Abstract
We develop a shape analysis for reasoning about relational properties of data structures. Both the concrete and the abstract domain are represented by hypergraphs. The analysis is parameterized by user-supplied indexed graph grammars to guide concretization and abstraction. This novel extension of context-free graph grammars is powerful enough to model complex data structures such as balanced binary trees with parent pointers, while preserving most desirable properties of context-free graph grammars.
One strength of our analysis is that no artifacts apart from grammars are required from the user; it thus offers a high degree of automation. We implemented our analysis and successfully applied it to various programs manipulating AVL trees, (doubly-linked) lists, and combinations of both.
Matheja, C.—Supported by Deutsche Forschungsgemeinschaft (DFG) Grant NO 401/2-1.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
We often draw multiple black circles, but they all correspond to the same location.
- 2.
Again, note that we consider a single execution path in this example. The full analysis also explores the cases in which X is substituted by \(z\) and \(sz\).
- 3.
External nodes are needed to define the semantics of nonterminal edges.
- 4.
I.e., \(v_{\mathtt {null}}= \textit{ext}(1)\) and for each \(e \in E\) with \(\textit{lab}(e) \in N\), we have \(\textit{att}(e)(1) = v_{\mathtt {null}}\).
- 5.
\(f \upharpoonright M\) denotes the restriction of function f to domain M and
. Moreover, function \(\textit{mod} = \{ \textit{ext}_{K}(k) \mapsto \textit{att}_{H}(e)(k) ~|~ 1 \le k \le |\textit{ext}_{K}| \} \cup \{ v \mapsto v ~|~ v \in V\setminus \textit{ext}_{K} \}\) is lifted to sequences of nodes by pointwise application. - 6.
\(H\left[ \nu \mapsto \rho \right] = (V_{H},E_{H},\textit{att}_{H},\textit{lab}_{H},\textit{ind},\textit{ext}_{H})\) with \(\textit{ind}= \{ \textit{ind}_{H}(e)\left[ \nu \mapsto \rho \right] ~|~ e \in E_{H} \}\).
- 7.
denotes sequential composition of f and g, i.e. 
. - 8.
https://github.com/moves-rwth/attestor-examples/releases/tag/v0.3.5-SEFM2018. Also confer the extended version [4].
. Moreover, function 
denotes sequential composition of f and g, i.e. 
.References
Abdulla, P.A., Holík, L., Jonsson, B., Lengál, O., Trinh, C.Q., Vojnar, T.: Verification of heap manipulating programs with ordered data by extended forest automata. Acta Inf. 53(4), 357–385 (2016)
Aho, A.V.: Indexed grammars - an extension of context-free grammars. J. ACM 15(4), 647–671 (1968)
Arndt, H., Jansen, C., Katoen, J.P., Matheja, C., Noll, T.: Let this graph be your witness! an attestor for verifying Java pointer programs. In: CAV (2018, to appear)
Arndt, H., Jansen, C., Matheja, C., Noll, T.: Heap abstraction beyond context-freeness. CoRR abs/1705.03754 (2017). http://arxiv.org/abs/1705.03754
Bar-Hillel, Y., Perles, M., Shamir, E.: On formal properties of simple phrase structure grammars. Sprachtypologie und Universalienforschung 14, 143–172 (1961)
Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Compositional shape analysis by means of bi-abduction. J. ACM 58(6), 26:1–26:66 (2011)
Chang, B.E., Rival, X.: Relational inductive shape analysis. In: POPL 2008, pp. 247–260. ACM (2008)
Chang, B.E., Rival, X.: Modular construction of shape-numeric analyzers. EPTCS 129, 161–185 (2013)
Chang, B.-Y.E., Rival, X., Necula, G.C.: Shape analysis with structural invariant checkers. In: Nielson, H.R., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 384–401. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74061-2_24
Chin, W., David, C., Nguyen, H.H., Qin, S.: Automated verification of shape, size and bag properties via user-defined predicates in separation logic. Sci. Comput. Program. 77(9), 1006–1036 (2012)
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL 1977, pp. 238–252. ACM (1977)
Cousot, P., Cousot, R.: Abstract interpretation frameworks. J. Log. Comput. 2(4), 511–547 (1992)
Ferrara, P., Fuchs, R., Juhasz, U.: TVAL+ : TVLA and value analyses together. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 63–77. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33826-7_5
Habel, A.: Hyperedge Replacement: Grammars and Languages. LNCS, vol. 643. Springer, Heidelberg (1992). https://doi.org/10.1007/BFb0013875
Heinen, J., Jansen, C., Katoen, J., Noll, T.: Juggrnaut: using graph grammars for abstracting unbounded heap structures. Form. Method. Syst. Des. 47(2), 159–203 (2015)
Jansen, C., Göbe, F., Noll, T.: Generating Inductive predicates for symbolic execution of pointer-manipulating programs. In: Giese, H., König, B. (eds.) ICGT 2014. LNCS, vol. 8571, pp. 65–80. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-09108-2_5
Jansen, C., Heinen, J., Katoen, J.-P., Noll, T.: A local Greibach normal form for hyperedge replacement grammars. In: Dediu, A.-H., Inenaga, S., Martín-Vide, C. (eds.) LATA 2011. LNCS, vol. 6638, pp. 323–335. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21254-3_25
Jansen, C., Katelaan, J., Matheja, C., Noll, T., Zuleger, F.: Unified reasoning about robustness properties of symbolic-heap separation logic. In: Yang, H. (ed.) ESOP 2017. LNCS, vol. 10201, pp. 611–638. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54434-1_23
Plump, D.: Checking graph-transformation systems for confluence. In: ECEASST, vol. 26 (2010)
Reps, T.W., Sagiv, M., Wilhelm, R.: Shape analysis and applications. In: Srikant, Y.N., Shankar, P. (eds.) The Compiler Design Handbook, 2nd edn. CRC Press, Boca Raton (2007)
Sagiv, S., Reps, T.W., Wilhelm, R.: Parametric shape analysis via 3-valued logic. In: POPL 1999, pp. 105–118. ACM (1999)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Arndt, H., Jansen, C., Matheja, C., Noll, T. (2018). Graph-Based Shape Analysis Beyond Context-Freeness. In: Johnsen, E., Schaefer, I. (eds) Software Engineering and Formal Methods. SEFM 2018. Lecture Notes in Computer Science(), vol 10886. Springer, Cham. https://doi.org/10.1007/978-3-319-92970-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-92970-5_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-92969-9
Online ISBN: 978-3-319-92970-5
eBook Packages: Computer ScienceComputer Science (R0)