Formal Methods in System Design

, Volume 47, Issue 2, pp 159–203 | Cite as

Juggrnaut: using graph grammars for abstracting unbounded heap structures

  • Jonathan Heinen
  • Christina Jansen
  • Joost-Pieter Katoen
  • Thomas NollEmail author


This paper presents a novel abstraction framework for heap data structures. It employs graph grammars, more precisely context-free hyperedge replacement grammars. We will show that this is a very natural formalism for modelling dynamic data structures in an intuitive way. Our approach aims at extending finite-state verification techniques to handle pointer-manipulating programs operating on complex dynamic data structures that are potentially unbounded in their size. The theoretical foundations of our approach and its correctness are the main focus of this paper. In addition, we present a prototypical tool entitled Juggrnaut that realizes our approach and show encouraging experimental verification results for three case studies: a doubly-linked list reversal, the flattening of binary trees, and the Deutsch–Schorr–Waite tree traversal algorithm.


Heap abstraction Dynamic data structures Hyperedge replacement grammars Software verification Pointer-manipulating programs 



This research has partially been funded by EU FP7 project CARP (Correct and Efficient Accelerator Programming),


  1. 1.
    Bals M, Jansen C, Noll T (2013) Incremental construction of Greibach normal form for context-free grammars. In: International symposium on theoretical aspects of software engineering (TASE 2013), IEEE CS Press, pp 165–168Google Scholar
  2. 2.
    Berdine J, Calcagno C, O’Hearn PW (2004) A decidable fragment of separation logic. In: 24th International conference on foundations of software technology and theoretical computer science (FSTTCS), Springer, LNCS, vol 3328, pp 97–109Google Scholar
  3. 3.
    Berdine J, Calcagno C, O’Hearn PW (2005) Smallfoot: modular automatic assertion checking with separation logic. In: Formal methods for components and objects, Springer, LNCS, vol 4111, pp 115–137Google Scholar
  4. 4.
    Bhat G, Cleaveland R, Grumberg O (1995) Efficient on-the-fly model checking for CTL*. In: 10th Annual IEEE symposium on logic in computer science, pp 388–397Google Scholar
  5. 5.
    Bogudlov I, Lev-Ami T, Reps TW, Sagiv M (2007) Revamping TVLA: making parametric shape analysis competitive. In: 19th International conference on computer aided verification (CAV), Springer, LNCS, vol 4590, pp 221–225Google Scholar
  6. 6.
    Bouajjani A, Bozga M, Habermehl P, Iosif R, Moro P, Vojnar T (2006a) Programs with lists are counter automata. In: 18th international conference on computer-aided verification (CAV), Springer, LNCS, vol 4144, pp 517–531Google Scholar
  7. 7.
    Bouajjani A, Habermehl P, Rogalewicz A, Vojnar T (2006b) Abstract regular tree model checking of complex dynamic data structures. In: Static analysis symposium (SAS), Springer, LNCS, vol 4134, pp 52–70Google Scholar
  8. 8.
    Courcelle B (1990) The monadic second-order logic of graphs. I. Recognizable sets of finite graphs. Inf Comput 85(1):12–75zbMATHMathSciNetCrossRefGoogle Scholar
  9. 9.
    Courcelle B (1997) The expression of graph properties and graph transformations in monadic second-order logic. In: Rozenberg G (ed) Handbook of graph grammars. Singapore, Singapore, pp 313–400Google Scholar
  10. 10.
    Distefano D, Katoen JP, Rensink A (2005) Safety and liveness in concurrent pointer programs. In: Formal methods for components and objects, Springer, LNCS, vol 4111, pp 280–312Google Scholar
  11. 11.
    Dodds M, Plump D (2009) From hyperedge replacement to separation logic and back. ECEASST 16,
  12. 12.
    Drewes F, Kreowski HJ, Habel A (1997) Hyperedge replacement graph grammars. In: Rozenberg G (ed) Handbook of graph grammars. World Scientific, Singapore, pp 95–162Google Scholar
  13. 13.
    Elgaard J, Møller A, Schwartzbach MI (2000) Compile-time debugging of C programs working on trees. In: Programming languages and systems, LNCS, vol 1782, Springer, pp 119–134Google Scholar
  14. 14.
    Engelfriet J (1992) A Greibach normal form for context-free graph grammars. In: International conference on automata, languages and programming (ICALP), Springer, LNCS, vol 623, pp 138–149Google Scholar
  15. 15.
    Ghamarian AH, de Mol MJ, Rensink A, Zambon E, Zimakova MV (2012) Modelling and analysis using GROOVE. Int J Softw Tools Technol Transf 14:15–40CrossRefGoogle Scholar
  16. 16.
    Halin R (1976) S-functions for graphs. J Geom 8(1–2):171–186zbMATHMathSciNetCrossRefGoogle Scholar
  17. 17.
    Heinen J (2015) Verifying Java programs—a graph grammar approach. PhD thesis, RWTH Aachen University, GermanyGoogle Scholar
  18. 18.
    Heinen J, Noll T, Rieger S (2010) Juggrnaut: graph grammar abstraction for unbounded heap structures. In: Proceedings of the 3rd international workshop on harnessing theories for tool support in software (TTSS 2009), Elsevier, ENTCS, vol 266, pp 93–107Google Scholar
  19. 19.
    Heinen J, Barthels H, Jansen C (2012) Juggrnaut—an abstract JVM. In: Formal verification of object-oriented software (FoVeOOS 2011), Springer, LNCS, vol 7421, pp 142–159Google Scholar
  20. 20.
    Hinman P (2005) Fundamentals of mathematical logic. A.K. Peters Ltd, WellesleyzbMATHGoogle Scholar
  21. 21.
    Iosif R, Rogalewicz A, Simacek J (2013) The tree width of separation logic with recursive definitions. In: Automated deduction (CADE-24) (Lecture notes in computer science), vol 7898, Springer, pp 21–38Google Scholar
  22. 22.
    Jansen C, Noll T (2014) Generating abstract graph-based procedure summaries for pointer programs. In: Graph transformations (ICGT 2014), Springer, LNCS, vol 8571, pp 49–64Google Scholar
  23. 23.
    Jansen C, Heinen J, Katoen JP, Noll T (2011) A local Greibach normal form for hyperedge replacement grammars. In: 5th international conference on language and automata theory and applications (LATA 2011), Springer, LNCS, vol 6638, pp 323–335Google Scholar
  24. 24.
    Jansen C, Göbe F, Noll T (2014) Generating inductive predicates for symbolic execution of pointer-manipulating programs. In: Graph transformation (ICGT 2014), Springer, LNCS, vol 8571, pp 65–80Google Scholar
  25. 25.
    Jensen JL, Jørgensen ME, Schwartzbach MI, Klarlund N (1997) Automatic verification of pointer programs using monadic second-order logic. In: ACM SIGPLAN 1997 conference on programming language design and implementation (PLDI ’97), ACM Press, pp 226–234Google Scholar
  26. 26.
    Klarlund N, Møller A, Schwartzbach MI (2001) Mona implementation secrets. In: Implementation and application of automata, LNCS, vol 2088, Springer, pp 182–194Google Scholar
  27. 27.
    Lee O, Yang H, Yi K (2005) Automatic verification of pointer programs using grammar-based shape analysis. In: Proceedings of 14th European symposium on programming (ESOP ’05), Springer, LNCS, vol 3444, pp 124–140Google Scholar
  28. 28.
    Lindstrom G (1973) Scanning list structures without stacks or tag bits. Inf Process Lett 2(2):47–51MathSciNetCrossRefGoogle Scholar
  29. 29.
    Loginov A, Reps TW, Sagiv M (2006) Automated verification of the Deutsch-Schorr-Waite tree-traversal algorithm. In: 13th International static analysis symposium (SAS), Springer, LNCS, vol 4134, pp 261–279Google Scholar
  30. 30.
    Madhusudan P, Qiu X (2011) Efficient decision procedures for heaps using STRAND. In: Static analysis, LNCS, vol 6887, Springer, pp 43–59Google Scholar
  31. 31.
    Madhusudan P, Parlato G, Qiu X (2011) Decidable logics combining heap structures and data. In: POPL 2011, ACM Press, pp 611–622Google Scholar
  32. 32.
    Mehta F, Nipkow T (2005) Proving pointer programs in higher-order logic. Inf Comput 199(1–2):200–227zbMATHMathSciNetCrossRefGoogle Scholar
  33. 33.
    O’Hearn PW, Yang H, Reynolds JC (2004) Separation and information hiding. In: ACM symposium on principles of programming languages (POPL), ACM Press, pp 268–280Google Scholar
  34. 34.
    Plump D (2010) Checking graph-transformation systems for confluence. ECEASST 26,
  35. 35.
    Pnueli A (1977) The temporal logic of programs. In: 18th annual symposium on foundations of computer science, IEEE CS Press, pp 46–57Google Scholar
  36. 36.
    Poskitt C, Plump D (2012) Hoare-style verification of graph programs. Fundam Inf 114:1–43MathSciNetGoogle Scholar
  37. 37.
    Reynolds JC (2002) Separation logic: a logic for shared mutable data structures. In: IEEE symposium on logic in computer science (LICS), IEEE CS Press, pp 55–74Google Scholar
  38. 38.
    Rieger S, Noll T (2008) Abstracting complex data structures by hyperedge replacement. In: 4th international conference on graph transformations (ICGT 2008), Springer, LNCS, vol 5214, pp 69–83Google Scholar
  39. 39.
    Sagiv S, Reps TW, Wilhelm R (2002) Parametric shape analysis via 3-valued logic. ACM TOPLAS 24(3):217–298CrossRefGoogle Scholar
  40. 40.
    Schorr H, Waite WM (1967) An efficient machine-independent procedure for garbage collection in various list structures. Commun ACM 10:501–506zbMATHCrossRefGoogle Scholar
  41. 41.
    Yang H, Lee O, Berdine J, Calcagno C, Cook B, Distefano D, O’Hearn PW (2008) Scalable shape analysis for systems code. In: 20th international conference on computer aided verification (CAV), Springer, LNCS, vol 5123, pp 385–398Google Scholar
  42. 42.
    Yuasa Y, Tanabe Y, Sekizawa T, Takahashi K (2008) Verification of the Deutsch-Schorr-Waite marking algorithm with modal logic. In: 2nd international conference on verified software: theories, tools, experiments (VSTTE), Springer, LNCS, vol 5295, pp 115–129Google Scholar
  43. 43.
    Zambon E (2013) Abstract graph transformation—theory and practice. PhD thesis, University of TwenteGoogle Scholar
  44. 44.
    Zambon E, Rensink A (2012) Graph subsumption in abstract state space exploration. In: Graph inspection and traversal engineering (GRAPHite 2012), Electronic proceedings in theoretical computer science, vol 99, pp 35–49Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  • Jonathan Heinen
    • 1
  • Christina Jansen
    • 1
  • Joost-Pieter Katoen
    • 1
  • Thomas Noll
    • 1
    Email author
  1. 1.Software Modelling and Verification GroupRWTH Aachen UniversityAachenGermany

Personalised recommendations