Advertisement

Formal Methods in System Design

, Volume 41, Issue 1, pp 83–106 | Cite as

Forest automata for verification of heap manipulation

  • Peter Habermehl
  • Lukáš Holík
  • Adam Rogalewicz
  • Jiří Šimáček
  • Tomáš Vojnar
Article

Abstract

We consider verification of programs manipulating dynamic linked data structures such as various forms of singly and doubly-linked lists or trees. We consider important properties for this kind of systems like no null-pointer dereferences, absence of garbage, shape properties, etc. We develop a verification method based on a novel use of tree automata to represent heap configurations. A heap is split into several “separated” parts such that each of them can be represented by a tree automaton. The automata can refer to each other allowing the different parts of the heaps to mutually refer to their boundaries. Moreover, we allow for a hierarchical representation of heaps by allowing alphabets of the tree automata to contain other, nested tree automata. Program instructions can be easily encoded as operations on our representation structure. This allows verification of programs based on symbolic state-space exploration together with refinable abstraction within the so-called abstract regular tree model checking. A motivation for the approach is to combine advantages of automata-based approaches (higher generality and flexibility of the abstraction) with some advantages of separation-logic-based approaches (efficiency). We have implemented our approach and tested it successfully on multiple non-trivial case studies.

Keywords

Pointers Shape analysis Regular model checking Tree automata 

References

  1. 1.
    Abdulla PA, Bouajjani A, Cederberg J, Haziza F, Rezine A (2008) Monotonic abstraction for programs with dynamic memory heaps. In: Proc of CAV’08. LNCS, vol 5123. Springer, Berlin Google Scholar
  2. 2.
    Abdulla PA, Bouajjani A, Holík L, Kaati L, Vojnar T (2008) Computing simulations over tree automata: efficient techniques for reducing TA. In: Proc of TACAS’08. LNCS, vol 4963 Google Scholar
  3. 3.
    Abdulla PA, Chen Y-F, Holík L, Mayr R, Vojnar T (2010) When simulation meets antichains (on checking language inclusion of NFAs). In: Proc of TACAS’10. LNCS, vol 6015. Springer, Berlin Google Scholar
  4. 4.
    Berdine J, Calcagno C, Cook B, Distefano D, O’Hearn PW, Wies T, Yang H (2007) Shape analysis for composite data structures. In: Proc CAV’07. LNCS, vol 4590. Springer, Berlin Google Scholar
  5. 5.
    Bouajjani A, Bozga M, Habermehl P, Iosif R, Moro P, Vojnar T (2006) Programs with lists are counter automata. In: Proc of CAV’06. LNCS, vol 4144. Springer, Berlin Google Scholar
  6. 6.
    Bouajjani A, Habermehl P, Rogalewicz A, Vojnar T (2006) Abstract regular tree model checking. Electron Notes Theor Comput Sci 149(1):37–48 MathSciNetCrossRefGoogle Scholar
  7. 7.
    Bouajjani A, Habermehl P, Rogalewicz A, Vojnar T (2006) Abstract regular tree model checking of complex dynamic data structures. In: Proc of SAS’06. LNCS, vol 4134. Springer, Berlin Google Scholar
  8. 8.
    Calcagno C, Distefano D, O’Hearn PW, Yang H (2009) Compositional shape analysis by means of Bi-abduction. In: Proc of POPL’09. ACM, New York Google Scholar
  9. 9.
    Deshmukh JV, Emerson EA, Gupta P (2006) Automatic verification of parameterized data structures. In: Proc of TACAS’06. LNCS, vol 3920. Springer, Berlin Google Scholar
  10. 10.
    Dudka K, Peringer P, Vojnar T (2011) Predator: a practical tool for checking manipulation of dynamic data structures using separation logic. In: Proc of CAV’11. LNCS, vol 6806. Springer, Berlin Google Scholar
  11. 11.
    Guo B, Vachharajani N, August DI (2007) Shape analysis with inductive recursion synthesis. In: Proc of PLDI’07. ACM, New York Google Scholar
  12. 12.
    Habermehl P, Holík L, Rogalewicz A, Šimáček J, Vojnar T (2011) Forest automata for verification of heap manipulation. Technical report FIT-TR-2011-01, FIT BUT, Czech Republic. http://www.fit.vutbr.cz/~isimacek/pub/FIT-TR-2011-01.pdf
  13. 13.
    Madhusudan P, Parlato G, Qiu X (2011) Decidable logics combining heap structures and data. In: Proc of POPL’11. ACM, New York Google Scholar
  14. 14.
    Møller A, Schwartzbach M (2001) The pointer assertion logic engine. In: Proc of PLDI’01. ACM, New York Google Scholar
  15. 15.
    Nguyen HH, David C, Qin S, Chin WN (2007) Automated verification of shape and size properties via separation logic. In: Proc of VMCAI’07. LNCS, vol 4349. Springer, Berlin Google Scholar
  16. 16.
    Reynolds JC (2002) Separation logic: a logic for shared mutable data structures. In: Proc of LICS’02. IEEE Comput Soc, Los Alamitos Google Scholar
  17. 17.
    Sagiv S, Reps TW, Wilhelm R (2002) Parametric shape analysis via 3-valued logic. ACM Trans Program Lang Syst 24(3):217–298 CrossRefGoogle Scholar
  18. 18.
    Yang H, Lee O, Calcagno C, Distefano D, O’Hearn PW (2007) On scalable shape analysis. Technical report RR-07-10, Queen Mary, University of London Google Scholar
  19. 19.
    Yang H, Lee O, Berdine J, Calcagno C, Cook B, Distefano D, O’Hearn PW (2008) Scalable shape analysis for systems code. In: Proc of CAV’08. LNCS, vol 5123. Springer, Berlin CrossRefGoogle Scholar
  20. 20.
    Zee K, Kuncak V, Rinard M (2008) Full functional verification of linked data structures. In: Proc of PLDI’08. ACM, New York Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  • Peter Habermehl
    • 1
  • Lukáš Holík
    • 2
    • 3
  • Adam Rogalewicz
    • 2
  • Jiří Šimáček
    • 2
    • 4
  • Tomáš Vojnar
    • 2
  1. 1.LIAFA, CNRSUniversité Paris DiderotSorbonne Paris CitéFrance
  2. 2.FITBrno University of TechnologyBrnoCzech Republic
  3. 3.Uppsala UniversityUppsalaSweden
  4. 4.UJF/CNRS/INPGVERIMAGGièresFrance

Personalised recommendations