A precise memory model for low-level bounded model checking
SSV'10 Proceedings of the 5th international conference on Systems software verification
Shape analysis of low-level c with overlapping structures
VMCAI'10 Proceedings of the 11th international conference on Verification, Model Checking, and Abstract Interpretation
Reachability analysis of program variables
IJCAR'12 Proceedings of the 6th international joint conference on Automated Reasoning
Reachability analysis of program variables
ACM Transactions on Programming Languages and Systems (TOPLAS)
| Hi-index | 0.02 |
Reasoning about program heap, especially if it involves handling unbounded, dynamically heap-allocated data structures such as linked lists and arrays, is challenging. Furthermore, sound analysis that precisely models heap becomes significantly more challenging in the presence of low-level pointer manipulation that is prevalent in systems software. The reachability predicate has already proved to be useful for reasoning about the heap in type-safe languages where memory is manipulated by dereferencing object fields. In this paper, we present a memory model suitable for reasoning about low-level pointer operations that is accompanied by a formalization of the reachability predicate in the presence of internal pointers and pointer arithmetic. We have designed an annotation language for C programs that makes use of the new predicate. This language enables us to specify properties of many interesting data structures present in the Windows kernel. We present our experience with a prototype verifier on a set of illustrative C benchmarks.