More Web Proxy on the site http://driver.im/

Article

Lazy shape analysis

Authors:

Thomas A. Henzinger,

Grégory ThéodulozAuthors Info & Claims

CAV'06: Proceedings of the 18th international conference on Computer Aided Verification

Pages 532 - 546

https://doi.org/10.1007/11817963_48

Published: 17 August 2006 Publication History

Abstract

Many software model checkers are based on predicate abstraction. If the verification goal depends on pointer structures, the approach does not work well, because it is difficult to find adequate predicate abstractions for the heap. In contrast, shape analysis, which uses graph-based heap abstractions, can provide a compact representation of recursive data structures. We integrate shape analysis into the software model checker Blast. Because shape analysis is expensive, we do not apply it globally. Instead, we ensure that, like predicates, shape graphs are computed and stored locally, only where necessary for proving the verification goal. To achieve this, we extend lazy abstraction refinement, which so far has been used only for predicate abstractions, to three-valued logical structures. This approach does not only increase the precision of model checking, but it also increases the efficiency of shape analysis. We implemented the technique by extending Blast with calls to Tvla.

References

[1]

I. Balaban, A. Pnueli, and L.D. Zuck. Shape analysis by predicate abstraction. In Proc. VMCAI, LNCS 3385, pages 164-180. Springer, 2005.

Digital Library

[2]

T. Ball and S.K. Rajamani. The Slam project: Debugging system software via static analysis. In Proc. POPL, pages 1-3. ACM, 2002.

Digital Library

[3]

D. Beyer, T.A. Henzinger, and G. Théoduloz. Lazy shape analysis. Technical Report MTC-REPORT-2005-006, EPFL, 2005.

[4]

S. Chaki, E.M. Clarke, A. Groce, S. Jha, and H. Veith. Modular verification of software components in C. IEEE Trans. Software Eng., 30(6):388-402, 2004.

Digital Library

[5]

D.R. Chase, M.N. Wegman, and F.K. Zadeck. Analysis of pointers and structures. In Proc. PLDI, pages 296-310. ACM, 1990.

Digital Library

[6]

E.M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. In Proc. CAV, LNCS 1855, pages 154-169. Springer, 2000.

Digital Library

[7]

D. Dams and K.S. Namjoshi. Shape analysis through predicate abstraction and model checking. In Proc. VMCAI, LNCS 2575, pages 310-324. Springer, 2003.

Digital Library

[8]

J. Fischer, R. Jhala, and R. Majumdar. Joining data flow with predicates. In Proc. FSE, pages 227-236. ACM, 2005.

Digital Library

[9]

D. Gopan, T.W. Reps, and M. Sagiv. A framework for numeric analysis of array operations. In Proc. POPL, pages 338-350. ACM, 2005.

Digital Library

[10]

B.S. Gulavani and S.K. Rajamani. Counterexample-driven refinement for abstract interpretation. In Proc. TACAS, LNCS 3920, pages 474-488. Springer, 2006.

Digital Library

[11]

T.A. Henzinger, R. Jhala, R. Majumdar, and K.L. McMillan. Abstractions from proofs. In Proc. POPL, pages 232-244. ACM, 2004.

Digital Library

[12]

T.A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In Proc. POPL, pages 58-70. ACM, 2002.

Digital Library

[13]

N.D. Jones and S.S. Muchnick. A flexible approach to interprocedural data-flow analysis and programs with recursive data structures. In Proc. POPL, pages 66-74. ACM, 1982.

Digital Library

[14]

R.P. Kurshan. Computer-Aided Verification of Coordinating Processes. Princeton University Press, 1994.

Digital Library

[15]

T. Lev-Ami, T.W. Reps, M. Sagiv, and R. Wilhelm. Putting static analysis to work for verification: A case study. In Proc. ISSTA, pages 26-38. ACM, 2000.

Digital Library

[16]

T. Lev-Ami and M. Sagiv. Tvla: A system for implementing static analyses. In Proc. SAS, LNCS 2280, pages 280-301. Springer, 2000.

Digital Library

[17]

A. Loginov, T.W. Reps, and M. Sagiv. Abstraction refinement via inductive learning. In Proc. CAV, LNCS 3576, pages 519-533. Springer, 2005.

Digital Library

[18]

K.L. McMillan. Interpolation and SAT-based model checking. In Proc. CAV, LNCS 2725, pages 1-13. Springer, 2003.

[19]

M. Sagiv, T.W. Reps, and R. Wilhelm. Parametric shape analysis via three-valued logic. ACM Trans. Program. Lang. Syst., 24(3):217-298, 2002.

Digital Library

[20]

G. Yorsh, T.W. Reps, M. Sagiv, and R. Wilhelm. Logical characterizations of heap abstractions. ACM Trans. Comput. Log., to appear.

Digital Library

Cited By

Vasilyev AMutilin V(2020)Predicate Extension of Symbolic Memory Graphs for the Analysis of Memory Safety CorrectnessProgramming and Computing Software10.1134/S036176882008007146:8(747-754)Online publication date: 1-Dec-2020
https://dl.acm.org/doi/10.1134/S0361768820080071
Ferrara P(2016)A generic framework for heap and value analyses of object-oriented programming languagesTheoretical Computer Science10.1016/j.tcs.2016.04.001631:C(43-72)Online publication date: 6-Jun-2016
https://dl.acm.org/doi/10.1016/j.tcs.2016.04.001
Totla NWies T(2016)Complete Instantiation-Based InterpolationJournal of Automated Reasoning10.1007/s10817-016-9371-757:1(37-65)Online publication date: 1-Jun-2016
https://dl.acm.org/doi/10.1007/s10817-016-9371-7
Show More Cited By

Recommendations

Shape analysis by predicate abstraction
VMCAI'05: Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation

The paper presents an approach for shape analysis based on predicate abstraction. Using a predicate base that involves reachability relations between program variables pointing into the heap, we are able to analyze functional properties of programs with ...
Shape refinement through explicit heap analysis
FASE'10: Proceedings of the 13th international conference on Fundamental Approaches to Software Engineering

Shape analysis is a promising technique to prove program properties about recursive data structures. The challenge is to automatically determine the data-structure type, and to supply the shape analysis with the necessary information about the data ...
A relational approach to interprocedural shape analysis

This article addresses the verification of properties of imperative programs with recursive procedure calls, heap-allocated storage, and destructive updating of pointer-valued fields, that is, interprocedural shape analysis. The article makes three ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

CAV'06: Proceedings of the 18th international conference on Computer Aided Verification

August 2006

563 pages

ISBN:354037406X

Editors:
Thomas Ball
Microsoft Research, Redmond, WA,
,
Robert B. Jones
Intel Corporation, RA2-459, 2501 W. 229th Avenue, Hillsboro, OR,

Sponsors

INTEL: Intel Corporation
NEC
Cadence Design Systems
Microsoft Research: Microsoft Research
IBM: IBM

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 17 August 2006

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Vasilyev AMutilin V(2020)Predicate Extension of Symbolic Memory Graphs for the Analysis of Memory Safety CorrectnessProgramming and Computing Software10.1134/S036176882008007146:8(747-754)Online publication date: 1-Dec-2020
https://dl.acm.org/doi/10.1134/S0361768820080071
Ferrara P(2016)A generic framework for heap and value analyses of object-oriented programming languagesTheoretical Computer Science10.1016/j.tcs.2016.04.001631:C(43-72)Online publication date: 6-Jun-2016
https://dl.acm.org/doi/10.1016/j.tcs.2016.04.001
Totla NWies T(2016)Complete Instantiation-Based InterpolationJournal of Automated Reasoning10.1007/s10817-016-9371-757:1(37-65)Online publication date: 1-Jun-2016
https://dl.acm.org/doi/10.1007/s10817-016-9371-7
Abdulla PHolík LJonsson BLengál OTrinh CVojnar T(2016)Verification of heap manipulating programs with ordered data by extended forest automataActa Informatica10.1007/s00236-015-0235-053:4(357-385)Online publication date: 1-Jun-2016
https://dl.acm.org/doi/10.1007/s00236-015-0235-0
Ferrara P(2014)Generic Combination of Heap and Value Analyses in Abstract InterpretationProceedings of the 15th International Conference on Verification, Model Checking, and Abstract Interpretation - Volume 831810.1007/978-3-642-54013-4_17(302-321)Online publication date: 19-Jan-2014
https://dl.acm.org/doi/10.1007/978-3-642-54013-4_17
Beyer DLöwe SNovikov EStahlbauer AWendler PMeyer BBaresi LMezini M(2013)Precision reuse for efficient regression verificationProceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering10.1145/2491411.2491429(389-399)Online publication date: 18-Aug-2013
https://dl.acm.org/doi/10.1145/2491411.2491429
Totla NWies T(2013)Complete instantiation-based interpolationACM SIGPLAN Notices10.1145/2480359.242913248:1(537-548)Online publication date: 23-Jan-2013
https://dl.acm.org/doi/10.1145/2480359.2429132
Totla NWies TGiacobazzi RCousot R(2013)Complete instantiation-based interpolationProceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages10.1145/2429069.2429132(537-548)Online publication date: 23-Jan-2013
https://dl.acm.org/doi/10.1145/2429069.2429132
Hoder KKovacs LVoronkov AField JHicks M(2012)Playing in the grey area of proofsProceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages10.1145/2103656.2103689(259-272)Online publication date: 25-Jan-2012
https://dl.acm.org/doi/10.1145/2103656.2103689
Hoder KKovacs LVoronkov A(2012)Playing in the grey area of proofsACM SIGPLAN Notices10.1145/2103621.210368947:1(259-272)Online publication date: 25-Jan-2012
https://dl.acm.org/doi/10.1145/2103621.2103689
Show More Cited By

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents