-
Algorithmic Details behind the Predator Shape Analyser
Authors:
Kamil Dudka,
Petr Muller,
Petr Peringer,
Veronika Šoková,
Tomáš Vojnar
Abstract:
This chapter, which is an extended and revised version of the conference paper 'Predator: Byte-Precise Verification of Low-Level List Manipulation', concentrates on a detailed description of the algorithms behind the Predator shape analyser based on abstract interpretation and symbolic memory graphs. Predator is particularly suited for formal analysis and verification of sequential non-recursive C…
▽ More
This chapter, which is an extended and revised version of the conference paper 'Predator: Byte-Precise Verification of Low-Level List Manipulation', concentrates on a detailed description of the algorithms behind the Predator shape analyser based on abstract interpretation and symbolic memory graphs. Predator is particularly suited for formal analysis and verification of sequential non-recursive C code that uses low-level pointer operations to manipulate various kinds of linked lists of unbounded size as well as various other kinds of pointer structures of bounded size. The tool supports practically relevant forms of pointer arithmetic, block operations, address alignment, or memory reinterpretation. We present the overall architecture of the tool, along with selected implementation details of the tool as well as its extension into so-called Predator Hunting Party, which utilises multiple concurrently-running Predator analysers with various restrictions on their behaviour. Results of experiments with Predator within the SV-COMP competition as well as on our own benchmarks are provided.
△ Less
Submitted 27 March, 2024;
originally announced March 2024.
-
Low-Level Bi-Abduction
Authors:
Lukáš Holík,
Petr Peringer,
Adam Rogalewicz,
Veronika Šoková,
Tomáš Vojnar,
Florian Zuleger
Abstract:
The paper proposes a new static analysis designed to handle open programs, i.e., fragments of programs, with dynamic pointer-linked data structures - in particular, various kinds of lists - that employ advanced low-level pointer operations. The goal is to allow such programs be analysed without a need of writing analysis harnesses that would first initialise the structures being handled. The appro…
▽ More
The paper proposes a new static analysis designed to handle open programs, i.e., fragments of programs, with dynamic pointer-linked data structures - in particular, various kinds of lists - that employ advanced low-level pointer operations. The goal is to allow such programs be analysed without a need of writing analysis harnesses that would first initialise the structures being handled. The approach builds on a special flavour of separation logic and the approach of bi-abduction. The code of interest is analyzed along the call tree, starting from its leaves, with each function analysed just once without any call context, leading to a set of contracts summarizing the behaviour of the analysed functions. In order to handle the considered programs, methods of abduction existing in the literature are significantly modified and extended in the paper. The proposed approach has been implemented in a tool prototype and successfully evaluated on not large but complex programs.
△ Less
Submitted 5 May, 2022;
originally announced May 2022.
-
PredatorHP Attacks Interval-Sized Regions
Authors:
Michal Kotoun,
Petr Peringer,
Veronika Šoková,
Tomáš Vojnar
Abstract:
This paper describes shortly the basic principles of the PredatorHP (Predator Hunting Party) shape analyzer and presents its recent improvements. One of the most visible changes is the way PredatorHP handles interval-sized memory regions, which is particularly useful for dealing with arrays whose size is not fixed in advance. Further, the paper characterizes PredatorHP's participation in SV-COMP 2…
▽ More
This paper describes shortly the basic principles of the PredatorHP (Predator Hunting Party) shape analyzer and presents its recent improvements. One of the most visible changes is the way PredatorHP handles interval-sized memory regions, which is particularly useful for dealing with arrays whose size is not fixed in advance. Further, the paper characterizes PredatorHP's participation in SV-COMP 2019, pointing out its strengths and weakness and the way they were influenced by the latest changes in the tool.
△ Less
Submitted 16 September, 2019;
originally announced September 2019.
