Handbook of theoretical computer science (vol. B)
POPL '93 Proceedings of the 20th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Aspect: an economical bug-detector
ICSE '91 Proceedings of the 13th international conference on Software engineering
Automatic verification of pointer programs using monadic second-order logic
Proceedings of the ACM SIGPLAN 1997 conference on Programming language design and implementation
Putting pointer analysis to work
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Solving shape-analysis problems in languages with destructive updating
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Domain-Specific Language for Regular Sets of Strings and Trees
IEEE Transactions on Software Engineering
An axiomatic basis for computer programming
Communications of the ACM
Algorithms for Guided Tree Automata
WIA '96 Revised Papers from the First International Workshop on Implementing Automata
LISA: A Specification Language Based on WS2S
CSL '97 Selected Papers from the11th International Workshop on Computer Science Logic
Mona & Fido: The Logic-Automaton Connection in Practice
CSL '97 Selected Papers from the11th International Workshop on Computer Science Logic
Graphs and Decidable Transductions Based on Edge Constraints (Extended Abstract)
CAAP '94 Proceedings of the 19th International Colloquium on Trees in Algebra and Programming
Decision Procedure for an Extension of WS1S
CSL '01 Proceedings of the 15th International Workshop on Computer Science Logic
CIAA '00 Revised Papers from the 5th International Conference on Implementation and Application of Automata
Symbolic Execution of Program Paths Involving Pointer and Structure Variables
QSIC '04 Proceedings of the Quality Software, Fourth International Conference
A shape analysis for non-linear data structures
SAS'10 Proceedings of the 17th international conference on Static analysis
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
| Hi-index | 0.00 |
We exhibit a technique for automatically verifying the safety of simple C programs working on tree-shaped data structures. We do not consider the complete behavior of programs, but only attempt to verify that they respect the shape and integrity of the store. A verified program is guaranteed to preserve the tree-shapes of data structures, to avoid pointer errors such as NULL dereferences, leaking memory, and dangling references, and furthermore to satisfy assertions specified in a specialized store logic. A program is transformed into a single formula in WSRT, an extension of WS2S that is decided by the MONA tool. This technique is complete for loop-free code, but for loops and recursive functions we rely on Hoarestyle invariants. A default well-formedness invariant is supplied and can be strengthened as needed by programmer annotations. If a program fails to verify, a counterexample in the form of an initial store that leads to an error is automatically generated. This extends previous work that uses a similar technique to verify a simpler syntax manipulating only list structures. In that case, programs are translated into WS1S formulas. A naive generalization to recursive data-types determines an encoding in WS2S that leads to infeasible computations. To obtain a working tool, we have extended MONA to directly support recursive structures using an encoding that provides a necessary state-space factorization. This extension of MONA defines the new WSRT logic together with its decision procedure.