Shape analysis with inductive recursion synthesis

Guo, Bolei; Vachharajani, Neil; August, David I.

doi:10.1145/1250734.1250764

Cited by 61 publications

(32 citation statements)

References 17 publications

(9 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Emergence of garbage is detected iff a(G) is not well-connected. 11 We, however, compute not on single hypergraphs representing particular heaps but on sets of them represented by hierarchical SCFA. For now, we assume the nested SCFA used to be provided by the user.…”

Section: The Verification Procedures Based On Forest Automatamentioning

confidence: 99%

“…We note that there are other works on separation logic, e.g., [15], that consider tree manipulation, but these are usually semi-automated only. An exception is [11] which automatically handles even tree structures, but its mechanism of synthesising inductive predicates seems quite dependent on the fact that the dynamic linked data structures are built in a "nice" way conforming to the structure of the predicate to be learned (meaning, e.g., that lists are built by adding elements at the end only). 1 Further, compared to [4,19], our approach comes with a more flexible abstraction.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Forest automata for verification of heap manipulation

Habermehl

Holík

Rogalewicz

et al. 2012

Form Methods Syst Des

View full text Add to dashboard Cite

We consider verification of programs manipulating dynamic linked data structures such as various forms of singly and doubly-linked lists or trees. We consider important properties for this kind of systems like no null-pointer dereferences, absence of garbage, shape properties, etc. We develop a verification method based on a novel use of tree automata to represent heap configurations. A heap is split into several "separated" parts such that each of them can be represented by a tree automaton. The automata can refer to each other allowing the different parts of the heaps to mutually refer to their boundaries. Moreover, we allow for a hierarchical representation of heaps by allowing alphabets of the tree automata to contain other, nested tree automata. Program instructions can be easily encoded as operations on our representation structure. This allows verification of programs based on symbolic state-space exploration together with refinable abstraction within the so-called abstract regular tree model checking. A motivation for the approach is to combine advantages of automata-based approaches (higher generality and flexibility of the abstraction) with some advantages of separation-logic-based approaches (efficiency). We have implemented our approach and tested it successfully on multiple non-trivial case studies.

show abstract

Section: The Verification Procedures Based On Forest Automatamentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Forest automata for verification of heap manipulation

Habermehl

Holík

Rogalewicz

et al. 2012

Form Methods Syst Des

View full text Add to dashboard Cite

show abstract

“…Researchers have used separation logic to prove code correct by hand [Bornat et al, 2004;Birkedal et al, 2004], and as the basis for a variety of automatic shape-analysis domains [Lee et al, 2005;Berdine et al, 2005;Magill et al, 2006;Distefano et al, 2006;Gotsman et al, 2006;Guo et al, 2007]. Two important research goals have been to make analyses based on separation logic more expressive Lee et al, 2011], and more scalable [Yang et al, 2008;Calcagno et al, 2009]; despite much progress, shape analyses with the necessary combination of precision and scalability do not yet exist.…”

Section: Static Analysis and Verification Techniquesmentioning

confidence: 99%

Data representation synthesis

et al. 2012

View full text Add to dashboard Cite

This dissertation introduces Data Representation Synthesis, a technique for specifying combinations of data structures with complex sharing in a manner that is both declarative and results in provably correct code. In our approach, abstract data types are specified using relational algebra and functional dependencies. We describe a language of decompositions that permit a programmer to specify different concrete representations for relations, and show that operations on concrete representations soundly implement their relational specification.Decompositions also give new insight into the problem of writing safe and efficient concurrent code. We introduce lock placements, which describe, for each heap location, which lock guards the location, and under what circumstances. By incorporating lock placements into decompositions, a compiler can automatically explore the space of possible legal data representations and locking strategies, while simultaneously guaranteeing correctness, serializability of relational operations, and deadlock-freedom.It is easy to incorporate data representations synthesized by our compiler into existing systems, leading to code that is simpler, correct by construction, and comparable in performance to the code it replaces. We describe our experience with a prototype compiler; code generated by our system can easily be dropped into existing systems in place of complex hand-written implementations with comparable performance.

show abstract

“…Various approaches to verification of such programs differing in their principles, degree of automation, generality, and scalability have emerged. They are based, e.g., on monadic second-order logic [40], 3-valued predicate logic with transitive closure [47], separation logic [20,31,45,60], 16 or automata [12,14,25]. Among all of these approaches, the method presented here is one of the most general and fully automated at the same time.…”

Section: Related Approachesmentioning

confidence: 99%

“…In[31], more complex structures are automatically manipulated, but they are built by the programs in some "nice" way, suitable for the inductive predicates being constructed and used.…”

mentioning

confidence: 99%

Abstract regular (tree) model checking

Bouajjani

Habermehl

Rogalewicz

et al. 2011

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

Regular model checking is a generic technique for verification of infinite-state and/or parametrised systems which uses finite word automata or finite tree automata to finitely represent potentially infinite sets of reachable configurations of the systems being verified. The problems addressed by regular model checking are typically undecidable. In order to facilitate termination in as many cases as possible, acceleration is needed in the incremental computation of the set of reachable configurations in regular model checking. In this work, we describe how various incrementally refinable abstractions on finite (word and tree) automata can be used for this purpose. Moreover, the use of abstraction does not only increase chances of the technique to terminate, but it also significantly reduces the problem of an explosion in the number of states of the automata that are generated by regular model checking. We illustrate the efficiency of abstract regular (tree) model checking in verification of simple systems with various sources of infinity such as unbounded counters, queues, stacks, and parameters. We then show how abstract regular tree model checking can be used for verification of programs manipulating tree-like dynamic data structures. Even more complex data structures can be handled using a suitable tree-like encoding.

show abstract

Shape analysis with inductive recursion synthesis

Cited by 61 publications

References 17 publications

Forest automata for verification of heap manipulation

Forest automata for verification of heap manipulation

Data representation synthesis

Abstract regular (tree) model checking

Contact Info

Product

Resources

About