This paper describes a compositional shape analysis, where each procedure is analyzed
independently of its callers. The analysis uses an abstract domain based on a restricted …

The accurate and efficient treatment of mutable data structures is one of the outstanding
problem areas in automatic program verification and analysis. Shape analysis is a form of …

Infer is a new automatic program verification tool aimed at proving memory safety of C
programs. It attempts to build a compositional proof of the program at hand by composing …

Pointer safety faults in device drivers are one of the leading causes of crashes in operating
systems code. In principle, shape analysis tools can be used to prove the absence of this …

Shape analyses are concerned with precise abstractions of the heap to capture detailed
structural properties. To do so, they need to build and decompose summaries of disjoint …

The magic wand-∗(also called separating implication) is a separation logic connective
commonly used to specify properties of partial data structures, for instance during iterative …

We present a logic for relating heap-manipulating programs to numeric abstractions. These
numeric abstractions are expressed as simple imperative programs over integer variables …

We present a general automated proof procedure, based upon cyclic proof, for inductive
entailments in separation logic. Our procedure has been implemented via a deep …

We show that the satisfiability problem for the" symbolic heap" fragment of separation logic
with general inductively defined predicates---which includes most fragments employed in …

We propose a new approach to shape analysis of programs with linked lists that use low-
level memory operations. Such operations include pointer arithmetic, safe usage of invalid …