# Juggrnaut: using graph grammars for abstracting unbounded heap structures

- 212 Downloads
- 2 Citations

## Abstract

This paper presents a novel abstraction framework for heap data structures. It employs graph grammars, more precisely context-free hyperedge replacement grammars. We will show that this is a very natural formalism for modelling dynamic data structures in an intuitive way. Our approach aims at extending finite-state verification techniques to handle pointer-manipulating programs operating on complex dynamic data structures that are potentially unbounded in their size. The theoretical foundations of our approach and its correctness are the main focus of this paper. In addition, we present a prototypical tool entitled Juggrnaut that realizes our approach and show encouraging experimental verification results for three case studies: a doubly-linked list reversal, the flattening of binary trees, and the Deutsch–Schorr–Waite tree traversal algorithm.

## Keywords

Heap abstraction Dynamic data structures Hyperedge replacement grammars Software verification Pointer-manipulating programs## Notes

### Acknowledgments

This research has partially been funded by EU FP7 project CARP (Correct and Efficient Accelerator Programming), http://www.carpproject.eu.

## References

- 1.Bals M, Jansen C, Noll T (2013) Incremental construction of Greibach normal form for context-free grammars. In: International symposium on theoretical aspects of software engineering (TASE 2013), IEEE CS Press, pp 165–168Google Scholar
- 2.Berdine J, Calcagno C, O’Hearn PW (2004) A decidable fragment of separation logic. In: 24th International conference on foundations of software technology and theoretical computer science (FSTTCS), Springer, LNCS, vol 3328, pp 97–109Google Scholar
- 3.Berdine J, Calcagno C, O’Hearn PW (2005) Smallfoot: modular automatic assertion checking with separation logic. In: Formal methods for components and objects, Springer, LNCS, vol 4111, pp 115–137Google Scholar
- 4.Bhat G, Cleaveland R, Grumberg O (1995) Efficient on-the-fly model checking for CTL*. In: 10th Annual IEEE symposium on logic in computer science, pp 388–397Google Scholar
- 5.Bogudlov I, Lev-Ami T, Reps TW, Sagiv M (2007) Revamping TVLA: making parametric shape analysis competitive. In: 19th International conference on computer aided verification (CAV), Springer, LNCS, vol 4590, pp 221–225Google Scholar
- 6.Bouajjani A, Bozga M, Habermehl P, Iosif R, Moro P, Vojnar T (2006a) Programs with lists are counter automata. In: 18th international conference on computer-aided verification (CAV), Springer, LNCS, vol 4144, pp 517–531Google Scholar
- 7.Bouajjani A, Habermehl P, Rogalewicz A, Vojnar T (2006b) Abstract regular tree model checking of complex dynamic data structures. In: Static analysis symposium (SAS), Springer, LNCS, vol 4134, pp 52–70Google Scholar
- 8.Courcelle B (1990) The monadic second-order logic of graphs. I. Recognizable sets of finite graphs. Inf Comput 85(1):12–75zbMATHMathSciNetCrossRefGoogle Scholar
- 9.Courcelle B (1997) The expression of graph properties and graph transformations in monadic second-order logic. In: Rozenberg G (ed) Handbook of graph grammars. Singapore, Singapore, pp 313–400Google Scholar
- 10.Distefano D, Katoen JP, Rensink A (2005) Safety and liveness in concurrent pointer programs. In: Formal methods for components and objects, Springer, LNCS, vol 4111, pp 280–312Google Scholar
- 11.Dodds M, Plump D (2009) From hyperedge replacement to separation logic and back. ECEASST 16, http://journal.ub.tu-berlin.de/index.php/eceasst/article/view/237/236
- 12.Drewes F, Kreowski HJ, Habel A (1997) Hyperedge replacement graph grammars. In: Rozenberg G (ed) Handbook of graph grammars. World Scientific, Singapore, pp 95–162Google Scholar
- 13.Elgaard J, Møller A, Schwartzbach MI (2000) Compile-time debugging of C programs working on trees. In: Programming languages and systems, LNCS, vol 1782, Springer, pp 119–134Google Scholar
- 14.Engelfriet J (1992) A Greibach normal form for context-free graph grammars. In: International conference on automata, languages and programming (ICALP), Springer, LNCS, vol 623, pp 138–149Google Scholar
- 15.Ghamarian AH, de Mol MJ, Rensink A, Zambon E, Zimakova MV (2012) Modelling and analysis using GROOVE. Int J Softw Tools Technol Transf 14:15–40CrossRefGoogle Scholar
- 16.Halin R (1976) S-functions for graphs. J Geom 8(1–2):171–186zbMATHMathSciNetCrossRefGoogle Scholar
- 17.Heinen J (2015) Verifying Java programs—a graph grammar approach. PhD thesis, RWTH Aachen University, GermanyGoogle Scholar
- 18.Heinen J, Noll T, Rieger S (2010) Juggrnaut: graph grammar abstraction for unbounded heap structures. In: Proceedings of the 3rd international workshop on harnessing theories for tool support in software (TTSS 2009), Elsevier, ENTCS, vol 266, pp 93–107Google Scholar
- 19.Heinen J, Barthels H, Jansen C (2012) Juggrnaut—an abstract JVM. In: Formal verification of object-oriented software (FoVeOOS 2011), Springer, LNCS, vol 7421, pp 142–159Google Scholar
- 20.Hinman P (2005) Fundamentals of mathematical logic. A.K. Peters Ltd, WellesleyzbMATHGoogle Scholar
- 21.Iosif R, Rogalewicz A, Simacek J (2013) The tree width of separation logic with recursive definitions. In: Automated deduction (CADE-24) (Lecture notes in computer science), vol 7898, Springer, pp 21–38Google Scholar
- 22.Jansen C, Noll T (2014) Generating abstract graph-based procedure summaries for pointer programs. In: Graph transformations (ICGT 2014), Springer, LNCS, vol 8571, pp 49–64Google Scholar
- 23.Jansen C, Heinen J, Katoen JP, Noll T (2011) A local Greibach normal form for hyperedge replacement grammars. In: 5th international conference on language and automata theory and applications (LATA 2011), Springer, LNCS, vol 6638, pp 323–335Google Scholar
- 24.Jansen C, Göbe F, Noll T (2014) Generating inductive predicates for symbolic execution of pointer-manipulating programs. In: Graph transformation (ICGT 2014), Springer, LNCS, vol 8571, pp 65–80Google Scholar
- 25.Jensen JL, Jørgensen ME, Schwartzbach MI, Klarlund N (1997) Automatic verification of pointer programs using monadic second-order logic. In: ACM SIGPLAN 1997 conference on programming language design and implementation (PLDI ’97), ACM Press, pp 226–234Google Scholar
- 26.Klarlund N, Møller A, Schwartzbach MI (2001) Mona implementation secrets. In: Implementation and application of automata, LNCS, vol 2088, Springer, pp 182–194Google Scholar
- 27.Lee O, Yang H, Yi K (2005) Automatic verification of pointer programs using grammar-based shape analysis. In: Proceedings of 14th European symposium on programming (ESOP ’05), Springer, LNCS, vol 3444, pp 124–140Google Scholar
- 28.Lindstrom G (1973) Scanning list structures without stacks or tag bits. Inf Process Lett 2(2):47–51MathSciNetCrossRefGoogle Scholar
- 29.Loginov A, Reps TW, Sagiv M (2006) Automated verification of the Deutsch-Schorr-Waite tree-traversal algorithm. In: 13th International static analysis symposium (SAS), Springer, LNCS, vol 4134, pp 261–279Google Scholar
- 30.Madhusudan P, Qiu X (2011) Efficient decision procedures for heaps using STRAND. In: Static analysis, LNCS, vol 6887, Springer, pp 43–59Google Scholar
- 31.Madhusudan P, Parlato G, Qiu X (2011) Decidable logics combining heap structures and data. In: POPL 2011, ACM Press, pp 611–622Google Scholar
- 32.Mehta F, Nipkow T (2005) Proving pointer programs in higher-order logic. Inf Comput 199(1–2):200–227zbMATHMathSciNetCrossRefGoogle Scholar
- 33.O’Hearn PW, Yang H, Reynolds JC (2004) Separation and information hiding. In: ACM symposium on principles of programming languages (POPL), ACM Press, pp 268–280Google Scholar
- 34.Plump D (2010) Checking graph-transformation systems for confluence. ECEASST 26, http://journal.ub.tu-berlin.de/eceasst/article/view/367/347
- 35.Pnueli A (1977) The temporal logic of programs. In: 18th annual symposium on foundations of computer science, IEEE CS Press, pp 46–57Google Scholar
- 36.Poskitt C, Plump D (2012) Hoare-style verification of graph programs. Fundam Inf 114:1–43MathSciNetGoogle Scholar
- 37.Reynolds JC (2002) Separation logic: a logic for shared mutable data structures. In: IEEE symposium on logic in computer science (LICS), IEEE CS Press, pp 55–74Google Scholar
- 38.Rieger S, Noll T (2008) Abstracting complex data structures by hyperedge replacement. In: 4th international conference on graph transformations (ICGT 2008), Springer, LNCS, vol 5214, pp 69–83Google Scholar
- 39.Sagiv S, Reps TW, Wilhelm R (2002) Parametric shape analysis via 3-valued logic. ACM TOPLAS 24(3):217–298CrossRefGoogle Scholar
- 40.Schorr H, Waite WM (1967) An efficient machine-independent procedure for garbage collection in various list structures. Commun ACM 10:501–506zbMATHCrossRefGoogle Scholar
- 41.Yang H, Lee O, Berdine J, Calcagno C, Cook B, Distefano D, O’Hearn PW (2008) Scalable shape analysis for systems code. In: 20th international conference on computer aided verification (CAV), Springer, LNCS, vol 5123, pp 385–398Google Scholar
- 42.Yuasa Y, Tanabe Y, Sekizawa T, Takahashi K (2008) Verification of the Deutsch-Schorr-Waite marking algorithm with modal logic. In: 2nd international conference on verified software: theories, tools, experiments (VSTTE), Springer, LNCS, vol 5295, pp 115–129Google Scholar
- 43.Zambon E (2013) Abstract graph transformation—theory and practice. PhD thesis, University of TwenteGoogle Scholar
- 44.Zambon E, Rensink A (2012) Graph subsumption in abstract state space exploration. In: Graph inspection and traversal engineering (GRAPHite 2012), Electronic proceedings in theoretical computer science, vol 99, pp 35–49Google Scholar