Results 1  10
of
21
Boolean heaps
 In SAS
, 2005
"... Abstract. We show that the idea of predicates on heap objects can be cast in the framework of predicate abstraction. This leads to an alternative view on the underlying concepts of threevalued shape analysis by Sagiv, Reps and Wilhelm. Our construction of the abstract post operator is analogous to ..."
Abstract

Cited by 50 (12 self)
 Add to MetaCart
(Show Context)
Abstract. We show that the idea of predicates on heap objects can be cast in the framework of predicate abstraction. This leads to an alternative view on the underlying concepts of threevalued shape analysis by Sagiv, Reps and Wilhelm. Our construction of the abstract post operator is analogous to the corresponding construction for classical predicate abstraction, except that predicates over objects on the heap take the place of state predicates, and boolean heaps (sets of bitvectors) take the place of boolean states (bitvectors). A program is abstracted to a program over boolean heaps. For each command of the program, the corresponding abstract command is effectively constructed by deductive reasoning, namely by the application of the weakest precondition operator and an entailment test. We thus obtain a symbolic framework for shape analysis. 1
Modular Data Structure Verification
 EECS DEPARTMENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY
, 2007
"... This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java ..."
Abstract

Cited by 44 (21 self)
 Add to MetaCart
This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java programs with dynamically allocated data structures. Developers write Jahob specifications in classical higherorder logic (HOL); Jahob reduces the verification problem to deciding the validity of HOL formulas. I present a new method for proving HOL formulas by combining automated reasoning techniques. My method consists of 1) splitting formulas into individual HOL conjuncts, 2) soundly approximating each HOL conjunct with a formula in a more tractable fragment and 3) proving the resulting approximation using a decision procedure or a theorem prover. I present three concrete logics; for each logic I show how to use it to approximate HOL formulas, and how to decide the validity of formulas in this logic. First, I present an approximation of HOL based on a translation to firstorder logic, which enables the use of existing resolutionbased theorem provers. Second, I present an approximation of HOL based on field constraint analysis, a new technique that enables
Field constraint analysis
 In Proc. Int. Conf. Verification, Model Checking, and Abstract Interpratation
, 2006
"... ..."
Verifying a file system implementation
 In Sixth International Conference on Formal Engineering Methods (ICFEM’04), volume 3308 of LNCS
, 2004
"... ..."
(Show Context)
Logical characterizations of heap abstractions
, 2003
"... Abstract. Shape analysis concerns the problem of determining “shape invariants” for programs that perform destructive updating on dynamically allocated storage. In recent work, we have shown how shape analysis can be performed, using an abstract interpretation based on 3valued firstorder logic. In ..."
Abstract

Cited by 30 (5 self)
 Add to MetaCart
(Show Context)
Abstract. Shape analysis concerns the problem of determining “shape invariants” for programs that perform destructive updating on dynamically allocated storage. In recent work, we have shown how shape analysis can be performed, using an abstract interpretation based on 3valued firstorder logic. In that work, concrete stores are finite 2valued logical structures, and the sets of stores that can possibly arise during execution are represented (conservatively) using a certain family of finite 3valued logical structures. In this paper, we show how 3valued structures that arise in shape analysis can be characterized using formulas in firstorder logic with transitive closure. We also define a nonstandard (“supervaluational”) semantics for 3valued firstorder logic that is more precise than a conventional 3valued semantics, and demonstrate that it can be effectively implemented using existing theorem provers. 1
On Decision Procedures for SetValued Fields
, 2004
"... An important feature of objectoriented programming languages is the ability to dynamically instantiate userdefined container data structures such as lists, trees, and hash tables. Programs implement such data structures using references to dynamically allocated objects, which allows data structure ..."
Abstract

Cited by 20 (13 self)
 Add to MetaCart
An important feature of objectoriented programming languages is the ability to dynamically instantiate userdefined container data structures such as lists, trees, and hash tables. Programs implement such data structures using references to dynamically allocated objects, which allows data structures to store unbounded numbers of objects, but makes reasoning about programs more difficult. Reasoning about objectoriented programs with complex data structures is simplified if data structure operations are specified in terms of abstract sets of objects associated with each data structure. For example, an insertion into a data structure in this approach becomes simply an insertion into a dynamically changing setvalued field of an object, as opposed to a manipulation of a dynamically linked structure linked to the object. In this paper we explore...
Abstraction Refinement for Quantified Array Assertions
 IN: SAS, SPRINGERVERLAG (2009) 3
, 2009
"... We present an abstraction refinement technique for the verification of universally quantified array assertions such as “all elements in the array are sorted”. Our technique can be seamlessly combined with existing software model checking algorithms. We implemented our technique in the ACSAR softwar ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
(Show Context)
We present an abstraction refinement technique for the verification of universally quantified array assertions such as “all elements in the array are sorted”. Our technique can be seamlessly combined with existing software model checking algorithms. We implemented our technique in the ACSAR software model checker and successfully verified quantified array assertions for both text book examples and reallife examples taken from the Linux operating system kernel.
On Role Logic
, 2003
"... We present role logic, a notation for describing properties of relational structures in shape analysis, databases, and knowledge bases. We construct role logic using the ideas of de Bruijn's notation for lambda calculus, an encoding of firstorder logic in lambda calculus, and a simple rule for ..."
Abstract

Cited by 13 (7 self)
 Add to MetaCart
(Show Context)
We present role logic, a notation for describing properties of relational structures in shape analysis, databases, and knowledge bases. We construct role logic using the ideas of de Bruijn's notation for lambda calculus, an encoding of firstorder logic in lambda calculus, and a simple rule for implicit arguments of unary and binary predicates.
Combining shape analyses by intersecting abstractions
 In Verification, Model Checking and Abstract Interpretation (VMCAI
, 2006
"... ..."
(Show Context)