, A memory region with five chunks

, 1 (a) refinement in one step, (b) stepwise refinement and (c) two refinement directions, vol.3

. .. , 2 (a) refinement traces, (b) shared refinement trace t s, p.33

, A partial view of the hierarchy of models and the case studies it covers 40

, Memory model of Separation Logic

, Syntax of a simple imperative language

, Concrete semantics of a simple imperative language, p.84

.. .. Program-syntax,

.. .. Memory,

, Denotational semantics of the language

.. .. ,

, Concrete state change at line 45

, 8 (a) concrete memory regions; (b) spatial atoms (c) graphical notations103

, Graph representation of an abstract heap

A. and H. .. , , p.107

. .. Abstract-value-of-m,

.. .. Abstract,

G. .. Example-of-foldlist,

. Example and G. .. Composelist, , p.119

. Example and G. .. Composeblk, , p.120

, Example of unfolding a heap list

, Hierarchical unfolding at line 38

, Hierarchical folding after line 38

. .. , Applying Assign M to assignment nxt:=nxt->fnx, p.137

, Applying Assign A to assignment nxt+=nxt->size, p.138

, An example of applying Sbrk M on assignment: p:=sbrk(exp), p.142

, Abstract transformer of condition tests

. .. A-client-program,

, Spatial formulas at line 28 of allocation in 6

, denote singly resp. doubly linked list; "explicit" and "implicit" denote explicit resp. implicit heap list; "at start" and "at end" denote the two possible positions of the free chunk left after splitting), Three lasses of case studies

.. .. Set,

. .. , Most abstract specification A: signature, p.35

, Most abstract specification A: invariants

, Most abstract specification A: rules

, Refinement of A for heap list models

, 2 Refinements of heap list operations for remove, insert, and search, vol.46

, Refinements of heap list operation for chunk splitting, p.47

, Basic chunk merging operations

, Refinements of heap list operation for chunk merging, p.49

, Refinements of method init for heap list

, Refinements of method alloc for heap list

. .. List, 52 4.10 Overview of heap list models

, States and invariants used by free list refinements; x ? {A, C} denotes refinements for the shape of the free list, p.55

, Refined removing operation on free list

, Refined inserting operation on free list

, Refined searching operation on free list

, Refinements of split operation on free list

, Refinements of merge operation on free list

. .. , Refinements of alloc method on free list, p.61

. .. Free-list, , p.61

, Overview of free list models

, Examples of refinement to code

.. .. Logic,

, Syntax of sequence formulas

, Abstract operations of domains

, Rodin: an open toolset for modelling and reasoning in event-b, International journal on software tools for technology transfer, vol.12, issue.6, pp.447-466, 2010.

J. Abrial, Modeling in Event-B: system and software engineering, 2010.

J. Abrial and D. Cansell, Formal construction of a non-blocking concurrent queue algorithm (a case study in atomicity), J. UCS, vol.11, issue.5, pp.744-770, 2005.
URL : https://hal.archives-ouvertes.fr/inria-00000120

J. Abrial and S. Hallerstede, Refinement, decomposition, and instantiation of discrete models: Application to event-b. Fundamenta Informaticae, vol.77, pp.1-28, 2007.

L. Aldridge, Memory allocation in C. Embedded Systems Programming, pp.35-42, 2008.

J. Bartlett, Inside memory management

Y. Bertot and P. Castéran, Interactive theorem proving and program development: Coq'Art: the calculus of inductive constructions
URL : https://hal.archives-ouvertes.fr/hal-00344237

C. Barrett, L. Christopher, M. Conway, L. Deters, D. Hadarean et al.,

C. Tinelli and . Cvc4, International Conference on Computer Aided Verification, pp.171-177, 2011.

J. Berdine, C. Calcagno, and P. W. O'hearn, A decidable fragment of separation logic, FSTTCS, vol.3328, pp.97-109, 2005.

J. Berdine, C. Calcagno, and P. W. O'hearn, Invariant synthesis for programs manipulating lists with unbounded data, APLAS, vol.3780, pp.72-88, 2005.

A. Bouajjani, C. Dragoi, C. Enea, and M. Sighireanu, On inter-procedural analysis of programs with lists and data, PLDI, pp.578-589, 2011.

A. Bouajjani, C. Dragoi, C. Enea, and M. Sighireanu, Accurate invariant checking for programs manipulating lists and arrays with infinite data, ATVA, vol.7561, pp.167-182, 2012.

E. D. Gerth-stølting-brodal, J. Demaine, and . Munro, Fast allocation and deallocation with an improved buddy system, Acta Informatica, vol.41, issue.4-5, pp.273-291, 2005.

J. Brotherston, C. Fuhs, J. Pérez, and N. Gorogiannis, A decision procedure for satisfiability in separation logic with inductive predicates, Proceedings of the Joint Meeting of the Twenty-Third EACSL Annual Conference on Computer Science Logic (CSL) and the Twenty-Ninth Annual ACM/IEEE Symposium on Logic in Computer Science (LICS), p.25, 2014.

J. Brotherston and N. Gorogiannis,

R. Rowe, Model checking for symbolic-heap separation logic with inductive predicates, ACM SIGPLAN Notices, vol.51, pp.84-96, 2016.

G. Barootkoob, M. Ehsan-musavi-khaneghah, S. Sharifi, and . Mirtaheri, Parameters affecting the functionality of memory allocators, Communication software and networks (iccsn), 2011 ieee 3rd international conference on, pp.499-503

, IEEE, 2011.

G. Balakrishnan and T. W. Reps, Recency-abstraction for heap-allocated storage, SAS, vol.4134, pp.221-239, 2006.

R. Aaron and . Bradley, Safety analysis of systems, 2007.

R. Back and J. Wright, Refinement calculus: a systematic introduction, 2012.

M. Butler and D. Yadav, An incremental development of the mondex system in event-b. Formal Aspects of Computing, vol.20, pp.61-77, 2008.

P. Cousot and R. Cousot, Static determination of dynamic properties of programs, Proceedings of the 2nd International Symposium on Programming, 1976.

P. Cousot and R. Cousot, Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints, POPL, pp.238-252, 1977.

P. Cousot and R. Cousot, Static determination of dynamic properties of generalized type unions, In ACM SIGPLAN Notices, vol.12, pp.77-94, 1977.

P. Cousot and R. Cousot, Systematic design of program analysis frameworks, POPL, pp.269-282, 1979.

A. Cortesi, G. Costantini, and P. Ferrara, A survey on product operators in abstract interpretation, 2013.

W. Chin, C. David, H. Huu, S. Nguyen, and . Qin, Automated verification of shape, size and bag properties via user-defined predicates in separation logic, Science of Computer Programming, vol.77, issue.9, pp.1006-1036, 2012.

C. Calcagno, D. Distefano, O. Peter, H. Hearn, ;. Yang et al., Beyond reachability: Shape abstraction in the presence of pointer arithmetic, Static Analysis, pp.176-194, 2001.

P. Cousot and N. Halbwachs, Automatic discovery of linear restraints among variables of a program, Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, pp.84-96, 1978.

A. Chlipala, Mostly-automated verification of low-level programs in computational separation logic, ACM SIGPLAN Notices, vol.46, pp.235-249, 2011.

A. Cortesi, P. Baudouin-le-charlier, and . Van-hentenryck, Combinations of abstract domains for logic programming: Open product and generic pattern construction, Science of Computer Programming, vol.38, pp.27-71, 2000.

E. Bor-yuh, X. Chang, and . Rival, Modular construction of shape-numeric analyzers, Semantics, Abstract Interpretation, and Reasoning about Programs, vol.129, pp.161-185, 2013.

C. Calcagno, H. Yang, and P. Hearn, Computability and complexity results for a spatial assertion language for data structures, FSTTCS, vol.1, pp.108-119, 2001.

B. Dongol and J. Derrick, Verifying linearisability: A comparative survey, ACM Computing Surveys (CSUR), vol.48, issue.2, p.19, 2015.

C. Dragoi, C. Enea, and M. Sighireanu, Local shape analysis for overlaid data structures, SAS, vol.7935, pp.150-171, 2013.

L. De-moura and N. Bjørner, Z3: An efficient smt solver, International conference on Tools and Algorithms for the Construction and Analysis of Systems, pp.337-340, 2008.

D. Distefano, W. Peter, H. O'hearn, and . Yang, A local shape analysis based on separation logic, TACAS, vol.3920, pp.287-302, 2006.

C. Dragoi, Automated verification of heap-manipulating programs with infinite data, 2011.

W. Roever, K. Engelhardt, and K. Buth, Data refinement: model-oriented proof methods and their comparison, vol.47, 1998.

D. Diwase, S. Shah, T. Diwase, and P. Rathod, Survey report on memory allocation strategies for real time operating system in context with embedded devices, International Journal of Engineering Research and Applications (IJERA), vol.2, pp.1151-1156, 2012.

C. Enea, V. Saveluc, and M. Sighireanu, Compositional invariant checking for overlaid and nested linked lists, ESOP, vol.7792, pp.129-148, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00768389

C. Enea, M. Sighireanu, and Z. Wu, On automated lemma generation for separation logic with inductive definitions, ATVA, pp.80-96, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01175732

W. Robert and . Floyd, Assigning meanings to programs, Program Verification, pp.65-81, 1993.

B. Fang and M. Sighireanu, Hierarchical shape abstraction for analysis of free-list memory allocators, Proceedings of International Symposium on Logic-based Program Synthesis and Transformation, pp.151-167, 2016.

B. Fang, M. Sighireanu-;-su-wen, A. Jeanraymond, Y. Qiao-lei, and . Mengfei, Formal modelling of list based dynamic memory allocators, Proceedings of the 2017 ACM SIG-PLAN International Symposium on Memory Management, pp.104-114, 2017.

S. Gulwani, T. Lev-ami, and S. Sagiv, A combination framework for tracking partition sizes, POPL, pp.239-251, 2009.

S. Gulwani, B. Mccloskey, and A. Tiwari, Lifting abstract interpreters to quantified logical domains, POPL, pp.235-246

C. Hoare, An axiomatic basis for computer programming, Communications of the ACM, vol.12, issue.10, pp.576-580, 1969.

N. Halbwachs and M. Péron, Discovering properties about arrays in simple programs, PLDI, pp.339-348, 2008.
URL : https://hal.archives-ouvertes.fr/hal-00288274

C. Hawblitzel and E. Petrank, Automated verification of practical garbage collectors, ACM SIGPLAN Notices, vol.44, pp.441-453, 2009.

R. Iosif, A. Rogalewicz, and J. Simacek, The tree width of separation logic with recursive definitions, CADE, vol.7898, pp.21-38, 2013.
URL : https://hal.archives-ouvertes.fr/hal-01418897

R. Jones, D. Rafael, and . Lins, Garbage collection: algorithms for automatic dynamic memory management, 1996.

B. Jeannet and A. Miné, Apron: A library of numerical abstract domains for static analysis, CAV, vol.5643, pp.661-667, 2009.
URL : https://hal.archives-ouvertes.fr/hal-00786354

. Stephen-cole-kleene, . Ng-de-bruijn, A. De-groot, K. Cornelis-zaanen-;-gerwin-klein, G. Elphinstone et al., sel4: Formal verification of an os kernel, Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, vol.483, pp.207-220, 1952.

C. James, . King, ;. Program, N. Kirchner, V. Kosmatov et al., Julien Signoles, and Boris Yakobowski. Frama-C: A software analysis perspective. FAC, vol.27, pp.573-609, 1969.

D. E. Knuth, The Art of Computer Programming, Volume I: Fundamental Algorithms, 1973.

B. W. Kernighan and D. Ritchie, The C Programming Language, Second Edition, 1988.

D. Lea, dlmalloc memory allocator, 2012.

D. Lea and W. Gloger, A memory allocator, 1996.

J. Liu and X. Rival, Abstraction of arrays based on non contiguous partitions, International Workshop on Verification, Model Checking, and Abstract Interpretation, pp.282-299
URL : https://hal.archives-ouvertes.fr/hal-01095985

. Springer, , 2015.

M. Quang-loc-le, J. Tatsuta, W. Sun, and . Chin, A decidable fragment in separation logic with inductive predicates and arithmetic, 2017.

O. Lee, H. Yang, and R. Petersen, Program analysis for overlaid data structures, CAV, vol.6806, pp.592-608, 2011.

N. Marti, R. Affeldt, and A. Yonezawa, Formal verification of the heap manager of an operating system using separation logic, ICFEM, vol.4260, pp.400-419, 2006.

. Kenneth-l-mcmillan, Symbolic model checking, Symbolic Model Checking, pp.25-60, 1993.

A. Miné, A new numerical abstract domain based on difference-bound matrices, Programs as Data Objects, pp.155-172, 2001.

A. Miné, The octagon abstract domain, Proceedings. Eighth Working Conference on, pp.310-319, 2001.

A. Miné, Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics, LCTES, pp.54-63, 2006.

A. Qaisar, J. Malik, L. Lilius, and . Laibinis, Model-based testing using scenarios and event-b refinements. Methods, Models and Tools for Fault Tolerance, vol.5454, pp.177-195, 2009.

M. Joseph and . Morris, A theoretical basis for stepwise refinement and the programming calculus, Science of Computer programming, vol.9, issue.3, pp.287-306, 1987.

L. Mussat, T. Pierre, and D. Sabatier, Safety analysis of a cbtc system: A rigorous approach with event-b, Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification: Second International Conference, vol.10598, p.148, 2017.

M. Masmano, I. Ripoll, A. Crespo, and J. Real, TLSF: A new dynamic memory allocator for real-time systems

, ECRTS, pp.79-86, 2004.

G. Nelson and D. C. Oppen, Simplification by cooperating decision procedures, ACM Transactions on Programming Languages and Systems (TOPLAS), vol.1, issue.2, pp.245-257, 1979.

J. A. , N. Pérez, and A. Rybalchenko, Separation logic+ superposition calculus= heap theorem prover, ACM SIGPLAN Notices, vol.46, issue.6, pp.556-566, 2011.

T. Nipkow, C. Lawrence, M. Paulson, and . Wenzel, Isabelle/HOL: a proof assistant for higher-order logic, vol.2283

O. Peter, J. Hearn, H. Reynolds, and . Yang, Local reasoning about programs that alter data structures, Computer science logic, pp.1-19, 2001.

H. Payer, A survey of dynamic real-time memory management systems, 2007.

L. James, T. Peterson, and . Norman, Buddy systems, Communications of the ACM, vol.20, issue.6, pp.421-431, 1977.

I. Puaut, Real-time performance of dynamic memory allocation algorithms, Real-Time Systems, p.14, 2002.

, Euromicro Conference on, pp.41-49, 2002.

R. Piskac, T. Wies, and D. Zufferey, Automating separation logic using smt, CAV, vol.8044, pp.773-789, 2013.

X. Qiu, P. Garg, A. , P. Madhusudan-;-shengchao-qin, G. He et al., Automatically refining partial specifications for heap-manipulating programs, Science of Computer Programming, vol.48, issue.6, pp.56-76, 2013.

J. C. Reynolds, Separation logic: A logic for shared mutable data structures, LICS, pp.55-74, 2002.

L. Ruf, C. Jeker, B. Lutz, and B. Plattner, Topsy v3: A nodeos for network processors, 2nd International Workshop on Active Network Technologies and Applications (ANTA 2003), 2003.

W. Su and J. Abrial, Aircraft landing gear system: approaches with event-b to the modeling of an industrial system, International Journal on Software Tools for Technology Transfer, vol.19, issue.2, pp.141-166, 2017.

W. Su and J. Abrial, Formal development of a real-time operating system memory manager, 20th International Conference on Engineering of Complex Computer Systems, ICECCS 2015, pp.130-139, 2015.

A. Stump, W. Clark, D. L. Barrett, J. Dill, and . Levitt, A decision procedure for an extensional theory of arrays, Logic in Computer Science, 2001. Proceedings. 16th Annual IEEE Symposium on, pp.29-37, 2001.

R. Douglas, . Smith, and . Michael-r-lowry, Algorithm theories and design tactics, Science of Computer programming, vol.14, issue.2-3, pp.305-321, 1990.

P. Sotin and X. Rival, Hierarchical shape abstraction of dynamic structures in static blocks, APLAS, volume 7705 of LNCS, pp.131-147, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00760427

X. Sun, J. Wang, and X. Chen, An improvement of tlsf algorithm, Real-Time Conference, pp.1-5, 2007.

F. Stephen, M. Siegel, Z. Zheng, . Luo, and K. Timothy,

A. V. Zirkel, J. G. Marianiello, . Edenhofner, and B. Matthew,

M. S. Dwyer and . Rogers, CIVL: The concurrency intermediate verification language, SC15: International Conference for High Performance Computing, Networking, Storage and Analysis, Proceedings, SC '15, vol.61, pp.1-61, 2015.

A. Tarski, A lattice-theoretical fixpoint theorem and its applications, Pacific journal of Mathematics, vol.5, issue.2, pp.285-309, 1955.

H. Tuch, G. Klein, and M. Norrish, Types, bytes, and separation logic, ACM SIGPLAN Notices, vol.42, pp.97-108, 2007.

H. Tuch, G. Klein, and M. Norrish, Types, bytes, and separation logic, ACM SIGPLAN Notices, vol.42, pp.97-108, 2007.

A. Venet, Abstract cofibered domains: Application to the alias analysis of untyped programs, SAS, volume 1145 of LNCS, pp.366-382, 1996.

W. Niklaus, Program development by stepwise refinement, Communications of the ACM, vol.26, issue.1, pp.70-74, 1983.

P. R. Wilson, M. S. Johnstone, M. Neely, and D. Boles, Dynamic storage allocation: A survey and critical review

I. In, LNCS, vol.986, pp.1-116, 1995.

. Paul-r-wilson, S. Mark, M. Johnstone, D. Neely, and . Boles, Dynamic storage allocation: A survey and critical review

, Memory Management, pp.1-116, 1995.

Y. Zhao, Z. Yang, D. Sanán, and Y. Liu, Eventbased formalization of safety-critical operating system standards: An experience report on arinc 653 using event-b, Software Reliability Engineering (ISSRE), pp.281-292, 2015.