Verify heaps via unified model checking

Abstract This paper addresses the problem of verifying heap evolution properties of pointer programs. To this end, a new unified model checking approach with MSVL (Modeling, Simulation and Verification Language) and PPTLSL is presented. The former is an executable subset of PTL (Projection Temporal Logic) while the latter is an extension of PPTL (Propositional Projection Temporal Logic) with separation logic. MSVL is used to model pointer programs, and PPTLSL to specify heap evolution properties. Technically, on one hand, models of MSVL programs are characterized by Normal Form Graphs (NFGs). On the other hand, PPTLSL is equisatisfiably reduced to its subset which can reuse the decision procedure of PPTL. Our technique is able to deal with a variety of pointer structures such as linked lists and composite structures. In addition, we implement a prototype tool by using an SMT solver as the verification engine in order to demonstrate our approach.

[1]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 2002, TOPL.

[2]  Carsten Sinz,et al.  LLBMC: Improved Bounded Model Checking of C Programs Using LLVM - (Competition Contribution) , 2013, TACAS.

[3]  Maciej Koutny,et al.  Framed temporal logic programming , 2008, Sci. Comput. Program..

[4]  Stephen A. Cook,et al.  An assertion language for data structures , 1975, POPL '75.

[5]  Zhenhua Duan,et al.  A Unified Model Checking Approach with Projection Temporal Logic , 2008, ICFEM.

[6]  Joost-Pieter Katoen,et al.  Safety and Liveness in Concurrent Pointer Programs , 2005, FMCO.

[7]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[8]  Zhenhua Duan,et al.  An extended interval temporal logic and a framing technique for temporal logic programming , 1996 .

[9]  Eran Yahav,et al.  Predicate Abstraction and Canonical Abstraction for Singly-Linked Lists , 2005, VMCAI.

[10]  Peter W. O'Hearn,et al.  BI as an assertion language for mutable data structures , 2001, POPL '01.

[11]  Liang Zhao,et al.  Formalizing and Implementing Types in MSVL , 2013, SOFL+MSVL.

[12]  Zhenhua Duan,et al.  Model checking concurrent systems with MSVL , 2016, Science China Information Sciences.

[13]  Stéphane Demri,et al.  On the almighty wand , 2012, Inf. Comput..

[14]  Zhenhua Duan,et al.  Extending MSVL with Function Calls , 2014, ICFEM.

[15]  Ahmed Bouajjani,et al.  Abstract Regular Tree Model Checking of Complex Dynamic Data Structures , 2006, SAS.

[16]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[17]  Thomas A. Henzinger,et al.  The software model checker B last : Applications to software engineering , 2007 .

[18]  S. Rajamani,et al.  A decade of software model checking with SLAM , 2011, Commun. ACM.

[19]  Shaoying Liu,et al.  Structured Object-Oriented Formal Language and Method , 2013, Lecture Notes in Computer Science.

[20]  R. M. Burstall,et al.  Some Techniques for Proving Correctness of Programs which Alter Data Structures , 2013 .

[21]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[22]  Stefan Rieger,et al.  Verification of Pointer Programs , 2009 .

[23]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[24]  Christel Baier,et al.  Principles of model checking , 2008 .

[25]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[26]  William Landi,et al.  Undecidability of static analysis , 1992, LOPL.

[27]  Thomas A. Henzinger,et al.  The software model checker Blast , 2007, International Journal on Software Tools for Technology Transfer.

[28]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[29]  Peter W. O'Hearn,et al.  Compositional Shape Analysis by Means of Bi-Abduction , 2011, JACM.

[30]  Neil Immerman,et al.  Simulating Reachability Using First-Order Logic with Applications to Verification of Linked Data Structures , 2005, CADE.

[31]  Zhenhua Duan,et al.  Complexity of propositional projection temporal logic with star , 2009, Math. Struct. Comput. Sci..

[32]  Zhenhua Duan,et al.  Propositional Projection Temporal Logic, Bchi Automata and omega-Regular Expressions , 2008, TAMC.

[33]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[34]  Zhenhua Duan,et al.  Extending PPTL for Verifying Heap Evolution Properties , 2015, ArXiv.

[35]  Eran Yahav,et al.  Verifying Temporal Heap Properties Specified via Evolution Logic , 2006, Log. J. IGPL.

[36]  Philippa Gardner,et al.  From Separation Logic to First-Order Logic , 2005, FoSSaCS.

[37]  Li Zhang,et al.  A decision procedure for propositional projection temporal logic with infinite models , 2008, Acta Informatica.

[38]  María-del-Mar Gallardo,et al.  Model Checking Dynamic Memory Allocation in Operating Systems , 2009, Journal of Automated Reasoning.