Advertisement

Acta Informatica

, Volume 53, Issue 4, pp 357–385 | Cite as

Verification of heap manipulating programs with ordered data by extended forest automata

  • Parosh Aziz Abdulla
  • Lukáš Holík
  • Bengt Jonsson
  • Ondřej LengálEmail author
  • Cong Quy Trinh
  • Tomáš Vojnar
Original Article

Abstract

We present a general framework for verifying programs with complex dynamic linked data structures whose correctness depends on ordering relations between stored data values. The underlying formalism of our framework is that of forest automata (FA), which has previously been developed for verification of heap-manipulating programs. We extend FA with constraints between data elements associated with nodes of the heaps represented by FA, and we present extended versions of all operations needed for using the extended FA in a fully-automated verification approach, based on abstract interpretation. We have implemented our approach as an extension of the Forester tool and successfully applied it to a number of programs dealing with data structures such as various forms of singly- and doubly-linked lists, binary search trees, as well as skip lists.

Notes

Acknowledgments

We thank the anonymous reviewers for their useful feedback on the paper.

References

  1. 1.
    Abdulla, P.A., Atto, M., Cederberg, J., Ji, R.: Automated analysis of data-dependent programs with dynamic memory. In Proceedings of the 7th International Symposium on Automated Technology for Verification and Analysis–ATVA’09, volume 5799 of LNCS, pp. 197–212. Springer, Berlin (2009)Google Scholar
  2. 2.
    Abdulla, P.A., Haziza, F., Holík, L., Jonsson, B., Rezine, A.: An integrated specification and verification technique for highly concurrent data structures. In Proceedings of the 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems–TACAS’13, volume 7795 of LNCS, pp. 324–338. Springer (2013)Google Scholar
  3. 3.
    Abdulla, P., Holík, L., Jonsson, B., Lengál, O., Trinh, C. Q., Vojnar, T.: Verification of heap manipulating programs with ordered data by extended forest automata. In Proceedings of the 11th International Symposium on Automated Technology for Verification and Analysis–ATVA’13, volume 8172 of LNCS, pp. 224–239. Springer (2013)Google Scholar
  4. 4.
    Beyer, D., Henzinger, T.A., Théoduloz, G.: Lazy shape analysis. In Proceedings of the 18th International Conference on Computer Aided Verification–CAV’06, volume 4144 of LNCS, pp. 532–546. Springer (2006)Google Scholar
  5. 5.
    Bingham, J., Rakamarić, Z.: A logic and decision procedure for predicate abstraction of heap-manipulating programs. In Proceedings of the 7th International Conference on Verification, Model Checking, and Abstract Interpretation–VMCAI’06, volume 3855 of LNCS, pp. 207–221. Springer (2006)Google Scholar
  6. 6.
    Bouajjani, A., Bozga, M., Habermehl, P., Iosif, R., Moro, P., Vojnar, T.: Programs with lists are counter automata. Form. Methods Syst. Des. 38(2), 158–192 (2011)CrossRefzbMATHGoogle Scholar
  7. 7.
    Bouajjani, A., Drăgoi, C., Enea, C., Sighireanu, M.: Accurate invariant checking for programs manipulating lists and arrays with infinite data. In Proceedings of the 10th International Symposium on Automated Technology for Verification and Analysis–ATVA’12, volume 7561 of LNCS, pp 167–182. Springer (2012)Google Scholar
  8. 8.
    Bouajjani, A., Habermehl, P., Rogalewicz, A., Vojnar, T.: Abstract regular (tree) model checking. Int. J. Softw. Tools Technol. Transf. 14(2), 167–191 (2012)CrossRefzbMATHGoogle Scholar
  9. 9.
    Chang, B.-Y. E., Rival, X.: Relational inductive shape analysis. In Proceedings of the 35th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages–POPL’08, pp. 247–260. ACM (2008)Google Scholar
  10. 10.
    Chang, B.-Y.E., Rival, X., Necula, G.C.: Shape analysis with structural invariant checkers. In Proceedings of the 14th International Static Analysis Symposium–SAS’07, volume 4634 of LNCS, pp. 384–401. Springer (2007)Google Scholar
  11. 11.
    Chatterjee, S., Lahiri, S. K., Qadeer, S., Rakaramarić, Z.: A reachability predicate for analyzing low-level software. In Proceedings of the 13th International Conference on Tools and Algorithms for the Construction and Analysis of Systems–TACAS’07, volume 4424 of LNCS, pp. 19–33. Springer (2007)Google Scholar
  12. 12.
    Chin, W.-N., David, C., Nguyen, H.H., Qin, S.: Automated verification of shape, size and bag properties via user-defined predicates in separation logic. Sci. Comput. Program. 77(9), 1006–1036 (2012)CrossRefzbMATHGoogle Scholar
  13. 13.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages–POPL’77, pp. 238–252. ACM (1977)Google Scholar
  14. 14.
    Dudka, K., Peringer, P., Vojnar, T.: Byte-precise verification of low-level list manipulation. In Proceedings of the 20th International Static Analysis Symposium–SAS’13, volume 7935 of LNCS, pp. 215–237. Springer (2013)Google Scholar
  15. 15.
    Habermehl, P., Holík, L., Rogalewicz, A., Šimáček, J., Vojnar, T.: Forest automata for verification of heap manipulation. Form. Methods Syst. Des. 41(1), 83–106 (2012)CrossRefzbMATHGoogle Scholar
  16. 16.
    Heinen, J., Noll, T., Rieger, S.: Juggrnaut: Graph grammar abstraction for unbounded heap structures. In Proceedings of the 3rd International Workshop on Harnessing Theories for Tool Support in Software–TTSS’09, volume 266 of ENTCS, pp. 93–107. Elsevier (2010)Google Scholar
  17. 17.
    Holík, L., Lengál, O., Rogalewicz, A., Šimáček, J., Vojnar, T.: Fully automated shape analysis based on forest automata. In Proceedings of the 25th International Conference on Computer Aided Verification–CAV’13, volume 8044 of LNCS, pp. 740–755. Springer (2013)Google Scholar
  18. 18.
    Jensen, J.L., Jørgensen, M. E., Schwartzbach, M. I., Klarlund, N.: Automatic verification of pointer programs using monadic second-order logic. In Proceedings of the 1997 ACM SIGPLAN Conference on Programming Language Design and Implementation–PLDI’97, pp. 226–234. ACM (1997)Google Scholar
  19. 19.
    Lahiri, S.K., Qadeer, S.: Back to the future: revisiting precise program verification using SMT solvers. In Proceedings of the 35th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages–POPL’08, pp. 171–182. ACM (2008)Google Scholar
  20. 20.
    Loginov, A., Reps, T., Sagiv, M.: Abstraction refinement via inductive learning. In Proceedings of the 17th International Conference on Computer Aided Verification–CAV’05, volume 3576 of LNCS, pp. 519–533. Springer (2005)Google Scholar
  21. 21.
    Magill, S., Tsai, M.-H., Lee, P., Tsay, Y.-K.: Automatic numeric abstractions for heap-manipulating programs. In Proceedings of the 37th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages–POPL’10, pp. 211–222. ACM (2010)Google Scholar
  22. 22.
    McPeak, S., Necula, G.C.: Data structure specifications via local equality axioms. In Proceedings of the 17th International Conference on Computer Aided Verification–CAV’05, volume 3576 of LNCS, pp. 476–490. Springer (2005)Google Scholar
  23. 23.
    Pugh, W.: Skip lists: a probabilistic alternative to balanced trees. Commun ACM 33(6), 668–676 (1990)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Qin, S., He, G., Luo, C., Chin, W.-N., Chen, X.: Loop invariant synthesis in a combined abstract domain. J. Symb. Comput. 50, 386–408 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Rakamarić, Z., Bruttomesso, R., Hu, A.J., Cimatti, A.: Verifying heap-manipulating programs in an SMT framework. In Proceedings of the 5th International Symposium on Automated Technology for Verification and Analysis–ATVA’07, volume 4762 of LNCS, pp. 237–252. Springer (2007)Google Scholar
  26. 26.
    Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24(3), 217–298 (2002)CrossRefGoogle Scholar
  27. 27.
    Wies, T., Kuncak, V., Zee, K., Podelski, A., Rinard, M.: On verifying complex properties using symbolic shape analysis. In Proceedings of Heap Analysis and Verification 2007–HAV’07 (2007)Google Scholar
  28. 28.
    Wies, T., Podelski, A.: Counterexample-guided focus. In Proceedings of the 37th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages–POPL’10, pp. 249–260. ACM (2010)Google Scholar
  29. 29.
    Yang, H., Lee, O., Berdine, J., Calcagno, C., Cook, B., Distefano, D., O’Hearn, P.W.: Scalable shape analysis for systems code. In Proceedings of the 20th International Conference on Computer Aided Verification–CAV’08, volume 5123 of LNCS, pp. 385–398. Springer (2008)Google Scholar
  30. 30.
    Zee, K., Kuncak, V., Rinard, M.C.: Full functional verification of linked data structures. In Proceedings of the 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation–PLDI’08, pp. 349–361. ACM (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Parosh Aziz Abdulla
    • 1
  • Lukáš Holík
    • 2
  • Bengt Jonsson
    • 1
  • Ondřej Lengál
    • 2
    Email author
  • Cong Quy Trinh
    • 1
  • Tomáš Vojnar
    • 2
  1. 1.Department of Information TechnologyUppsala UniversityUppsalaSweden
  2. 2.FIT, IT4Innovations Centre of ExcellenceBrno University of TechnologyBrnoCzech Republic

Personalised recommendations