Results 1  10
of
13
On Decision Procedures for SetValued Fields
, 2004
"... An important feature of objectoriented programming languages is the ability to dynamically instantiate userdefined container data structures such as lists, trees, and hash tables. Programs implement such data structures using references to dynamically allocated objects, which allows data structure ..."
Abstract

Cited by 20 (13 self)
 Add to MetaCart
An important feature of objectoriented programming languages is the ability to dynamically instantiate userdefined container data structures such as lists, trees, and hash tables. Programs implement such data structures using references to dynamically allocated objects, which allows data structures to store unbounded numbers of objects, but makes reasoning about programs more difficult. Reasoning about objectoriented programs with complex data structures is simplified if data structure operations are specified in terms of abstract sets of objects associated with each data structure. For example, an insertion into a data structure in this approach becomes simply an insertion into a dynamically changing setvalued field of an object, as opposed to a manipulation of a dynamically linked structure linked to the object. In this paper we explore...
On the Boolean Algebra of Shape Analysis Constraints
, 2003
"... Shape analysis is a promising technique for statically verifying and extracting properties of programs that manipulate complex data structures. We introduce a new characterization of constraints that arise in parametric shape analysis based on manipulation of threevalued structures as dataflow fact ..."
Abstract

Cited by 18 (10 self)
 Add to MetaCart
(Show Context)
Shape analysis is a promising technique for statically verifying and extracting properties of programs that manipulate complex data structures. We introduce a new characterization of constraints that arise in parametric shape analysis based on manipulation of threevalued structures as dataflow facts. We identify an interesting syntactic class of firstorder logic formulas that captures the meaning of threevalued structures under concretization. This class is broader than previously introduced classes, allowing for a greater flexibility in the formulation of shape analysis constraints in program annotations and internal analysis representations. Threevalued structures can be viewed as one possible normal form of the formulas in our class. Moreover, we characterize the meaning of threevalued
On Generalized Records and Spatial Conjunction in Role Logic
 In 11th Annual International Static Analysis Symposium (SAS’04
, 2004
"... We have previously introduced role logic as a notation for describing properties of relational structures in shape analysis, databases and knowledge bases. A natural fragment of role logic corresponds to twovariable logic with counting and is therefore decidable. ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
(Show Context)
We have previously introduced role logic as a notation for describing properties of relational structures in shape analysis, databases and knowledge bases. A natural fragment of role logic corresponds to twovariable logic with counting and is therefore decidable.
On modular pluggable analyses using set interfaces
, 2003
"... Abstract. We present a technique that enables the focused application of multiple analyses to different modules in the same program. Our research has two goals: 1) to address the scalability limitations of precise analyses by focusing the analysis on only those parts of the program that are relevant ..."
Abstract

Cited by 10 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We present a technique that enables the focused application of multiple analyses to different modules in the same program. Our research has two goals: 1) to address the scalability limitations of precise analyses by focusing the analysis on only those parts of the program that are relevant to the properties that the analysis is designed to verify, and 2) to enable the application of specialized analyses that verify properties of specific classes of data structures to programs that simultaneously manipulate several different kinds of data structures. In our approach, each module encapsulates a data structure and uses membership in abstract sets to characterize how objects participate in its data structure. Each analysis verifies that the implementation of the module 1) preserves important internal data structure representation invariants and 2) conforms to a specification that uses formulas in a set algebra to characterize the effects of operations on the data structure. The analyses use the common set abstraction to 1) characterize how objects participate in multiple data structures and to 2) enable the interanalysis communication required to verify properties that depend on multiple modules analyzed by different analyses. We characterize the key soundness property that an analysis plugin must satisfy to successfully participate in our system and present several analysis plugins that satisfy this property: a flag plugin that analyzes modules in which abstract set membership is determined by a flag field in each set membership is determined by reachability properties of objects stored in treelike data structures.
On Spatial Conjunction as SecondOrder Logic
, 2004
"... Spatial conjunction is a powerful construct for reasoning about dynamically allocated data structures, as well as concurrent, distributed and mobile computation. While researchers have identified many uses of spatial conjunction, its precise expressive power compared to traditional logical constr ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
Spatial conjunction is a powerful construct for reasoning about dynamically allocated data structures, as well as concurrent, distributed and mobile computation. While researchers have identified many uses of spatial conjunction, its precise expressive power compared to traditional logical constructs was not previously known.
Description Logics for Shape Analysis
 In Proc. 3rd SEFM
, 2005
"... Verification of programs requires reasoning about sets of program states. In case of programs manipulating pointers, program states are pointer graphs. Verification of such programs involves reasoning about unbounded sets of graphs. Threevalued shape analysis (Sagiv et. al.) is an approach based on ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
Verification of programs requires reasoning about sets of program states. In case of programs manipulating pointers, program states are pointer graphs. Verification of such programs involves reasoning about unbounded sets of graphs. Threevalued shape analysis (Sagiv et. al.) is an approach based on explicit manipulation of 3valued shape graphs, which abstract sets of pointer graphs. Other approaches use symbolic representations, e. g., by describing (sets of) graphs as logical formulas. Unfortunately, many resulting logics are either undecidable or cannot express crucial properties like reachability and separation. In this paper, we investigate an alternative approach. We study wellknown description logics as a framework for symbolic shape analysis. We propose a predicate abstraction based shape analysis, parameterized by description logics to represent the abstraction predicates. Depending on the particular logic chosen sharing, reachability and separation in pointer data structures are expressible. 1.
Inductive Reasoning for Shape Invariants
"... Abstract. Automatic verification of imperative programs that destructively manipulate heap data structures is challenging. In this paper we propose an approach for verifying that such programs do not corrupt their data structures. We specify heap data structures such as lists, arrays of lists, and t ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Automatic verification of imperative programs that destructively manipulate heap data structures is challenging. In this paper we propose an approach for verifying that such programs do not corrupt their data structures. We specify heap data structures such as lists, arrays of lists, and trees inductively as solutions of logic programs. We use offtheshelf firstorder theorem provers to reason about these specifications. 1
On Modular Pluggable Analyses Using Set Interfaces
, 2004
"... 1 Introduction Data structure consistency is important for the successful execution of programs if an error corrupts a program's data structures, the program can quickly exhibit unacceptable behavior or even crash. Motivated in part by the importance ..."
Abstract
 Add to MetaCart
1 Introduction Data structure consistency is important for the successful execution of programs if an error corrupts a program's data structures, the program can quickly exhibit unacceptable behavior or even crash. Motivated in part by the importance