Abstract
The incorrect use of pointers is one of the most common source of software errors. Concurrency has a similar characteristic. Proving the correctness of concurrent pointer manipulating programs, let alone algorithmically, is a highly non-trivial task. This paper proposes an automated verification technique for concurrent programs that manipulate linked lists. Key issues of our approach are: automata (with fairness constraints), heap abstractions that are tailored to the program and property to be checked, first-order temporal logic, and a tableau-based model-checking algorithm.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bardin, S., Finkel, A., Nowak, D.: Towards symbolic verification of programs handling pointers. In: AVIS 2004 (2004)
Barr, A.: Find the Bug in this Java Program. Addison-Wesley, Reading (2005)
Basin, D., Matthews, S., Vigano, L.: Labelled modal logics: quantifiers. J. of Logic, Language and Information 7(3), 237–263 (1998)
Berdine, J., Calcagno, C., O’Hearn, P.W.: A decidable fragment of separation logic. In: Lodaya, K., Mahajan, M. (eds.) FSTTCS 2004. LNCS, vol. 3328, pp. 97–109. Springer, Heidelberg (2004)
Berdine, J., Calcagno, C., O’Hearn, P.W.: Symbolic execution with separation logic. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 52–68. Springer, Heidelberg (2005)
Bergstra, J., Ponse, A., Smolka, S.A. (eds.): Handbook of Process Algebra. Elsevier, Amsterdam (2001)
Bouajjani, A., Habermehl, P., Moro, P., Vojnar, T.: Verifying programs with dynamic 1-selector-linked list structures in regular model checking. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 13–29. Springer, Heidelberg (2005)
Bozga, M., Iosif, R., Lakhnech, Y.: Storeless semantics and alias logic. In: PEPM, pp. 55–65. ACM Press, New York (2003)
Bozga, M., Iosif, R., Lakhnech, Y.: On logics of aliasing. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 344–360. Springer, Heidelberg (2004)
Burstall, R.: Some techniques for proving correctness of programs which alter data structures. Machine Intelligence 6, 23–50 (1971)
Cardelli, L., Gardner, P., Ghelli, G.: A spatial logic for querying graphs. In: Widmayer, P., Triguero, F., Morales, R., Hennessy, M., Eidenbenz, S., Conejo, R. (eds.) ICALP 2002. LNCS, vol. 2380, pp. 597–610. Springer, Heidelberg (2002)
Cardelli, L., Gordon, A.D.: Anytime, anywhere: modal logics for mobile ambients. In: POPL, pp. 365–377. ACM Press, New York (2000)
Chase, D.R., Wegman, M., Zadeck, F.: Analysis of pointers and structures. In: PLDI, pp. 296–310. ACM Press, New York (1990)
Chong, S., Rugina, R.: Static analysis of accessed regions in recursive data structures. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 463–482. Springer, Heidelberg (2003)
Cook, S.A., Oppen, D.: An assertion language for data structures. In: POPL, pp. 160–166. ACM Press, New York (1975)
Deutsch, A.: Interprocedural may-alias analysis for pointers: beyond k-limiting. In: PLDI, pp. 230–241. ACM Press, New York (1994)
Distefano, D.: A parametric model for the analysis of mobile ambients. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 401–417. Springer, Heidelberg (2005)
Distefano, D., Katoen, J.-P., Rensink, A.: Who is pointing when to whom? – On the automated verification of linked list structures. In: Lodaya, K., Mahajan, M. (eds.) FSTTCS 2004. LNCS, vol. 3328, pp. 250–262. Springer, Heidelberg (2004)
Distefano, D., Rensink, A., Katoen, J.-P.: Who is pointing when to whom? – On the automated verification of linked list structures CTIT Tech. Rep. 03-12 (2003)
Distefano, D., Rensink, A., Katoen, J.-P.: Model checking birth and death. In: TCS, pp. 435–447. Kluwer, Dordrecht (2002)
Fitting, M.: On quantified modal logic. Fundamenta Informatica 39(1), 5–121 (1999)
Fradet, P., Gaugne, R., Le Métayer, D.: Static detection of pointer errors: an axiomatisation and a checking algorithm. In: Riis Nielson, H. (ed.) ESOP 1996. LNCS, vol. 1058, pp. 125–140. Springer, Heidelberg (1996)
van Glabbeek, R.J.: The linear time-branching time spectrum I. In: [6], ch. 1, pp. 3–101 (2001)
Ishtiaq, S., O’Hearn, P.W.: BI as an assertion language for mutable data structures. In: POPL, pp. 14–26. ACM Press, New York (2001)
Jensen, J., Jørgensen, M., Schwartzbach, M., Klarlund, N.: Automatic verification of pointer programs using monadic second-order logic. In: PLDI, pp. 226–236. ACM Press, New York (1997)
Jones, N.D., Muchnick, S.S.: Flow analysis and optimization of Lisp-like structures, ch. 4. In: Muchnick, S.S., Jones, N.D. (eds.) Program Flow Analysis: Theory and Applications, ch. 4, pp. 102–131. Prentice-Hall, Englewood Cliffs (1981)
Lichtenstein, O., Pnueli, A.: Checking that finite state concurrent programs satisfy their linear specification. In: POPL, pp. 97–107. ACM Press, New York (1985)
Nelson, G.: Verifying reachability invariants of linked structures. In: POPL, pp. 38–47. ACM Press, New York (1983)
Manevich, R., Yahav, E., Ramalingam, G., Sagiv, M.: Predicate abstraction and canonical abstraction for singly-linked lists. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 181–198. Springer, Heidelberg (2005)
Milner, R. (ed.): A Calculus of Communication Systems. LNCS, vol. 92. Springer, Heidelberg (1980)
Montanari, U., Pistore, M.: An introduction to history-dependent automata. ENTCSÂ 10 (1998)
Møller, A., Schwartzbach, M.: The pointer assertion logic engine. In: PLDI, pp. 213–221. ACM Press, New York (2001)
Morris, J.: Assignment and linked data structures. In: Th. Found. of Progr. Meth., Reidel, pp. 25–34 (1981)
O’Hearn, P.W., Yang, H., Reynolds, J.C.: Separation and information hiding. In: POPL, pp. 268–280. ACM Press, New York (2004)
Pnueli, A.: The temporal logic of programs. In: FOCS, pp. 46–57. IEEE CS Press, Los Alamitos (1977)
Rensink, A.: Canonical graph shapes. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 401–415. Springer, Heidelberg (2004)
Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: LICS, pp. 55–74. IEEE CS Press, Los Alamitos (2002)
Sagiv, M., Reps, T., Wilhelm, R.: Solving shape-analysis problems in languages with destructive updating. ACM TOPLAS 20(1), 1–50 (1998)
Séméria, L., Sato, K., de Micheli, G.: Resolution of dynamic memory allocation and pointers for the behavioural synthesis from C. In: DATE, pp. 312–319. ACM Press, New York (2000)
Yahav, E., Reps, T., Sagiv, M., Wilhelm, R.: Verifying temporal heap properties specified via evolution logic. In: Degano, P. (ed.) ESOP 2003 and ETAPS 2003. LNCS, vol. 2618, pp. 204–222. Springer, Heidelberg (2003)
Yavuz-Kahveci, T., Bultan, T.: Automated verification of concurrent linked lists with counters. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 69–82. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Distefano, D., Katoen, JP., Rensink, A. (2006). Safety and Liveness in Concurrent Pointer Programs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, WP. (eds) Formal Methods for Components and Objects. FMCO 2005. Lecture Notes in Computer Science, vol 4111. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11804192_14
Download citation
DOI: https://doi.org/10.1007/11804192_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36749-9
Online ISBN: 978-3-540-36750-5
eBook Packages: Computer ScienceComputer Science (R0)