A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is `application/pdf`

.

## Filters

##
###
Spatial Interpolants
[article]

2015
*
arXiv
*
pre-print

We propose Splinter, a new technique for proving properties of heap-manipulating programs that marries (1) a new separation logic-based analysis for heap reasoning with (2) an interpolation-based technique for refining heap-shape invariants with data invariants. Splinter is property directed, precise, and produces counterexample traces when a property does not hold. Using the novel notion of spatial interpolants modulo theories, Splinter can infer complex invariants over general recursive

arXiv:1501.04100v1
fatcat:zkbago6jmnahbixu5bqcprr3c4
## more »

... ates, e.g., of the form all elements in a linked list are even or a binary tree is sorted. Furthermore, we treat interpolation as a black box, which gives us the freedom to encode data manipulation in any suitable theory for a given program (e.g., bit vectors, arrays, or linear arithmetic), so that our technique immediately benefits from any future advances in SMT solving and interpolation.##
###
Spatial Interpolants
[chapter]

2015
*
Lecture Notes in Computer Science
*

We propose SplInter, a new technique for proving properties of heap-manipulating programs that marries (1) a new separation logic-based analysis for heap reasoning with (2) an interpolation-based technique for refining heap-shape invariants with data invariants. SplInter is property directed, precise, and produces counterexample traces when a property does not hold. Using the novel notion of spatial interpolants modulo theories, SplInter can infer complex invariants over general recursive

doi:10.1007/978-3-662-46669-8_26
fatcat:igaxfz3slvbdtbv3odp57drxke
## more »

... ates, e.g., of the form all elements in a linked list are even or a binary tree is sorted. Furthermore, we treat interpolation as a black box, which gives us the freedom to encode data manipulation in any suitable theory for a given program (e.g., bit vectors, arrays, or linear arithmetic), so that our technique immediately benefits from any future advances in SMT solving and interpolation.##
###
Verification Condition Generation and Variable Conditions in Smallfoot
[article]

2012
*
arXiv
*
pre-print

Ian Wehrman and

arXiv:1204.4804v1
fatcat:sjm5kv2jfnhjpeiu4dyyevuapi
*Berdine*have since found some cases where these relaxed conditions are unsound, prompting a revisitation of this topic. ...##
###
Thread-modular shape analysis

2007
*
SIGPLAN notices
*

We present the first shape analysis for multithreaded programs that avoids the explicit enumeration of execution-interleavings. Our approach is to automatically infer a resource invariant associated with each lock that describes the part of the heap protected by the lock. This allows us to use a sequential shape analysis on each thread. We show that resource invariants of a certain class can be characterized as least fixed points and computed via repeated applications of shape analysis only on

doi:10.1145/1273442.1250765
fatcat:qknm2ogxdvcuxlkcw26cigov7a
## more »

... ach individual thread. Based on this approach, we have implemented a thread-modular shape analysis tool and applied it to concurrent heap-manipulating code from Windows device drivers.##
###
:{unav)

2012
*
Higher-Order and Symbolic Computation
*

in analogy with "Σ" (Sigma) for iterated sum and "Π" (Pi) for iterated product.LinUC.tex; 2/08/2002;14:30; p.20
LinUC.tex; 2/08/2002; 14:30; p.21
LinUC.tex; 2/08/2002; 14:30; p. 23

doi:10.1023/a:1020891112409
fatcat:qnacygxbcfhtxijr4xfi2wuz64
*Berdine*...##
###
Symbolic Execution with Separation Logic
[chapter]

2005
*
Lecture Notes in Computer Science
*

We describe a sound method for automatically proving Hoare triples for loop-free code in Separation Logic, for certain preconditions and postconditions (symbolic heaps). The method uses a form of symbolic execution, a decidable proof theory for symbolic heaps, and extraction of frame axioms from incomplete proofs. This is a precursor to the use of the logic in automatic specification checking, program analysis, and model checking.

doi:10.1007/11575467_5
fatcat:2gjjlzccfjardj2424agvwfqqa
##
###
Variance analyses from invariance analyses

2007
*
SIGPLAN notices
*

An invariance assertion for a program location is a statement that always holds at during execution of the program. Program invariance analyses infer invariance assertions that can be useful when trying to prove safety properties. We use the term variance assertion to mean a statement that holds between any state at and any previous state that was also at . This paper is concerned with the development of analyses for variance assertions and their application to proving termination and liveness

doi:10.1145/1190215.1190249
fatcat:e7egkqmt55f73dahlrbwxllz2e
## more »

... roperties. We describe a method of constructing program variance analyses from invariance analyses. If we change the underlying invariance analysis, we get a different variance analysis. We describe several applications of the method, including variance analyses using linear arithmetic and shape analysis. Using experimental results we demonstrate that these variance analyses give rise to a new breed of termination provers which are competitive with and sometimes better than today's state-of-the-art termination provers.##
###
Structuring the verification of heap-manipulating programs

2010
*
SIGPLAN notices
*

Most systems based on separation logic consider only restricted forms of implication or non-separating conjunction, as full support for these connectives requires a non-trivial notion of variable context, inherited from the logic of bunched implications (BI). We show that in an expressive type theory such as Coq, one can avoid the intricacies of BI, and support full separation logic very efficiently, using the native structuring primitives of the type theory. Our proposal uses reflection to

doi:10.1145/1707801.1706331
fatcat:xjuqhyzrebcb5oufdmguyr2k5m
## more »

... le equational reasoning about heaps, and Hoare triples with binary postconditions to further facilitate it. We apply these ideas to Hoare Type Theory, to obtain a new proof technique for verification of higher-order imperative programs that is general, extendable, and supports very short proofs, even without significant use of automation by tactics. We demonstrate the usability of the technique by verifying the fast congruence closure algorithm of Nieuwenhuis and Oliveras, employed in the state-of-the-art Barcelogic SAT solver. 1. a = b → class inv D → class inv (join class D a b ) 2. a = b → class inv D → class inv (join use D a b ) 3. class inv D → class inv (propagate D) Most of the other predicates from the definition of shape were much more difficult to establish, primarily because they are actually invalidated at various point of the execution, but are then reestablished at the end. Thus, we needed to generalize these predi-##
###
A Forward Analysis for Recurrent Sets
[chapter]

2015
*
Lecture Notes in Computer Science
*

Non-termination of structured imperative programs is primarily due to infinite loops. An important class of non-terminating loop behaviors can be characterized using the notion of recurrent sets. A recurrent set is a set of states from which execution of the loop cannot or might not escape. Existing analyses that infer recurrent sets to our knowledge rely on one of: the combination of forward and backward analyses, quantifier elimination, or SMT-solvers. We propose a purely forward abstract

doi:10.1007/978-3-662-48288-9_17
fatcat:wpjk3higdjhbjb6lkcilpf5erm
## more »

... rpretation-based analysis that can be used together with a possibly complicated abstract domain where none of the above is readily available. The analysis searches for a recurrent set of every individual loop in a program by building a graph of abstract states and analyzing it in a novel way. The graph is searched for a witness of a recurrent set that takes the form of what we call a recurrent component which is somewhat similar to the notion of an end component in a Markov decision process.##
###
A Decidable Fragment of Separation Logic
[chapter]

2004
*
Lecture Notes in Computer Science
*

We present a fragment of separation logic oriented to linked lists, and study decision procedures for validity of entailments. The restrictions in the fragment are motivated by the stylized form of reasoning done in example program proofs. The fragment includes a predicate for describing linked list segments (a kind of reachability or transitive closure). Decidability is first proved by semantic means: by showing a small model property that bounds the size of potential countermodels that must

doi:10.1007/978-3-540-30538-5_9
fatcat:u27sggqivfbb3pycqrq6yhdltu
## more »

... checked. We then provide a complete proof system for the fragment, the termination of which furnishes a second decision procedure.##
###
SLAyer: Memory Safety for Systems-Level Code
[chapter]

2011
*
Lecture Notes in Computer Science
*

SLAyer is a program analysis tool designed to automatically prove memory safety of industrial systems code. In this paper we describe SLAyer's implementation, and its application to Windows device drivers. This paper accompanies the first release of SLAyer.

doi:10.1007/978-3-642-22110-1_15
fatcat:nlmzrrv5kfen5p6bfgbjymffdy
##
###
Interprocedural Shape Analysis with Separated Heap Abstractions
[chapter]

2006
*
Lecture Notes in Computer Science
*

We describe an interprocedural shape analysis that makes use of spatial locality (i.e. the fact that most procedures modify only a small subset of the heap) in its representation of abstract states. Instead of tracking reachability information directly and aliasing information indirectly, our representation tracks reachability indirectly and aliasing directly. Computing the effect of procedure calls and returns on an abstract state is easy because the representation exhibits spatial locality

doi:10.1007/11823230_16
fatcat:jo6ybevimbdkdagtheok5ig7wq
## more »

... roring the locality that is present in the concrete semantics. The benefits of this approach include improved speed, support for programs that deallocate memory, the handling of bounded numbers of heap cutpoints, and support for cyclic and shared data structures.##
###
Resourceful Reachability as HORN-LA
[chapter]

2013
*
Lecture Notes in Computer Science
*

The program verification tool SLAyer uses abstractions during analysis and relies on a solver for reachability to refine spurious counterexamples. In this context, we extract a reachability benchmark suite and evaluate methods for encoding reachability properties with heaps using Horn clauses over linear arithmetic. The benchmarks are particularly challenging and we describe and evaluate pre-processing transformations that are shown to have significant effect.

doi:10.1007/978-3-642-45221-5_10
fatcat:jwjtagrd6ncl3giimo6ik433ju
##
###
Diagnosing Abstraction Failure for Separation Logic–Based Analyses
[chapter]

2012
*
Lecture Notes in Computer Science
*

Abstraction refinement is an effective verification technique for automatically proving safety properties of software. Application of this technique in shape analyses has proved impractical as core components of existing refinement techniques such as backward analysis, general conjunction, and identification of unreachable but doomed states are computationally infeasible in such domains. We propose a new method to diagnose proof failures to be used in a refinement scheme for Separation

doi:10.1007/978-3-642-31424-7_16
fatcat:zmat27hfpje43mcpxpf35jkavm
## more »

... ed shape analyses. To check feasibility of abstract error traces, we perform Bounded Model Checking over the traces using a novel encoding into SMT. A subsequent diagnosis finds discontinuities on infeasible traces, and identifies doomed states admitted by the abstraction. To construct doomed states, we give a model-finding algorithm for "symbolic heap" Separation Logic formulas, employing the execution machinery of the feasibility checker to search for concrete counter-examples. The diagnosis has been implemented in SLAyer, and we present a simple scheme for refining the abstraction of hierarchical data structures, and illustrate its effectiveness on benchmarks from the SLAyer test suite. This work was performed while an intern at Microsoft Research, Cambridge.##
###
Smallfoot: Modular Automatic Assertion Checking with Separation Logic
[chapter]

2006
*
Lecture Notes in Computer Science
*

Separation logic is a program logic for reasoning about programs that manipulate pointer data structures. We describe Smallfoot, a tool for checking certain lightweight separation logic specifications. The assertions describe the shapes of data structures rather than their detailed contents, and this allows reasoning to be fully automatic. The presentation in the paper is tutorial in style. We illustrate what the tool can do via examples which are oriented toward novel aspects of separation

doi:10.1007/11804192_6
fatcat:i7otxuwxard6jijiaiwvefoswm
## more »

... c, namely: avoidance of frame axioms (which say what a procedure does not change); embracement of "dirty" features such as memory disposal and address arithmetic; information hiding in the presence of pointers; and modular reasoning about concurrent programs.
« Previous

*Showing results 1 — 15 out of 109 results*