Scalable shape analysis for systems code

Scalable shape analysis for systems code (2008)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by Hongseok Yang , Oukseh Lee , Josh Berdine , Cristiano Calcagno , Byron Cook , Dino Distefano

Venue:	In CAV
Citations:	61 - 9 self

BibTeX

@INPROCEEDINGS{Yang08scalableshape,
    author = {Hongseok Yang and Oukseh Lee and Josh Berdine and Cristiano Calcagno and Byron Cook and Dino Distefano},
    title = {Scalable shape analysis for systems code},
    booktitle = {In CAV},
    year = {2008}
}

Bookmark

OpenURL

Abstract

Abstract. Pointer safety faults in device drivers are one of the leading causes of crashes in operating systems code. In principle, shape analysis tools can be used to prove the absence of this type of error. In practice, however, shape analysis is not used due to the unacceptable mixture of scalability and precision provided by existing tools. In this paper we report on a new join operation ⊔ † for the separation domain which aggressively abstracts information for scalability yet does not lead to false error reports. ⊔ † is a critical piece of a new shape analysis tool that provides an acceptable mixture of scalability and precision for industrial application. Experiments on whole Windows and Linux device drivers (firewire, pcidriver, cdrom, md, etc.) represent the first working application of shape analysis to verification of whole industrial programs. 1

Citations

1635	Abstract Interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints - COUSOT, COUSOT - 1977
320	Precise interprocedural dataflow analysis with applications to constant propagation - Sagiv, Reps, et al. - 1996
237	H.: Local Reasoning about Programs that Alter Data Structures - O’Hearn, Reynolds, et al. - 2001
199	An Empirical Study of Operating Systems Errors - Chou, Yang, et al. - 2001
192	Improving the Reliability of Commodity Operating Systems - Swift, Bershad, et al. - 2003
162	K.L.: Abstractions from proofs - Henzinger, Jhala, et al. - 2004
136	A static analyzer for large safety-critical software - Blanchet, Cousot, et al. - 2003
119	Thorough Static Analysis of Device Drivers - Ball, Buonimova, et al. - 2006
108	A local shape analysis based on separation logic - Distefano, O’Hearn, et al. - 2006
106	M.: TVLA: A system for implementing static analyses - Lev-Ami, Sagiv - 2000
84	P.W.: Symbolic Execution with Separation Logic - Berdine, Calcagno, et al.
71	R.: Region-Based Shape Analysis with Tracked Locations - Hackett
66	Shape analysis for composite data structures - Berdine, Calcagno, et al. - 2007
46	Interprocedural Shape Analysis with Separated Heap Abstractions - Gotsman, Berdine, et al. - 2006
46	A semantics for procedure local heaps and its abstractions - Rinetzky, Bauer, et al. - 2005
34	Shape analysis with inductive recursion synthesis - Guo, Vachharajani, et al. - 2007
27	Thread-modular shape analysis - Gotsman, Berdine, et al.
27	Partially disjunctive heap abstraction - Manevich, Sagiv, et al. - 2004
18	Inferring invariants in separation logic for imperative list-processing programs - Magill, Nanevski, et al.
15	Shape analysis with structural invariant checkers - Chang, Rival, et al. - 2007
14	M.: Thread quantification for concurrent shape analysis - Berdine, Lev-Ami, et al. - 2008
12	Efficient contextsensitive shape analysis with graph based heap models - Marron, Hermenegildo, et al. - 2008
9	decomposition for concurrent shape analysis - MANEVICH, LEV-AMI, et al.
6	Specialized 3-valued logic shape analysis using structure-based refinement and loose embedding - Arnold - 2006