Interprocedural may-alias analysis for pointers: beyond k-limiting
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Science of Computer Programming
Simplification by Cooperating Decision Procedures
ACM Transactions on Programming Languages and Systems (TOPLAS)
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
A New Numerical Abstract Domain Based on Difference-Bound Matrices
PADO '01 Proceedings of the Second Symposium on Programs as Data Objects
Improving the Results of Static Analyses Programs by Local Decreasing Iteration
Proceedings of the 12th Conference on Foundations of Software Technology and Theoretical Computer Science
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Combining abstract interpreters
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Full functional verification of linked data structures
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
A combination framework for tracking partition sizes
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Verifying Reference Counting Implementations
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
An integrated proof language for imperative programs
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Automated verification of shape and size properties via separation logic
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Shape analysis for composite data structures
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Proving ptolemy right: the environment abstraction framework for model checking concurrent systems
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Specialized 3-valued logic shape analysis using structure-based refinement and loose embedding
SAS'06 Proceedings of the 13th international conference on Static Analysis
Programs with lists are counter automata
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
A relational abstraction for functions
SAS'05 Proceedings of the 12th international conference on Static Analysis
A local shape analysis based on separation logic
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Arithmetic strengthening for shape analysis
SAS'07 Proceedings of the 14th international conference on Static Analysis
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
On inter-procedural analysis of programs with lists and data
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Abstract domains for automated reasoning about list-manipulating programs with infinite data
VMCAI'12 Proceedings of the 13th international conference on Verification, Model Checking, and Abstract Interpretation
An introduction to data representation synthesis
Communications of the ACM
TVAL+: TVLA and value analyses together
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
FESA: fold- and expand-based shape analysis
CC'13 Proceedings of the 22nd international conference on Compiler Construction
Hi-index | 0.02 |
We describe DESKCHECK, a parametric static analyzer that is able to establish properties of programs that manipulate dynamically allocated memory, arrays, and integers. DESKCHECK can verify quantified invariants over mixed abstract domains, e.g., heap and numeric domains. These domains need only minor extensions to work with our domain combination framework. The technique used for managing the communication between domains is reminiscent of the Nelson-Oppen technique for combining decision procedures, in that the two domains share a common predicate language to exchange shared facts. However, whereas the Nelson-Oppen technique is limited to a common predicate language of shared equalities, the technique described in this paper uses a common predicate language in which shared facts can be quantified predicates expressed in first-order logic with transitive closure. We explain how we used DESKCHECK to establish memory safety of the thttpd web server's cache data structure, which uses linked lists, a hash table, and reference counting in a single composite data structure. Our work addresses some of the most complex data-structure invariants considered in the shape-analysis literature.