Advertisement

Learning Assertions to Verify Linked-List Programs

  • Jan Tobias Mühlberg
  • David H. White
  • Mike Dodds
  • Gerald Lüttgen
  • Frank Piessens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9276)

Abstract

C programs that manipulate list-based dynamic data structures remain a challenging target for static verification. In this paper we employ the dynamic analysis of dsOli to locate and identify data structure operations in a program, and then use this information to automatically annotate that program with assertions in separation logic. These annotations comprise candidate pre/post-conditions and loop invariants suitable to statically verify memory safety with the verification tool VeriFast. By using both textbook and real-world examples on our prototype implementation, we show that the generated assertions are often discharged automatically. Even when this is not the case, candidate invariants are of great help to the verification engineer, significantly reducing the manual verification effort.

Keywords

Symbolic Execution Separation Logic Stable Vertex Recursive Predicate Dynamic Memory Allocation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

This research is partially funded by the Research Fund KU Leuven. The second and fourth authors are supported by DFG grants LU 1748/4-1 and LU 1748/2-1. The third author is supported by DFG grant LU 1748/2-1.

References

  1. 1.
    Ammons, G., Bodík, R., Larus, J.R.: Mining specifications. In: POPL 2002, pp. 4–16. ACM (2002)Google Scholar
  2. 2.
    Berdine, J., Calcagno, C., O’Hearn, P.W.: Symbolic execution with separation logic. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 52–68. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  3. 3.
    Berdine, J., Cook, B., Ishtiaq, S.: SLAyer: memory safety for systems-level code. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 178–183. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  4. 4.
    The Boa webserver. http://www.boa.org/. Accessed 2015–06-09
  5. 5.
    Bornat, R., Calcagno, C., O’Hearn, P., Parkinson, M.: Permission accounting in separation logic. In: POPL 2005, pp. 259–270. ACM (2005)Google Scholar
  6. 6.
    Calcagno, C., Distefano, D., O’Hearn, P., Yang, H.: Compositional shape analysis by means of bi-abduction. SIGPLAN Not. 44(1), 289–300 (2009)CrossRefGoogle Scholar
  7. 7.
    Chin, W.-N., David, C., Nguyen, H.H., Qin, S.: Automated verification of shape, size and bag properties via user-defined predicates in separation logic. Sci. Comput. Program. 77(9), 1006–1036 (2012)CrossRefMATHGoogle Scholar
  8. 8.
    Distefano, D., Parkinson, M.J.: jStar: towards practical verification for Java. In: OOPSLA 2008, pp. 213–226. ACM (2008)Google Scholar
  9. 9.
    Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: PLDI 2005, pp. 213–223. ACM (2005)Google Scholar
  10. 10.
    Guo, B., Vachharajani, N., August, D.I.: Shape analysis with inductive recursion synthesis. In: PLDI 2007, pp. 256–265. ACM (2007)Google Scholar
  11. 11.
    Isberner, M., Howar, F., Steffen, B.: Learning register automata: from languages to program structures. Mach. Learn. 96(1–2), 65–98 (2014)CrossRefMathSciNetGoogle Scholar
  12. 12.
    Jacobs, B., Smans, J., Philippaerts, P., Vogels, F., Penninckx, W., Piessens, F.: VeriFast: a powerful, sound, predictable, fast verifier for C and Java. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 41–55. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  13. 13.
    Jung, C., Clark, N.: DDT: design and evaluation of a dynamic program analysis for optimizing data structure usage. In: MICRO 2009, pp. 56–66. ACM (2009)Google Scholar
  14. 14.
    Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis transformation. In: CGO 2004, pp. 75–86. IEEE (2004)Google Scholar
  15. 15.
    O’Hearn, P.W., Reynolds, J.C., Yang, H.: Local reasoning about programs that alter data structures. In: Fribourg, L. (ed.) CSL 2001 and EACSL 2001. LNCS, vol. 2142, pp. 1–19. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  16. 16.
    Philippaerts, P., Mühlberg, J.T., Penninckx, W., Smans, J., Jacobs, B., Piessens, F.: Software verification with VeriFast: industrial case studies. Sci. Comput. Program. 82, 77–97 (2014)CrossRefGoogle Scholar
  17. 17.
    The Redis key-value store. http://www.redis.io/. Accessed 2015–06-09
  18. 18.
    Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM TOPLAS 24(3), 217–298 (2002)CrossRefGoogle Scholar
  19. 19.
    Vogels, F., Jacobs, B., Piessens, F., Smans, J.: Annotation inference for separation logic based verifiers. In: Bruni, R., Dingel, J. (eds.) FORTE 2011 and FMOODS 2011. LNCS, vol. 6722, pp. 319–333. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  20. 20.
    Weiss, M.A.: Data Structures and Algorithm Analysis in C, 2nd edn. Addison-Wesley, Boston (1997) MATHGoogle Scholar
  21. 21.
    White, D.H., Lüttgen, G.: Identifying dynamic data structures by learning evolving patterns in memory. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013 (ETAPS 2013). LNCS, vol. 7795, pp. 354–369. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  22. 22.
    Wolf, J.: C von A bis Z. Galileo Computing, Germany (2009) Google Scholar
  23. 23.
    Yang, H., Lee, O., Berdine, J., Calcagno, C., Cook, B., Distefano, D., O’Hearn, P.W.: Scalable shape analysis for systems code. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 385–398. Springer, Heidelberg (2008) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Jan Tobias Mühlberg
    • 1
  • David H. White
    • 2
  • Mike Dodds
    • 3
  • Gerald Lüttgen
    • 2
  • Frank Piessens
    • 1
  1. 1.iMinds-DistriNetKU LeuvenLeuvenBelgium
  2. 2.Software Technologies Research GroupUniversity of BambergBambergGermany
  3. 3.Department of Computer ScienceThe University of YorkHeslingtonUK

Personalised recommendations