Putting static analysis to work for verification: A case study
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
The pointer assertion logic engine
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Introduction to constraint databases
Introduction to constraint databases
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Mona: Monadic Second-Order Logic in Practice
TACAS '95 Proceedings of the First International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Using Forward Reachability Analysis for Verification of Lossy Channel Systems
Formal Methods in System Design
Shape analysis with inductive recursion synthesis
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Applying the Graph Minor Theorem to the Verification of Graph Transformation Systems
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Monotonic Abstraction for Programs with Dynamic Memory Heaps
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Scalable Shape Analysis for Systems Code
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Automated verification of shape and size properties via separation logic
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Regular model checking without transducers (on efficient verification of parameterized systems)
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Abstract regular tree model checking of complex dynamic data structures
SAS'06 Proceedings of the 13th international conference on Static Analysis
Programs with lists are counter automata
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Verifying programs with dynamic 1-selector-linked structures in regular model checking
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
A complete abstract interpretation framework for coverability properties of WSTS
VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
Monotonic abstraction for programs with multiply-linked structures
RP'11 Proceedings of the 5th international conference on Reachability problems
Model checking of linearizability of concurrent list implementations
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
| Hi-index | 0.00 |
We present a new approach for automatic verification of data-dependent programs manipulating dynamic heaps. A heap is encoded by a graph where the nodes represent the cells, and the edges reflect the pointer structure between the cells of the heap. Each cell contains a set of variables which range over the natural numbers. Our method relies on standard backward reachability analysis, where the main idea is to use a simple set of predicates, called signatures , in order to represent bad sets of heaps. Examples of bad heaps are those which contain either garbage, lists which are not well-formed, or lists which are not sorted. We present the results for the case of programs with a single next-selector, and where variables may be compared for (in)equality. This allows us to verify for instance that a program, like bubble sort or insertion sort, returns a list which is well-formed and sorted, or that the merging of two sorted lists is a new sorted list. We report on the result of running a prototype based on the method on a number of programs.