Skip to main content
SpringerLink
Log in

Programs with lists are counter automata

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

We address the problem of verifying programs manipulating one-selector linked data structures. We propose and study in detail an application of counter automata as an accurate abstract model for this problem. We let control states of the counter automata correspond to abstract heap graphs where list segments without sharing are collapsed, and use counters to keep track of the number of elements in these segments. As a significant theoretical result, we show that the obtained counter automata are bisimilar to the original programs. Moreover, from a practical point of view, our translation allows one to apply efficient automatic analysis techniques and tools developed for counter automata (integer programs) in order to verify both safety as well as termination of list-manipulating programs. As another theoretical contribution, we prove that if the control of the generated counter automata does not contain nested loops (i.e., these automata are flat), both safety and termination are decidable for the original programs. Subsequently, we generalise our counter-automata-based model to keep track of ordering properties over lists storing ordered data. Finally, we show effectiveness of our approach by verifying automatically safety as well as termination of several sorting programs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdulla PA, Bouajjani A, Cederberg J, Haziza F, Rezine A (2008) Monotonic abstraction for programs with dynamic memory heaps. In: Proc of CAV’08. LNCS, vol 5123. Springer, Berlin

    Google Scholar 

  2. Annichini A, Bouajjani A, Sighireanu M (2001) TReX: A tool for reachability analysis of complex systems. In: Proc of CAV’01. LNCS, vol 2102

    Google Scholar 

  3. Balaban I, Pnueli A, Zuck LD (2005) Shape analysis by predicate abstraction. In: Proc of VMCAI’05. LNCS, vol 3385. Springer, Berlin

    Google Scholar 

  4. Baldan P, Corradini A, Esparza J, Heindel T, König B, Kozioura V (2005) Verifying red-black trees. In: Proc of COSMICAH’05, Technical report RR-05-04. Queen Mary, University of London

  5. Bardin S, Finkel A, Nowak D (2004) Toward symbolic verification of programs handling pointers. In: Proc of AVIS’04

    Google Scholar 

  6. Bardin S, Finkel A, Leroux J, Petrucci L (2003) FAST: Fast acceleration of symbolic transition systems. In: Proc of CAV’03. LNCS, vol 2725

    Google Scholar 

  7. Bardin S, Finkel A, Lozes E (2006) From pointer systems to counter systems using shape analysis. In: Proc of AVIS’06

    Google Scholar 

  8. Berdine J, Calcagno C, Cook B, Distefano D, O’Hearn PW, Wies T, Yang H (2007) Shape analysis for composite data structures. In: Proc of CAV’07. LNCS, vol 4590. Springer, Berlin

    Google Scholar 

  9. Berdine J, Chawdhary A, Cook B, Distefano D, O’Hearn PW (2007) Variance analyses from invariance analyses. In: Proc of POPL’07. ACM Press, New York

    Google Scholar 

  10. Bouajjani A, Bozga M, Habermehl P, Iosif R, Moro P, Vojnar T (2006) Programs with lists are counter automata. In: Proc of CAV’06. LNCS, vol 4144. Springer, Berlin

    Google Scholar 

  11. Bouajjani A, Habermehl P, Moro P, Vojnar T (2005) Verifying programs with dynamic 1-selector-linked structures in regular model checking. In: Proc of TACAS’05. LNCS, vol 3440. Springer, Berlin

    Google Scholar 

  12. Bouajjani A, Habermehl P, Rogalewicz A, Vojnar T (2006) Abstract regular tree model checking of complex dynamic data structures. In: Proc of SAS’06. LNCS, vol 4134. Springer, Berlin

    Google Scholar 

  13. Bozga M, Iosif R (2005) Quantitative verification of programs with lists. In: Proc of VISSAS’05

    Google Scholar 

  14. Bozga M, Iosif R, Lakhnech Y (2003) Storeless semantics and alias logic. In: Proc of PEPM’03. ACM Press, New York

    Google Scholar 

  15. Bozga M, Iosif R (2007) On flat programs with lists. In: VMCAI’07: Proceedings of the 8th international conference on verification, model checking, and abstract interpretation. Springer, Berlin, pp 122–136

    Chapter  Google Scholar 

  16. Bradley A, Manna Z, Sipma H (2005) Termination analysis of integer linear loops. In: Proc of CONCUR’05. LNCS, vol 3653

    Google Scholar 

  17. Češka M, Erlebach P, Vojnar T (2006) Pattern-based verification of programs with extended linear linked data structures. Electron Notes Theor Comput Sci 145:113–130

    Article  Google Scholar 

  18. Cook B, Podelski A, Rybalchenko A (2005) Abstraction refinement for termination. In: Proc of SAS’05. LNCS, vol 3672. Springer, Berlin

    Google Scholar 

  19. Deshmukh JV, Emerson EA, Gupta P (2006) Automatic verification of parameterized data structures. In: Proc of TACAS’06. LNCS, vol 3920. Springer, Berlin

    Google Scholar 

  20. Distefano D, Berdine J, Cook B, O’Hearn PW (2006) Automatic termination proofs for programs with shape-shifting heaps. In: Proc of CAV’06. LNCS, vol 4144. Springer, Berlin

    Google Scholar 

  21. Distefano D, O’Hearn PW, Yang H (2006) A local shape analysis based on separation logic. In: Proc of TACAS’06. LNCS, vol 3920. Springer, Berlin

    Google Scholar 

  22. Habermehl P, Iosif R, Rogalewicz A, Vojnar T (2007) Proving termination of tree manipulating programs. Technical Report TR-2007-1, Verimag

  23. Iosif R (2004) Symmetry reductions for model checking of concurrent dynamic software. In: STTT, pp 302–319

    Google Scholar 

  24. Iosif R, Bozga M, Konecny F Flata. http://www-verimag.imag.fr/FLATA.html

  25. Iosif R, Bozga M, Perarnau S L2CA: Lists to counter automata. http://www-verimag.imag.fr/L2CA-homepage.html

  26. The LASH toolset. http://www.montefiore.ulg.ac.be/~boigelot/research/lash/

  27. Lee O, Yang H, Yi K (2005) Automatic verification of pointer programs using grammar-based shape analysis. In: Proc of ESOP’05. LNCS, vol 3444. Springer, Berlin

    Google Scholar 

  28. Loginov A, Reps TW, Sagiv M (2006) Automated verification of the Deutsch-Schorr-Waite tree-traversal algorithm. In: Proc of SAS’06. LNCS, vol 4134. Springer, Berlin

    Google Scholar 

  29. Manevich R, Yahav E, Ramalingam G, Sagiv M (2005) Predicate abstraction and canonical abstraction for singly-linked lists. In: Proc of VMCAI’05. LNCS, vol 3385. Springer, Berlin

    Google Scholar 

  30. Møller A, Schwartzbach MI (2001) The pointer assertion logic engine. In: Proc of PLDI’01. ACM Press, New York

    Google Scholar 

  31. Reynolds JC (2002) Separation logic: A logic for shared mutable data structures. In: Proc. of LICS’02. IEEE CS Press, Los Alamitos

    Google Scholar 

  32. Rybalchenko A ARMC: Abstraction refinement model checker. http://www7.in.tum.de/rybal/armc/

  33. Sagiv S, Reps TW, Wilhelm R (2002) Parametric shape analysis via 3-valued logic. ACM Trans Program Lang Syst 24(3)

  34. Yahav E, Reps T, Sagiv M, Wilhelm R (2003) Verifying temporal heap properties specified via evolution logic. In: Proc of ESOP’03. LNCS, vol 2618. Springer, Berlin

    Google Scholar 

  35. Yang H, Lee O, Berdine J, Calcagno C, Cook B, Distefano D, O’Hearn PW (2008) Scalable shape analysis for systems code. In: Proc of CAV’08. LNCS, vol 5123. Springer, Berlin

    Chapter  Google Scholar 

  36. Yavuz-Kahveci T, Bultan T (2002) Automated verification of concurrent linked lists with counters. In: Proc of SAS’02. LNCS, vol 2477. Springer, Berlin

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LIAFA, University Paris Diderot—Paris 7, Case 7014, 2, pl. Jussieu, 75251, Paris Cedex 13, France

    Ahmed Bouajjani, Peter Habermehl & Pierre Moro

  2. VERIMAG, 2 av. de Vignate, 38610, Gières, France

    Marius Bozga & Radu Iosif

  3. FIT, Brno University of Technology, Božetěchova 2, 61266, Brno, Czech Republic

    Tomáš Vojnar

Authors
  1. Ahmed Bouajjani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marius Bozga
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peter Habermehl
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Radu Iosif
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Pierre Moro
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Tomáš Vojnar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tomáš Vojnar.

Additional information

This work is a full and revised version of the extended abstract [10] published in Proceedings of CAV’06. The work was supported in part by the Czech Science Foundation (project P103/10/0306), the Czech Ministry of Education (projects COST OC10009 and MSM 0021630528), the internal BUT FIT grant FIT-10-1 and the French ANR projects Averiles and Veridyc.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bouajjani, A., Bozga, M., Habermehl, P. et al. Programs with lists are counter automata. Form Methods Syst Des 38, 158–192 (2011). https://doi.org/10.1007/s10703-011-0111-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10703-011-0111-7

Keywords

Search

Navigation