Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Abductive analysis of modular logic programs
ILPS '94 Proceedings of the 1994 International Symposium on Logic programming
The complexity of logic-based abduction
Journal of the ACM (JACM)
Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Solving shape-analysis problems in languages with destructive updating
ACM Transactions on Programming Languages and Systems (TOPLAS)
Compositional pointer and escape analysis for Java programs
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Calculating sharp adaptation rules
Information Processing Letters - Special issue in honor of Edsger W. Dijkstra
BI as an assertion language for mutable data structures
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Modular Static Program Analysis
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Local Reasoning about Programs that Alter Data Structures
CSL '01 Proceedings of the 15th International Workshop on Computer Science Logic
On computing all abductive explanations
Eighteenth national conference on Artificial intelligence
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Local reasoning for stateful programs
Local reasoning for stateful programs
Possible worlds and resources: the semantics of BI
Theoretical Computer Science - Mathematical foundations of programming semantics
A semantics for procedure local heaps and its abstractions
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Region-based shape analysis with tracked locations
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Lightweight object specification with typestates
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
A Complete Classification of the Complexity of Propositional Abduction
SIAM Journal on Computing
Thorough static analysis of device drivers
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Resources, concurrency, and local reasoning
Theoretical Computer Science
Shape analysis with inductive recursion synthesis
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Local Action and Abstract Separation Logic
LICS '07 Proceedings of the 22nd Annual IEEE Symposium on Logic in Computer Science
Lifting abstract interpreters to quantified logical domains
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Relational inductive shape analysis
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Practical memory leak detector based on parameterized procedural summaries
Proceedings of the 7th international symposium on Memory management
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Monotonic Abstraction for Programs with Dynamic Memory Heaps
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Enhancing Program Verification with Lemmas
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Scalable Shape Analysis for Systems Code
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
jStar: towards practical verification for java
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Compositional shape analysis by means of bi-abduction
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Separation and information hiding
ACM Transactions on Programming Languages and Systems (TOPLAS)
ACM Computing Surveys (CSUR)
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Bi-abductive Resource Invariant Synthesis
APLAS '09 Proceedings of the 7th Asian Symposium on Programming Languages and Systems
Computing procedure summaries for interprocedural analysis
ESOP'07 Proceedings of the 16th European conference on Programming
Shape analysis by graph decomposition
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Low-level library analysis and summarization
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Shape analysis for composite data structures
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Sufficient preconditions for modular assertion checking
VMCAI'08 Proceedings of the 9th international conference on Verification, model checking, and abstract interpretation
Efficient context-sensitive shape analysis with graph based heap models
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Verifying pointer safety for programs with unknown calls
Journal of Symbolic Computation
Smallfoot: modular automatic assertion checking with separation logic
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
Abstract regular tree model checking of complex dynamic data structures
SAS'06 Proceedings of the 13th international conference on Static Analysis
Beyond reachability: shape abstraction in the presence of pointer arithmetic
SAS'06 Proceedings of the 13th international conference on Static Analysis
Interprocedural shape analysis with separated heap abstractions
SAS'06 Proceedings of the 13th international conference on Static Analysis
Symbolic execution with separation logic
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Memory leaks detection in java by bi-abductive inference
FASE'10 Proceedings of the 13th international conference on Fundamental Approaches to Software Engineering
Shape analysis by predicate abstraction
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Predicate abstraction and canonical abstraction for singly-linked lists
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Abstraction for shape analysis with fast and precise transformers
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Verifying programs with dynamic 1-selector-linked structures in regular model checking
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
SAS'05 Proceedings of the 12th international conference on Static Analysis
Interprocedural shape analysis for cutpoint-free programs
SAS'05 Proceedings of the 12th international conference on Static Analysis
A decidable fragment of separation logic
FSTTCS'04 Proceedings of the 24th international conference on Foundations of Software Technology and Theoretical Computer Science
A local shape analysis based on separation logic
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Shape analysis with structural invariant checkers
SAS'07 Proceedings of the 14th international conference on Static Analysis
Footprint analysis: a shape analysis that discovers preconditions
SAS'07 Proceedings of the 14th international conference on Static Analysis
Arithmetic strengthening for shape analysis
SAS'07 Proceedings of the 14th international conference on Static Analysis
Programming paradigm driven heap analysis
CC'12 Proceedings of the 21st international conference on Compiler Construction
Local Reasoning for Global Invariants, Part I: Region Logic
Journal of the ACM (JACM)
Proof-Directed Parallelization Synthesis by Separation Logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Parametric completeness for separation theories
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Invariants synthesis over a combined domain for automated program verification
Theories of Programming and Formal Methods
Automatically refining partial specifications for heap-manipulating programs
Science of Computer Programming
| Hi-index | 0.00 |
The accurate and efficient treatment of mutable data structures is one of the outstanding problem areas in automatic program verification and analysis. Shape analysis is a form of program analysis that attempts to infer descriptions of the data structures in a program, and to prove that these structures are not misused or corrupted. It is one of the more challenging and expensive forms of program analysis, due to the complexity of aliasing and the need to look arbitrarily deeply into the program heap. This article describes a method of boosting shape analyses by defining a compositional method, where each procedure is analyzed independently of its callers. The analysis algorithm uses a restricted fragment of separation logic, and assigns a collection of Hoare triples to each procedure; the triples provide an over-approximation of data structure usage. Our method brings the usual benefits of compositionality---increased potential to scale, ability to deal with incomplete programs, graceful way to deal with imprecision---to shape analysis, for the first time. The analysis rests on a generalized form of abduction (inference of explanatory hypotheses), which we call bi-abduction. Bi-abduction displays abduction as a kind of inverse to the frame problem: it jointly infers anti-frames (missing portions of state) and frames (portions of state not touched by an operation), and is the basis of a new analysis algorithm. We have implemented our analysis and we report case studies on smaller programs to evaluate the quality of discovered specifications, and larger code bases (e.g., sendmail, an imap server, a Linux distribution) to illustrate the level of automation and scalability that we obtain from our compositional method. This article makes number of specific technical contributions on proof procedures and analysis algorithms, but in a sense its more important contribution is holistic: the explanation and demonstration of how a massive increase in automation is possible using abductive inference.