Analysis of pointers and structures
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Computer-aided verification of coordinating processes: the automata-theoretic approach
Computer-aided verification of coordinating processes: the automata-theoretic approach
Putting static analysis to work for verification: A case study
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
POPL '82 Proceedings of the 9th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Shape Analysis through Predicate Abstraction and Model Checking
VMCAI 2003 Proceedings of the 4th International Conference on Verification, Model Checking, and Abstract Interpretation
TVLA: A System for Implementing Static Analyses
SAS '00 Proceedings of the 7th International Symposium on Static Analysis
Counterexample-Guided Abstraction Refinement
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Modular Verification of Software Components in C
IEEE Transactions on Software Engineering
A framework for numeric analysis of array operations
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Joining dataflow with predicates
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Logical characterizations of heap abstractions
ACM Transactions on Computational Logic (TOCL)
Shape analysis by predicate abstraction
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Abstraction refinement via inductive learning
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Counterexample driven refinement for abstract interpretation
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Full functional verification of linked data structures
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Verifying Dynamic Pointer-Manipulating Threads
FM '08 Proceedings of the 15th international symposium on Formal Methods
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Abstracting Complex Data Structures by Hyperedge Replacement
ICGT '08 Proceedings of the 4th international conference on Graph Transformations
Combining predicate and numeric abstraction for software model checking
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Program Analysis with Dynamic Precision Adjustment
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Automatic numeric abstractions for heap-manipulating programs
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CAV'07 Proceedings of the 19th international conference on Computer aided verification
C.OPEN and ANNOTATOR: tools for on-the-fly model checking C programs
Proceedings of the 14th international SPIN conference on Model checking software
Verifying heap-manipulating programs in an SMT framework
ATVA'07 Proceedings of the 5th international conference on Automated technology for verification and analysis
Abstract counterexample-based refinement for powerset domains
Program analysis and compilation, theory and practice
Juggrnaut: Graph Grammar Abstraction for Unbounded Heap Structures
Electronic Notes in Theoretical Computer Science (ENTCS)
Playing in the grey area of proofs
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Shape refinement through explicit heap analysis
FASE'10 Proceedings of the 13th international conference on Fundamental Approaches to Software Engineering
Competition on software verification
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Experience of improving the blast static verification tool
Programming and Computing Software
Arithmetic strengthening for shape analysis
SAS'07 Proceedings of the 14th international conference on Static Analysis
TVAL+: TVLA and value analyses together
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Complete instantiation-based interpolation
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Precision reuse for efficient regression verification
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Loop summarization using state and transition invariants
Formal Methods in System Design
Hi-index | 0.00 |
Many software model checkers are based on predicate abstraction. If the verification goal depends on pointer structures, the approach does not work well, because it is difficult to find adequate predicate abstractions for the heap. In contrast, shape analysis, which uses graph-based heap abstractions, can provide a compact representation of recursive data structures. We integrate shape analysis into the software model checker Blast. Because shape analysis is expensive, we do not apply it globally. Instead, we ensure that, like predicates, shape graphs are computed and stored locally, only where necessary for proving the verification goal. To achieve this, we extend lazy abstraction refinement, which so far has been used only for predicate abstractions, to three-valued logical structures. This approach does not only increase the precision of model checking, but it also increases the efficiency of shape analysis. We implemented the technique by extending Blast with calls to Tvla.