Invariant Synthesis for Programs Manipulating Lists with Unbounded Data

We address the issue of automatic invariant synthesis for sequential programs manipulating singly-linked lists carrying data over infinite data domains We define for that a framework based on abstract interpretation which combines a specific finite-range abstraction on the shape of the heap with an abstract domain on sequences of data, considered as a parameter of the approach We instantiate our framework by introducing different abstractions on data sequences allowing to reason about various aspects such as their sizes, the sums or the multisets of their elements, or relations on their data at different (linearly ordered or successive) positions To express the latter relations we define a new domain whose elements correspond to an expressive class of first order universally quantified formulas We have implemented our techniques in an efficient prototype tool and we have shown that our approach is powerful enough to generate non-trivial invariants for a significant class of programs.

[1]  Thomas W. Reps,et al.  A framework for numeric analysis of array operations , 2005, POPL '05.

[2]  Sumit Gulwani,et al.  A combination framework for tracking partition sizes , 2009, POPL '09.

[3]  Thomas A. Henzinger,et al.  Invariant Synthesis for Combined Theories , 2007, VMCAI.

[4]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[5]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[6]  Samson Abramsky,et al.  Domain theory , 1995, LICS 1995.

[7]  Sumit Gulwani,et al.  Lifting abstract interpreters to quantified logical domains , 2008, POPL '08.

[8]  Ahmed Bouajjani,et al.  Programs with lists are counter automata , 2011, Formal Methods Syst. Des..

[9]  Viktor Vafeiadis,et al.  Shape-Value Abstraction for Verifying Linearizability , 2008, VMCAI.

[10]  Jordi Cortadella,et al.  The octahedron abstract domain , 2004, Sci. Comput. Program..

[11]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[12]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[13]  Nicolas Halbwachs,et al.  An Analysis of Permutations in Arrays , 2010, VMCAI.

[14]  Alexey Gotsman,et al.  Interprocedural Shape Analysis with Separated Heap Abstractions , 2006, SAS.

[15]  Nicolas Halbwachs,et al.  Discovering properties about arrays in simple programs , 2008, PLDI '08.

[16]  Eran Yahav,et al.  Predicate Abstraction and Canonical Abstraction for Singly-Linked Lists , 2005, VMCAI.

[17]  Tomás Vojnar,et al.  Automatic Verification of Integer Array Programs , 2009, CAV.

[18]  Rupak Majumdar,et al.  From Tests to Proofs , 2009, TACAS.

[19]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[20]  Samson Abramsky,et al.  Handbook of logic in computer science. , 1992 .

[21]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[22]  Ranjit Jhala,et al.  Array Abstractions from Proofs , 2007, CAV.