Property-directed shape analysis

Shachar Itzhaky; Nikolaj Bjørner; Thomas Reps; Mooly Sagiv; Aditya Thakur

doi:10.1007/978-3-319-08867-9_3

Property-directed shape analysis

Shachar Itzhaky, Nikolaj Bjørner, Thomas Reps, Mooly Sagiv, Aditya Thakur

School of Computer Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

This paper addresses the problem of automatically generating quantified invariants for programs that manipulate singly and doubly linked-list data structures. Our algorithm is property-directed-i.e., its choices are driven by the properties to be proven. The algorithm is able to establish that a correct program has no memory-safety violations-e.g., null-pointer dereferences, double frees-and that data-structure invariants are preserved. For programs with errors, the algorithm produces concrete counterexamples. More broadly, the paper describes how to integrate IC3 with full predicate abstraction. The analysis method is complete in the following sense: if an inductive invariant that proves that the program satisfies a given property is expressible as a Boolean combination of a given set of predicates, then the analysis will find such an invariant. To the best of our knowledge, this method represents the first shape-analysis algorithm that is capable of (i) reporting concrete counterexamples, or alternatively (ii) establishing that the predicates in use are not capable of proving the property in question.

Original language	English
Title of host publication	Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Proceedings
Publisher	Springer Verlag
Pages	35-51
Number of pages	17
ISBN (Print)	9783319088662
DOIs	https://doi.org/10.1007/978-3-319-08867-9_3
State	Published - 2014
Event	26th International Conference on Computer Aided Verification, CAV 2014 - Held as Part of the Vienna Summer of Logic, VSL 2014 - Vienna, Austria Duration: 18 Jul 2014 → 22 Jul 2014

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8559 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	26th International Conference on Computer Aided Verification, CAV 2014 - Held as Part of the Vienna Summer of Logic, VSL 2014
Country/Territory	Austria
City	Vienna
Period	18/07/14 → 22/07/14

Access to Document

10.1007/978-3-319-08867-9_3

Cite this

Itzhaky, S., Bjørner, N., Reps, T., Sagiv, M., & Thakur, A. (2014). Property-directed shape analysis. In Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Proceedings (pp. 35-51). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8559 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-08867-9_3

Itzhaky, Shachar ; Bjørner, Nikolaj ; Reps, Thomas et al. / Property-directed shape analysis. Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Proceedings. Springer Verlag, 2014. pp. 35-51 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{b3dccac7d8234e2aba259bd2af7dc43c,

title = "Property-directed shape analysis",

abstract = "This paper addresses the problem of automatically generating quantified invariants for programs that manipulate singly and doubly linked-list data structures. Our algorithm is property-directed-i.e., its choices are driven by the properties to be proven. The algorithm is able to establish that a correct program has no memory-safety violations-e.g., null-pointer dereferences, double frees-and that data-structure invariants are preserved. For programs with errors, the algorithm produces concrete counterexamples. More broadly, the paper describes how to integrate IC3 with full predicate abstraction. The analysis method is complete in the following sense: if an inductive invariant that proves that the program satisfies a given property is expressible as a Boolean combination of a given set of predicates, then the analysis will find such an invariant. To the best of our knowledge, this method represents the first shape-analysis algorithm that is capable of (i) reporting concrete counterexamples, or alternatively (ii) establishing that the predicates in use are not capable of proving the property in question.",

author = "Shachar Itzhaky and Nikolaj Bj{\o}rner and Thomas Reps and Mooly Sagiv and Aditya Thakur",

year = "2014",

doi = "10.1007/978-3-319-08867-9_3",

language = "אנגלית",

isbn = "9783319088662",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "35--51",

booktitle = "Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Proceedings",

note = "null ; Conference date: 18-07-2014 Through 22-07-2014",

}

Itzhaky, S, Bjørner, N, Reps, T, Sagiv, M & Thakur, A 2014, Property-directed shape analysis. in Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8559 LNCS, Springer Verlag, pp. 35-51, 26th International Conference on Computer Aided Verification, CAV 2014 - Held as Part of the Vienna Summer of Logic, VSL 2014, Vienna, Austria, 18/07/14. https://doi.org/10.1007/978-3-319-08867-9_3

Property-directed shape analysis. / Itzhaky, Shachar; Bjørner, Nikolaj; Reps, Thomas et al.

Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Proceedings. Springer Verlag, 2014. p. 35-51 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8559 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Property-directed shape analysis

AU - Itzhaky, Shachar

AU - Bjørner, Nikolaj

AU - Reps, Thomas

AU - Sagiv, Mooly

AU - Thakur, Aditya

PY - 2014

Y1 - 2014

N2 - This paper addresses the problem of automatically generating quantified invariants for programs that manipulate singly and doubly linked-list data structures. Our algorithm is property-directed-i.e., its choices are driven by the properties to be proven. The algorithm is able to establish that a correct program has no memory-safety violations-e.g., null-pointer dereferences, double frees-and that data-structure invariants are preserved. For programs with errors, the algorithm produces concrete counterexamples. More broadly, the paper describes how to integrate IC3 with full predicate abstraction. The analysis method is complete in the following sense: if an inductive invariant that proves that the program satisfies a given property is expressible as a Boolean combination of a given set of predicates, then the analysis will find such an invariant. To the best of our knowledge, this method represents the first shape-analysis algorithm that is capable of (i) reporting concrete counterexamples, or alternatively (ii) establishing that the predicates in use are not capable of proving the property in question.

AB - This paper addresses the problem of automatically generating quantified invariants for programs that manipulate singly and doubly linked-list data structures. Our algorithm is property-directed-i.e., its choices are driven by the properties to be proven. The algorithm is able to establish that a correct program has no memory-safety violations-e.g., null-pointer dereferences, double frees-and that data-structure invariants are preserved. For programs with errors, the algorithm produces concrete counterexamples. More broadly, the paper describes how to integrate IC3 with full predicate abstraction. The analysis method is complete in the following sense: if an inductive invariant that proves that the program satisfies a given property is expressible as a Boolean combination of a given set of predicates, then the analysis will find such an invariant. To the best of our knowledge, this method represents the first shape-analysis algorithm that is capable of (i) reporting concrete counterexamples, or alternatively (ii) establishing that the predicates in use are not capable of proving the property in question.

UR - http://www.scopus.com/inward/record.url?scp=84904811642&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-08867-9_3

DO - 10.1007/978-3-319-08867-9_3

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:84904811642

SN - 9783319088662

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 35

EP - 51

BT - Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Proceedings

PB - Springer Verlag

Y2 - 18 July 2014 through 22 July 2014

ER -

Itzhaky S, Bjørner N, Reps T, Sagiv M, Thakur A. Property-directed shape analysis. In Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Proceedings. Springer Verlag. 2014. p. 35-51. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-08867-9_3

Property-directed shape analysis

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this