Core Concepts
Predator Shape Analyser uses symbolic memory graphs for formal analysis of C code with low-level memory operations.
Abstract
The chapter focuses on the detailed description of the algorithms behind the Predator Shape Analyser.
It discusses the use of symbolic memory graphs for formal analysis and verification of C code.
Predator is highlighted for its ability to handle complex memory operations like pointer arithmetic and memory reinterpretation.
The chapter outlines the architecture of the tool and its extension into Predator Hunting Party.
Results of experiments with Predator in the SV-COMP competition are provided.
Stats
Predator is particularly suited for formal analysis and verification of sequential non-recursive C code.
Predator supports pointer arithmetic, block operations, address alignment, and memory reinterpretation.
SMGs allow handling cyclic, nested, and shared singly- as well as doubly-linked lists.
The join operator in Predator balances precision and efficiency in reducing the number of SMGs generated.
Predator Hunting Party contains multiple concurrently-running Predator analysers with different restrictions.
Quotes
"Predator can successfully handle many programs on which other state-of-the-art fully-automated approaches fail."
"Predator produces fewer false alarms than other tools and can discover bugs undetected by other tools."
"Predator Hunting Party contains several Predator hunters that can warn about errors but cannot prove programs correct."