Abstract Domains for Automated Reasoning about List-Manipulating Programs with Infinite Data

  • Ahmed Bouajjani
  • Cezara Drăgoi
  • Constantin Enea
  • Mihaela Sighireanu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7148)

Abstract

We describe a framework for reasoning about programs with lists carrying integer numerical data. We use abstract domains to describe and manipulate complex constraints on configurations of these programs mixing constraints on the shape of the heap, sizes of the lists, on the multisets of data stored in these lists, and on the data at their different positions. Moreover, we provide powerful techniques for automatic validation of Hoare-triples and invariant checking, as well as for automatic synthesis of invariants and procedure summaries using modular inter-procedural analysis. The approach has been implemented in a tool called Celia and experimented successfully on a large benchmark of programs.

Keywords

Automate Reasoning Node Variable Abstract Domain Input List Loop Invariant 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Drăgoi, C.: Automated verification of heap-manipulating programs with infinite data. PhD thesis, University Paris Diderot - Paris 7 (2011)Google Scholar
  2. 2.
    Barrett, C., Tinelli, C.: CVC3. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 298–302. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Beyer, D., Henzinger, T.A., Majumdar, R., Rybalchenko, A.: Invariant Synthesis for Combined Theories. In: Cook, B., Podelski, A. (eds.) VMCAI 2007. LNCS, vol. 4349, pp. 378–394. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Bouajjani, A., Bozga, M., Habermehl, P., Iosif, R., Moro, P., Vojnar, T.: Programs with Lists Are Counter Automata. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 517–531. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Bouajjani, A., Drăgoi, C., Enea, C., Rezine, A., Sighireanu, M.: Invariant Synthesis for Programs Manipulating Lists with Unbounded Data. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 72–88. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Bouajjani, A., Dragoi, C., Enea, C., Sighireanu, M.: On inter-procedural analysis of programs with lists and data. In: Proc. of PLDI, pp. 578–589 (2011)Google Scholar
  7. 7.
    Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Compositional shape analysis by means of bi-abduction. In: Proc. of POPL, pp. 289–300 (2009)Google Scholar
  8. 8.
    CEA. Frama-C Platform, http://frama-c.com
  9. 9.
  10. 10.
    Chang, B.-Y.E., Rival, X.: Relational inductive shape analysis. In: Proc. of POPL, pp. 247–260 (2008)Google Scholar
  11. 11.
    Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Proc. of POPL, pp. 269–282 (1979)Google Scholar
  12. 12.
    Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. of POPL, pp. 238–252 (1977)Google Scholar
  13. 13.
    Cousot, P., Cousot, R.: Static determination of dynamic properties of recursive procedures. In: Proc. of IFIP Conf. on Formal Description of Programming Concepts, pp. 237–277 (1977)Google Scholar
  14. 14.
    Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: Proc. of POPL, pp. 84–96 (1978)Google Scholar
  15. 15.
    de Moura, L., Bjørner, N.: Z3: An Efficient SMT Solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Gopan, D., Reps, T.W., Sagiv, S.: A framework for numeric analysis of array operations. In: Proc. of POPL, pp. 338–350 (2005)Google Scholar
  17. 17.
    Gotsman, A., Berdine, J., Cook, B.: Interprocedural Shape Analysis with Separated Heap Abstractions. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 240–260. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Gulwani, S., Lev-Ami, T., Sagiv, M.: A combination framework for tracking partition sizes. In: Proc. of POPL, pp. 239–251 (2009)Google Scholar
  19. 19.
    Gulwani, S., McCloskey, B., Tiwari, A.: Lifting abstract interpreters to quantified logical domains. In: POPL, pp. 235–246 (2008)Google Scholar
  20. 20.
    Halbwachs, N., Péron, M.: Discovering properties about arrays in simple programs. In: PLDI, pp. 339–348 (2008)Google Scholar
  21. 21.
    Jeannet, B., Miné, A.: Apron: A Library of Numerical Abstract Domains for Static Analysis. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 661–667. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Jhala, R., McMillan, K.L.: Array Abstractions from Proofs. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 193–206. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  23. 23.
    McCloskey, B., Reps, T., Sagiv, M.: Statically Inferring Complex Heap, Array, and Numeric Invariants. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 71–99. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    Miné, A.: The octagon abstract domain. Higher-Order and Symbolic Computation 19(1), 31–100 (2006)MathSciNetCrossRefMATHGoogle Scholar
  25. 25.
    Perrelle, V., Halbwachs, N.: An Analysis of Permutations in Arrays. In: Barthe, G., Hermenegildo, M. (eds.) VMCAI 2010. LNCS, vol. 5944, pp. 279–294. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  26. 26.
    Podelski, A., Wies, T.: Boolean Heaps. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 268–283. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  27. 27.
    Podelski, A., Wies, T.: Counterexample-guided focus. In: Proc. of POPL, pp. 249–260 (2010)Google Scholar
  28. 28.
    Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: Proc. of LICS. IEEE Computer Society (2002)Google Scholar
  29. 29.
    Rinetzky, N., Bauer, J., Reps, T.W., Sagiv, S., Wilhelm, R.: A semantics for procedure local heaps and its abstractions. In: Proc. of POPL, pp. 296–309 (2005)Google Scholar
  30. 30.
    Rinetzky, N., Sagiv, M., Yahav, E.: Interprocedural Shape Analysis for Cutpoint-Free Programs. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 284–302. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  31. 31.
    Rival, X., Chang, B.-Y.E.: Calling context abstraction with shapes. In: Proc. of POPL, pp. 173–186 (2011)Google Scholar
  32. 32.
    Sagiv, S., Reps, T.W., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24(3), 217–298 (2002)CrossRefGoogle Scholar
  33. 33.
    Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Program Flow Analysis: Theory and Applications, pp. 189–234. Prentice-Hall (1981)Google Scholar
  34. 34.
    Vafeiadis, V.: Shape-Value Abstraction for Verifying Linearizability. In: Jones, N.D., Müller-Olm, M. (eds.) VMCAI 2009. LNCS, vol. 5403, pp. 335–348. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Ahmed Bouajjani
    • 1
  • Cezara Drăgoi
    • 2
  • Constantin Enea
    • 1
  • Mihaela Sighireanu
    • 1
  1. 1.LIAFAUniv Paris Diderot & CNRSFrance
  2. 2.ISTAustria

Personalised recommendations