Typestate Verification: Abstraction Techniques and Complexity Results

We consider the problem of typestate verification for shallow programs; i.e., programs where pointers from program variables to heap-allocated objects are allowed, but where heap-allocated objects may not themselves contain pointers. We prove a number of results relating the complexity of verification to the nature of the finite state machine used to specify the property. Some properties are shown to be intractable, but others which appear to be quite similar admit polynomial-time verification algorithms. Our results serve to provide insight into the inherent complexity of important classes of verification problems. In addition, the program abstractions used for the polynomial-time verification algorithms may be of independent interest.

[1]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[2]  Lori A. Clarke,et al.  Verification of concurrent software with FLAVERS , 1997, ICSE '97.

[3]  Eran Yahav,et al.  Verifying safety properties using separation and heterogeneous abstractions , 2004, PLDI '04.

[4]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[5]  G. Ramalingam,et al.  The undecidability of aliasing , 1994, TOPL.

[6]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[7]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[8]  Barbara G. Ryder,et al.  Pointer-induced aliasing: a problem classification , 1991, POPL '91.

[9]  Viktor Kuncak,et al.  Role analysis , 2002, POPL '02.

[10]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[11]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[12]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[13]  Robert DeLine,et al.  Adoption and focus: practical linear types for imperative programming , 2002, PLDI '02.

[14]  Dawson R. Engler,et al.  Using programmer-written compiler extensions to catch security holes , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[16]  Eran Yahav,et al.  Shallow Finite State Verification , 2003 .

[17]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[18]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[19]  Saumya K. Debray,et al.  On the complexity of flow-sensitive dataflow analyses , 2000, POPL '00.

[20]  Deepak Goyal,et al.  Deriving specialized program analyses for certifying component-client conformance , 2002, PLDI '02.

[21]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[22]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[23]  Daniel M. Yellin,et al.  Extending Typestate Checking Using Conditional Liveness Analysis , 1993, IEEE Trans. Software Eng..

[24]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[25]  William Landi,et al.  Undecidability of static analysis , 1992, LOPL.

[26]  Roberto Giacobazzi,et al.  Making abstract interpretations complete , 2000, JACM.