Formal Methods in System Design

, Volume 38, Issue 2, pp 158–192 | Cite as

Programs with lists are counter automata

  • Ahmed Bouajjani
  • Marius Bozga
  • Peter Habermehl
  • Radu Iosif
  • Pierre Moro
  • Tomáš Vojnar
Article

Abstract

We address the problem of verifying programs manipulating one-selector linked data structures. We propose and study in detail an application of counter automata as an accurate abstract model for this problem. We let control states of the counter automata correspond to abstract heap graphs where list segments without sharing are collapsed, and use counters to keep track of the number of elements in these segments. As a significant theoretical result, we show that the obtained counter automata are bisimilar to the original programs. Moreover, from a practical point of view, our translation allows one to apply efficient automatic analysis techniques and tools developed for counter automata (integer programs) in order to verify both safety as well as termination of list-manipulating programs. As another theoretical contribution, we prove that if the control of the generated counter automata does not contain nested loops (i.e., these automata are flat), both safety and termination are decidable for the original programs. Subsequently, we generalise our counter-automata-based model to keep track of ordering properties over lists storing ordered data. Finally, we show effectiveness of our approach by verifying automatically safety as well as termination of several sorting programs.

Keywords

Formal verification Programs with singly-linked lists Safety and termination Counter automata Bisimulation Lists with ordered data 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abdulla PA, Bouajjani A, Cederberg J, Haziza F, Rezine A (2008) Monotonic abstraction for programs with dynamic memory heaps. In: Proc of CAV’08. LNCS, vol 5123. Springer, Berlin Google Scholar
  2. 2.
    Annichini A, Bouajjani A, Sighireanu M (2001) TReX: A tool for reachability analysis of complex systems. In: Proc of CAV’01. LNCS, vol 2102 Google Scholar
  3. 3.
    Balaban I, Pnueli A, Zuck LD (2005) Shape analysis by predicate abstraction. In: Proc of VMCAI’05. LNCS, vol 3385. Springer, Berlin Google Scholar
  4. 4.
    Baldan P, Corradini A, Esparza J, Heindel T, König B, Kozioura V (2005) Verifying red-black trees. In: Proc of COSMICAH’05, Technical report RR-05-04. Queen Mary, University of London Google Scholar
  5. 5.
    Bardin S, Finkel A, Nowak D (2004) Toward symbolic verification of programs handling pointers. In: Proc of AVIS’04 Google Scholar
  6. 6.
    Bardin S, Finkel A, Leroux J, Petrucci L (2003) FAST: Fast acceleration of symbolic transition systems. In: Proc of CAV’03. LNCS, vol 2725 Google Scholar
  7. 7.
    Bardin S, Finkel A, Lozes E (2006) From pointer systems to counter systems using shape analysis. In: Proc of AVIS’06 Google Scholar
  8. 8.
    Berdine J, Calcagno C, Cook B, Distefano D, O’Hearn PW, Wies T, Yang H (2007) Shape analysis for composite data structures. In: Proc of CAV’07. LNCS, vol 4590. Springer, Berlin Google Scholar
  9. 9.
    Berdine J, Chawdhary A, Cook B, Distefano D, O’Hearn PW (2007) Variance analyses from invariance analyses. In: Proc of POPL’07. ACM Press, New York Google Scholar
  10. 10.
    Bouajjani A, Bozga M, Habermehl P, Iosif R, Moro P, Vojnar T (2006) Programs with lists are counter automata. In: Proc of CAV’06. LNCS, vol 4144. Springer, Berlin Google Scholar
  11. 11.
    Bouajjani A, Habermehl P, Moro P, Vojnar T (2005) Verifying programs with dynamic 1-selector-linked structures in regular model checking. In: Proc of TACAS’05. LNCS, vol 3440. Springer, Berlin Google Scholar
  12. 12.
    Bouajjani A, Habermehl P, Rogalewicz A, Vojnar T (2006) Abstract regular tree model checking of complex dynamic data structures. In: Proc of SAS’06. LNCS, vol 4134. Springer, Berlin Google Scholar
  13. 13.
    Bozga M, Iosif R (2005) Quantitative verification of programs with lists. In: Proc of VISSAS’05 Google Scholar
  14. 14.
    Bozga M, Iosif R, Lakhnech Y (2003) Storeless semantics and alias logic. In: Proc of PEPM’03. ACM Press, New York Google Scholar
  15. 15.
    Bozga M, Iosif R (2007) On flat programs with lists. In: VMCAI’07: Proceedings of the 8th international conference on verification, model checking, and abstract interpretation. Springer, Berlin, pp 122–136 CrossRefGoogle Scholar
  16. 16.
    Bradley A, Manna Z, Sipma H (2005) Termination analysis of integer linear loops. In: Proc of CONCUR’05. LNCS, vol 3653 Google Scholar
  17. 17.
    Češka M, Erlebach P, Vojnar T (2006) Pattern-based verification of programs with extended linear linked data structures. Electron Notes Theor Comput Sci 145:113–130 CrossRefGoogle Scholar
  18. 18.
    Cook B, Podelski A, Rybalchenko A (2005) Abstraction refinement for termination. In: Proc of SAS’05. LNCS, vol 3672. Springer, Berlin Google Scholar
  19. 19.
    Deshmukh JV, Emerson EA, Gupta P (2006) Automatic verification of parameterized data structures. In: Proc of TACAS’06. LNCS, vol 3920. Springer, Berlin Google Scholar
  20. 20.
    Distefano D, Berdine J, Cook B, O’Hearn PW (2006) Automatic termination proofs for programs with shape-shifting heaps. In: Proc of CAV’06. LNCS, vol 4144. Springer, Berlin Google Scholar
  21. 21.
    Distefano D, O’Hearn PW, Yang H (2006) A local shape analysis based on separation logic. In: Proc of TACAS’06. LNCS, vol 3920. Springer, Berlin Google Scholar
  22. 22.
    Habermehl P, Iosif R, Rogalewicz A, Vojnar T (2007) Proving termination of tree manipulating programs. Technical Report TR-2007-1, Verimag Google Scholar
  23. 23.
    Iosif R (2004) Symmetry reductions for model checking of concurrent dynamic software. In: STTT, pp 302–319 Google Scholar
  24. 24.
    Iosif R, Bozga M, Konecny F Flata. http://www-verimag.imag.fr/FLATA.html
  25. 25.
    Iosif R, Bozga M, Perarnau S L2CA: Lists to counter automata. http://www-verimag.imag.fr/L2CA-homepage.html
  26. 26.
  27. 27.
    Lee O, Yang H, Yi K (2005) Automatic verification of pointer programs using grammar-based shape analysis. In: Proc of ESOP’05. LNCS, vol 3444. Springer, Berlin Google Scholar
  28. 28.
    Loginov A, Reps TW, Sagiv M (2006) Automated verification of the Deutsch-Schorr-Waite tree-traversal algorithm. In: Proc of SAS’06. LNCS, vol 4134. Springer, Berlin Google Scholar
  29. 29.
    Manevich R, Yahav E, Ramalingam G, Sagiv M (2005) Predicate abstraction and canonical abstraction for singly-linked lists. In: Proc of VMCAI’05. LNCS, vol 3385. Springer, Berlin Google Scholar
  30. 30.
    Møller A, Schwartzbach MI (2001) The pointer assertion logic engine. In: Proc of PLDI’01. ACM Press, New York Google Scholar
  31. 31.
    Reynolds JC (2002) Separation logic: A logic for shared mutable data structures. In: Proc. of LICS’02. IEEE CS Press, Los Alamitos Google Scholar
  32. 32.
    Rybalchenko A ARMC: Abstraction refinement model checker. http://www7.in.tum.de/rybal/armc/
  33. 33.
    Sagiv S, Reps TW, Wilhelm R (2002) Parametric shape analysis via 3-valued logic. ACM Trans Program Lang Syst 24(3) Google Scholar
  34. 34.
    Yahav E, Reps T, Sagiv M, Wilhelm R (2003) Verifying temporal heap properties specified via evolution logic. In: Proc of ESOP’03. LNCS, vol 2618. Springer, Berlin Google Scholar
  35. 35.
    Yang H, Lee O, Berdine J, Calcagno C, Cook B, Distefano D, O’Hearn PW (2008) Scalable shape analysis for systems code. In: Proc of CAV’08. LNCS, vol 5123. Springer, Berlin CrossRefGoogle Scholar
  36. 36.
    Yavuz-Kahveci T, Bultan T (2002) Automated verification of concurrent linked lists with counters. In: Proc of SAS’02. LNCS, vol 2477. Springer, Berlin Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  • Ahmed Bouajjani
    • 1
  • Marius Bozga
    • 2
  • Peter Habermehl
    • 1
  • Radu Iosif
    • 2
  • Pierre Moro
    • 1
  • Tomáš Vojnar
    • 3
  1. 1.LIAFAUniversity Paris Diderot—Paris 7Paris Cedex 13France
  2. 2.VERIMAGGièresFrance
  3. 3.FITBrno University of TechnologyBrnoCzech Republic

Personalised recommendations