Shape analysis is a promising technique for statically verifying and extracting properties of programs that manipulate complex data structures. We introduce a new characterization of constraints that arise in parametric shape analysis based on manipulation of three-valued structures as dataflow facts. We identify an interesting syntactic class of first-order logic formulas that captures the meaning of three-valued structures under concretization. This class is broader than previously introduced classes, allowing for a greater flexibility in the formulation of shape analysis constraints in program annotations and internal analysis representations. Three-valued structures can be viewed as one possible normal form of the formulas in our class.
|
544
|
A Relational Model of Data for Large Shared Data Banks
– Codd
- 1970
|
|
495
|
Introduction to Metamathematics
– Kleene
- 1952
|
|
407
|
Construction of abstract state graphs with PVS
– Graf, Saïdi
- 1997
|
|
392
|
An Introduction to Database Systems
– Date
- 2004
|
|
318
|
Analysis of pointers and structures
– Chase, Wegman, et al.
- 1990
|
|
310
|
Parametric shape analysis via 3-valued logic
– Sagiv, Reps, et al.
|
|
249
|
Solving shape-analysis problems in languages with destructive updating
– Sagiv, Reps, et al.
- 1998
|
|
248
|
Cousot and Radhia Cousot. Abstract Interpretation Frameworks
– Patrick
- 1992
|
|
228
|
Automatic predicate abstraction of C programs
– Ball, Majumdar, et al.
- 2001
|
|
211
|
Checking system rules using system-specific, programmer-written compiler extensions
– Engler, Chelf, et al.
- 2000
|
|
187
|
Interprocedural May-Alias Analysis for Pointers: Beyond k-limiting
– Deutsch
- 1994
|
|
175
|
Alloy: A lightweight object modelling notation
– Jackson
- 2002
|
|
172
|
A Static Analyzer for Finding Dynamic Programming Errors. Software: Practice and Experience
– Bush, Pincus, et al.
|
|
155
|
Detecting conflicts between structure accesses
– Larus, Hilfinger
- 1988
|
|
133
|
Alias types
– Smith, Walker, et al.
- 2000
|
|
114
|
Graph types
– Klarlund, Schwartzbach
- 1993
|
|
101
|
The Pointer Assertion Logic Engine
– Moller, Schwartzbach
- 2001
|
|
99
|
as an assertion language for mutable data structures
– BI
- 2001
|
|
97
|
A flexible approach to interprocedural data flow analysis and programs with recursive data structures
– Jones, Muchnick
- 1982
|
|
94
|
Raymie Stata. Extended Static Checking for Java
– Flanagan, Leino, et al.
- 2002
|
|
85
|
Role analysis
– Kuncak, Lam, et al.
- 2002
|
|
79
|
A static analyzer for large safety-critical software
– Blanchet, Cousot, et al.
- 2003
|
|
62
|
Shape types
– Fradet, Métayer
- 1997
|
|
61
|
A general data dependence test for dynamic, pointer-based data structures
– Hummel, Hendren, et al.
- 1994
|
|
58
|
M.I.: MONA implementation secrets
– Klarlund, Møller, et al.
- 2002
|
|
58
|
Putting static analysis to work for verification: A case study
– Lev-Ami, Reps, et al.
- 2000
|
|
54
|
Automatic verification of pointer programs using monadic second order logic
– Jensen, Jorgensen, et al.
- 1997
|
|
44
|
Deciding validity in a spatial logic for trees
– Calcagno, Cardelli, et al.
- 2002
|
|
37
|
Is it a tree, a DAG, or a cyclic graph
– Ghiya, Hendren
- 1996
|
|
34
|
Relative completeness of abstraction refinement for software model checking
– Ball, Podelski, et al.
- 2002
|
|
34
|
Abstract State Machines
– Borger, Stark
- 2003
|
|
28
|
Graphs and decidable transductions based on edge constraints
– Klarlund, Schwartzbach
- 1994
|
|
27
|
M.: Compile-time debugging of C programs working on trees
– Elgaard, Møller, et al.
|
|
25
|
A trace model for pointers and objects
– Hoare, He
- 1999
|
|
24
|
Symbolic evaluation methods for program analysis
– Clarke, Richardson
- 1981
|
|
23
|
Semantic analysis of pointer aliasing, allocation and disposal in hoare logic
– Calcagno, Ishtiaq, et al.
- 2000
|
|
23
|
Shape analysis through predicate abstraction and model checking
– Dams, Namjoshi
- 2003
|
|
23
|
Logical characterizations of heap abstractions
– Yorsh
- 2003
|
|
20
|
Navindra Umanee. Points-to analysis using BDDs
– Berndl, Lhoták, et al.
- 2003
|
|
16
|
Static source code checking for user-defined properties
– Holzmann
- 2002
|
|
14
|
Class-level modular analysis for object oriented languages
– Logozzo
- 2003
|
|
13
|
Fradet and Daniel Le Métayer. Shape types
– Pascal
- 1997
|
|
12
|
Rinetzky and Mooly Sagiv. Interprocedual shape analysis for recursive programs
– Noam
- 2001
|
|
12
|
The Pointer Assertion Logic Engine
– Mller, Schwartzbach
- 2001
|
|
11
|
Mooly Sagiv. A decidable logic for linked data structures
– Benedikt, Reps
- 1999
|
|
11
|
Existential heap abstraction entailment is undecidable
– Kuncak, Rinard
|
|
11
|
TVLA: A framework for kleene based logic static analyses
– Lev-Ami
- 2000
|
|
11
|
On role logic
– Kuncak, Rinard
- 2003
|
|
8
|
Typestate checking and regular graph constraints
– Kuncak, Rinard
- 2002
|
|
8
|
Roles are really great
– Kuncak, Lam, et al.
- 2001
|
|
