Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Cecil: A Sequencing Constraint Language for Automatic Static Analysis Generation
IEEE Transactions on Software Engineering
Analysis of pointers and structures
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Interprocedural static analysis of sequencing constraints
ACM Transactions on Software Engineering and Methodology (TOSEM)
Abstract debugging of higher-order imperative languages
PLDI '93 Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation
Data flow analysis for verifying properties of concurrent programs
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automatic verification of pointer programs using monadic second-order logic
Proceedings of the ACM SIGPLAN 1997 conference on Programming language design and implementation
Parametric shape analysis via 3-valued logic
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model checking
Using shape analysis to reduce finite-state models of concurrent Java programs
ACM Transactions on Software Engineering and Methodology (TOSEM)
The synthesis of loop predicates
Communications of the ACM
An axiomatic basis for computer programming
Communications of the ACM
Implementation of an array bound checker
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Symbolic Model Checking
The Science of Programming
Art of Software Testing
A Discipline of Programming
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Checking Cleanness in Linked Lists
SAS '00 Proceedings of the 7th International Symposium on Static Analysis
TVLA: A System for Implementing Static Analyses
SAS '00 Proceedings of the 7th International Symposium on Static Analysis
A program verifier
Iterative global flow techniques for detecting program anomalies.
Iterative global flow techniques for detecting program anomalies.
The pointer assertion logic engine
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Pointer analysis: haven't we solved this problem yet?
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Automated Verification of Concurrent Linked Lists with Counters
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Algorithm Explanation: Visualizing Abstract States and Invariants
Revised Lectures on Software Visualization, International Seminar
TestEra: A Novel Framework for Automated Testing of Java Programs
Proceedings of the 16th IEEE international conference on Automated software engineering
TestEra: Specification-Based Testing of Java Programs Using SAT
Automated Software Engineering
Symbolic Execution of Program Paths Involving Pointer and Structure Variables
QSIC '04 Proceedings of the Quality Software, Fourth International Conference
Antipattern-Based Detection of Deficiencies in Java Multithreaded Software
QSIC '04 Proceedings of the Quality Software, Fourth International Conference
A semantics for procedure local heaps and its abstractions
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Region-based shape analysis with tracked locations
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Algorithm animation using shape analysis: visualising abstract executions
SoftVis '05 Proceedings of the 2005 ACM symposium on Software visualization
Efficient and effective array bound checking
ACM Transactions on Programming Languages and Systems (TOPLAS)
Exploring the acceptability envelope
OOPSLA '05 Companion to the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
Logical characterizations of heap abstractions
ACM Transactions on Computational Logic (TOCL)
Can a shape analysis work at run-time?
JVM'01 Proceedings of the 2001 Symposium on JavaTM Virtual Machine Research and Technology Symposium - Volume 1
Relational inductive shape analysis
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Full functional verification of linked data structures
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Algorithm visualization using concrete and abstract shape graphs
Proceedings of the 4th ACM symposium on Software visualization
Automatic Verification of Strongly Dynamic Software Systems
Verified Software: Theories, Tools, Experiments
Implications of a Data Structure Consistency Checking System
Verified Software: Theories, Tools, Experiments
In-field healing of integration problems with COTS components
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
A relational approach to interprocedural shape analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Automated Analysis of Data-Dependent Programs with Dynamic Memory
ATVA '09 Proceedings of the 7th International Symposium on Automated Technology for Verification and Analysis
Sequential verification of serializability
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Finite differencing of logical formulas for static analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Static analysis of accessed regions in recursive data structures
SAS'03 Proceedings of the 10th international conference on Static analysis
SAS'03 Proceedings of the 10th international conference on Static analysis
Using first-order theorem provers in the Jahob data structure verification system
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Maintaining doubly-linked list invariants in shape analysis with local reasoning
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Finite differencing of logical formulas for static analysis
ESOP'03 Proceedings of the 12th European conference on Programming
Automatic detection of uninitialized variables
CC'03 Proceedings of the 12th international conference on Compiler construction
Runtime checking for separation logic
VMCAI'08 Proceedings of the 9th international conference on Verification, model checking, and abstract interpretation
An appreciation of the work of Reinhard Wilhelm
Program analysis and compilation, theory and practice
A dynamic evaluation of the precision of static heap abstractions
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
An overview of the Jahob analysis system: project goals and current status
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Specialized 3-valued logic shape analysis using structure-based refinement and loose embedding
SAS'06 Proceedings of the 13th international conference on Static Analysis
Recency-Abstraction for heap-allocated storage
SAS'06 Proceedings of the 13th international conference on Static Analysis
Automated verification of the deutsch-schorr-waite tree-traversal algorithm
SAS'06 Proceedings of the 13th international conference on Static Analysis
Abstract interpretation with alien expressions and heap structures
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
A logic and decision procedure for predicate abstraction of heap-manipulating programs
VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
Abstraction refinement via inductive learning
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Interprocedural shape analysis for cutpoint-free programs
SAS'05 Proceedings of the 12th international conference on Static Analysis
Automatic verification of parameterized data structures
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
| Hi-index | 0.00 |
A method for finding bugs in code is presented. For given small numbers j and k, the code of a procedure is translated into a rela-tional formula whose models represent all execution traces that involve at most j heap cells and k loop iterations. This formula is conjoined with the negation of the procedure's specification. The models of the resulting formula, obtained using a constraint solver, are counterexamples: executions of the code that violate the specification.The method can analyze millions of executions in seconds, and thus rapidly expose quite subtle flaws. It can accommodate calls to procedures for which specifications but no code is avail-able. A range of standard properties (such as absence of null pointer dereferences) can also be easily checked, using prede-fined specifications.