Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatic abstraction for model checking software systems with interrelated numeric constraints
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Automated Verification of Concurrent Linked Lists with Counters
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
A static analyzer for large safety-critical software
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Combining abstract interpreters
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Model Checking Linear Programs with Arrays
Electronic Notes in Theoretical Computer Science (ENTCS)
Beyond reachability: shape abstraction in the presence of pointer arithmetic
SAS'06 Proceedings of the 13th international conference on Static Analysis
Symbolic execution with separation logic
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Decision procedures for queues with integer constraints
FSTTCS '05 Proceedings of the 25th international conference on Foundations of Software Technology and Theoretical Computer Science
Counterexamples with loops for predicate abstraction
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Automatic termination proofs for programs with shape-shifting heaps
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Programs with lists are counter automata
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
ARMC: the logical choice for software model checking with abstraction refinement
PADL'07 Proceedings of the 9th international conference on Practical Aspects of Declarative Languages
A local shape analysis based on separation logic
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Assertion checking over combined abstraction of linear arithmetic and uninterpreted functions
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
Relational inductive shape analysis
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
THOR: A Tool for Reasoning about Shape and Arithmetic
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Quantitative Separation Logic and Programs with Lists
IJCAR '08 Proceedings of the 4th international joint conference on Automated Reasoning
CSL '08 Proceedings of the 22nd international workshop on Computer Science Logic
Proving that non-blocking algorithms don't block
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SPEED: precise and efficient static estimation of program computational complexity
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A combination framework for tracking partition sizes
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Computing Surveys (CSUR)
Automatic numeric abstractions for heap-manipulating programs
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Quantitative Separation Logic and Programs with Lists
Journal of Automated Reasoning
Statically inferring complex heap, array, and numeric invariants
SAS'10 Proceedings of the 17th international conference on Static analysis
Making prophecies with decision predicates
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Communications of the ACM
Automatically refining partial specifications for program verification
FM'11 Proceedings of the 17th international conference on Formal methods
Temporal property verification as a program analysis task
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Compositional Shape Analysis by Means of Bi-Abduction
Journal of the ACM (JACM)
Temporal property verification as a program analysis task
Formal Methods in System Design
Diagnosing abstraction failure for separation logic-based analyses
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
TVAL+: TVLA and value analyses together
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
A theorem prover for Boolean BI
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Ramsey vs. lexicographic termination proving
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Static analysis of list-manipulating programs via bit-vectors and numerical abstractions
Proceedings of the 28th Annual ACM Symposium on Applied Computing
A proof system for separation logic with magic wand
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Automatically refining partial specifications for heap-manipulating programs
Science of Computer Programming
| Hi-index | 0.02 |
Shape analyses are often imprecise in their numerical reasoning, whereas numerical static analyses are often largely unaware of the shape of a program's heap. In this paper we propose a lazy method of combining a shape analysis based on separation logic with an arbitrary arithmetic analysis. When potentially spurious counterexamples are reported by our shape analysis, the method constructs a purely arithmetic program whose traces over-approximate the set of counterexample traces. It then uses this arithmetic program together with the arithmetic analysis to construct a refinement for the shape analysis. Our method is aimed at proving properties that require comprehensive reasoning about heaps together with more targeted arithmetic reasoning. Given a sufficient precondition, our technique can automatically prove memory safety of programs whose error-free operation depends on a combination of shape, size, and integer invariants. We have implemented our algorithm and tested it on a number of common list routines using a variety of arithmetic analysis tools for refinement.