A Symbolic Execution Framework with Explicit Heaps and Separation
نویسندگان
چکیده
Program verification of heap properties is challenging. A promising approach is Separation Logic, which supports local reasoning over disjoint portions of the heap. In this paper, we propose a heap constraint language H that explicates the heap and incorporates separation. By explicating the heap, the language is more suitable for automatic symbolic execution. We show that this language can be translated into a quantifier-free fragment of linear arithmetic, so that standard treatments apply. When combined with Constraint Logic Programming (CLP), the language is highly expressive and can be used to define recursive data-structures. Furthermore, it is amenable to automatic treatment though constraint solving and standard CLP execution algorithms.
منابع مشابه
Symbolic Execution with Separation Logic
We describe a sound method for automatically proving Hoare triples for loop-free code in Separation Logic, for certain preconditions and postconditions (symbolic heaps). The method uses a form of symbolic execution, a decidable proof theory for symbolic heaps, and extraction of frame axioms from incomplete proofs. This is a precursor to the use of the logic in automatic specification checking, ...
متن کاملLocal Reasoning with First-Class Heaps, and a New Frame Rule
Separation Logic (SL) brought an advance to program verification of data structures by interpreting (recursively defined) predicates as implicit heaps, and using a separating conjoin operator to construct heaps from disjoint subheaps. While the Frame Rule of SL facilitated local reasoning in program fragments, its restriction to disjoint subheaps means that any form of sharing between predicate...
متن کاملA Constraint Solver for Heaps with Separation
This paper introduces a constraint language H for finite partial maps (a.k.a. heaps) that incorporates the notion of separation from Separation Logic. The motivation behind H is reasoning over heap manipulating programs using constraint-based symbolic execution. For this we present a modest extension of Hoare Logic that inherits many of the benefits from Separation Logic, such as local reasonin...
متن کاملConstraint-Based Program Reasoning with Heaps and Separation
This paper introduces a constraint language H for finite partial maps (a.k.a. heaps) that incorporates the notion of separation from Separation Logic. We use H to build an extension of Hoare Logic for reasoning over heap manipulating programs using (constraint-based) symbolic execution. We present a sound and complete algorithm for solving quantifier-free (QF) H-formulae based on heap element p...
متن کاملEnhancing Symbolic Execution of Heap-based Programs with Separation Logic for Test Input Generation
Symbolic execution is a well established method for test input generation. By taking inputs as symbolic values and solving constraints encoding path conditions, it helps achieve a better test coverage. Despite of having achieved tremendous success over numeric domains, existing symbolic execution techniques for heap-based programs (e.g., linked lists and trees) are limited due to the lack of a ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012