Abstracting Complex Data Structures by Hyperedge Replacement

We present a novel application of hyperedge replacement grammars, showing that they can serve as an intuitive formalism for abstractly modeling dynamic data structures. The aim of our framework is to extend finite-state verification techniques to handle pointer-manipulating programs operating on complex dynamic data structures that are potentially unbounded in their size. The idea is to represent both abstraction mappings on user-defined dynamic data structures and the (abstract) semantics of pointer-manipulating operations using graph grammars, supporting a smooth integration of the two aspects. We demonstrate how our framework can be employed for analysis and verification purposes, e.g., to prove that a procedure preserves structural invariants of the heap.

[1]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[2]  Annegret Habel,et al.  Hyperedge Replacement, Graph Grammars , 1997, Handbook of Graph Grammars.

[3]  Hongseok Yang,et al.  Automatic Verification of Pointer Programs Using Grammar-Based Shape Analysis , 2005, ESOP.

[4]  Manfred Nagl,et al.  Applications of Graph Transformations with Industrial Relevance , 2004, Lecture Notes in Computer Science.

[5]  Ahmed Bouajjani,et al.  Abstract Regular Tree Model Checking of Complex Dynamic Data Structures , 2006, SAS.

[6]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 2002, TOPL.

[7]  Amir Pnueli,et al.  Shape Analysis by Predicate Abstraction , 2005, VMCAI.

[8]  Arend Rensink,et al.  Model Checking Dynamic States in GROOVE , 2006, SPIN.

[9]  Kaisa Sere,et al.  FM 2008: Formal Methods, 15th International Symposium on Formal Methods, Turku, Finland, May 26-30, 2008, Proceedings , 2008, FM.

[10]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[11]  Arend Rensink,et al.  Abstract Graph Transformation , 2006, SVV@ICFEM.

[12]  Graham Steel,et al.  Deduction with XOR Constraints in Security API Modelling , 2005, CADE.

[13]  Paolo Baldan,et al.  Approximating the Behaviour of Graph Transformation Systems , 2002, ICGT.

[14]  Hong-Seok Kim,et al.  Bottom-Up and Top-Down Context-Sensitive Summary-Based Pointer Analysis , 2004, SAS.

[15]  Susan Horwitz,et al.  Pointer-Range Analysis , 2004, SAS.

[16]  Arend Rensink,et al.  Canonical Graph Shapes , 2004, ESOP.

[17]  Yassine Lakhnech,et al.  On Logics of Aliasing , 2004, SAS.

[18]  Peter W. O'Hearn,et al.  Separation and information hiding , 2004, POPL.

[19]  Hartmut Ehrig,et al.  Handbook of graph grammars and computing by graph transformation: vol. 3: concurrency, parallelism, and distribution , 1999 .

[20]  Detlef Plump,et al.  Extending C for Checking Shape Safety , 2006, Electron. Notes Theor. Comput. Sci..

[21]  Neil Immerman,et al.  Simulating Reachability Using First-Order Logic with Applications to Verification of Linked Data Structures , 2005, CADE.

[22]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[23]  Jianwen Zhu,et al.  Symbolic pointer analysis revisited , 2004, PLDI '04.

[24]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[25]  B. König,et al.  Verifying Finite-State Graph Grammars: An Unfolding-Based Approach , 2004, CONCUR.

[26]  Joost Engelfriet,et al.  A Greibach Normal Form for Context-free Graph Grammars , 1992, ICALP.

[27]  Colin Runciman,et al.  Checking the Shape Safety of Pointer Manipulations , 2003, RelMiCS.

[28]  Colin Runciman,et al.  Specifying Pointer Structures by Graph Reduction , 2003, AGTIVE.

[29]  Georg Struth,et al.  Relational and Kleene-Algebraic Methods in Computer Science , 2003, Lecture Notes in Computer Science.

[30]  Vincent Danos,et al.  Reversible Communicating Systems , 2004, CONCUR.

[31]  Kedar S. Namjoshi,et al.  Shape Analysis through Predicate Abstraction and Model Checking , 2003, VMCAI.

[32]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[33]  Andreas Podelski,et al.  Boolean Heaps , 2005, SAS.

[34]  Thomas Noll,et al.  Verifying Dynamic Pointer-Manipulating Threads , 2008, FM.

[35]  Thomas A. Henzinger,et al.  Lazy Shape Analysis , 2006, CAV.