Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly.

Slides:



Advertisements
Similar presentations
TVLA for System Code Jörg KreikerHelmut SeidlVesal Vojdani TU Munich Dagstuhl, July 2009.
Advertisements

Guy Golan-GuetaTel-Aviv University Nathan Bronson Stanford University Alex Aiken Stanford University G. Ramalingam Microsoft Research Mooly Sagiv Tel-Aviv.
Techniques for proving programs with pointers A. Tikhomirov.
Automated Verification with HIP and SLEEK Asankhaya Sharma.
Program Analysis and Verification
Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv.
Heap Decomposition for Concurrent Shape Analysis R. Manevich T. Lev-Ami M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine MSR Cambridge Dagstuhl.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
Sequential reductions for verifying serializability Hagit Attiya Technion & EPFL G. RamalingamMSR India Noam Rinetzky University of London.
1 Lecture 07 – Shape Analysis Eran Yahav. Previously  LFP computation and join-over-all-paths  Inter-procedural analysis  call-string approach  functional.
Compile-Time Verification of Properties of Heap Intensive Programs Mooly Sagiv Thomas Reps Reinhard Wilhelm
Static Program Analysis via Three-Valued Logic Thomas Reps University of Wisconsin Joint work with M. Sagiv (Tel Aviv) and R. Wilhelm (U. Saarlandes)
Shape Analysis via 3-Valued Logic Mooly Sagiv Tel Aviv University
A Combination Framework for Tracking Partition Sizes Sumit Gulwani, Microsoft Research Tal Lev-Ami, Tel-Aviv University Mooly Sagiv, Tel-Aviv University.
Specialized Reference Counting Garbage Collection using Data Structure Annotations By Eric Watkins and Dzin Avots for CS 343 Spring 2002.
Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.
1 Motivation Dynamically allocated storage and pointers are an essential programming tools –Object oriented –Modularity –Data structure But –Error prone.
Model Checking of Concurrent Software: Current Projects Thomas Reps University of Wisconsin.
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.
Compile-Time Deallocation of Individual Objects Sigmund Cherem and Radu Rugina International Symposium on Memory Management June, 2006.
Overview of program analysis Mooly Sagiv html://
Detecting Memory Errors using Compile Time Techniques Nurit Dor Mooly Sagiv Tel-Aviv University.
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.
1 Shape Analysis via 3-Valued Logic Mooly Sagiv Tel Aviv University Shape analysis with applications Chapter 4.6
Comparison Under Abstraction for Verifying Linearizability Daphna Amit Noam Rinetzky Mooly Sagiv Tom RepsEran Yahav Tel Aviv UniversityUniversity of Wisconsin.
A Semantics for Procedure Local Heaps and its Abstractions Noam Rinetzky Tel Aviv University Jörg Bauer Universität des Saarlandes Thomas Reps University.
Static Program Analysis via Three-Valued Logic Thomas Reps University of Wisconsin Joint work with M. Sagiv (Tel Aviv) and R. Wilhelm (U. Saarlandes)
1 Procedural Concept The main program coordinates calls to procedures and hands over appropriate data as parameters.
Proving termination conditions Name Country, City, University Omer Subasi Turkey, Istanbul, Koc University Anton Dergunov
Dagstuhl Seminar "Applied Deductive Verification" November Symbolically Computing Most-Precise Abstract Operations for Shape.
Program Analysis and Verification Noam Rinetzky Lecture 10: Shape Analysis 1 Slides credit: Roman Manevich, Mooly Sagiv, Eran Yahav.
Effectively-Propositional Reasoning about Reachability in Linked Data Structures Shachar Itzhaky Anindya Banerjee Neil Immerman Aleks Nanevski Mooly Sagiv.
T. Lev-Ami, R. Manevich, M. Sagiv TVLA: A System for Generating Abstract Interpreters A. Loginov, G. Ramalingam, E. Yahav.
TVLA: A system for inferring Quantified Invariants Tal Lev-Ami Tom Reps Mooly Sagiv Reinhard Wilhelm Greta Yorsh.
1 Employing decision procedures for automatic analysis and verification of heap-manipulating programs Greta Yorsh under the supervision of Mooly Sagiv.
Shape Analysis Overview presented by Greta Yorsh.
Program Analysis and Verification
Symbolically Computing Most-Precise Abstract Operations for Shape Analysis Greta Yorsh Thomas Reps Mooly Sagiv Tel Aviv University University of Wisconsin.
1 Program Analysis via 3-Valued Logic Mooly Sagiv, Tal Lev-Ami, Roman Manevich Tel Aviv University Thomas Reps, University of Wisconsin, Madison Reinhard.
 Saturday, April 20, 8:30-11:00am in B9201  Similar in style to written midterm exam  May include (a little) coding on paper  About 1.5 times as long.
Program Analysis via 3-Valued Logic Thomas Reps University of Wisconsin Joint work with Mooly Sagiv and Reinhard Wilhelm.
Roman Manevich Ben-Gurion University Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 16: Shape Analysis.
Heap Sort Uses a heap, which is a tree-based data type Steps involved: Turn the array into a heap. Delete the root from the heap and insert into the array,
Interprocedural shape analysis for cutpoint-free programs Noam Rinetzky Tel Aviv University Joint work with Mooly Sagiv Tel Aviv University Eran Yahav.
Putting Static Analysis to Work for Verification A Case Study Tal Lev-Ami Thomas Reps Mooly Sagiv Reinhard Wilhelm.
Binary Search Trees CH Gowri Kumar
Partially Disjunctive Shape Analysis Roman Manevich Mooly Sagiv Ganesan Ramalingam advisor: consultant:
Program Analysis and Verification
Interprocedural shape analysis for cutpoint-free programs
Shape Analysis Termination Analysis Linear Time
Partially Disjunctive Heap Abstraction
Midterm Review.
Spring 2016 Program Analysis and Verification
Program Analysis and Verification
Seminar in automatic tools for analyzing programs with dynamic memory
Compile-Time Verification of Properties of Heap Intensive Programs
Spring 2016 Program Analysis and Verification
CS302 Data Structures Fall 2012.
Parametric Shape Analysis via 3-Valued Logic
Program Analysis and Verification
Program Analysis and Verification
Sorting.
Program Analysis and Verification
Binary Trees: Motivation
Symbolic Characterization of Heap Abstractions
A Semantics for Procedure Local Heaps and its Abstractions
Program Analysis and Verification
Program Verification with Graph Types and Monadic Second-order Logic
Presentation transcript:

Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly Sagiv Tel Aviv University Reinhard Wilhelm Universität des Saarlandes Eran Yahav IBM Watson

Motivation Verify heap intensive programs  Imperative programs with procedures  Recursive data structures Lists Trees …

Motivation class List { List n; } main() { List x=null, y=null; int k = getLen(); x = create(k); y = reverse(x); } … k=4 x y nnn x y nnn No null dereferences No memory leaks x and y point to the same list y points to an acyclic list k=4 x y reverse: reverses terminates

What is the problem? Recursive procedures  Unbounded number of activation records Dynamic allocation  Unbounded number of objects Checking heap properties is undecidable

Our approach Use abstractions Over-approximation algorithms Effective (termination) Every verified property holds (sound)  May not prove all properties (incomplete)

y t g p Local heaps y t g call f(x); x p p p x

Canonical abstraction x n n n x n n

Tabulation exits y Interprocedural shape analysis call f(x) p x y x p

p y Interprocedural shape analysis call f(x) x y p p No tabulation Analyze f p x

y t g p Cutpoints y t g call f(x); x p p p ? x

Cutpoints and abstraction x n n n y n n n d d d d call f(x) p n n n Canonical abstraction p n n n p n n n

y t g p p Abstraction of cutpoints y t g call f(x); x p p x

Prototype implementation Data structureVerified properties Singly linked list Insert delete reverse … No memory errors acyclicity Sorting (of singly linked lists) insertion quickSort + Sortedness Unshared binary trees Insert Delete … No memory errors, tree-ness

Related Work Interprocedural shape analysis  Rinetzky and Sagiv, CC ’01  Chong and Rugina, SAS ’03  Jeannet et al., SAS ’04  Hackett and Rugina, POPL ’05  Rinetzky et al., POPL ‘05 Local Reasoning  Ishtiaq and O’Hearn, POPL ‘01  Reynolds, LICS ’02 Encapsulation  Noble et al. IWACO ’03 ...

End Interprocedural shape analysis for cutpoint-free programs Noam Rinetzky, Mooly Sagiv, and Eran Yahav SAS, 2005 A Semantics for procedure local heaps and its abstraction Noam Rinetzky, Jörg Bauer, Thomas Reps, Mooly Sagiv, and Reinhard Wilhelm POPL, 2005

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.