This paper concerns the static analysis of programs that perform destructive updating on heap-allocated storage. We give an algorithm that conservatively solves this problem by using a finite shape-graph to approximate the possible “shapes” that heap-allocated structures in a program can take on. In contrast with previous work, our method M even accurate for certain programs that update cyclic data structures. For example, our method can determine that when the input to a program that searches a list and splices in a new element is a possibly circular list, the output is a possibly circular list.

Abstract. This paper addresses the problem of proving safety properties of imperative programs manipulating dynamically allocated data structures using destructive pointer updates. We present a new abstraction for linked data structures whose underlying graphs do not contain cycles. The abstraction is simple and allows us to decide reachability between dynamically allocated heap cells. We present an efficient algorithm that computes the effect of low level heap mutations in the most precise way. The algorithm does not rely on the usage of a theorem prover. In particular, the worst case complexity of computing a single successor abstract state is O(V log V) states can be exponential in V. A prototype of the algorithm was implemented and is shown to be fast. Our method also handles programs with “simple cycles ” such as cyclic singly-linked lists, (cyclic) doubly-linked lists, and trees with parent pointers. Moreover, we allow programs which temporarily violate these restrictions as long as they are restored in loop boundaries. 1

Abstract. TVLA is a parametric framework for shape analysis that can be easily instantiated to create different kinds of analyzers for checking properties of programs that use linked data structures. We report on dramatic improvements in TVLA’s performance, which make the cost of parametric shape analysis comparable to that of the most efficient specialized shape-analysis tools (which restrict the class of data structures and programs analyzed) without sacrificing TVLA’s parametricity. The improvements were obtained by employing well-known techniques from the database community to reduce the cost of extracting information from shape descriptors and performing abstract interpretation of program statements and conditions. Compared to the prior version of TVLA, we obtained as much as 50-fold speedup. 1

We study the applicability of pointer analysis algorithms (originally aimed at optimizing compilers) to identify potential errors such as dereferencing NULL pointers in C programs, by statically analyzing the behavior of programs on all their input data. The algorithms are conservative, i.e., they never miss an error but may also create "false alarms". Our goal is to identify the "core program analysis techniques" that are needed to develop a realistic tool that does not generate too many false alarms. Our experience indicates that the following techniques are necessary: (i) finding aliases between pointers, (ii) flow sensitive techniques that account for the program control flow constructs, (iii) partial interpretation of conditional statements, (iv) analysis of relationships between pointers, and sometimes (v) analysis of the underlying data structures manipulated by the C program. Our experimental work shows that the combination of these techniques yields b...

This paper reports on the automated verification of the total correctness (partial correctness and termination) of the Deutsch-Schorr-Waite (DSW) algorithm. DSW is an algorithm for traversing a binary tree without the use of a stack by means of destructive pointer manipulation. Prior approaches to the verification of the algorithm involved applications of theorem provers or handwritten proofs. TVLA's abstract-interpretation approach made possible the automatic symbolic exploration of all memory configurations that can arise. With the introduction of a few simple core and instrumentation relations, TVLA was able to establish the partial correctness and termination of DSW.

An algorithm for traversing binary trees in linear time using constant extra space is presented. The algorithm offers advantages to both Robson traversal and Lindstrom scanning. Under certain conditions, the algorithm can be applied to the marking of cyclic list structures. The algorithm can be generalized to handle N-trees and N-lists. Keywords Data structures Introduction Algorithms to traverse trees are in the tool chest of every good programmer. Tree traversals are used in many diverse applications, from searching to artificial intelligence. It is therefore important to be able to traverse trees in a time- and space-efficient manner. We present an algorithm which is efficient in both these considerations. The algorithm visits all nodes of an n- node tree in O#(n) time using O#(1) extra storage. We assume that the tree is represented as a collection of nodes, each of which contains some fixed number of pointers to their children, with no spare bits. Additionally, under certain co...

Correctness of several tree traversing algorithms is proved in an informal but quite rigorous way by using induction and a convenient graphical representation for the state of computation. These proofs are much simpler than their formal counterparts and provide an intuitive insight for the ideas behind the algorithms. A preliminary version of this paper was written in 1986 while the author was on leave visiting the School of Information and Computer Science of the Georgia Institute of Technology. Partial support was provided by the grant 85/155-7 from the Funda¸c~ao de Amparo de Pesquisa do Estado de S~ao Paulo (FAPESP). Author's Address: Tomasz Kowaltowski, Department of Computer Science, University of Campinas, Caixa Postal 6065, 13081-970 Campinas, SP, Brazil. E-mail: tomasz@dcc.unicamp.br. 1 Introduction Formal proofs of correctness of algorithms manipulating data structures can become quite lengthy and unreadable, even though the basic ideas behind those proofs may be simple ...

Abstract not found