Formal Methods in System Design

, Volume 37, Issue 2–3, pp 141–170 | Cite as

Reasoning about memory layouts

  • Holger Gast


Verification methods for memory-manipulating C programs need to address not only well-typed programs that respect invariants such as the split-heap memory model, but also programs that access through pointers arbitrary memory objects such as local variables, single struct fields, or array slices. We present a logic for memory layouts that covers these applications and show how proof obligations arising during the verification can be discharged automatically using the layouts. The framework developed in this way is also suitable for reasoning about data structures manipulated by algorithms, which we demonstrate by verifying the Schorr-Waite graph marking algorithm.


C verification Low-level memory models Pointer programs Schorr-Waite graph traversal 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Burstall R (1972) Some techniques for proving correctness of programs which alter data stuctures. In: Meltzer B, Michie D (eds) Machine intelligence, vol 7. Edinburgh University Press, Edinburgh Google Scholar
  2. 2.
    Smans J, Jacobs B, Piessens F, Schulte W (2008) An automatic verifier for Java-like programs based on dynamic frames. In: Fiadeiro JL, Inverardi P (eds) FASE. LNCS, vol 4961. Springer, Berlin, pp 261–275 Google Scholar
  3. 3.
    Filliâtre JC, Marché C (2007) The Why/Krakatoa/Caduceus platform for deductive program verification. In: Damm W, Hermanns H (eds) CAV. LNCS, vol 4590. Springer, Berlin, pp 173–177 Google Scholar
  4. 4.
    Banerjee A, Barnett M, Naumann DA (2008) Boogie meets regions: a verification experience report. In: Shankar N, Woodcock J (eds) VSTTE’08. LNCS, vol 5295. Springer, Berlin, pp 177–191 Google Scholar
  5. 5.
    Rakamaric Z, Hu AJ (2009) A scalable memory model for low-level code. In: Jones ND, Müller-Olm M (eds) Verification, model checking, and abstract interpretation, 10th international conference, VMCAI, 2009. LNCS, vol 5403. Springer, Berlin Google Scholar
  6. 6.
    O’Hearn PW, Reynolds JC, Yang H (2001) Local reasoning about programs that alter data structures. In: Proceedings of the 15th international workshop on computer science logic. LNCS, vol 2142. Springer, Berlin, pp 1–19 CrossRefGoogle Scholar
  7. 7.
    Gast H (2008) Lightweight separation. In: Ait Mohamed O, Munoz C, Tahar S (eds) Theorem proving in higher order logics 21st international conference, TPHOLs, 2008. LNCS, vol 5170. Springer, Berlin Google Scholar
  8. 8.
    Gast H (2009) Reasoning about memory layouts. In: Cavalcanti A, Dams D (eds) FM 2009: formal methods, second world congress. LNCS, vol 5850. Springer, Berlin Google Scholar
  9. 9.
    Bornat R (2000) Proving pointer programs in Hoare logic. In: Mathematics of program construction Google Scholar
  10. 10.
    Berdine J, Calcagno C, O’Hearn PW (2005) Smallfoot: Modular automatic assertion checking with separation logic. In: de Boer FS, Bonsangue MM, Graf S, de Roever WP (eds) FMCO. LNCS, vol 4111. Springer, Berlin, pp 115–137 Google Scholar
  11. 11.
    Norrish M (1998) C formalised in HOL. PhD thesis, University of Cambridge. Technical Report UCAM-CL-TR-453 Google Scholar
  12. 12.
    Dawson JE (2007) Isabelle theories for machine words. In: Seventh international workshop on automated verification of critical systems (AVOCS’07). ENTCS Google Scholar
  13. 13.
    Tuch H (2008) Structured types and separation logic. In: 3rd international workshop on systems software verification (SSV 08) Google Scholar
  14. 14.
    Schirmer N (2005) Verification of sequential imperative programs in Isabelle/HOL. PhD thesis, Technische Universität München Google Scholar
  15. 15.
    Kowaltowski T (1977) Axiomatic approach to side effects and general jumps. Acta Informatica 7:357–360 zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Cohen E, Moskal M, Schulte W, Tobies S (2009) A precise yet efficient memory model for C. In: 4th international workshop on systems software verification (SSV 2009). ENTCS, Elsevier Science BV Google Scholar
  17. 17.
    Reynolds JC (2002) Separation logic: a logic for shared mutable data structures. In: Proceedings of the 17th annual IEEE symposium on logic in computer science (LICS 02) Google Scholar
  18. 18.
    Paulson LC (1994) Isabelle—A Generic Theorem Prover. LNCS, vol 828. Springer, Berlin zbMATHGoogle Scholar
  19. 19.
    Austern MH (1998) Generic Programming and the STL—using and extending the C++ standard template library. Addison-Wesley, Reading Google Scholar
  20. 20.
    Gast H, Trieflinger J (2009) High-level reasoning about low-level programs. In: Roggenbach M (ed) Automated verification of critical systems 2009. Electronic Communications of the EASST, vol 23. EASST, New York Google Scholar
  21. 21.
    Tuerk T (2009) A formalisation of Smallfoot in HOL. In: Berghofer S, Nipkow T, Urban C, Wenzel M (eds) Theorem proving in higher order logics 22nd international conference, TPHOLs, 2009. LNCS, vol 5674. Springer, Berlin Google Scholar
  22. 22.
    Mehta F, Nipkow T (2005) Proving pointer programs in higher-order logic. Inf Comput 199(1–2):200–227 zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Hubert T, Marché C (2005) A case study of C source code verification: the Schorr-Waite algorithm. In: Aichernig BK, Beckert B (eds) SEFM. IEEE Computer Society, Los Alamitos, pp 190–199 Google Scholar
  24. 24.
    Bubel R (2007) The Schorr-Waite-algorithm. In: Beckert B, Hähnle R, Schmitt PH (eds) Verification of object-oriented software. The KeY approach. LNCS, vol 4334. Springer, New York Google Scholar
  25. 25.
    Yang H (2001) Local reasoning for stateful programs. PhD thesis, Graduate College of the University of Illinois at Urbana-Champaign Google Scholar
  26. 26.
    Giorgino M, Strecker M, Matthes R, Pantel M (2010) Verification of the Schorr-Waite algorithm—from trees to graphs. In: Logic-based program synthesis and transformation (LOPSTR) Google Scholar
  27. 27.
    Chaieb A, Wenzel M (2007) Context aware calculation and deduction. In: Calculemus ’07/MKM ’07: proceedings of the 14th symposium on towards mechanized mathematical assistants. Springer, Berlin, Heidelberg, pp 27–39 CrossRefGoogle Scholar
  28. 28.
    Haftmann F, Wenzel M (2009) Local theory specifications in Isabelle/Isar, pp 153–168 Google Scholar
  29. 29.
    McCreight A, Shao Z, Lin C, Li L (2007) A general framework for certifying garbage collectors and their mutators. SIGPLAN Not 42(6):468–479 CrossRefGoogle Scholar
  30. 30.
    McCreight A (2008) The mechanized verification of garbage collector implementations. PhD thesis, Department of Computer Science, Yale University Google Scholar
  31. 31.
    Torp-Smith N, Birkedal L, Reynolds JC (2008) Local reasoning about a copying garbage collector. ACM Trans Program Lang Syst 30(4):1–58 CrossRefGoogle Scholar
  32. 32.
    Hawblitzel C, Petrank E (2009) Automated verification of practical garbage collectors. SIGPLAN Not 44(1):441–453 CrossRefGoogle Scholar
  33. 33.
    Lin CX, Chen YY, Li L, Hua B (2007) Garbage collector verification for proof-carrying code. J Comput Sci Technol 22(3):426–437 CrossRefGoogle Scholar
  34. 34.
    Filliâtre JC, Marché C (2004) Multi-prover verification of C programs. In: Sixth international conference on formal engineering methods (ICFEM’04) Google Scholar
  35. 35.
    Kassios IT (2006) Dynamic frames: Support for framing, dependencies and sharing without restrictions. In: Misra J, Nipkow T, Sekerinski E (eds) FM. LNCS, vol 4085. Springer, Berlin, pp 268–283 Google Scholar
  36. 36.
    Greve D (2007) Scalable normalization for heap manipulating functions. In: International workshop on the ACL2 theorem prover and its applications Google Scholar
  37. 37.
    Berdine J, Calcagno C, Cook B, Distefano D, O’Hearn P, Wies T, Yang H (2007) Shape analysis of composite data structures. In: CAV 2007. LNCS, vol 4590. Springer, Heidelberg Google Scholar
  38. 38.
    Parkinson M, Bornat R, Calcagno C (2006) Variables as resource in Hoare logics. In: LICS ’06: proceedings of the 21st annual IEEE symposium on logic in computer science. IEEE Computer Society, Washington, pp 137–146 Google Scholar
  39. 39.
    Botincan M, Parkinson M, Schulte W (2009) Separation logic verification of C programs with an SMT solver. In: 4th international workshop on systems software verification (SSV 2009). Electronic notes in theoretical computer science. Elsevier Science, Amsterdam. Google Scholar
  40. 40.
    Chlipala A, Malecha G, Morrisett G, Shinnar A, Wisnesky R (2009) Effective interactive proofs for higher-order imperative programs. In: ICFP ’09: proceedings of the 14th ACM SIGPLAN international conference on functional programming. ACM, New York, pp 79–90 CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Wilhelm-Schickard-Institut für InformatikUniversity of TübingenTübingenGermany

Personalised recommendations