-to edges, thereby essentially inferring new shape invariants. We show that highly precise shape invariants can be inferred using off-the-shelf SAT-solvers. Cheaper approximations may augment standard points-to analysis used in compiler optimisations.

show abstract

Section: Related Approaches To Shape Analysismentioning

confidence: 99%

“…Indeed, it can infer invariants that distinguish lists from trees from graphs. In contrast to other analyses [7,12], no extra effort is needed to make our analysis robust with respect to variations of these basic data structures (position of pointer fields, use of sentinel nodes instead of NULL values or the use of back pointers).…”

Section: Introductionmentioning

confidence: 99%

FESA: Fold- and Expand-Based Shape Analysis

Siegel

Simon

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…As in Nelson-Oppen, communication between domains in their framework is solely via equalities. McCloskey et al [27] presented a framework for communication between abstract domains that goes beyond shared equalities: their technique uses a common predicate language in which shared facts can be quantified predicates expressed in first-order logic with transitive closure.…”

Section: Related Workmentioning

confidence: 99%

A Method for Symbolic Computation of Abstract Operations

Thakur

Reps

2012

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Abstract. In 1979, Cousot and Cousot gave a specification of the best (most-precise) abstract transformer possible for a given concrete transformer and a given abstract domain. Unfortunately, their specification does not lead to an algorithm for obtaining the best transformer. In fact, algorithms are known for only a few abstract domains. This paper presents a parametric framework that, for a given abstract domain A and logic L, computes successively better A values that overapproximate the set of states defined by an arbitrary formula in L. Because the method approaches the most-precise A value from "above", if it is taking too much time, a safe answer can be returned at any time. For certain combinations of A and L, the framework is complete-i.e., with enough resources, it computes the most-precise abstract value possible.

show abstract

“…McCloskey et al [21] introduced a general way of integrating various analyses represented in FOLTC, combining different theories in a generic way. Their work allows the flow of information between all analyses concerned.…”

Section: Related Workmentioning

confidence: 99%

“…For this reason, several recent approaches have combined heap and value abstractions. In this context, some heap analyses (e.g., TVLA) were extended with information about numerical values [21], or ad-hoc heap analyses were combined with some existing numerical domains [3].…”

Section: Introductionmentioning

confidence: 99%

TVAL+ : TVLA and Value Analyses Together

Ferrara

Fuchs

Juhasz

2012

Software Engineering and Formal Methods

View full text Add to dashboard Cite

Abstract. Effective static analyses must precisely approximate both heap structure and information about values. During the last decade, shape analysis has obtained great achievements in the field of heap abstraction. Similarly, numerical and other value abstractions have made tremendous progress, and they are effectively applied to the analysis of industrial software. In addition, several generic static analyzers have been introduced. These compositional analyzers combine many types of abstraction into the same analysis to prove various properties. The main contribution of this paper is the combination of Sample, an existing generic analyzer, with a TVLA-based heap abstraction (TVAL+).

show abstract

Statically Inferring Complex Heap, Array, and Numeric Invariants

Cited by 25 publications

References 25 publications

FESA: Fold- and Expand-Based Shape Analysis

FESA: Fold- and Expand-Based Shape Analysis

A Method for Symbolic Computation of Abstract Operations

TVAL+ : TVLA and Value Analyses Together

Contact Info

Product

Resources

About