Categorization and analyzing linked structures
Categorization and analyzing linked structures
Which pointer analysis should I use?
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
The GRIN Project: A Highly Optimising Back End for Lazy Functional Languages
IFL '96 Selected Papers from the 8th International Workshop on Implementation of Functional Languages
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Importance of heap specialization in pointer analysis
Proceedings of the 5th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Relational inductive shape analysis
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Splitting the Control Flow with Boolean Flags
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Compositional shape analysis by means of bi-abduction
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Finite differencing of logical formulas for static analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Shape analysis for composite data structures
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Statically inferring complex heap, array, and numeric invariants
SAS'10 Proceedings of the 17th international conference on Static analysis
Practical shape analysis
Existential quantification as incremental SAT
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Recency-Abstraction for heap-allocated storage
SAS'06 Proceedings of the 13th international conference on Static Analysis
SAS'05 Proceedings of the 12th international conference on Static Analysis
Inferring definite counterexamples through under-approximation
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
| Hi-index | 0.00 |
A static shape analysis is presented that can prove the absence of NULL- and dangling pointer dereferences in standard algorithms on lists, trees and graphs. It is conceptually simpler than other analyses that use symbolically represented logic to describe the heap. Instead, it represents the heap as a single graph and a Boolean formula. The key idea is to summarize two nodes by calculating their common points-to information, which is done using the recently proposed fold and expand operations. The force of this approach is that both, fold and expand, retain relational information between points-to edges, thereby essentially inferring new shape invariants. We show that highly precise shape invariants can be inferred using off-the-shelf SAT-solvers. Cheaper approximations may augment standard points-to analysis used in compiler optimisations.