We present a new framework for verifying partial specications of programs in order to catch type and memory errors and check data structure invariants. Our technique can verify a large class of data structures, namely all those that can be expressed as graph types. Earlier versions were restricted to simple special cases such as lists or trees. Even so, our current implementation is as fast as the previous specialized tools. Programs are annotated with partial specications expressed in Pointer Assertion Logic, a new notation for expressing properties of the program store. We work in the logical tradition by encoding the programs and partial speci-cations as formulas in monadic second-order logic. Validity of these formulas is checked by the MONA tool, which also can provide explicit counterexamples to invalid formulas. Other work with similar goals is based on more traditional program analyses, such as shape analysis. That approach requires explicit introduction of an appropriate operational semantics along with a proof of correctness whenever a new data structure is being considered. In comparison, our approach only requires the data structure to be abstractly
|
5825
|
Introduction to Algorithms
– Cormen, Leiserson, et al.
- 2001
|
|
2315
|
Graph-based algorithms for boolean function manipulation
– Bryant
- 1986
|
|
952
|
An axiomatic basis for computer programming
– Hoare
- 1969
|
|
425
|
The Science of Programming
– Gries
- 1981
|
|
402
|
Assigning meanings to programs
– Floyd
- 1967
|
|
342
|
Proofs of correctness of data representations
– Hoare
- 1972
|
|
310
|
Parametric shape analysis via 3-valued logic
– Sagiv, Reps, et al.
|
|
250
|
Extended static checking
– Detlefs, Leino, et al.
- 1998
|
|
229
|
Model checking java programs using java pathfinder
– Havelund, Presburger
- 1998
|
|
142
|
Bebop: A symbolic model checker for booleanprograms. In SPIN Workshop on Model Checking of Software, 2000. [5
– Ball, Rajamani
- 1977
|
|
136
|
Static detection of dynamic memory errors
– Evans
- 1996
|
|
114
|
Graph types
– Klarlund, Schwartzbach
- 1993
|
|
104
|
Intuitionistic reasoning about shared mutable data structure
– Reynolds
|
|
97
|
Abstractions for recursive pointer data structures: Improving the analysis and transformation of imperative programs
– Hendren, Hummel, et al.
- 1992
|
|
64
|
Finding bugs with a constraint solver
– Jackson, Vaziri
- 2000
|
|
62
|
Shape types
– Fradet, Métayer
- 1997
|
|
58
|
M.I.: MONA implementation secrets
– Klarlund, Møller, et al.
- 2002
|
|
42
|
FIDO: The logic-automaton connection in practice
– Klarlund
- 1997
|
|
39
|
Ten Years of Hoare's Logic: A Survey---Part I
– Apt
- 1981
|
|
33
|
A language framework for expressing checkable properties of dynamic software
– Corbett, Dwyer, et al.
- 2000
|
|
32
|
Algorithms for guided tree automata
– Biehl, Klarlund, et al.
- 1997
|
|
30
|
Weak monadic second-order theory of successor is not elementary recursive
– Meyer
- 1972
|
|
30
|
A comparison of Presburger engines for EFSM reachability
– Shiple, Kukula, et al.
- 1998
|
|
29
|
Static detection of pointer errors: an axiomatisation and a checking algorithm
– Gaugne, Fradet, et al.
- 1996
|
|
28
|
Graphs and decidable transductions based on edge constraints
– Klarlund, Schwartzbach
- 1994
|
|
27
|
M.: Compile-time debugging of C programs working on trees
– Elgaard, Møller, et al.
|
|
17
|
Mooly Sagiv. A decidable logic for describing linked data structures
– Benedikt, Reps
- 1999
|
|
17
|
An assertion language for data structures
– Cook, Oppen
- 1975
|
|
17
|
A general axiom of assignment
– Morris
- 1982
|
|
15
|
MONA Version 1.3 User Manual
– Klarlund, Mller
- 1998
|
|
14
|
Inference rules for programming languages with side effects in expressions
– Black, Windley
- 1996
|
|
11
|
Mooly Sagiv. Checking cleanness in linked lists
– Dor, Rodeh
- 2000
|
|
9
|
A static analyzer for dynamic programming errors. Software: Practice and Experience
– Bush, Pincus, et al.
- 2000
|
|
9
|
Automatic veri of pointer programs using monadic second-order logic
– Jensen, Joergensen, et al.
- 1997
|
|
7
|
Formal models and semantics
– Cousot
- 1990
|
|
5
|
project home
– PALE
|
|
4
|
MONA project home
– Mller
|
|
1
|
Putting static analysis to work for veri cation: a case study
– Lev-Ami, Reps, et al.
- 2000
|
|
