Results 1 
4 of
4
Local shape analysis for overlaid data structures
 In Static Analysis Symposium (SAS
, 2013
"... Abstract. We present a shape analysis for programs that manipulate overlaid data structures which share sets of objects. The abstract domain contains Separation Logic formulas that (1) combine a perobject separating conjunction with a perfield separating conjunction and (2) constrain a set of var ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We present a shape analysis for programs that manipulate overlaid data structures which share sets of objects. The abstract domain contains Separation Logic formulas that (1) combine a perobject separating conjunction with a perfield separating conjunction and (2) constrain a set of variables interpreted as sets of objects. The definition of the abstract domain operators is based on a notion of homomorphism between formulas, viewed as graphs, used recently to define optimal decision procedures for fragments of the Separation Logic. Based on a Frame Rule that supports the two versions of the separating conjunction, the analysis is able to reason in a modular manner about nonoverlaid data structures and then, compose information only at a few program points, e.g., procedure returns. We have implemented this analysis in a prototype tool and applied it on several interesting case studies that manipulate overlaid and nested linked lists. 1
Mathematical Logic—Mechanical theorem proving
"... Separation logic is an expressive logic for reasoning about heap structures in programs. This paper presents a semidecision procedure for checking unsatisfiability of formulas in a fragment of separation logic that includes pointsto assertions (x 7 → y), acycliclistsegment assertions (ls(x, y)) ..."
Abstract
 Add to MetaCart
(Show Context)
Separation logic is an expressive logic for reasoning about heap structures in programs. This paper presents a semidecision procedure for checking unsatisfiability of formulas in a fragment of separation logic that includes pointsto assertions (x 7 → y), acycliclistsegment assertions (ls(x, y)), logicaland, logicalor, separating conjunction, and septraction (the DeMorgandual of separating implication). The fragment that we consider allows negation at leaves, and includes formulas that lie outside other separationlogic fragments considered in the literature. The semidecision procedure is designed using concepts from abstract interpretation. The procedure uses an abstract domain of shape graphs to represent a set of heap structures, and computes an abstraction that overapproximates the set of satisfying models of a given formula. If the overapproximation is empty, then the formula is unsatisfiable. We have implemented the method, and evaluated it on a set of formulas taken from the literature. The implementation is able to establish the unsatisfiability of formulas that cannot be handled by previous approaches.