Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
TVLA: A System for Implementing Static Analyses
SAS '00 Proceedings of the 7th International Symposium on Static Analysis
Local Reasoning about Programs that Alter Data Structures
CSL '01 Proceedings of the 15th International Workshop on Computer Science Logic
A static analyzer for large safety-critical software
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Improving the reliability of commodity operating systems
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A semantics for procedure local heaps and its abstractions
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Region-based shape analysis with tracked locations
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Thorough static analysis of device drivers
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Shape analysis with inductive recursion synthesis
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Heap Decomposition for Concurrent Shape Analysis
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Thread Quantification for Concurrent Shape Analysis
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Shape analysis for composite data structures
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Efficient context-sensitive shape analysis with graph based heap models
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Specialized 3-valued logic shape analysis using structure-based refinement and loose embedding
SAS'06 Proceedings of the 13th international conference on Static Analysis
Interprocedural shape analysis with separated heap abstractions
SAS'06 Proceedings of the 13th international conference on Static Analysis
Symbolic execution with separation logic
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
A local shape analysis based on separation logic
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Shape analysis with structural invariant checkers
SAS'07 Proceedings of the 14th international conference on Static Analysis
Tutorial on Separation Logic (Invited Tutorial)
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
THOR: A Tool for Reasoning about Shape and Arithmetic
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Abductive Inference for Reasoning about Heaps
APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
ICLP '08 Proceedings of the 24th International Conference on Logic Programming
Logic-Based Program Synthesis and Transformation
Automatic Parallelization with Separation Logic
ESOP '09 Proceedings of the 18th European Symposium on Programming Languages and Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Cardinality Abstraction for Declarative Networking Applications
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Region Analysis for Race Detection
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Memory Usage Verification Using Hip/Sleek
ATVA '09 Proceedings of the 7th International Symposium on Automated Technology for Verification and Analysis
Automated Analysis of Data-Dependent Programs with Dynamic Memory
ATVA '09 Proceedings of the 7th International Symposium on Automated Technology for Verification and Analysis
Attacking Large Industrial Code with Bi-abductive Inference
FMICS '09 Proceedings of the 14th International Workshop on Formal Methods for Industrial Critical Systems
Fractional Ownerships for Safe Memory Deallocation
APLAS '09 Proceedings of the 7th Asian Symposium on Programming Languages and Systems
Verifying pointer safety for programs with unknown calls
Journal of Symbolic Computation
Symbolic heap abstraction with demand-driven axiomatization of memory invariants
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
A shape analysis for non-linear data structures
SAS'10 Proceedings of the 17th international conference on Static analysis
A parametric segmentation functor for fully automatic and scalable array content analysis
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Loop invariant synthesis in a combined domain
ICFEM'10 Proceedings of the 12th international conference on Formal engineering methods and software engineering
Communications of the ACM
Access analysis-based tight localization of abstract memories
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
Programs with lists are counter automata
Formal Methods in System Design
NFM'11 Proceedings of the Third international conference on NASA Formal methods
Infer: an automatic program verifier for memory safety of C programs
NFM'11 Proceedings of the Third international conference on NASA Formal methods
Faster alias set analysis using summaries
CC'11/ETAPS'11 Proceedings of the 20th international conference on Compiler construction: part of the joint European conferences on theory and practice of software
Separation logic + superposition calculus = heap theorem prover
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Automatically refining partial specifications for program verification
FM'11 Proceedings of the 17th international conference on Formal methods
Annotation inference for separation logic based verifiers
FMOODS'11/FORTE'11 Proceedings of the joint 13th IFIP WG 6.1 and 30th IFIP WG 6.1 international conference on Formal techniques for distributed systems
Automated cyclic entailment proofs in separation logic
CADE'11 Proceedings of the 23rd international conference on Automated deduction
SLAYER: memory safety for systems-level code
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
A specialization calculus for pruning disjunctive predicates to support verification
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Forest automata for verification of heap manipulation
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Program analysis for overlaid data structures
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
The complexity of abduction for separated heap abstractions
SAS'11 Proceedings of the 18th international conference on Static analysis
Monotonic abstraction for programs with multiply-linked structures
RP'11 Proceedings of the 5th international conference on Reachability problems
Automatic fine-grain locking using shape properties
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Precision and the Conjunction Rule in Concurrent Separation Logic
Electronic Notes in Theoretical Computer Science (ENTCS)
Compositional Shape Analysis by Means of Bi-Abduction
Journal of the ACM (JACM)
A machine-checked framework for relational separation logic
SEFM'11 Proceedings of the 9th international conference on Software engineering and formal methods
Towards a program logic for JavaScript
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Shape analysis of low-level c with overlapping structures
VMCAI'10 Proceedings of the 11th international conference on Verification, Model Checking, and Abstract Interpretation
Shape analysis with reference set relations
VMCAI'10 Proceedings of the 11th international conference on Verification, Model Checking, and Abstract Interpretation
Practical extensions to the IFDS algorithm
CC'10/ETAPS'10 Proceedings of the 19th joint European conference on Theory and Practice of Software, international conference on Compiler Construction
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Ranking function synthesis for bit-vector relations
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
VeriSmall: verified smallfoot shape analysis
CPP'11 Proceedings of the First international conference on Certified Programs and Proofs
Access-Based localization with bypassing
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
Science of Computer Programming
Design and implementation of sparse global analyses for C-like languages
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Programming paradigm driven heap analysis
CC'12 Proceedings of the 21st international conference on Compiler Construction
Sound formal verification of linux's USB BP keyboard driver
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
A divide-and-conquer approach for analysing overlaid data structures
Formal Methods in System Design
Forest automata for verification of heap manipulation
Formal Methods in System Design
Automated termination proofs for Java programs with cyclic data
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Automated detection of non-termination and nullpointerexceptions for Java Bytecode
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
Loop invariant synthesis in a combined abstract domain
Journal of Symbolic Computation
Compositional invariant checking for overlaid and nested linked lists
ESOP'13 Proceedings of the 22nd European conference on Programming Languages and Systems
Natural proofs for structure, data, and separation
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Proof-Directed Parallelization Synthesis by Separation Logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
SPLLIFT: statically analyzing software product lines in minutes instead of years
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 18th ACM SIGPLAN international conference on Functional programming
Fully automated shape analysis based on forest automata
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
Automating separation logic using SMT
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
Toward a verifiable software dataplane
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Parametric completeness for separation theories
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Modular reasoning about heap paths via effectively propositional formulas
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Invariants synthesis over a combined domain for automated program verification
Theories of Programming and Formal Methods
Software verification with VeriFast: Industrial case studies
Science of Computer Programming
Automatically refining partial specifications for heap-manipulating programs
Science of Computer Programming
| Hi-index | 0.02 |
Pointer safety faults in device drivers are one of the leading causes of crashes in operating systems code. In principle, shape analysis tools can be used to prove the absence of this type of error. In practice, however, shape analysis is not used due to the unacceptable mixture of scalability and precision provided by existing tools. In this paper we report on a new join operation ${\sqcup\dagger}$ for the separation domain which aggressively abstracts information for scalability yet does not lead to false error reports. ${\sqcup\dagger}$ is a critical piece of a new shape analysis tool that provides an acceptable mixture of scalability and precision for industrial application. Experiments on whole Windows and Linux device drivers (firewire, pci-driver, cdrom, md, etc.) represent the first working application of shape analysis to verification of whole industrial programs.