Automated Specification Discovery in a Combined Abstract Domain

Discovering program specifications automatically for heapmanipulating programs is a challenging task due to the complexity of aliasing and mutability of data structures used. This paper describes a compositional analysis framework for discovering program specifications in a combined abstract domain with shape, numerical and bag (multiset) information. The framework analyses each method and derives its summary independently from its callers. We propose a novel abstraction method with a bi-abduction technique in the combined domain to discover pre/post-conditions which cannot be automatically inferred before. The analysis does not only prove the memory safety properties, but also finds relationships between pure and shape domains towards full functional correctness of programs. A prototype of the framework has been implemented and initial experiments have shown that our approach can discover interesting properties for non-trivial programs.