A Logic and Decision Procedure for Predicate Abstraction of Heap-Manipulating Programs

An important and ubiquitous class of programs are heap-manipulating programs (HMP), which manipulate unbounded linked data structures by following pointers and updating links. Predicate abstraction has proved to be an invaluable technique in the field of software model checking; this technique relies on an efficient decision procedure for the underlying logic. The expression and proof of many interesting HMP safety properties require transitive closure predicates; such predicates express that some node can be reached from another node by following a sequence of (zero or more) links in the data structure. Unfortunately, adding support for transitive closure often yields undecidability, so one must be careful in defining such a logic. Our primary contributions are the definition of a simple transitive closure logic for use in predicate abstraction of HMPs, and a decision procedure for this logic. Through several experimental examples, we demonstrate that our logic is expressive enough to prove interesting properties with predicate abstraction, and that our decision procedure provides us with both a time and space advantage over previous approaches.

[1]  Alan J. Hu,et al.  A Better Logic and Decision Procedure for Predicate Abstraction of Heap-Manipulating Programs , 2006 .

[2]  Neil Immerman,et al.  The Boundary Between Decidability and Undecidability for Transitive-Closure Logics , 2004, CSL.

[3]  George C. Necula,et al.  Data Structure Specifications via Local Equality Axioms , 2005, CAV.

[4]  E. Clarke,et al.  Inferring Invariants in Separation Logic for Imperative List-processing Programs , 2005 .

[5]  Neil Immerman,et al.  Simulating Reachability Using First-Order Logic with Applications to Verification of Linked Data Structures , 2005, CADE.

[6]  David Gries,et al.  The Science of Programming , 1981, Text and Monographs in Computer Science.

[7]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[8]  David L. Dill,et al.  Counter-Example Based Predicate Discovery in Predicate Abstraction , 2002, FMCAD.

[9]  David L. Dill,et al.  Successive approximation of abstract transition relations , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[10]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[11]  Thomas W. Reps,et al.  Putting static analysis to work for verification: A case study , 2000, ISSTA '00.

[12]  Nils Klarlund,et al.  Graph types , 1993, POPL '93.

[13]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[14]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[15]  Thomas W. Reps,et al.  Symbolically Computing Most-Precise Abstract Operations for Shape Analysis , 2004, TACAS.

[16]  Andreas Podelski,et al.  Relative Completeness of Abstraction Refinement for Software Model Checking , 2002, TACAS.

[17]  Shuvendu K. Lahiri,et al.  Verifying properties of well-founded linked lists , 2006, POPL '06.

[18]  Nils Klarlund,et al.  MONA Implementation Secrets , 2000, CIAA.

[19]  Greg Nelson,et al.  Verifying reachability invariants of linked structures , 1983, POPL '83.

[20]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[21]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[22]  Thomas W. Reps,et al.  Finite Differencing of Logical Formulas for Static Analysis , 2003, ESOP.

[23]  Amir Pnueli,et al.  Shape Analysis by Predicate Abstraction , 2005, VMCAI.

[24]  Viktor Kuncak,et al.  Field Constraint Analysis , 2005, VMCAI.

[25]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[26]  Anders Møller,et al.  The Pointer Assertion Logic Engine , 2000 .

[27]  Nils Klarlund,et al.  Automatic verification of pointer programs using monadic second-order logic , 1997, PLDI '97.

[28]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[29]  Sanjit A. Seshia,et al.  Modeling and Verifying Systems Using a Logic of Counter Arithmetic with Lambda Expressions and Uninterpreted Functions , 2002, CAV.

[30]  Kedar S. Namjoshi,et al.  Shape Analysis through Predicate Abstraction and Model Checking , 2003, VMCAI.

[31]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[32]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[33]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[34]  Eran Yahav,et al.  Predicate Abstraction and Canonical Abstraction for Singly-Linked Lists , 2005, VMCAI.

[35]  David L. Dill,et al.  Experience with Predicate Abstraction , 1999, CAV.

[36]  Amir Pnueli,et al.  Verification by Augmented Finitary Abstraction , 2000, Inf. Comput..

[37]  Alex K. Simpson,et al.  Computational Adequacy in an Elementary Topos , 1998, CSL.

[38]  Michael Benedikt,et al.  A Decidable Logic for Describing Linked Data Structures , 1999, ESOP.

[39]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[40]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[41]  Thomas W. Reps,et al.  Abstraction Refinement via Inductive Learning , 2005, CAV.