Deciding Memory Safety for Single-Pass Heap-Manipulating Programs

June 29, 2019 · Entered Twilight · 🏛 Proc. ACM Program. Lang.

"Last commit was 6.0 years ago (≥5 year threshold)"

Evidence collected by the PWNC Scanner

Repo contents: LICENSE.txt, README.txt, ast.ml, dune, dune-project, execution.ml, fixpoint.ml, main.ml, mylexer.mll, myparser.mly, scripts, state.ml, tests, typechecker.ml, typechecker.mli

Authors Umang Mathur, Adithya Murali, Paul Krogmeier, P. Madhusudan, Mahesh Viswanathan arXiv ID 1907.00298 Category cs.PL: Programming Languages Cross-listed cs.FL, cs.LO, cs.SE Citations 10 Venue Proc. ACM Program. Lang. Repository https://github.com/umangm/streamverif Last Checked 1 month ago

Abstract

We investigate the decidability of automatic program verification for programs that manipulate heaps, and in particular, decision procedures for proving memory safety for them. We extend recent work that identified a decidable subclass of uninterpreted programs to a class of alias-aware programs that can update maps. We apply this theory to develop verification algorithms for memory safety--- determining if a heap-manipulating program that allocates and frees memory locations and manipulates heap pointers does not dereference an unallocated memory location. We show that this problem is decidable when the initial allocated heap forms a forest data-structure and when programs are streaming-coherent, which intuitively restricts programs to make a single pass over a data-structure. Our experimental evaluation on a set of library routines that manipulate forest data-structures shows that common single-pass algorithms on data-structures often fall in the decidable class, and that our decision procedure is efficient in verifying them.