Programs with Lists Are Counter Automata

  • Ahmed Bouajjani
  • Marius Bozga
  • Peter Habermehl
  • Radu Iosif
  • Pierre Moro
  • Tomáš Vojnar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4144)


We address the verification problem of programs manipulating one-selector linked data structures. We propose a new automated approach for checking safety and termination for these programs. Our approach is based on using counter automata as accurate abstract models: control states correspond to abstract heap graphs where list segments without sharing are collapsed, and counters are used to keep track of the number of elements in these segments. This allows to apply automatic analysis techniques and tools for counter automata in order to verify list programs. We show the effectiveness of our approach, in particular by verifying automatically termination of some sorting programs.


Abstract Structure Predicate Abstraction Abstract Node Counter Automaton Sharing Point 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Bouajjani, A., Annichini, A., Sighireanu, M.: TREX: A Tool for Reachability Analysis of Complex Systems. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, p. 368. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Balaban, I., Pnueli, A., Zuck, L.: Shape Analysis by Predicate Abstraction. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 164–180. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Bardin, S., Finkel, A., Nowak, D.: Toward Symbolic Verification of Programs Handling Pointers. In: Proc. of AVIS 2004 (2004)Google Scholar
  5. 5.
    Bardin, S., Finkel, A., Leroux, J., Petrucci, L.: FAST: Fast Acceleration of Symbolic Transition systems. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 118–121. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Berdine, J., Calcagno, C., O’Hearn, P.: A Decidable Fragment of Separation Logic. In: Lodaya, K., Mahajan, M. (eds.) FSTTCS 2004. LNCS, vol. 3328, pp. 97–109. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Bouajjani, A., Bozga, M., Habermehl, P., Iosif, R., Moro, P., Vojnar, T.: Programs with Lists are Counter Automata. Tech. Rep. TR-2006-3, Verimag, UJF/CNRS/INPG, Grenoble (2006)Google Scholar
  8. 8.
    Bouajjani, A., Habermehl, P., Moro, P., Vojnar, T.: Verifying Programs with Dynamic 1-Selector-Linked Structures in Regular Model Checking. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 13–29. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Bouajjani, A., Habermehl, P., Vojnar, T.: Abstract Regular Model Checking. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 372–386. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Bozga, M., Iosif, R.: Quantitative Verification of Programs with Lists. VERIMAG TR-2005-2 (2005),
  11. 11.
    Bradley, A., Manna, Z., Sipma, H.: Termination Analysis of Integer Linear Loops. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 488–502. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Cook, B., Podelski, A., Rybalchenko, A.: Abstraction Refinement for Termination. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 87–101. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Cousot, P., Cousot, R.: Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In: Proc. of POPL 1997 (1977)Google Scholar
  14. 14.
    Dor, N., Rodeh, M., Sagiv, S.: Checking Cleanness in Linked Lists. In: Palsberg, J. (ed.) SAS 2000. LNCS, vol. 1824, pp. 115–135. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  15. 15.
    Finkel, A.: Personal communication (2006)Google Scholar
  16. 16.
    Iosif, R.: Symmetry Reductions for Model Checking of Concurrent Dynamic Software. STTT, 302–319 (2004)Google Scholar
  17. 17.
    Ishtiaq, S., O’Hearn, P.: BI as an assertion language for mutable data structures. In: Proc. of POPL 2001 (2001)Google Scholar
  18. 18.
    Manevich, R., Yahav, E., Ramalingam, G., Sagiv, M.: Predicate Abstraction and Canonical Abstraction for Singly-Linked Lists. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 181–198. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Møller, A., Schwartzbach, M.I.: The Pointer Assertion Logic Engine. In: Proc. of PLDI 2001. ACM Press, New York (2001)Google Scholar
  20. 20.
    Presburger, M.: Über die Vollstandigkeit eines Gewissen Systems der Arithmetik. Comptes Rendus du I Congrés des Pays Slaves (1929)Google Scholar
  21. 21.
    Sagiv, S., Reps, T.W., Wilhelm, R.: Parametric Shape Analysis via 3-Valued Logic. TOPLAS (2002)Google Scholar
  22. 22.
    Yahav, E., Reps, T., Sagiv, M., Wilhelm, R.: Verifying Temporal Heap Properties Specified via Evolution Logic. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 204–222. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Ahmed Bouajjani
    • 2
  • Marius Bozga
    • 1
  • Peter Habermehl
    • 2
  • Radu Iosif
    • 1
  • Pierre Moro
    • 2
  • Tomáš Vojnar
    • 3
  1. 1.VERIMAGGières
  2. 2.LIAFAParis University 7Paris Cedex 05
  3. 3.FITBrno University of TechnologyBrno

Personalised recommendations