Results 11  20
of
663
Modular Automatic Assertion Checking with Separation Logic
, 2005
"... Separation logic is a program logic for reasoning about programs that manipulate pointer data structures. We describe a tool, Smallfoot, for checking certain lightweight separation logic specifications. The assertions describe the shapes of data structures rather than their detailed contents, and th ..."
Abstract

Cited by 163 (6 self)
 Add to MetaCart
(Show Context)
Separation logic is a program logic for reasoning about programs that manipulate pointer data structures. We describe a tool, Smallfoot, for checking certain lightweight separation logic specifications. The assertions describe the shapes of data structures rather than their detailed contents, and this allows reasoning to be fully automatic. We illustrate what the tool can do via a sequence of examples which are oriented around novel aspects of separation logic, namely: avoidance of frame axioms (which say what a procedure does not change); embracement of “dirty” features such as memory disposal and address arithmetic; information hiding in the presence of pointers; and modular reasoning about concurrent programs.
A local shape analysis based on separation logic
 IN: 12TH INTERNATIONAL CONFERENCE ON TOOLS AND ALGORITHMS FOR
, 2006
"... We describe a program analysis for linked list programs where the abstract domain uses formulae from separation logic. ..."
Abstract

Cited by 161 (24 self)
 Add to MetaCart
(Show Context)
We describe a program analysis for linked list programs where the abstract domain uses formulae from separation logic.
The Pointer Assertion Logic Engine
 Proc. ACM PLDI
, 2001
"... We present a new framework for verifying partial specifications of programs in order to catch type and memory errors and check data structure invariants. Our technique can verify a large class of data structures, namely all those that can be expressed as graph types. Earlier versions were restricted ..."
Abstract

Cited by 156 (3 self)
 Add to MetaCart
We present a new framework for verifying partial specifications of programs in order to catch type and memory errors and check data structure invariants. Our technique can verify a large class of data structures, namely all those that can be expressed as graph types. Earlier versions were restricted to simple special cases such as lists or trees. Even so, our current implementation is as fast as the previous specialized tools. Programs are annotated with partial specifications expressed in Pointer Assertion Logic, a new notation for expressing properties of the program store. We work in the logical tradition by encoding the programs and partial specifications as formulas in monadic secondorder logic. Validity of these formulas is checked by the MONA tool, which also can provide explicit counterexamples to invalid formulas. To make verification decidable, the technique requires explicit loop and function call invariants. In return, the technique is highly modular: every statement of a given program is analyzed only once. The main target applications are safetycritical datatype algorithms, where the cost of annotating a program with invariants is justified by the value of being able to automatically verify complex properties of the program.
Alias Types for Recursive Data Structures
, 2000
"... Linear type systems permit programmers to deallocate or explicitly recycle memory, but they are severly restricted by the fact that they admit no aliasing. This paper describes a pseudolinear type system that allows a degree of aliasing and memory reuse as well as the ability to define complex recu ..."
Abstract

Cited by 147 (13 self)
 Add to MetaCart
(Show Context)
Linear type systems permit programmers to deallocate or explicitly recycle memory, but they are severly restricted by the fact that they admit no aliasing. This paper describes a pseudolinear type system that allows a degree of aliasing and memory reuse as well as the ability to define complex recursive data structures. Our type system can encode conventional linear data structures such as linear lists and trees as well as more sophisticated data structures including cyclic and doublylinked lists and trees. In the latter cases, our type system is expressive enough to represent pointer aliasing and yet safely permit destructive operations such as object deallocation. We demonstrate the flexibility of our type system by encoding two common compiler optimizations: destinationpassing style and DeutschSchorrWaite or "linkreversal" traversal algorithms.
Symbolic execution with separation logic
 In APLAS
, 2005
"... Abstract. We describe a sound method for automatically proving Hoare triples for loopfree code in Separation Logic, for certain preconditions and postconditions (symbolic heaps). The method uses a form of symbolic execution, a decidable proof theory for symbolic heaps, and extraction of frame axiom ..."
Abstract

Cited by 144 (28 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a sound method for automatically proving Hoare triples for loopfree code in Separation Logic, for certain preconditions and postconditions (symbolic heaps). The method uses a form of symbolic execution, a decidable proof theory for symbolic heaps, and extraction of frame axioms from incomplete proofs. This is a precursor to the use of the logic in automatic specification checking, program analysis, and model checking. 1
Compositional Shape Analysis by means of BiAbduction
, 2009
"... This paper describes a compositional shape analysis, where each procedure is analyzed independently of its callers. The analysis uses an abstract domain based on a restricted fragment of separation logic, and assigns a collection of Hoare triples to each procedure; the triples provide an overapprox ..."
Abstract

Cited by 143 (16 self)
 Add to MetaCart
This paper describes a compositional shape analysis, where each procedure is analyzed independently of its callers. The analysis uses an abstract domain based on a restricted fragment of separation logic, and assigns a collection of Hoare triples to each procedure; the triples provide an overapproximation of data structure usage. Compositionality brings its usual benefits – increased potential to scale, ability to deal with unknown calling contexts, graceful way to deal with imprecision – to shape analysis, for the first time. The analysis rests on a generalized form of abduction (inference of explanatory hypotheses) which we call biabduction. Biabduction displays abduction as a kind of inverse to the frame problem: it jointly infers antiframes (missing portions of state) and frames (portions of state not touched by an operation), and is the basis of a new interprocedural analysis algorithm. We have implemented
Symbolic Bounds Analysis of Pointers, Array Indices, and Accessed Memory Regions
 PLDI 2000
, 2000
"... This paper presents a novel framework for the symbolic bounds analysis of pointers, array indices, and accessed memory regions. Our framework formulates each analysis problem as a system of inequality constraints between symbolic bound polynomials. It then reduces the constraint system to a linear p ..."
Abstract

Cited by 134 (15 self)
 Add to MetaCart
This paper presents a novel framework for the symbolic bounds analysis of pointers, array indices, and accessed memory regions. Our framework formulates each analysis problem as a system of inequality constraints between symbolic bound polynomials. It then reduces the constraint system to a linear program. The solution to the linear program provides symbolic lower and upper bounds for the values of pointer and array index variables and for the regions of memory that each statement and procedure accesses. This approach eliminates fundamental problems associated with applying standard xedpoint approaches to symbolic analysis problems. Experimental results from our implemented compiler show that the analysis can solve several important problems, including static race detection, automatic parallelization, static detection of array bounds violations, elimination of array bounds checks, and reduction of the number of bits used to store computed values.
TVLA: A System for Implementing Static Analyses
 In Static Analysis Symp
, 2000
"... We present TVLA (ThreeValuedLogic Analysis engine). TVLA is a "YACC"like framework for automatically constructing staticanalysis algorithms from an operational semantics, where the operational semantics is specified using logical formulae. TVLA was implemented in Java and was successfu ..."
Abstract

Cited by 134 (27 self)
 Add to MetaCart
(Show Context)
We present TVLA (ThreeValuedLogic Analysis engine). TVLA is a "YACC"like framework for automatically constructing staticanalysis algorithms from an operational semantics, where the operational semantics is specified using logical formulae. TVLA was implemented in Java and was successfully used to perform shape analysis on programs manipulating linked data structures (singly and doubly linked lists), to prove safety properties of Mobile Ambients, and to verify the partial correctness of several sorting programs.
Pointer analysis: Haven’t we solved this problem yet?
 PASTE'01
, 2001
"... During the past twentyone years, over seventyfive papers and nine Ph.D. theses have been published on pointer analysis. Given the tomes of work on this topic one may wonder, "Haven't we solved this problem yet?" With input from many researchers in the field, this paper describes iss ..."
Abstract

Cited by 119 (1 self)
 Add to MetaCart
During the past twentyone years, over seventyfive papers and nine Ph.D. theses have been published on pointer analysis. Given the tomes of work on this topic one may wonder, "Haven't we solved this problem yet?" With input from many researchers in the field, this paper describes issues related to pointer analysis and remaining open problems.
Shape analysis for composite data structures
 In CAV
, 2007
"... Abstract. We propose a shape analysis that adapts to some of the complex composite data structures found in industrial systemslevel programs. Examples of such data structures include “cyclic doublylinked lists of acyclic singlylinked lists”, “singlylinked lists of cyclic doublylinked lists with ..."
Abstract

Cited by 117 (20 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a shape analysis that adapts to some of the complex composite data structures found in industrial systemslevel programs. Examples of such data structures include “cyclic doublylinked lists of acyclic singlylinked lists”, “singlylinked lists of cyclic doublylinked lists with backpointers to head nodes”, etc. The analysis introduces the use of generic higherorder inductive predicates describing spatial relationships together with a method of synthesizing new parameterized spatial predicates which can be used in combination with the higherorder predicates. In order to evaluate the proposed approach for realistic programs we have performed experiments on examples drawn from device drivers: the analysis proved safety of the data structure manipulation of several routines belonging to an IEEE 1394 (firewire) driver, and also found several previously unknown memory safety bugs. 1