Lazy Shape Analysis
نویسندگان
چکیده
Many software model checkers are based on predicate abstraction. If the verification goal depends on pointer structures, the approach does not work well, because it is difficult to find adequate predicate abstractions for the heap. In contrast, shape analysis, which uses graph-based heap abstractions, can provide a compact representation of recursive data structures. We integrate shape analysis into the software model checker Blast. Because shape analysis is expensive, we do not apply it globally. Instead, we ensure that, like predicates, shape graphs are computed and stored locally, only where necessary for proving the verification goal. To achieve this, we extend lazy abstraction refinement, which so far has been used only for predicate abstractions, to three-valued logical structures. This approach does not only increase the precision of model checking, but it also increases the efficiency of shape analysis. We implemented the technique by extending Blast with calls to Tvla.
منابع مشابه
Arithmetic Strengthening for Shape Analysis
Shape analyses are often imprecise in their numerical reasoning, whereas numerical static analyses are often largely unaware of the shape of a program’s heap. In this paper we propose a lazy method of combining a shape analysis based on separation logic with an arbitrary arithmetic analysis. When potentially spurious counterexamples are reported by our shape analysis, the method constructs a pu...
متن کاملIntegrating Shape Analysis into the Model Checker BLAST
Many software model checkers are based on predicate abstraction. Values of variables in branching conditions are represented abstractly using predicates. The strength of this approach is its path-sensitive nature. However, if the control flow depends heavily on the values of memory cells on the heap, the approach does not work well, because it is difficult to find ‘good’ predicate abstractions ...
متن کاملScheduling Heuristics for Lazy Database Systems
Traditional relational database design specifies that transactions be executed immediately. This adheres to our intuition for how transactions should work—in order to issue a commit/abort decision, we must run the transaction logic to completion. However, there are certain classes of transactions that might benefit from deferred execution in which the commit/abort logic is executed immediately,...
متن کاملThe Lazy S Design: A Novel Skin Closure Design in Skin-Sparing Mastectomy for Implant-Based Breast Reconstruction
Preservation of the breast skin envelope during immediate implant-based breast reconstruction is important for producing symmetrical and natural-looking breasts. We propose the lazy S design for the closure of round-shaped wounds with the hope of improving the aesthetic outcomes and reducing the tension on the wound by preserving the skin. Additionally, the direction of tension is dispersed due...
متن کاملThe Impact of Laziness on Parallelism and the Limits of Strictness Analysis
The major question examined by this paper is whether suucient ne-grain parallelism can be obtained from programs written in a lazy functional language. To answer this question, we have implemented a prototype compiler based on a novel approach to strictness analysis (called abstract demand propagation) and we have compared this implementation strategy (optimized lazy) with other implementations...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006