Article

Shape analysis for composite data structures

Authors:

Cristiano Calcagno,

Dino Distefano,

Peter W. O'Hearn,

Hongseok YangAuthors Info & Claims

CAV'07: Proceedings of the 19th international conference on Computer aided verification

Pages 178 - 192

Published: 03 July 2007 Publication History

Abstract

We propose a shape analysis that adapts to some of the complex composite data structures found in industrial systems-level programs. Examples of such data structures include "cyclic doubly-linked lists of acyclic singly-linked lists", "singly-linked lists of cyclic doubly-linked lists with back-pointers to head nodes", etc. The analysis introduces the use of generic higher-order inductive predicates describing spatial relationships together with a method of synthesizing new parameterized spatial predicates which can be used in combination with the higher-order predicates. In order to evaluate the proposed approach for realistic programs we have performed experiments on examples drawn from device drivers: the analysis proved safety of the data structure manipulation of several routines belonging to an IEEE 1394 (firewire) driver, and also found several previously unknown memory safety bugs.

References

[1]

Berdine, J., Calcagno, C., O'Hearn, P.W.: Symbolic execution with separation logic. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, Springer, Heidelberg (2005).

Digital Library

[2]

Biering, B., Birkedal, L., Torp-Smith, N.: BI hyperdoctrines and higher-order separation logic. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, Springer, Heidelberg (2005).

Digital Library

[3]

Bouajjani, A., Habermehl, P., Rogalewicz, A., Vojnar, T.: Abstract tree regular model checking of complex dynamic data structures. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, Springer, Heidelberg (2006).

Digital Library

[4]

Distefano, D., O'Hearn, P.W., Yang, H.: A local shape analysis based on separation logic. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006 and ETAPS 2006. LNCS, vol. 3920, Springer, Heidelberg (2006).

Digital Library

[5]

Gotsman, A., Berdine, J., Cook, B., Sagiv, M.: Thread-modular shape analysis. In: To appear in PLDI (2007).

Digital Library

[6]

Hackett, B., Rugina, R.: Region-based shape analysis with tracked locations. In: POPL (2005).

Digital Library

[7]

Lee, O., Yang, H., Yi, K.: Automatic verification of pointer programs using grammar-based shape analysis. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, Springer, Heidelberg (2005).

Digital Library

[8]

Lev-Ami, T., Immerman, N., Sagiv, M.: Abstraction for shape analysis with fast and precise transfomers. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, Springer, Heidelberg (2006).

Digital Library

[9]

Lev-Ami, T., Sagiv, M.: A system for implementing static analyses. In: Palsberg, J. (ed.) SAS 2000. LNCS, vol. 1824, Springer, Heidelberg (2000).

Digital Library

[10]

Loginov, A., Reps, T., Sagiv, M.: Abstraction refinement via inductive learning. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, Springer, Heidelberg (2005).

Digital Library

[11]

Manevich, R., Yahav, E., Ramalingam, G., Sagiv, M.: Predicate abstraction and canonical abstraction for singly-linked lists. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, Springer, Heidelberg (2005).

Digital Library

[12]

Podelski, A., Wies, T.: Boolean heaps. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, Springer, Heidelberg (2005).

Digital Library

[13]

Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: LICS (2002).

Digital Library

[14]

Rinetzky, N., Ramalingam, G., Sagiv, M., Yahav, E.: Componentized heap abstraction. TR-164/06, School of Computer Science, Tel Aviv Univ. (December 2006).

[15]

Sagiv, M., Reps, T., Wilhelm, R.: Solving shape-analysis problems in languages with destructive updating. ACM TOPLAS 20(1), 1-50 (1998).

Digital Library

[16]

Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM TOPLAS 24(3), 217-298 (2002).

Digital Library

[17]

Češka, M., Erlebach, P., Vojnar, T.: Generalised multi-pattern-based verification of programs with linear linked structures. Formal Aspects Comput (2007).

Cited By

Vasiladiotis CLozano RCole MFranke BLee J(2021)Loop parallelization using dynamic commutativity analysisProceedings of the 2021 IEEE/ACM International Symposium on Code Generation and Optimization10.1109/CGO51591.2021.9370319(150-161)Online publication date: 27-Feb-2021
https://dl.acm.org/doi/10.1109/CGO51591.2021.9370319
Van Strydonck TPiessens FDevriese D(2019)Linear capabilities for fully abstract compilation of separation-logic-verified codeProceedings of the ACM on Programming Languages10.1145/33416883:ICFP(1-29)Online publication date: 26-Jul-2019
https://dl.acm.org/doi/10.1145/3341688
Karkare AHaddad HWainwright RChbeir R(2018)TwASProceedings of the 33rd Annual ACM Symposium on Applied Computing10.1145/3167132.3167330(1857-1864)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3167132.3167330
Show More Cited By

Recommendations

Staircase tilings and k-Catalan structures

Many interesting combinatorial objects are enumerated by the k-Catalan numbers, one possible generalization of the Catalan numbers. We will present a new combinatorial object that is enumerated by the k-Catalan numbers, staircase tilings. We give a ...
Cool-lex order and k-ary Catalan structures

For any given k, the sequence of k-ary Catalan numbers, C"t","k=1kt+1(ktt), enumerates a number of combinatorial objects, including k-ary Dyck words of length n=kt and k-ary trees with t internal nodes. We show that these objects can be efficiently ...
An assertion language for data structures
POPL '75: Proceedings of the 2nd ACM SIGACT-SIGPLAN symposium on Principles of programming languages

In this paper we wish to consider the problem of proving assertions about programs that construct and alter arbitrarily complex data structures. In recent years several papers have been written on the subject of proving assertions about such programs; ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

CAV'07: Proceedings of the 19th international conference on Computer aided verification

July 2007

562 pages

ISBN:9783540733676

Editors:
Werner Damm
Carl von Ossietzky University Oldenburg, Department of Computer Science, Oldenburg, Germany
,
Holger Hermanns
Saarland University, Department of Computer Science, Saarbrücken, Germany

Sponsors

German Science Foundation
Artist2 Network of Excellence
Cadence Design Systems
Informatik Saarland
IBM: IBM

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 03 July 2007

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

100
Total Citations
View Citations
3
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Vasiladiotis CLozano RCole MFranke BLee J(2021)Loop parallelization using dynamic commutativity analysisProceedings of the 2021 IEEE/ACM International Symposium on Code Generation and Optimization10.1109/CGO51591.2021.9370319(150-161)Online publication date: 27-Feb-2021
https://dl.acm.org/doi/10.1109/CGO51591.2021.9370319
Van Strydonck TPiessens FDevriese D(2019)Linear capabilities for fully abstract compilation of separation-logic-verified codeProceedings of the ACM on Programming Languages10.1145/33416883:ICFP(1-29)Online publication date: 26-Jul-2019
https://dl.acm.org/doi/10.1145/3341688
Karkare AHaddad HWainwright RChbeir R(2018)TwASProceedings of the 33rd Annual ACM Symposium on Applied Computing10.1145/3167132.3167330(1857-1864)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3167132.3167330
Enea CLengál OSighireanu MVojnar T(2017)Compositional entailment checking for a fragment of separation logicFormal Methods in System Design10.5555/3169142.316918951:3(575-607)Online publication date: 1-Dec-2017
https://dl.acm.org/doi/10.5555/3169142.3169189
Roe KSmith STalpin JDerler PSchneider K(2017)Using the coq theorem prover to verify complex data structure invariantsProceedings of the 15th ACM-IEEE International Conference on Formal Methods and Models for System Design10.1145/3127041.3127061(118-121)Online publication date: 29-Sep-2017
https://dl.acm.org/doi/10.1145/3127041.3127061
Li HBerenger FChang BRival X(2017)Semantic-directed clumping of disjunctive abstract statesACM SIGPLAN Notices10.1145/3093333.300988152:1(32-45)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1145/3093333.3009881
Li HBerenger FChang BRival XCastagna GGordon A(2017)Semantic-directed clumping of disjunctive abstract statesProceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages10.1145/3009837.3009881(32-45)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1145/3009837.3009881
Caballero JLin Z(2016)Type Inference on ExecutablesACM Computing Surveys10.1145/289649948:4(1-35)Online publication date: 2-May-2016
https://dl.acm.org/doi/10.1145/2896499
Singh VGupta RNeamtiu IZaks AHermenegildo M(2016)Automatic fault location for data structuresProceedings of the 25th International Conference on Compiler Construction10.1145/2892208.2892215(99-109)Online publication date: 17-Mar-2016
https://dl.acm.org/doi/10.1145/2892208.2892215
Tang ZWang HLi BZhai JZhao JLi XMei HLü JMa XWang QYin GLiao X(2015)Analyzing Inductively Defined Properties for Recursive Data StructuresProceedings of the 7th Asia-Pacific Symposium on Internetware10.1145/2875913.2875930(221-228)Online publication date: 6-Nov-2015
https://dl.acm.org/doi/10.1145/2875913.2875930
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents