Solving shape-analysis problems in languages with destructive updating
ACM Transactions on Programming Languages and Systems (TOPLAS)
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
C: A Reference Manual
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Permission accounting in separation logic
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A framework for numeric analysis of array operations
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Scalable error detection using boolean satisfiability
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Shape analysis with inductive recursion synthesis
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Lifting abstract interpreters to quantified logical domains
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Relational inductive shape analysis
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Discovering properties about arrays in simple programs
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Scalable Shape Analysis for Systems Code
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Unifying type checking and property checking for low-level code
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Checking interference with fractional permissions
SAS'03 Proceedings of the 10th international conference on Static analysis
A reachability predicate for analyzing low-level software
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Shape analysis for composite data structures
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Beyond reachability: shape abstraction in the presence of pointer arithmetic
SAS'06 Proceedings of the 13th international conference on Static Analysis
Shape analysis of low-level c with overlapping structures
VMCAI'10 Proceedings of the 11th international conference on Verification, Model Checking, and Abstract Interpretation
A local shape analysis based on separation logic
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Shape analysis with structural invariant checkers
SAS'07 Proceedings of the 14th international conference on Static Analysis
Concrete Memory Models for Shape Analysis
Electronic Notes in Theoretical Computer Science (ENTCS)
Calling context abstraction with shapes
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A specialization calculus for pruning disjunctive predicates to support verification
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Fissile type analysis: modular checking of almost everywhere invariants
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Invariants synthesis over a combined domain for automated program verification
Theories of Programming and Formal Methods
Hi-index | 0.00 |
Detailed memory models that expose individual fields are necessary to precisely analyze code that makes use of low-level aspects such as, pointers to fields and untagged unions. Yet, higher-level representations that collect fields into records are often used because they are typically more convenient and efficient in modeling the program heap. In this paper, we present a shape graph representation of memory that exposes individual fields while largely retaining the convenience of an object-level model. This representation has a close connection to particular kinds of formulas in separation logic. Then, with this representation, we show how to extend the Xisa shape analyzer for low-level aspects, including pointers to fields, C-style nested structures and unions, malloc and free, and array values, with minimal changes to the core algorithms (e.g., materialization and summarization).