Dirk Beyer,
Thomas A. Henzinger,
Grégory Théoduloz,
and Damien Zufferey.
Shape Refinement through Explicit Heap Analysis.
In D.S. Rosenblum and G. Taentzer, editors,
Proceedings of the 13th International Conference on Fundamental Approaches to Software Engineering (FASE 2010, Paphos (Cyprus), March 22-26),
LNCS 6013,
pages 263-277,
2010.
Springer-Verlag, Berlin.
[
PDF
] Keyword(s): Software Model Checking.
Abstract: |
Shape analysis is a promising technique to prove program properties about recursive data structures. The challenge is to automatically determine the data-structure type, and to supply the shape analysis with the necessary information about the data structure. We present a stepwise approach to the selection of instrumentation predicates for a TVLA-based shape analysis, which takes us a step closer towards the fully automatic verification of data structures. The approach uses two techniques to guide the refinement of shape abstractions: (1) during program exploration, an explicit heap analysis collects sample instances of the heap structures, which are used to identify the data structures that are manipulated by the program; and (2) during abstraction refinement along an infeasible error path, we consider different possible heap abstractions and choose the coarsest one that eliminates the infeasible path. We have implemented this combined approach for automatic shape refinement as an extension of the software model checker BLAST. Example programs from a data-structure library that manipulate doubly-linked lists and trees were successfully verified by our tool. |
@InProceedings{FASE10,
author = {Dirk Beyer and Thomas A.~Henzinger and Gr{\'e}gory Th{\'e}oduloz and Damien Zufferey},
title = {Shape Refinement through Explicit Heap Analysis},
booktitle = {Proceedings of the 13th International Conference on Fundamental Approaches to Software Engineering (FASE~2010, Paphos (Cyprus), March 22-26)},
publisher = {Springer-Verlag, Berlin},
editor = {D.S.~Rosenblum and G.~Taentzer},
series = {LNCS~6013},
pages = {263-277},
year = {2010},
isbn = {},
keyword = {Software Model Checking},
pdf = {../../2010-FASE.Shape_Refinement_through_Explicit_Heap_Analysis.pdf},
url = {},
abstract = { Shape analysis is a promising technique to prove program properties about recursive data structures. The challenge is to automatically determine the data-structure type, and to supply the shape analysis with the necessary information about the data structure. We present a stepwise approach to the selection of instrumentation predicates for a TVLA-based shape analysis, which takes us a step closer towards the fully automatic verification of data structures. The approach uses two techniques to guide the refinement of shape abstractions: (1) during program exploration, an explicit heap analysis collects sample instances of the heap structures, which are used to identify the data structures that are manipulated by the program; and (2) during abstraction refinement along an infeasible error path, we consider different possible heap abstractions and choose the coarsest one that eliminates the infeasible path. We have implemented this combined approach for automatic shape refinement as an extension of the software model checker BLAST. Example programs from a data-structure library that manipulate doubly-linked lists and trees were successfully verified by our tool. },
annote = {
},
}