SpringerLink - Book Chapter

A Reachability Predicate for Analyzing Low-Level Software

Book Series

Lecture Notes in Computer Science

Publisher

Springer Berlin / Heidelberg

ISSN

0302-9743 (Print) 1611-3349 (Online)

Volume

Volume 4424/2007

Book

Tools and Algorithms for the Construction and Analysis of Systems

DOI

10.1007/978-3-540-71209-1

2007

ISBN

978-3-540-71208-4

DOI

10.1007/978-3-540-71209-1_4

Pages

19-33

Subject Collection

Computer Science

SpringerLink Date

Thursday, July 05, 2007

A Reachability Predicate for Analyzing Low-Level Software

Shaunak Chatterjee¹, Shuvendu K. Lahiri², Shaz Qadeer² and Zvonimir Rakamarić³

(1)	Indian Institute of Technology, Kharagpur,

(2)	Microsoft Research,

(3)	University of British Columbia,

Abstract

Reasoning about heap-allocated data structures such as linked lists and arrays is challenging. The reachability predicate has proved to be useful for reasoning about the heap in type-safe languages where memory is manipulated by dereferencing object fields. Sound and precise analysis for such data structures becomes significantly more challenging in the presence of low-level pointer manipulation that is prevalent in systems software.

In this paper, we give a novel formalization of the reachability predicate in the presence of internal pointers and pointer arithmetic. We have designed an annotation language for C programs that makes use of the new predicate. This language enables us to specify properties of many interesting data structures present in the Windows kernel. We present preliminary experience with a prototype verifier on a set of illustrative C benchmarks.

A Reachability Predicate for Analyzing Low-Level Software

Fulltext Preview (Small, Large)