## A local shape analysis based on separation logic (2006)

### Cached

### Download Links

Venue: | IN: 12TH INTERNATIONAL CONFERENCE ON TOOLS AND ALGORITHMS FOR |

Citations: | 127 - 23 self |

### BibTeX

@INPROCEEDINGS{Distefano06alocal,

author = {Dino Distefano and Peter W. O’Hearn and Hongseok Yang},

title = { A local shape analysis based on separation logic},

booktitle = {IN: 12TH INTERNATIONAL CONFERENCE ON TOOLS AND ALGORITHMS FOR},

year = {2006},

publisher = {}

}

### Years of Citing Articles

### OpenURL

### Abstract

We describe a program analysis for linked list programs where the abstract domain uses formulae from separation logic.

### Citations

1880 |
Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints
- Cousot, Cousot
- 1977
(Show Context)
Citation Context ...ys terminate, where ours does. But, there is remarkable similarity. 2 Semantic Setting We first describe the general semantic setting for this work. Following the framework of abstract interpretation =-=[6]-=-, we will work with complete lattices D: The semantics of a command c will be given by a continuous function [c]: D → D. If we are given a programming language with certain primitive operations p, tog... |

705 | Separation logic: a logic for shared mutable data structures
- Reynolds
(Show Context)
Citation Context ...a single cell might alter the value of a host of instrumentation predicates. In contrast, separation logic provides an approach to reasoning about the heap that has a strong form of locality built in =-=[14]-=-. Typically, one reasons about a collection of cells in isolation, and their update does not necessitate checking or updating cells that are held in a different component of a separating conjunction. ... |

538 | Parametric shape analysis via 3-valued logic
- Sagiv, Reps, et al.
(Show Context)
Citation Context ... the heap (e.g., is this an acyclic linked list?). The leading current shape analysis is that of Sagiv, Reps and Wilhelm, which uses very generic and powerful abstractions based on three-valued logic =-=[17]-=-. Although powerful, a problem with this shape analysis is that it behaves in a global way. For example, when one updates a single abstract heap cell this may require also the updating of properties a... |

268 | Local reasoning about programs that alter data structures
- O’Hearn, Reynolds, et al.
- 2001
(Show Context)
Citation Context ...g some steps towards separation logic. Early on in separation logic there was an emphasis on what was referred to as “local reasoning”: reasoning concentrates on the cells accessed during computation =-=[12]-=-. In [15, 16] an interprocedural analysis is described where a procedure summary is constructed which involves only the (abstract) cells reachable from input parameters or variables free in a procedur... |

162 | Separation and information hiding
- O’Hearn, Yang, et al.
- 2004
(Show Context)
Citation Context ... of the form E↦→F ls(E, F ) junk. We use SH to denote the set of consistent symbolic heaps. (For the definition of consistency, see below.) The first two heap predicates are “precise” in the sense of =-=[13]-=-; each cuts out a unique piece of (concrete) heap. The points-to assertion E↦→F can hold only in a singleton heap, where E is the only active cell. Similarly, when a list segment holds of a given heap... |

159 | Boolean and Cartesian Abstraction for Model Checking C Programs
- Ball, Podelski, et al.
(Show Context)
Citation Context ... with respect to ⊑. As of this writing we have not succeeded in proving this conjecture. If true, it would perhaps open the way to a study pinpointing where precision is and is not lost (as in, e.g., =-=[3]-=-) using Galois connections. Although valuable, such questions are secondary to our more basic aim of existence (soundness and termination) of the analysis.] Let in: P(CSH) → P(SH) denote the inclusion... |

101 | Symbolic execution with separation logic
- Berdine, Calcagno, et al.
- 2005
(Show Context)
Citation Context ...se ideas from separation logic in program analysis, with an eye towards the central problem of modularity in the analysis. Our technical starting point is recent work of Berdine, Calcagno and O’Hearn =-=[5]-=-, who defined a method of symbolic execution of certain separation logic formulae called symbolic heaps. Their method is not, by itself, suitable as an abstract semantics because there are infinitely ... |

73 | A decidable fragment of separation logic
- Berdine, Calcagno, et al.
- 2004
(Show Context)
Citation Context ... in interpreting this statement, however. One might perhaps have expected the last rule to leave out the P3(G, H) ∗-conjunct, but this would result in unsoundness; as Berdine and Calcagno pointed out =-=[4, 5]-=- (our abstraction rules are obtained from their proof rules), we must know that the end of a second list segment does not point back into the first if we are to concatenate them. We are forced, by con... |

51 | Predicate abstraction and canonical abstraction for singly-linked lists
- Manevich, Yahav, et al.
- 2005
(Show Context)
Citation Context ...em exceeded the OCaml default initial heap size of 400kB. In coverage of examples, and in the nature of the abstraction itself, the analysis here appears to be somewhat similar to the one reported in =-=[10]-=-. A careful study of this relationship could be worthwhile. 6 Termination Although the abstract semantics exists, we have not yet established that the algorithm it determines always terminates. We do ... |

50 | A semantics for procedure local heaps and its abstractions. 32nd POPL
- Rinetzky, Bauer, et al.
- 2005
(Show Context)
Citation Context ...swers for large states from those obtained on small ones as input, suggesting further possible developments in interprocedural and concurrency analyses. 1.1 Related Work In work on heap analysis (see =-=[15]-=- for discussion) much use has been made of a “storeless semantics” where the model is built from equivalence classes of paths rather than locations. The storeless semantics has the pleasant property t... |

37 | Interprocedural shape analysis for cutpoint-free programs
- Rinetzky, Sagiv, et al.
- 2005
(Show Context)
Citation Context ...abstraction we use is defined by rewrite rules which are all true implications in separation logic, and the symbolic execution rules are derived from true Hoare triples. Recent work on shape analysis =-=[15, 16]-=- might be regarded as taking some steps towards separation logic. Early on in separation logic there was an emphasis on what was referred to as “local reasoning”: reasoning concentrates on the cells a... |

32 | Information flow analysis in logical form
- Amtoft, Banerjee
- 2004
(Show Context)
Citation Context ...f interest because it suggests a genuinely different approach which has promise for the central problem of obtaining modular analyses. A very good example of this is the recent work of Amtoft et. al. =-=[2, 1]-=- which uses local reasoning in information flow analysis (this is a more shallow form of analysis than shape analysis, but they are successful in formulating a very modular analysis). Finally, in work... |

20 | Inferring invariants in Separation Logic for imperative list-processing programs
- Magill, Nanevski, et al.
- 2005
(Show Context)
Citation Context ...sis). Finally, in work carried out independently of (and virtually in parallel to) that here, Magill et. al. have defined a method of inferring invariants for linked list programs in separation logic =-=[9]-=-. They also utilize a symbolic execution mechanism related to [5], and give rewrite rules to attempt to find fixed points. There are many detailed differences: (i) they use a different basic list pred... |

18 |
Resources, concurrency, and local reasoning,” Theor
- O’Hearn
- 2007
(Show Context)
Citation Context ...d)} In fact, the behaviour of the tool in the first case follows from that in the second, using the Frame Rule of separation logic. This example is motivated by the treatment of a concurrent queue in =-=[11]-=-. The fact that we do not have to consider the cell d when inserting is crucial for a verification which shows that the two ends of a nonempty queue can be manipulated concurrently. To produce such re... |

11 | On model checking the dynamics of object-based software: a foundational approach
- Distefano
- 2003
(Show Context)
Citation Context ... of symbolic execution, and adding to it an abstraction or widening operator which converts any symbolic heap to one in a certain “canonical form”. This abstraction method is an adaptation of work in =-=[7, 8]-=- to the symbolic heaps of Berdine et. al. In contrast to unrestricted symbolic heaps we show that theresare only finitely many canonical forms, resulting in termination of the fixed-point calculation ... |

7 | Who is pointing when to whom: on model-checking pointer structures
- Distefano, Rensink, et al.
- 2003
(Show Context)
Citation Context ... of symbolic execution, and adding to it an abstraction or widening operator which converts any symbolic heap to one in a certain “canonical form”. This abstraction method is an adaptation of work in =-=[7, 8]-=- to the symbolic heaps of Berdine et. al. In contrast to unrestricted symbolic heaps we show that theresare only finitely many canonical forms, resulting in termination of the fixed-point calculation ... |

5 | A logic for information flow analysis of pointer programs
- Amtoft, Bandhakavi, et al.
- 2006
(Show Context)
Citation Context ...f interest because it suggests a genuinely different approach which has promise for the central problem of obtaining modular analyses. A very good example of this is the recent work of Amtoft et. al. =-=[2, 1]-=- which uses local reasoning in information flow analysis (this is a more shallow form of analysis than shape analysis, but they are successful in formulating a very modular analysis). Finally, in work... |