An Easy to Use Infrastructure for Building Static Analysis Tools

Dudka, Kamil; Peringer, Petr; Tom,; Vojnar, Tomáš

doi:10.1007/978-3-642-27549-4_68

Cited by 9 publications

(6 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The rules are to be applied in the stated order. 15 We start with a rule allowing us to learn missing pure constraints.…”

Section: Abduction Rulesmentioning

confidence: 99%

See 1 more Smart Citation

Low-Level Bi-Abduction

Holík¹,

Peringer²,

Rogalewicz³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

The paper proposes a new static analysis designed to handle open programs, i.e., fragments of programs, with dynamic pointer-linked data structures-in particular, various kinds of lists-that employ advanced low-level pointer operations. The goal is to allow such programs be analysed without a need of writing analysis harnesses that would first initialise the structures being handled. The approach builds on a special flavour of separation logic and the approach of bi-abduction. The code of interest is analyzed along the call tree, starting from its leaves, with each function analysed just once without any call context, leading to a set of contracts summarizing the behaviour of the analysed functions. In order to handle the considered programs, methods of abduction existing in the literature are significantly modified and extended in the paper. The proposed approach has been implemented in a tool prototype and successfully evaluated on not large but complex programs.

show abstract

“…The rules are to be applied in the stated order. 15 We start with a rule allowing us to learn missing pure constraints.…”

Section: Abduction Rulesmentioning

confidence: 99%

“…The SMT queries discussed above are answered using the Z3 solver [12]. The front-end of Broom is based on Code Listener [15], a framework providing access to the intermediate code of a compiler (as, e.g., gcc).…”

Section: Prototype Implementationmentioning

confidence: 99%

Low-Level Bi-Abduction

Holík¹,

Peringer²,

Rogalewicz³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Predator is implemented using C++ and the Boost libraries as a GCC plug-in on top of the Code Listener framework [2], which we recently upgraded to work with GCC 7.4.0. Moreover, as shown below, we extended Code Listener by adding a type analysis phase before the compiled code is passed to the shape analysis implemented in Predator.…”

Section: The Predator Shape Analyzermentioning

confidence: 99%

PredatorHP Revamped (Not Only) for Interval-Sized Memory Regions and Memory Reallocation (Competition Contribution)

Peringer

Šoková

Vojnar

2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…The source code of the PredatorHP release used in the competition can be downloaded from the project web page 3 . The file README-SVCOMP-2015 included in the archive describes how to build PredatorHP from source code and how to apply the tool on the competition benchmarks.…”

Section: Tool Setup and Configurationmentioning

confidence: 99%

Predator Hunting Party (Competition Contribution)

Müller

Peringer

Vojnar

2015

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

This paper introduces PredatorHP (Predator Hunting Party), a program verifier built on top of the Predator shape analyser, and discusses its participation in the SV-COMP'15 software verification competition. Predator is a sound shape analyser dealing with C programs with lists implemented via low-level pointer operations. PredatorHP uses Predator to prove programs safe while at the same time using several bounded versions of Predator for bug hunting. The Underlying Verification ApproachAt the heart of PredatorHP there is the Predator shape analyser [2]. The main aim of Predator is sound shape analysis of sequential, non-recursive C programs that use lowlevel pointer operations for working efficiently with various kinds of linked lists. Predator supports many advanced uses of pointer arithmetics, address alignment, and block operations common in highly optimized system code, such as operating system kernels, drivers, memory allocators, and the like.Predator is based on abstract interpretation with the abstract domain of symbolic memory graphs (SMGs) [2]. In a nutshell, SMGs consist of two kinds of nodesnamely, individual memory regions and uninterrupted list segments-and two kinds of edges, in particular, the so-called has-value and points-to edges. SMGs were inspired by separation logic with higher-order list predicates but with an added support for lowlevel memory operations. Moreover, all the needed algorithms for dealing with SMGs (symbolic execution of program statements, the join operator, widening in the form of abstraction, entailment checking) were newly designed to be as efficient as possible by leveraging the graph structure of SMGs. The most essential role is played by the join operator: both abstraction and entailment checking are built on top of it. Predator supports inter-procedural analysis by means of function summaries.Recently, a new extension of Predator was implemented [1]. It uses the Predator kernel for transforming programs with list containers implemented by low-level pointer operations into equivalent programs with high-level container operations, which can be useful, e.g., for code understanding, easier verification, parallelisation, optimisation, etc.

show abstract

An Easy to Use Infrastructure for Building Static Analysis Tools

Cited by 9 publications

References 3 publications

Low-Level Bi-Abduction

Low-Level Bi-Abduction

PredatorHP Revamped (Not Only) for Interval-Sized Memory Regions and Memory Reallocation (Competition Contribution)

Predator Hunting Party (Competition Contribution)

Contact Info

Product

Resources

About