Papers
Topics
Authors
Recent
2000 character limit reached

Algorithmic Details behind the Predator Shape Analyser (2403.18491v1)

Published 27 Mar 2024 in cs.SE and cs.PL

Abstract: This chapter, which is an extended and revised version of the conference paper 'Predator: Byte-Precise Verification of Low-Level List Manipulation', concentrates on a detailed description of the algorithms behind the Predator shape analyser based on abstract interpretation and symbolic memory graphs. Predator is particularly suited for formal analysis and verification of sequential non-recursive C code that uses low-level pointer operations to manipulate various kinds of linked lists of unbounded size as well as various other kinds of pointer structures of bounded size. The tool supports practically relevant forms of pointer arithmetic, block operations, address alignment, or memory reinterpretation. We present the overall architecture of the tool, along with selected implementation details of the tool as well as its extension into so-called Predator Hunting Party, which utilises multiple concurrently-running Predator analysers with various restrictions on their behaviour. Results of experiments with Predator within the SV-COMP competition as well as on our own benchmarks are provided.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (38)
  1. Verification of Heap Manipulating Programs with Ordered Data by Extended Forest Automata. Acta Informatica, 53(4):357–385. Springer (2016).
  2. Shape Analysis for Composite Data Structures. In: Proc. of CAV’07, vol. 4590 of LNCS, pp. 178–192. Springer (2007)
  3. SLAyer: Memory Safety for Systems-level Code. In: Proc. of CAV’11, vol. 6806 of LNCS, pp. 178–183. Springer (2011)
  4. Diagnosing Abstraction Failure for Separation Logic-Based Analyses. In: Proc. of CAV’12, vol. 7358 of LNCS, pp. 155–173. Springer (2012)
  5. Boosting k-Induction with Continuously-Refined Invariants. In: Proc. of CAV’15, vol. 9206 of LNCS, pp. 622–640. Springer (2015)
  6. Reliable benchmarking: requirements and solutions. International Journal on Software Tools for Technology Transfer, 21(1). Springer (2019)
  7. Configurable Software Verification: Concretizing the Convergence of In: Proc. of CAV’07, vol. 4590 of LNCS, pp. 504-518. Springer (2007)
  8. Abstract Regular (Tree) Model Checking. International Journal on Software Tools for Technology Transfer, 14(2):167–191. Springer (2012)
  9. Beyond Reachability: Shape Abstraction in the Presence of Pointer Arithmetic. In: Proc. of SAS’06, vol. 4134 of LNCS, pp. 182–203. Springer (2006)
  10. Compositional Shape Analysis by Means of Bi-Abduction. Journal of the ACM, 58(6):26:1–26:66. ACM (2011)
  11. Counterexample Validation and Interpolation-Based Refinement for Forest Automata. In Proc. of VMCAI’17, vol. 10145 of LNCS, pp. 288–309. Springer (2017)
  12. Symbiotic 4: Beyond Reachability. In: Proc. of TACAS’17, vol. 10206 of LNCS, pp. 385–389. Springer (2017)
  13. Symbiotic 7: Integration of Predator and More (Competition Contribution). In Proc. of TACAS’20, vol. 12079 of LNCS, pp. 413–417. Springer (2020)
  14. Shape analysis with structural invariant checkers. In: Proc. of SAS’07, vol. 4634 of LNCS, pp. 384–401. Springer (2007)
  15. Abstract Domains and Solvers for Sets Reasoning. In: Proc. of LPAR’15, vol. 9450 of LNCS, pp. 356–371. Springer (2015)
  16. From Low-Level Pointers to High-Level Containers. In: Proc. of VMCAI’16, vol. 9583 of LNCS, pp. 431–452. Springer (2016)
  17. An Easy to Use Infrastructure for Building Static Analysis Tools. In: Proc. of EUROCAST’11, vol. 6927 of LNCS, pp. 527–534. Springer (2012)
  18. Predator: A Practical Tool for Checking Manipulation of Dynamic Data Structures Using Separation Logic. In: Proc. of CAV’11, vol. 6806 of LNCS, pp. 372–378. Springer (2011)
  19. Predator: Byte-Precise Verification of Low-Level List Manipulation. In: Proc. of SAS’13, vol. 7935 of LNCS, pp. 214–237. Springer (2013)
  20. Forest Automata for Verification of Heap Manipulation. Formal Methods in System Design, 41(1), Springer (2012)
  21. Ultimate Automizer with an On-Demand Construction of Floyd-Hoare Automata. In: Proc. of TACAS’17, vol. 10206 of LNCS, pp. 394–398. Springer (2017)
  22. Predator Shape Analysis Tool Suite. In: Proc. of HVC’16, vol. 10028 of LNCS, pp. 202–209. Springer (2016)
  23. Shape Analysis of Low-Level C with Overlapping Structures. In: Proc. of VMCAI’10, vol. 5944 of LNCS, pp. 214–230. Springer (2010)
  24. Separating Shape Graphs. In: Proc. of ESOP’10, vol. 6012 of LNCS, pp. 387–406. Springer (2010)
  25. Shape Analysis via Second-Order Bi-Abduction. In: Proc. of CAV’15, vol. 9206 of LNCS, pp. 52–68. Springer (2015)
  26. CPAchecker with Sequential Combination of Explicit-Value Analyses and Predicate Analyses (Competition Contribution). In Proc. of TACAS’14, vol. 8413 of LNCS, pp. 392–394. Springer (2014)
  27. 2LS: Memory Safety and Non-termination (Competition Contribution). In Proc. of TACAS’18, vol. 10806 of LNCS, pp. 417–421. Springer (2018)
  28. Template-Based Verification of Heap-Manipulating Programs. In Proc. of FMCAD’18. IEEE (2018)
  29. Efficient Context-Sensitive Shape Analysis with Graph Based Heap Models. In: Proc. of CC’08, vol. 4959 of LNCS, pp. 245–259. Springer (2008)
  30. Predator Hunting Party (Competition Contribution). In: Proc. of TACAS’15, vol. 9035 of LNCS, pp. 443–446. Springer (2015)
  31. CPAlien: Shape Analyzer for CPAChecker (Competition Contribution). In Proc. of TACAS’14, vol. 8413 of LNCS, pp. 395–397. Springer (2014)
  32. PredatorHP Revamped (Not Only) for Interval-Sized Memory Regions and Memory Reallocation (Competition Contribution). In Proc. of TACAS’20, vol. 12079 of LNCS, pp. 408–412. Springer (2020)
  33. Precise Interprocedural Dataflow Analysis via Graph Reachability. In: Proc. of POPL’95, pp. 49–61. ACM Press (1995)
  34. The MemCAD Analyzer. Available at https://www.di.ens.fr/~rival/memcad.html. (2016)
  35. Parametric shape analysis via 3-valued logic. ACM Transactions on Programming Languages and Systems (TOPLAS), 24(3), ACM (2002)
  36. Tuch, H.: Formal Verification of C Systems Code. Journal of Automated Reasoning, 42(2–4), Springer (2009)
  37. On Scalable Shape Analysis. Technical report RR-07-10, Queen Mary, University of London (2007)
  38. Scalable Shape Analysis for Systems Code. In: Proc. of CAV’08, vol. 5123 of LNCS, pp. 385–398. Springer (2008)

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now

Whiteboard

Paper to Video (Beta)

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up for Free