Guarded commands, nondeterminacy and formal derivation of programs
Communications of the ACM
An axiomatic basis for computer programming
Communications of the ACM
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Data abstraction and information hiding
ACM Transactions on Programming Languages and Systems (TOPLAS)
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Local Reasoning about Programs that Alter Data Structures
CSL '01 Proceedings of the 15th International Workshop on Computer Science Logic
A semantics for procedure local heaps and its abstractions
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Weakest-precondition of unstructured programs
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
A general framework for certifying garbage collectors and their mutators
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Back to the future: revisiting precise program verification using SMT solvers
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Scalable Shape Analysis for Systems Code
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Regional Logic for Local Reasoning about Global Invariants
ECOOP '08 Proceedings of the 22nd European conference on Object-Oriented Programming
Boogie Meets Regions: A Verification Experience Report
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Boogie: a modular reusable verifier for object-oriented programs
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
Interprocedural shape analysis with separated heap abstractions
SAS'06 Proceedings of the 13th international conference on Static Analysis
The spec# programming system: an overview
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
What's decidable about arrays?
VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
Dynamic frames: support for framing, dependencies and sharing without restrictions
FM'06 Proceedings of the 14th international conference on Formal Methods
SMT-based modular analysis of sequential systems code
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Alternate and learn: finding witnesses without looking all over
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Hi-index | 0.00 |
Program verifiers based on first-order theorem provers model the program heap as a collection of mutable maps. In such verifiers, preserving unmodified facts about the heap across procedure calls is difficult because of scoping and modification of possibly unbounded set of heap locations. Existing approaches to deal with this problem are either too imprecise, require introducing untrusted assumptions in the verifier, or resort to unpredictable reasoning using quantifiers. In this work, we propose a new approach to solve this problem. The centerpiece of our approach is the call invariant, a new annotation for procedure calls. A call invariant allows the user to specify at a call site an assertion that is inductively preserved across an arbitrary update to a heap location modified in the call. Our approach allows us to leverage existing techniques for reasoning about call-free programs to precisely and predictably reason about programs with procedure calls. We have implemented the approach and applied it to the verification of examples containing dynamic memory allocations, linked lists, and arrays. We observe that most call invariants have a fairly simple shape and discuss ways to reduce the annotation overhead.