Abstract
We develop a shape analysis for reasoning about relational properties of data structures. Both the concrete and the abstract domain are represented by hypergraphs. The analysis is parameterized by user-supplied indexed graph grammars to guide concretization and abstraction. This novel extension of context-free graph grammars is powerful enough to model complex data structures such as balanced binary trees with parent pointers, while preserving most desirable properties of context-free graph grammars.
One strength of our analysis is that no artifacts apart from grammars are required from the user; it thus offers a high degree of automation. We implemented our analysis and successfully applied it to various programs manipulating AVL trees, (doubly-linked) lists, and combinations of both.
Matheja, C.—Supported by Deutsche Forschungsgemeinschaft (DFG) Grant NO 401/2-1.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We often draw multiple black circles, but they all correspond to the same location.
- 2.
Again, note that we consider a single execution path in this example. The full analysis also explores the cases in which X is substituted by \(z\) and \(sz\).
- 3.
External nodes are needed to define the semantics of nonterminal edges.
- 4.
I.e., \(v_{\mathtt {null}}= \textit{ext}(1)\) and for each \(e \in E\) with \(\textit{lab}(e) \in N\), we have \(\textit{att}(e)(1) = v_{\mathtt {null}}\).
- 5.
\(f \upharpoonright M\) denotes the restriction of function f to domain M and
. Moreover, function \(\textit{mod} = \{ \textit{ext}_{K}(k) \mapsto \textit{att}_{H}(e)(k) ~|~ 1 \le k \le |\textit{ext}_{K}| \} \cup \{ v \mapsto v ~|~ v \in V\setminus \textit{ext}_{K} \}\) is lifted to sequences of nodes by pointwise application. - 6.
\(H\left[ \nu \mapsto \rho \right] = (V_{H},E_{H},\textit{att}_{H},\textit{lab}_{H},\textit{ind},\textit{ext}_{H})\) with \(\textit{ind}= \{ \textit{ind}_{H}(e)\left[ \nu \mapsto \rho \right] ~|~ e \in E_{H} \}\).
- 7.
denotes sequential composition of f and g, i.e. 
. - 8.
https://github.com/moves-rwth/attestor-examples/releases/tag/v0.3.5-SEFM2018. Also confer the extended version [4].
. Moreover, function 
denotes sequential composition of f and g, i.e. 
.References
Abdulla, P.A., HolÃk, L., Jonsson, B., Lengál, O., Trinh, C.Q., Vojnar, T.: Verification of heap manipulating programs with ordered data by extended forest automata. Acta Inf. 53(4), 357–385 (2016)
Aho, A.V.: Indexed grammars - an extension of context-free grammars. J. ACM 15(4), 647–671 (1968)
Arndt, H., Jansen, C., Katoen, J.P., Matheja, C., Noll, T.: Let this graph be your witness! an attestor for verifying Java pointer programs. In: CAV (2018, to appear)
Arndt, H., Jansen, C., Matheja, C., Noll, T.: Heap abstraction beyond context-freeness. CoRR abs/1705.03754 (2017). http://arxiv.org/abs/1705.03754
Bar-Hillel, Y., Perles, M., Shamir, E.: On formal properties of simple phrase structure grammars. Sprachtypologie und Universalienforschung 14, 143–172 (1961)
Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Compositional shape analysis by means of bi-abduction. J. ACM 58(6), 26:1–26:66 (2011)
Chang, B.E., Rival, X.: Relational inductive shape analysis. In: POPL 2008, pp. 247–260. ACM (2008)
Chang, B.E., Rival, X.: Modular construction of shape-numeric analyzers. EPTCS 129, 161–185 (2013)
Chang, B.-Y.E., Rival, X., Necula, G.C.: Shape analysis with structural invariant checkers. In: Nielson, H.R., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 384–401. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74061-2_24
Chin, W., David, C., Nguyen, H.H., Qin, S.: Automated verification of shape, size and bag properties via user-defined predicates in separation logic. Sci. Comput. Program. 77(9), 1006–1036 (2012)
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL 1977, pp. 238–252. ACM (1977)
Cousot, P., Cousot, R.: Abstract interpretation frameworks. J. Log. Comput. 2(4), 511–547 (1992)
Ferrara, P., Fuchs, R., Juhasz, U.: TVAL+ : TVLA and value analyses together. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 63–77. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33826-7_5
Habel, A.: Hyperedge Replacement: Grammars and Languages. LNCS, vol. 643. Springer, Heidelberg (1992). https://doi.org/10.1007/BFb0013875
Heinen, J., Jansen, C., Katoen, J., Noll, T.: Juggrnaut: using graph grammars for abstracting unbounded heap structures. Form. Method. Syst. Des. 47(2), 159–203 (2015)
Jansen, C., Göbe, F., Noll, T.: Generating Inductive predicates for symbolic execution of pointer-manipulating programs. In: Giese, H., König, B. (eds.) ICGT 2014. LNCS, vol. 8571, pp. 65–80. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-09108-2_5
Jansen, C., Heinen, J., Katoen, J.-P., Noll, T.: A local Greibach normal form for hyperedge replacement grammars. In: Dediu, A.-H., Inenaga, S., MartÃn-Vide, C. (eds.) LATA 2011. LNCS, vol. 6638, pp. 323–335. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21254-3_25
Jansen, C., Katelaan, J., Matheja, C., Noll, T., Zuleger, F.: Unified reasoning about robustness properties of symbolic-heap separation logic. In: Yang, H. (ed.) ESOP 2017. LNCS, vol. 10201, pp. 611–638. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54434-1_23
Plump, D.: Checking graph-transformation systems for confluence. In: ECEASST, vol. 26 (2010)
Reps, T.W., Sagiv, M., Wilhelm, R.: Shape analysis and applications. In: Srikant, Y.N., Shankar, P. (eds.) The Compiler Design Handbook, 2nd edn. CRC Press, Boca Raton (2007)
Sagiv, S., Reps, T.W., Wilhelm, R.: Parametric shape analysis via 3-valued logic. In: POPL 1999, pp. 105–118. ACM (1999)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Arndt, H., Jansen, C., Matheja, C., Noll, T. (2018). Graph-Based Shape Analysis Beyond Context-Freeness. In: Johnsen, E., Schaefer, I. (eds) Software Engineering and Formal Methods. SEFM 2018. Lecture Notes in Computer Science(), vol 10886. Springer, Cham. https://doi.org/10.1007/978-3-319-92970-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-92970-5_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-92969-9
Online ISBN: 978-3-319-92970-5
eBook Packages: Computer ScienceComputer Science (R0)