Monotonic Abstraction for Programs with Dynamic Memory Heaps
نویسندگان
چکیده
We propose a new approach for automatic verification of programs with dynamic heap manipulation. The method is based on symbolic (backward) reachability analysis using upward-closed sets of heaps w.r.t. an appropriate preorder on graphs. These sets are represented by a finite set of minimal graph patterns corresponding to a set of bad configurations. We define an abstract semantics for the programs which is monotonic w.r.t. the preorder. Moreover, we prove that our analysis always terminates by showing that the preorder is a well-quasi ordering. Our results are presented for the case of programs with 1-next selector. We provide experimental results showing the effectiveness of our
منابع مشابه
Shape Analysis via Monotonic Abstraction
We propose a new formalism for reasoning about dynamic memory heaps, using monotonic abstraction and symbolic backward reachability analysis. We represent the heaps as graphs, and introduce an ordering on these graphs. This enables us to represent the violation of a given safety property as the reachability of a finitely representable set of bad graphs. We also describe how to symbolically comp...
متن کاملVerification of Programs Manipulating Complex Dynamic Data Structures
We develop a verification method based on a novel use of tree automata to represent heap configurations to allow verification of important properties—such as no nullpointer dereferences, absence of memory leaks, etc.—for programs manipulating complex dynamically linked data structures. In our approach, a heap is split into several “separated” parts such that each of them can be represented by a...
متن کاملMonotonic Abstraction for Programs with Multiply-Linked Structures
We investigate the use of monotonic abstraction and backward reachability analysis as means of performing shape analysis on programs with multiply pointed structures. By encoding the heap as a vertexand edge-labeled graph, we can model the low level behaviour exhibited by programs written in the C programming language. Using the notion of signatures, which are predicates that define sets of hea...
متن کاملDesynchronized Multi-State Abstractions for Open Programs in Dynamic Languages
Dynamic language library developers face a challenging problem: ensuring that their libraries will behave correctly for a wide variety of client programs without having access to those client programs. This problem stems from the common use of two defining features for dynamic languages: callbacks into client code and complex manipulation of attribute names within objects. To remedy this proble...
متن کاملAutomated Analysis of Data-Dependent Programs with Dynamic Memory
We present a new approach for automatic verification of data-dependent programs manipulating dynamic heaps. A heap is encoded by a graph where the nodes represent the cells, and the edges reflect the pointer structure between the cells of the heap. Each cell contains a set of variables which range over the natural numbers. Our method relies on standard backward reachability analysis, where the ...
متن کامل