Analysis of pointers and structures
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
A safe approximate algorithm for interprocedural aliasing
PLDI '92 Proceedings of the ACM SIGPLAN 1992 conference on Programming language design and implementation
Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects
POPL '93 Proceedings of the 20th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Interprocedural may-alias analysis for pointers: beyond k-limiting
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Automatic verification of pointer programs using monadic second-order logic
Proceedings of the ACM SIGPLAN 1997 conference on Programming language design and implementation
Type-based race detection for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
A framework for numeric analysis of array operations
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A case study of C source code verification: the Schorr-Waite algorithm
SEFM '05 Proceedings of the Third IEEE International Conference on Software Engineering and Formal Methods
Verifying properties of well-founded linked lists
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Combining abstract interpreters
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
A reachability predicate for analyzing low-level software
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Beyond reachability: shape abstraction in the presence of pointer arithmetic
SAS'06 Proceedings of the 13th international conference on Static Analysis
Interprocedural shape analysis with separated heap abstractions
SAS'06 Proceedings of the 13th international conference on Static Analysis
Data structure specifications via local equality axioms
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
A local shape analysis based on separation logic
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
A verification methodology for model fields
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
Relational inductive shape analysis
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Logical Interpretation: Static Program Analysis Using Theorem Proving
CADE-21 Proceedings of the 21st international conference on Automated Deduction: Automated Deduction
Quantitative Separation Logic and Programs with Lists
IJCAR '08 Proceedings of the 4th international joint conference on Automated Reasoning
Identification of Heap---Carried Data Dependence Via Explicit Store Heap Models
Languages and Compilers for Parallel Computing
Sharing analysis of arrays, collections, and recursive structures
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Finding Loop Invariants for Programs over Arrays Using a Theorem Prover
FASE '09 Proceedings of the 12th International Conference on Fundamental Approaches to Software Engineering: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Identification of logically related heap regions
Proceedings of the 2009 international symposium on Memory management
Region Analysis for Race Detection
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
A Smooth Combination of Linear and Herbrand Equalities for Polynomial Time Must-Alias Analysis
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Efficient context-sensitive shape analysis with graph based heap models
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Quantitative Separation Logic and Programs with Lists
Journal of Automated Reasoning
Shape analysis of low-level c with overlapping structures
VMCAI'10 Proceedings of the 11th international conference on Verification, Model Checking, and Abstract Interpretation
Shape analysis with reference set relations
VMCAI'10 Proceedings of the 11th international conference on Verification, Model Checking, and Abstract Interpretation
Program parallelization using synchronized pipelining
LOPSTR'09 Proceedings of the 19th international conference on Logic-Based Program Synthesis and Transformation
Case studies on invariant generation using a saturation theorem prover
MICAI'11 Proceedings of the 10th Mexican international conference on Advances in Artificial Intelligence - Volume Part I
Programming paradigm driven heap analysis
CC'12 Proceedings of the 21st international conference on Compiler Construction
Static analysis of list-manipulating programs via bit-vectors and numerical abstractions
Proceedings of the 28th Annual ACM Symposium on Applied Computing
| Hi-index | 0.00 |
We describe an abstract domain for representing useful invariants of heap-manipulating programs (in presence of recursive data structures and pointer arithmetic) written in languages like C or low-level code. This abstract domain allows representation of must and may equalities among pointer expressions. Pointer expressions contain existentially or universally quantified integer variables guarded by some base domain constraint. We allow quantification of a special form, namely ∃∀ quantification, to balance expressiveness with efficient automated deduction. The existential quantification is over some dummy non-program variables, which are automatically made explicit by our analysis to express useful program invariants. The universal quantifier is used to express properties of collections of memory locations. Our abstract interpreter automatically computes invariants about programs over this abstract domain. We present initial experimental results demonstrating the effectiveness of this abstract domain on some common coding patterns.