, A memory region with five chunks

, 1 (a) refinement in one step, (b) stepwise refinement and (c) two refinement directions, vol.3

2 (a) refinement traces, (b) shared refinement trace t s, p.33 ,

, A partial view of the hierarchy of models and the case studies it covers 40

, Memory model of Separation Logic

, Syntax of a simple imperative language

, Concrete semantics of a simple imperative language, p.84

,

,

, Denotational semantics of the language

,

, Concrete state change at line 45

, 8 (a) concrete memory regions; (b) spatial atoms (c) graphical notations103

, Graph representation of an abstract heap

, , p.107

,

,

,

, , p.119

, , p.120

, Example of unfolding a heap list

, Hierarchical unfolding at line 38

, Hierarchical folding after line 38

Applying Assign M to assignment nxt:=nxt->fnx, p.137 ,

, Applying Assign A to assignment nxt+=nxt->size, p.138

, An example of applying Sbrk M on assignment: p:=sbrk(exp), p.142

, Abstract transformer of condition tests

,

, Spatial formulas at line 28 of allocation in 6

, denote singly resp. doubly linked list; "explicit" and "implicit" denote explicit resp. implicit heap list; "at start" and "at end" denote the two possible positions of the free chunk left after splitting), Three lasses of case studies

,

Most abstract specification A: signature, p.35 ,

, Most abstract specification A: invariants

, Most abstract specification A: rules

, Refinement of A for heap list models

, 2 Refinements of heap list operations for remove, insert, and search, vol.46

, Refinements of heap list operation for chunk splitting, p.47

, Basic chunk merging operations

, Refinements of heap list operation for chunk merging, p.49

, Refinements of method init for heap list

, Refinements of method alloc for heap list

52 4.10 Overview of heap list models ,

, States and invariants used by free list refinements; x ? {A, C} denotes refinements for the shape of the free list, p.55

, Refined removing operation on free list

, Refined inserting operation on free list

, Refined searching operation on free list

, Refinements of split operation on free list

, Refinements of merge operation on free list

Refinements of alloc method on free list, p.61 ,

, , p.61

, Overview of free list models

, Examples of refinement to code

,

, Syntax of sequence formulas

, Abstract operations of domains

, Rodin: an open toolset for modelling and reasoning in event-b, International journal on software tools for technology transfer, vol.12, issue.6, pp.447-466, 2010.

, Modeling in Event-B: system and software engineering, 2010.

Formal construction of a non-blocking concurrent queue algorithm (a case study in atomicity), J. UCS, vol.11, issue.5, pp.744-770, 2005. ,

URL : https://hal.archives-ouvertes.fr/inria-00000120

Refinement, decomposition, and instantiation of discrete models: Application to event-b. Fundamenta Informaticae, vol.77, pp.1-28, 2007. ,

Memory allocation in C. Embedded Systems Programming, pp.35-42, 2008. ,

Inside memory management ,

Interactive theorem proving and program development: Coq'Art: the calculus of inductive constructions ,

URL : https://hal.archives-ouvertes.fr/hal-00344237

,

, International Conference on Computer Aided Verification, pp.171-177, 2011.

A decidable fragment of separation logic, FSTTCS, vol.3328, pp.97-109, 2005. ,

Invariant synthesis for programs manipulating lists with unbounded data, APLAS, vol.3780, pp.72-88, 2005. ,

On inter-procedural analysis of programs with lists and data, PLDI, pp.578-589, 2011. ,

Accurate invariant checking for programs manipulating lists and arrays with infinite data, ATVA, vol.7561, pp.167-182, 2012. ,

Fast allocation and deallocation with an improved buddy system, Acta Informatica, vol.41, issue.4-5, pp.273-291, 2005. ,

A decision procedure for satisfiability in separation logic with inductive predicates, Proceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS), p.25, 2014. ,

,

Model checking for symbolic-heap separation logic with inductive predicates, ACM SIGPLAN Notices, vol.51, pp.84-96, 2016. ,

Parameters affecting the functionality of memory allocators, Communication software and networks (iccsn), 2011 ieee 3rd international conference on, pp.499-503 ,

, IEEE, 2011.

Recency-abstraction for heap-allocated storage, SAS, vol.4134, pp.221-239, 2006. ,

Safety analysis of systems, 2007. ,

Refinement calculus: a systematic introduction, 2012. ,

An incremental development of the mondex system in event-b. Formal Aspects of Computing, vol.20, pp.61-77, 2008. ,

Static determination of dynamic properties of programs, Proceedings of the 2nd International Symposium on Programming, 1976. ,

Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints, POPL, pp.238-252, 1977. ,

Static determination of dynamic properties of generalized type unions, In ACM SIGPLAN Notices, vol.12, pp.77-94, 1977. ,

Systematic design of program analysis frameworks, POPL, pp.269-282, 1979. ,

A survey on product operators in abstract interpretation, 2013. ,

Automated verification of shape, size and bag properties via user-defined predicates in separation logic, Science of Computer Programming, vol.77, issue.9, pp.1006-1036, 2012. ,

Beyond reachability: Shape abstraction in the presence of pointer arithmetic, Static Analysis, pp.176-194, 2001. ,

Automatic discovery of linear restraints among variables of a program, Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, pp.84-96, 1978. ,

Mostly-automated verification of low-level programs in computational separation logic, ACM SIGPLAN Notices, vol.46, pp.235-249, 2011. ,

Combinations of abstract domains for logic programming: Open product and generic pattern construction, Science of Computer Programming, vol.38, pp.27-71, 2000. ,

Modular construction of shape-numeric analyzers, Semantics, Abstract Interpretation, and Reasoning about Programs, vol.129, pp.161-185, 2013. ,

Computability and complexity results for a spatial assertion language for data structures, FSTTCS, vol.1, pp.108-119, 2001. ,

Verifying linearisability: A comparative survey, ACM Computing Surveys (CSUR), vol.48, issue.2, p.19, 2015. ,

Local shape analysis for overlaid data structures, SAS, vol.7935, pp.150-171, 2013. ,

Z3: An efficient smt solver, International conference on Tools and Algorithms for the Construction and Analysis of Systems, pp.337-340, 2008. ,

A local shape analysis based on separation logic, TACAS, vol.3920, pp.287-302, 2006. ,

Automated verification of heap-manipulating programs with infinite data, 2011. ,

Data refinement: model-oriented proof methods and their comparison, vol.47, 1998. ,

Survey report on memory allocation strategies for real time operating system in context with embedded devices, International Journal of Engineering Research and Applications (IJERA), vol.2, pp.1151-1156, 2012. ,

Compositional invariant checking for overlaid and nested linked lists, ESOP, vol.7792, pp.129-148, 2013. ,

URL : https://hal.archives-ouvertes.fr/hal-00768389

On automated lemma generation for separation logic with inductive definitions, ATVA, pp.80-96, 2015. ,

URL : https://hal.archives-ouvertes.fr/hal-01175732

Assigning meanings to programs, Program Verification, pp.65-81, 1993. ,

Hierarchical shape abstraction for analysis of free-list memory allocators, Proceedings of International Symposium on Logic-based Program Synthesis and Transformation, pp.151-167, 2016. ,

Formal modelling of list based dynamic memory allocators, Proceedings of the 2017 ACM SIG-PLAN International Symposium on Memory Management, pp.104-114, 2017. ,

A combination framework for tracking partition sizes, POPL, pp.239-251, 2009. ,

Lifting abstract interpreters to quantified logical domains, POPL, pp.235-246 ,

An axiomatic basis for computer programming, Communications of the ACM, vol.12, issue.10, pp.576-580, 1969. ,

Discovering properties about arrays in simple programs, PLDI, pp.339-348, 2008. ,

URL : https://hal.archives-ouvertes.fr/hal-00288274

Automated verification of practical garbage collectors, ACM SIGPLAN Notices, vol.44, pp.441-453, 2009. ,

The tree width of separation logic with recursive definitions, CADE, vol.7898, pp.21-38, 2013. ,

URL : https://hal.archives-ouvertes.fr/hal-01418897

Garbage collection: algorithms for automatic dynamic memory management, 1996. ,

Apron: A library of numerical abstract domains for static analysis, CAV, vol.5643, pp.661-667, 2009. ,

URL : https://hal.archives-ouvertes.fr/hal-00786354

sel4: Formal verification of an os kernel, Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, vol.483, pp.207-220, 1952. ,

, Julien Signoles, and Boris Yakobowski. Frama-C: A software analysis perspective. FAC, vol.27, pp.573-609, 1969.

The Art of Computer Programming, Volume I: Fundamental Algorithms, 1973. ,

The C Programming Language, Second Edition, 1988. ,

dlmalloc memory allocator, 2012. ,

A memory allocator, 1996. ,

Abstraction of arrays based on non contiguous partitions, International Workshop on Verification, Model Checking, and Abstract Interpretation, pp.282-299 ,

URL : https://hal.archives-ouvertes.fr/hal-01095985

, , 2015.

A decidable fragment in separation logic with inductive predicates and arithmetic, 2017. ,

Program analysis for overlaid data structures, CAV, vol.6806, pp.592-608, 2011. ,

Formal verification of the heap manager of an operating system using separation logic, ICFEM, vol.4260, pp.400-419, 2006. ,

Symbolic model checking, Symbolic Model Checking, pp.25-60, 1993. ,

A new numerical abstract domain based on difference-bound matrices, Programs as Data Objects, pp.155-172, 2001. ,

The octagon abstract domain, Proceedings. Eighth Working Conference on, pp.310-319, 2001. ,

Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics, LCTES, pp.54-63, 2006. ,

Model-based testing using scenarios and event-b refinements. Methods, Models and Tools for Fault Tolerance, vol.5454, pp.177-195, 2009. ,

A theoretical basis for stepwise refinement and the programming calculus, Science of Computer programming, vol.9, issue.3, pp.287-306, 1987. ,

Safety analysis of a cbtc system: A rigorous approach with event-b, Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification: Second International Conference, vol.10598, p.148, 2017. ,

TLSF: A new dynamic memory allocator for real-time systems ,

, ECRTS, pp.79-86, 2004.

Simplification by cooperating decision procedures, ACM Transactions on Programming Languages and Systems (TOPLAS), vol.1, issue.2, pp.245-257, 1979. ,

Separation logic+ superposition calculus= heap theorem prover, ACM SIGPLAN Notices, vol.46, issue.6, pp.556-566, 2011. ,

Isabelle/HOL: a proof assistant for higher-order logic, vol.2283 ,

Local reasoning about programs that alter data structures, Computer science logic, pp.1-19, 2001. ,

A survey of dynamic real-time memory management systems, 2007. ,

Buddy systems, Communications of the ACM, vol.20, issue.6, pp.421-431, 1977. ,

Real-time performance of dynamic memory allocation algorithms, Real-Time Systems, p.14, 2002. ,

, Euromicro Conference on, pp.41-49, 2002.

Automating separation logic using smt, CAV, vol.8044, pp.773-789, 2013. ,

Automatically refining partial specifications for heap-manipulating programs, Science of Computer Programming, vol.48, issue.6, pp.56-76, 2013. ,

Separation logic: A logic for shared mutable data structures, LICS, pp.55-74, 2002. ,

Topsy v3: A nodeos for network processors, 2nd International Workshop on Active Network Technologies and Applications (ANTA 2003), 2003. ,

Aircraft landing gear system: approaches with event-b to the modeling of an industrial system, International Journal on Software Tools for Technology Transfer, vol.19, issue.2, pp.141-166, 2017. ,

Formal development of a real-time operating system memory manager, 20th International Conference on Engineering of Complex Computer Systems, ICECCS 2015, pp.130-139, 2015. ,

A decision procedure for an extensional theory of arrays, Logic in Computer Science, 2001. Proceedings. 16th Annual IEEE Symposium on, pp.29-37, 2001. ,

Algorithm theories and design tactics, Science of Computer programming, vol.14, issue.2-3, pp.305-321, 1990. ,

Hierarchical shape abstraction of dynamic structures in static blocks, APLAS, volume 7705 of LNCS, pp.131-147, 2012. ,

URL : https://hal.archives-ouvertes.fr/hal-00760427

An improvement of tlsf algorithm, Real-Time Conference, pp.1-5, 2007. ,

,

,

CIVL: The concurrency intermediate verification language, SC15: International Conference for High Performance Computing, Networking, Storage and Analysis, Proceedings, SC '15, vol.61, pp.1-61, 2015. ,

A lattice-theoretical fixpoint theorem and its applications, Pacific journal of Mathematics, vol.5, issue.2, pp.285-309, 1955. ,

Types, bytes, and separation logic, ACM SIGPLAN Notices, vol.42, pp.97-108, 2007. ,

Types, bytes, and separation logic, ACM SIGPLAN Notices, vol.42, pp.97-108, 2007. ,

Abstract cofibered domains: Application to the alias analysis of untyped programs, SAS, volume 1145 of LNCS, pp.366-382, 1996. ,

Program development by stepwise refinement, Communications of the ACM, vol.26, issue.1, pp.70-74, 1983. ,

Dynamic storage allocation: A survey and critical review ,

, LNCS, vol.986, pp.1-116, 1995.

Dynamic storage allocation: A survey and critical review ,

, Memory Management, pp.1-116, 1995.

Eventbased formalization of safety-critical operating system standards: An experience report on arinc 653 using event-b, Software Reliability Engineering (ISSRE), pp.281-292, 2015. ,