Compositional Shape Analysis with Shared Abduction and Biabductive Loop Acceleration

Simple item page
dc.contributor.authorSextl, Floriancs
dc.contributor.authorRogalewicz, Adamcs
dc.contributor.authorVojnar, Tomášcs
dc.contributor.authorZuleger, Floriancs
dc.date.accessioned2025-10-21T08:05:18Z
dc.date.available2025-10-21T08:05:18Z
dc.date.issued2025-05-01cs
dc.description.abstractBiabduction-based shape analysis is a compositional verification and analysis technique that can prove memory safety in the presence of complex, linked data structures. Despite its usefulness, several open problems persist for this kind of analysis; two of which we address in this paper. On the one hand, the original analysis is path-sensitive but cannot combine safety requirements for related branches. This causes the analysis to require additional soundness checks and increases the space for the analysis to become incomplete. We extend the underlying symbolic execution and propose a framework for shared abduction where a common pre-condition is maintained for related computation branches.On the other hand, prior proposals lift loop acceleration methods from forward analysis to biabduction analysis by applying them separately on the pre- and post-condition, which can lead to imprecise or even unsound acceleration results that do not form a loop invariant. In contrast, we propose biabductive loop acceleration, which explicitly constructs and checks candidate loop invariants. For this, we also introduce a novel heuristic called shape extrapolation. This heuristic takes advantage of locality in the handling of list-like data structures (which are the most common data structures found in low-level code) and jointly accelerates pre- and post-conditions by extrapolating the related shapes.In addition to making the analysis more precise, our techniques also make biabductive analysis more efficient since they are sound in just one analysis phase. In contrast, prior techniques always require two phases (as the first phase can produce contracts that are unsound and must hence be verified). We experimentally confirm that our techniques improve on prior techniques; both in terms of precision and runtime of the analysis.en
dc.description.abstractBiabduction-based shape analysis is a compositional verification and analysis technique that can prove memory safety in the presence of complex, linked data structures. Despite its usefulness, several open problems persist for this kind of analysis; two of which we address in this paper. On the one hand, the original analysis is path-sensitive but cannot combine safety requirements for related branches. This causes the analysis to require additional soundness checks and increases the space for the analysis to become incomplete. We extend the underlying symbolic execution and propose a framework for shared abduction where a common pre-condition is maintained for related computation branches.On the other hand, prior proposals lift loop acceleration methods from forward analysis to biabduction analysis by applying them separately on the pre- and post-condition, which can lead to imprecise or even unsound acceleration results that do not form a loop invariant. In contrast, we propose biabductive loop acceleration, which explicitly constructs and checks candidate loop invariants. For this, we also introduce a novel heuristic called shape extrapolation. This heuristic takes advantage of locality in the handling of list-like data structures (which are the most common data structures found in low-level code) and jointly accelerates pre- and post-conditions by extrapolating the related shapes.In addition to making the analysis more precise, our techniques also make biabductive analysis more efficient since they are sound in just one analysis phase. In contrast, prior techniques always require two phases (as the first phase can produce contracts that are unsound and must hence be verified). We experimentally confirm that our techniques improve on prior techniques; both in terms of precision and runtime of the analysis.en
dc.formattextcs
dc.format.extent230-257cs
dc.format.mimetypeapplication/pdfcs
dc.identifier.citationLecture Notes in Computer Science. 2025, p. 230-257.en
dc.identifier.doi10.1007/978-3-031-91121-7_10cs
dc.identifier.isbn978-3-031-91121-7cs
dc.identifier.issn0302-9743cs
dc.identifier.orcid0009-0003-5839-0726cs
dc.identifier.orcid0000-0002-7911-0549cs
dc.identifier.orcid0000-0002-2746-8792cs
dc.identifier.other194217cs
dc.identifier.researcheridFSO-2614-2022cs
dc.identifier.researcheridK-5057-2015cs
dc.identifier.scopus11838850600cs
dc.identifier.scopus8727483800cs
dc.identifier.urihttps://hdl.handle.net/11012/255591
dc.language.isoencs
dc.publisherSpringercs
dc.relation.ispartofLecture Notes in Computer Sciencecs
dc.relation.urihttps://link.springer.com/chapter/10.1007/978-3-031-91121-7_10cs
dc.rightsCreative Commons Attribution 4.0 Internationalcs
dc.rights.accessopenAccesscs
dc.rights.sherpahttp://www.sherpa.ac.uk/romeo/issn/0302-9743/cs
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/cs
dc.subjectshape analysisen
dc.subjectbiabductionen
dc.subjectshape analysis
dc.subjectbiabduction
dc.titleCompositional Shape Analysis with Shared Abduction and Biabductive Loop Accelerationen
dc.title.alternativeCompositional Shape Analysis with Shared Abduction and Biabductive Loop Accelerationen
dc.type.driverconferenceObjecten
dc.type.statusPeer-revieweden
dc.type.versionpublishedVersionen
eprints.grantNumberinfo:eu-repo/grantAgreement/GA0/GA/GA23-06506Scs
sync.item.dbidVAV-194217en
sync.item.dbtypeVAVen
sync.item.insts2025.10.21 10:05:18en
sync.item.modts2025.10.21 09:32:51en
thesis.grantorVysoké učení technické v Brně. . Technische Universität Wiencs
thesis.grantorVysoké učení technické v Brně. Fakulta informačních technologií. Ústav inteligentních systémůcs
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
9783031911217_10.pdf
Size:
471.64 KB
Format:
Adobe Portable Document Format
Description:
file 9783031911217_10.pdf
Download
Collections
Ústav inteligentních systémů