Automated verification of shape, size and bag properties.

In recent years, separation logic has emerged as a contender for formal reasoning of heap-manipulating imperative programs. Recent works have focused on specialised provers that are mostly based on fixed sets of predicates. To improve expressivity, we have proposed a prover that can automatically handle user-defined predicates. These shape predicates allow programmers to describe a wide range of data structures with their associated size properties. In the current work, we shall enhance this prover by providing support for a new type of constraints, namely bag (multi-set) constraints. With this extension, we can capture the reachable nodes (or values) inside a heap predicate as a bag constraint. Consequently, we are able to prove properties about the actual values stored inside a data structure

Automated Specification Inference in a Combined Domain via User-Defined Predicates

Discovering program specifications automatically for heap-manipulating programs is a challenging task due\ud to the complexity of aliasing and mutability of data structures. This task is further complicated by an\ud expressive domain that combines shape, numerical and bag information. In this paper, we propose a compositional analysis framework that would derive the summary for each method in the expressive abstract\ud domain, independently from its callers. We propose a novel abstraction method with a bi-abduction technique in the combined domain to discover pre-/post-conditions that could not be automatically inferred\ud before. The analysis does not only infer memory safety properties, but also finds relationships between pure\ud and shape domains towards full functional correctness of programs. A prototype of the framework has been\ud implemented and initial experiments have shown that our approach can discover interesting properties for\ud non-trivial programs