Programs with Lists Are Counter Automata

Bouajjani, Ahmed; Bozga, Marius; Habermehl, Peter; Losif, Radu; Moro, Pierre; Vojnar, Tomáš

doi:10.1007/11817963_47

Cited by 68 publications

(15 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…• Store based model. A store based model explicates heap locations in terms of their addresses and generally represents the heap memory as a directed graph [7,10,15,18,26,37,61,68,77,84,87]. The nodes of the graph represent locations or objects in the memory.…”

Section: Heap Modelsmentioning

confidence: 99%

See 1 more Smart Citation

Heap Abstractions for Static Analysis

Kanvar

Khedker

2016

ACM Comput. Surv.

View full text Add to dashboard Cite

Heap data is potentially unbounded and seemingly arbitrary. As a consequence, unlike stack and static memory, heap memory cannot be abstracted directly in terms of a fixed set of source variable names appearing in the program being analysed. This makes it an interesting topic of study and there is an abundance of literature employing heap abstractions. Although most studies have addressed similar concerns, their formulations and formalisms often seem dissimilar and some times even unrelated. Thus, the insights gained in one description of heap abstraction may not directly carry over to some other description. This survey is a result of our quest for a unifying theme in the existing descriptions of heap abstractions. In particular, our interest lies in the abstractions and not in the algorithms that construct them.In our search of a unified theme, we view a heap abstraction as consisting of two features: a heap model to represent the heap memory and a summarization technique for bounding the heap representation. We classify the models as storeless, store based, and hybrid. We describe various summarization techniques based on k-limiting, allocation sites, patterns, variables, other generic instrumentation predicates, and higher-order logics. This approach allows us to compare the insights of a large number of seemingly dissimilar heap abstractions and also paves way for creating new abstractions by mix-and-match of models and summarization techniques. Heap Analysis: MotivationHeap data is potentially unbounded and seemingly arbitrary. Although there is a plethora of literature on heap, the formulations and formalisms often seem dissimilar. This survey is a result of our quest for a unifying theme in the existing descriptions of heap. Why Heap?Unlike stack or static memory, heap memory allows on-demand memory allocation based on the statements in a program (and not just variable declarations). Thus it facilitates creation of flexible data structures which can outlive the procedures that create them and whose sizes can change during execution. With processors becoming faster and memories becoming larger as well as faster, the ability of creating large and flexible data structures increases. Thus the role of heap memory in user programs as well as design and implementation of programming languages becomes more significant. Why Heap Analysis? Why Heap Analysis?The increasing importance of the role of heap memory naturally leads to a myriad requirements of its analysis. Although heap data has been subjected to static as well as dynamic analyses, in this paper, we restrict ourselves to static analysis.Heap analysis, at a generic level, provides useful information about heap data, i.e. heap pointers or references. Additionally, it helps in discovering control flow through dynamic dispatch resolution. Specific applications that can benefit from heap analysis include program understanding, program refactoring, verification, debugging, enhancing security, improving performance, compile time garbage collection, inst...

show abstract

Section: Heap Modelsmentioning

confidence: 99%

“…Thus, all nodes with the same pointed-to-by-x predicate values are merged and represented by a summary node. Variable based summarization has been performed on store based heap model [7,15,75,76]. Figure 5d represents variable based summarization of the store based model in Figure 5a.…”

Section: Summarization Techniquesmentioning

confidence: 99%

Heap Abstractions for Static Analysis

Kanvar

Khedker

2016

ACM Comput. Surv.

View full text Add to dashboard Cite

show abstract

“…They model lists at the pointer level and impose some restrictions on the programs that they can verify. For example, the approach proposed in [9] works only for programs that do not access data stored in the lists at all or that only compare data in some nodes (for sorting purposes). Lahiri and Qadeer proposed a logic for specifying properties over linked lists and a decision procedure for checking programs in a subset of C against such specifications [29].…”

Section: Program Verificationmentioning

confidence: 99%

“…The main challenges are (1) precise and compact modeling of the collection state with a small number of predicates, (2) precise modeling of operations upon collections, (3) support for preserving information between any two program code locations, and (4) efficient construction of abstract programs. Addressing these challenges is important Many program verification techniques and frameworks that target collections and data structures have been proposed in recent years -symbolic execution for data structures [25], shape analysis based on predicate abstraction [7,16,37] or other abstractions [6], logics and decision procedures for heap data structures [7,29], techniques based on separation logic [18], and various techniques for verification of linked list implementations [9,10,28] and general programs that use collections against functional specifications [40,41]. Most of these approaches model collections at the representation level.…”

Section: Introductionmentioning

confidence: 99%

Predicate abstraction of Java programs with collections

Parízek

Lhoták

2012

Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications

View full text Add to dashboard Cite

Our goal is to develop precise and scalable verification techniques for Java programs that use collections and properties that depend on their content.We apply the popular approach of predicate abstraction to Java programs and collections. The main challenge in this context is precise and compact modeling of collections that enables practical verification.We define a predicate language for modeling the observable state of Java collections at the interface level. Changes of the state by API methods are captured by weakest preconditions. We adapt existing techniques for construction of abstract programs. Most notably, we designed optimizations based on specific features of the predicate language.We evaluated our approach on Java programs that use collections in advanced ways. Our results show that interesting properties, such as consistency between multiple collections, can be verified using our approach. The properties are specified using logic formulas that involve predicates introduced by our language.

show abstract

“…Programs with pointer variables suffer the same drawback since reachability problems are also undecidable, see e.g. [2,3]. It is worth noting that specific properties need to be verified for such programs, such as the existence of memory leaks, memory violation, or shape analysis.…”

Section: Introductionmentioning

confidence: 99%

Reasoning About Sequences of Memory States

Brochenin

Demri

Lozes

Logical Foundations of Computer Science

View full text Add to dashboard Cite

Motivated by the verification of programs with pointer variables, we introduce a temporal logic LTL mem whose underlying assertion language is the quantifier-free fragment of separation logic and the temporal logic on the top of it is the standard linear-time temporal logic LTL. We analyze the complexity of various model-checking and satisfiability problems for LTL mem , considering various fragments of separation logic (including pointer arithmetic), various classes of models (with or without constant heap), and the influence of fixing the initial memory state. We provide a complete picture based on these criteria. Our main decidability result is pspace-completeness of the satisfiability problems on the record fragment and on a classical fragment allowing pointer arithmetic. Σ 0 1 -completeness or Σ 1 1 -completeness results are established for various problems by reducing standard problems for Minsky machines, and underline the tightness of our decidability results.

show abstract

Programs with Lists Are Counter Automata

Cited by 68 publications

References 18 publications

Heap Abstractions for Static Analysis

Heap Abstractions for Static Analysis

Predicate abstraction of Java programs with collections

Reasoning About Sequences of Memory States

Contact Info

Product

Resources

About