Automatic Verification of Pointer Programs Using Grammar-Based Shape Analysis

  • Oukseh Lee
  • Hongseok Yang
  • Kwangkeun Yi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3444)

Abstract

We present a program analysis that can automatically discover the shape of complex pointer data structures. The discovered invariants are, then, used to verify the absence of safety errors in the program, or to check whether the program preserves the data consistency. Our analysis extends the shape analysis of Sagiv et al. with grammar annotations, which can precisely express the shape of complex data structures. We demonstrate the usefulness of our analysis with binomial heap construction and the Schorr-Waite tree traversal. For a binomial heap construction algorithm, our analysis returns a grammar that precisely describes the shape of a binomial heap; for the Schorr-Waite tree traversal, our analysis shows that at the end of the execution, the result is a tree and there are no memory leaks.

References

  1. 1.
    Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms. MIT Press and McGraw-Hill Book Company (2001)Google Scholar
  2. 2.
    Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the ACM Symposium on Principles of Programming Languages, January 1977, pp. 238–252 (1977)Google Scholar
  3. 3.
    Cousot, P., Cousot, R.: Abstract interpretation frameworks. J. Logic and Comput. 2(4), 511–547 (1992)MATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Cousot, P., Cousot, R.: Formal language, grammar and set-constraint-based program analysis by abstract interpretation. In: Proceedings of the ACM Conference on Functional Programming Languages and Computer Architecture, La Jolla, California, June 1995, pp. 170–181. ACM Press, New York (1995)Google Scholar
  5. 5.
    Deutsch, A.: Interprocedural alias analysis for pointers: Beyond k-limiting. In: Proceedings of the ACM Conference on Programming Language Design and Implementation, pp. 230–241. ACM Press, New York (1994)Google Scholar
  6. 6.
    Fradet, P., Le Métayer, D.: Shape types. In: Proceedings of the ACM Symposium on Principles of Programming Languages, pp. 27–39. ACM Press, New York (1997)Google Scholar
  7. 7.
    Klarlund, N., Schwartzbach, M.I.: Graph types. In: Proceedings of the ACM Symposium on Principles of Programming Languages (January 1993)Google Scholar
  8. 8.
    Lee, O., Yang, H., Yi, K.: Automatic verification of pointer programs using grammar-based shape analysis. Tech. Memo. ROPAS-2005-23, Programming Research Laboratory, School of Computer Science & Engineering, Seoul National University (March 2005)Google Scholar
  9. 9.
    Manevich, R., Sagiv, M., Ramalingam, G., Field, J.: Partially disjunctive heap abstraction. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 265–279. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Møller, A., Schwartzbach, M.I.: The pointer assertion logic engine. In: Proceedings of the ACM Conference on Programming Language Design and Implementation. ACM, New York (2001)Google Scholar
  11. 11.
    O’Hearn, P.W., Yang, H., Reynolds, J.C.: Separation and information hiding. In: Proceedings of the ACM Symposium on Principles of Programming Languages, pp. 268–280. ACM Press, New York (2004)Google Scholar
  12. 12.
    Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: Proceedings of the 17th IEEE Symposium on Logic in Computer Science, pp. 55–74. IEEE, Los Alamitos (2002)CrossRefGoogle Scholar
  13. 13.
    Sagiv, M., Reps, T., Wilhelm, R.: Solving shape-analysis problems in languages with destructive updating. ACM Trans. Program. Lang. Syst. 20(1), 1–50 (1998)CrossRefGoogle Scholar
  14. 14.
    Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24(3), 217–298 (2002)CrossRefGoogle Scholar
  15. 15.
    Sims, É.-J.: Extending separation logic with fixpoints and postponed substitution. In: Rattray, C., Maharaj, S., Shankland, C. (eds.) AMAST 2004. LNCS, vol. 3116, pp. 475–490. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Oukseh Lee
    • 1
  • Hongseok Yang
    • 2
  • Kwangkeun Yi
    • 3
  1. 1.Dept. of Computer Science & EngineeringHanyang UniversityKorea
  2. 2.ERC-ACISeoul National UniversityKorea
  3. 3.School of Computer Science & EngineeringSeoul National UniversityKorea

Personalised recommendations