Analyzing Inductively Defined Properties for Recursive Data Structures

This paper proposes a framework facilitating the analysis on inductively defined properties for recursive data structures. Our work has three main parts. First, it helps simplify the analysis of heap-manipulating programs by classifying inductive properties of recursive data structures into two classifications and each of them is handled with observed patterns. Second, we propose a technique called slicing and splicing to track and specify how data structures are manipulated by programs, in which data structures are first sliced into several parts and these parts are further spliced into new data structures. Third, this work presents a property-directed interprocedural analysis, together with an algorithm to check the boundaries of modified procedure-local heaps regarding the recursive data structures pointed to by the parameters passed to the procedures.

[1]  Xiaokang Qiu,et al.  Natural proofs for data structure manipulation in C using separation logic , 2014, PLDI.

[2]  Rupak Majumdar,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 1997, Lecture Notes in Computer Science.

[3]  Reinhard Wilhelm,et al.  A semantics for procedure local heaps and its abstractions , 2005, POPL '05.

[4]  Constantin Enea,et al.  Abstract Domains for Automated Reasoning about List-Manipulating Programs with Infinite Data , 2012, VMCAI.

[5]  Xiaokang Qiu,et al.  Natural proofs for structure, data, and separation , 2013, PLDI.

[6]  Eran Yahav,et al.  Interprocedural Shape Analysis for Cutpoint-Free Programs , 2005, SAS.

[7]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[8]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[9]  Helmut Seidl,et al.  Shape Analysis of Low-Level C with Overlapping Structures , 2010, VMCAI.

[10]  Xin Zhang,et al.  Hybrid top-down and bottom-up interprocedural analysis , 2014, PLDI.

[11]  Hong-Seok Kim,et al.  Bottom-Up and Top-Down Context-Sensitive Summary-Based Pointer Analysis , 2004, SAS.

[12]  Lukás Holík,et al.  Fully Automated Shape Analysis Based on Forest Automata , 2013, CAV.

[13]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[14]  Li Xuandong,et al.  Scope Logic: An Extension to Hoare Logic for Pointers and Recursive Data Structures , 2013, ICTAC 2013.

[15]  Hongseok Yang,et al.  Automatic Verification of Pointer Programs Using Grammar-Based Shape Analysis , 2005, ESOP.

[16]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[17]  Neil Immerman,et al.  Modular reasoning about heap paths via effectively propositional formulas , 2014, POPL.

[18]  Shengchao Qin,et al.  Automated Verification of Shape, Size and Bag Properties , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).

[19]  Viktor Kuncak,et al.  Full functional verification of linked data structures , 2008, PLDI '08.

[20]  Jianhua Zhao,et al.  Scope Logic: An Extension to Hoare Logic for Pointers and Recursive Data Structures , 2013, ICTAC.

[21]  Nikolaj Bjørner,et al.  Property-Directed Shape Analysis , 2014, CAV.

[22]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[23]  Frank S. de Boer,et al.  Automated Verification of Recursive Programs with Pointers , 2012, IJCAR.

[24]  Peter W. O'Hearn,et al.  Shape Analysis for Composite Data Structures , 2007, CAV.

[25]  ChinWei-Ngan,et al.  Automated verification of shape, size and bag properties via user-defined predicates in separation logic , 2012 .

[26]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.