Monotonic Abstraction for Programs with Dynamic Memory Heaps

We propose a new approach for automatic verification of programs with dynamic heap manipulation. The method is based on symbolic (backward) reachability analysis using upward-closed sets of heaps w.r.t. an appropriate preorder on graphs. These sets are represented by a finite set of minimal graph patterns corresponding to a set of bad configurations. We define an abstract semantics for the programs which is monotonic w.r.t. the preorder. Moreover, we prove that our analysis always terminates by showing that the preorder is a well-quasi ordering. Our results are presented for the case of programs with 1-next selector. We provide experimental results showing the effectiveness of our approach.

[1]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[2]  Amir Pnueli,et al.  Symbolic model checking with rich assertional languages , 2001, Theor. Comput. Sci..

[3]  Peter W. O'Hearn,et al.  Shape Analysis for Composite Data Structures , 2007, CAV.

[4]  Pierre Wolper,et al.  Verifying Systems with Infinite but Regular State Spaces , 1998, CAV.

[5]  Shuvendu K. Lahiri,et al.  Verifying properties of well-founded linked lists , 2006, POPL '06.

[6]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[7]  Parosh Aziz Abdulla,et al.  Model checking of systems with many identical timed processes , 2003, Theor. Comput. Sci..

[8]  Alain Finkel,et al.  From pointer systems to counter systems using shape analysis , 2006 .

[9]  Eran Yahav,et al.  Predicate Abstraction and Canonical Abstraction for Singly-Linked Lists , 2005, VMCAI.

[10]  Ahmed Bouajjani,et al.  Abstract Regular Model Checking , 2004, CAV.

[11]  Ahmed Bouajjani,et al.  Verifying Programs with Dynamic 1-Selector-Linked Structures in Regular Model Checking , 2005, TACAS.

[12]  Kedar S. Namjoshi,et al.  On model checking for non-deterministic infinite-state systems , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[13]  Peter W. O'Hearn,et al.  Automatic Termination Proofs for Programs with Shape-Shifting Heaps , 2006, CAV.

[14]  Peter Z. Revesz,et al.  A Closed-Form Evaluation for Datalog Queries with Integer (Gap)-Order Constraints , 1993, Theor. Comput. Sci..

[15]  Parosh Aziz Abdulla,et al.  Verifying programs with unreliable channels , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[16]  Parosh Aziz Abdulla,et al.  Regular Model Checking Without Transducers (On Efficient Verification of Parameterized Systems) , 2007, TACAS.

[17]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[18]  Philippe Schnoebelen,et al.  Well-structured transition systems everywhere! , 2001, Theor. Comput. Sci..

[19]  Parosh Aziz Abdulla,et al.  Parameterized Verification of Infinite-State Processes with Global Conditions , 2007, CAV.

[20]  Parosh Aziz Abdulla,et al.  Algorithmic Analysis of Programs with Well Quasi-ordered Domains , 2000, Inf. Comput..

[21]  Parosh Aziz Abdulla,et al.  A Survey of Regular Model Checking , 2004, CONCUR.

[22]  Ahmed Bouajjani,et al.  Languages, Rewriting Systems, and Verification of Infinite-State Systems , 2001, ICALP.

[23]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[24]  Michael I. Schwartzbach,et al.  The pointer assertion logic engine , 2000, PLDI '01.

[25]  Peter W. O'Hearn Separation Logic and Program Analysis , 2006, SAS.

[26]  Amir Pnueli,et al.  Shape Analysis of Single-Parent Heaps , 2007, VMCAI.

[27]  Vincent Danos,et al.  Reversible Communicating Systems , 2004, CONCUR.

[28]  Nils Klarlund,et al.  Automatic verification of pointer programs using monadic second-order logic , 1997, PLDI '97.

[29]  Ahmed Bouajjani,et al.  Abstract Regular Tree Model Checking of Complex Dynamic Data Structures , 2006, SAS.

[30]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[31]  R. Wilhelm,et al.  Parametric Shape Analysis via 3 - valued Logic TOPLAS , 2002 .

[32]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[33]  Alain Finkel,et al.  On the verification of broadcast protocols , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).