Predator: A Practical Tool for Checking Manipulation of Dynamic Data Structures Using Separation Logic

Dudka, Kamil; Peringer, Petr; Vojnar, Tomáš

doi:10.1007/978-3-642-22110-1_29

Cited by 47 publications

(52 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…CPALIEN is an offspring of the successful Predator shape analyzer [1]. Predator implements a sound shape analysis of programs manipulating list-like data structures of various kinds.…”

Section: Verification Approachmentioning

confidence: 99%

CPAlien: Shape Analyzer for CPAChecker

Müller

Vojnar

2014

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

Abstract. CPALIEN is a configurable program analysis framework instance. It uses an extension of the symbolic memory graphs (SMGs) abstract domain for shape analysis of programs manipulating the heap. In particular, CPALIEN extends SMGs with a simple integer value analysis in order to handle programs with both pointers and integer data. The current version of CPALIEN is an early prototype intended as a basis for a future research in the given area. The version submitted for SV-COMP'14 does not contain any shape abstraction, but it is still powerful enough to participate in several categories.

show abstract

“…CPALIEN is an offspring of the successful Predator shape analyzer [1]. Predator implements a sound shape analysis of programs manipulating list-like data structures of various kinds.…”

Section: Verification Approachmentioning

confidence: 99%

CPAlien: Shape Analyzer for CPAChecker

Müller

Vojnar

2014

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…Given a program annotated with separation logic assertions, one can try to prove statically that each assertion holds at the appropriate program point; a long line of research in this area has resulted in a number of tools that are capable of doing this automatically at least some of the time for industrial code (see e.g. [7,8,14,16,19,24,28]). Alternatively, one might also try to test dynamically whether properties hold: simply execute the program and check whether each assertion is satisfied by the actual memory state of the program at that point (this is sometimes known as run-time verification).…”

Section: Introductionmentioning

confidence: 99%

“…However, the logic itself has attracted considerable recent interest amongst the verification community. The aforementioned automated program verification tools based on separation logic [7,8,14,16,19,24,28] are all based on symbolic heaps, and increasingly targeted at verifying specifications involving user-defined rather than hard-coded predicates. Indeed, there are now even tools capable of automatically generating the definitions of inductive predicates needed for analysis [11,25].…”

Section: Introductionmentioning

confidence: 99%

Model checking for symbolic-heap separation logic with inductive predicates

et al. 2016

View full text Add to dashboard Cite

Copyright and moral rights to this thesis/research project are retained by the author and/or other copyright owners. The work is supplied on the understanding that any use for commercial gain is strictly forbidden. A copy may be downloaded for personal, non-commercial, research or study without prior permission and without charge. Any use of the thesis/research project for private study or research must be properly acknowledged with reference to the work's full bibliographic details.This thesis/research project may not be reproduced in any format or medium, or extensive quotations taken from it, or its content changed in any way, without first obtaining permission in writing from the copyright holder(s).If you believe that any material held in the repository infringes copyright law, please contact the Repository Team at Middlesex University via the following email address:eprints@mdx.ac.ukThe item will be removed from the repository while any claim is being investigated. AbstractWe investigate the model checking problem for symbolic-heap separation logic with user-defined inductive predicates, i.e., the problem of checking that a given stack-heap memory state satisfies a given formula in this language, as arises e.g. in software testing or runtime verification. First, we show that the problem is decidable; specifically, we present a bottom-up fixed point algorithm that decides the problem and runs in exponential time in the size of the problem instance.Second, we show that, while model checking for the full language is EXPTIME-complete, the problem becomes NP-complete or PTIME-solvable when we impose natural syntactic restrictions on the schemata defining the inductive predicates. We additionally present NP and PTIME algorithms for these restricted fragments.Finally, we report on the experimental performance of our procedures on a variety of specifications extracted from programs, exercising multiple combinations of syntactic restrictions.

show abstract

“…The frame rule makes separation logic attractive for developers of program verification tools [6,8,19,21,36]. However, the logic also poses a challenge to automation: it is a non-classical logic that requires specialized symbolic execution engines for encoding the behavior of programs, and specialized theorem provers for discharging the generated proof obligations.…”

Section: Introductionmentioning

confidence: 99%

Automating Separation Logic Using SMT

Piskač

Wies

Zufferey

2013

Lecture Notes in Computer Science

106

120

View full text Add to dashboard Cite

Abstract. Separation logic (SL) has gained widespread popularity because of its ability to succinctly express complex invariants of a program's heap configurations. Several specialized provers have been developed for decidable SL fragments. However, these provers cannot be easily extended or combined with solvers for other theories that are important in program verification, e.g., linear arithmetic. In this paper, we present a reduction of decidable SL fragments to a decidable first-order theory that fits well into the satisfiability modulo theories (SMT) framework. We show how to use this reduction to automate satisfiability, entailment, frame inference, and abduction problems for separation logic using SMT solvers. Our approach provides a simple method of integrating separation logic into existing verification tools that provide SMT backends, and an elegant way of combining SL fragments with other decidable first-order theories. We implemented this approach in a verification tool and applied it to heap-manipulating programs whose verification involves reasoning in theory combinations.

show abstract

Predator: A Practical Tool for Checking Manipulation of Dynamic Data Structures Using Separation Logic

Cited by 47 publications

References 8 publications

CPAlien: Shape Analyzer for CPAChecker

CPAlien: Shape Analyzer for CPAChecker

Model checking for symbolic-heap separation logic with inductive predicates

Automating Separation Logic Using SMT

Contact Info

Product

Resources

About