Shape analysis with structural invariant checkers

Authors:
Bor-Yuh Evan Chang;Xavier Rival;George C. Necula
Affiliations:
University of California, Berkeley, California;University of California, Berkeley, California and École Normale Supérieure, Paris, France;University of California, Berkeley, California
Venue:
SAS'07 Proceedings of the 14th international conference on Static Analysis
Year:
2007

Citing 16
Cited 16

Skip lists: a probabilistic alternative to balanced trees

Communications of the ACM
The pointer assertion logic engine

Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic

ACM Transactions on Programming Languages and Systems (TOPLAS)
Separation Logic: A Logic for Shared Mutable Data Structures

LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs

CC '02 Proceedings of the 11th International Conference on Compiler Construction
Region-based shape analysis with tracked locations

Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Expressing heap-shape contracts in linear logic

Proceedings of the 5th international conference on Generative programming and component engineering
Maintaining doubly-linked list invariants in shape analysis with local reasoning

VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Shape analysis for composite data structures

CAV'07 Proceedings of the 19th international conference on Computer aided verification
Specialized 3-valued logic shape analysis using structure-based refinement and loose embedding

SAS'06 Proceedings of the 13th international conference on Static Analysis
Trace partitioning in abstract interpretation based static analyzers

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Automatic verification of pointer programs using grammar-based shape analysis

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Field constraint analysis

VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
Data structure specifications via local equality axioms

CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
A local shape analysis based on separation logic

TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems

Relational inductive shape analysis

Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Tutorial on Separation Logic (Invited Tutorial)

CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Scalable Shape Analysis for Systems Code

CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
THOR: A Tool for Reasoning about Shape and Arithmetic

CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Compositional shape analysis by means of bi-abduction

Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Bi-abductive Resource Invariant Synthesis

APLAS '09 Proceedings of the 7th Asian Symposium on Programming Languages and Systems
Automatic numeric abstractions for heap-manipulating programs

Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Counterexample-guided focus

Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A shape analysis for non-linear data structures

SAS'10 Proceedings of the 17th international conference on Static analysis
Calling context abstraction with shapes

Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Infer: an automatic program verifier for memory safety of C programs

NFM'11 Proceedings of the Third international conference on NASA Formal methods
Automated cyclic entailment proofs in separation logic

CADE'11 Proceedings of the 23rd international conference on Automated deduction
Compositional Shape Analysis by Means of Bi-Abduction

Journal of the ACM (JACM)
Separating shape graphs

ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Fully automated shape analysis based on forest automata

CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
Automatically refining partial specifications for heap-manipulating programs

Science of Computer Programming

Quantified Score

Hi-index	0.00

Visualization

Abstract

Developer-supplied data structure specifications are important to shape analyses, as they tell the analysis what information should be tracked in order to obtain the desired shape invariants. We observe that data structure checking code (e.g., used in testing or dynamic analysis) provides shape information that can also be used in static analysis. In this paper, we propose a lightweight, automatic shape analysis based on these developer-supplied structural invariant checkers. In particular, we set up a parametric abstract domain, which is instantiated with such checker specifications to summarize memory regions using both notions of complete and partial checker evaluations. The analysis then automatically derives a strategy for canonicalizing or weakening shape invariants