Safety and Liveness in Concurrent Pointer Programs

The incorrect use of pointers is one of the most common source of software errors. Concurrency has a similar characteristic. Proving the correctness of concurrent pointer manipulating programs, let alone algorithmically, is a highly non-trivial task. This paper proposes an automated verification technique for concurrent programs that manipulate linked lists. Key issues of our approach are: automata (with fairness constraints), heap abstractions that are tailored to the program and property to be checked, first-order temporal logic, and a tableau-based model-checking algorithm.

[1]  Stephen A. Cook,et al.  An assertion language for data structures , 1975, POPL '75.

[2]  Neil D. Jones,et al.  Flow analysis and optimization of LISP-like structures , 1979, POPL.

[3]  Robin Milner,et al.  A Calculus of Communicating Systems , 1980, Lecture Notes in Computer Science.

[4]  Joseph M. Morris Assignment and Linked Data Structures , 1982 .

[5]  Greg Nelson,et al.  Verifying reachability invariants of linked structures , 1983, POPL '83.

[6]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[7]  Editors , 1986, Brain Research Bulletin.

[8]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[9]  Rob J. van Glabbeek,et al.  The Linear Time - Branching Time Spectrum II , 1993, CONCUR.

[10]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[11]  Pascal Fradet,et al.  Static Detection of Pointer Errors: An Axiomatisation and a Checking Algorithm , 1996, ESOP.

[12]  Reinhard Wilhelm,et al.  Solving shape-analysis problems in languages with destructive updating , 1998, TOPL.

[13]  Marco Pistore,et al.  An Introduction to History Dependent Automata , 1998, HOOTS.

[14]  Nils Klarlund,et al.  Automatic verification of pointer programs using monadic second-order logic , 1997, PLDI '97.

[15]  Luca Viganò,et al.  Labelled Modal Logics: Quantifiers , 1998, J. Log. Lang. Inf..

[16]  Melvin Fitting,et al.  On Quantified Modal Logic , 1999, Fundam. Informaticae.

[17]  Giovanni De Micheli,et al.  Resolution of dynamic memory allocation and pointers for the behavioral synthesis form C , 2000, DATE '00.

[18]  Luca Cardelli,et al.  Anytime, anywhere: modal logics for mobile ambients , 2000, POPL '00.

[19]  G. De Micheli,et al.  Resolution of dynamic memory allocation and pointers for the behavioral synthesis from C , 2000, Proceedings Design, Automation and Test in Europe Conference and Exhibition 2000 (Cat. No. PR00537).

[20]  Anders Møller,et al.  The Pointer Assertion Logic Engine , 2000 .

[21]  Rob van Glabbeek,et al.  Handbook of Process Algebra , 2001 .

[22]  Rob J. van Glabbeek,et al.  The Linear Time - Branching Time Spectrum I , 2001, Handbook of Process Algebra.

[23]  Peter W. O'Hearn,et al.  BI as an assertion language for mutable data structures , 2001, POPL '01.

[24]  Joost-Pieter Katoen,et al.  Model Checking Birth and Death , 2002, IFIP TCS.

[25]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[26]  Luca Cardelli,et al.  A Spatial Logic for Querying Graphs , 2002, ICALP.

[27]  Tevfik Bultan,et al.  Automated Verification of Concurrent Linked Lists with Counters , 2002, SAS.

[28]  Marius Bozga,et al.  Storeless semantics and alias logic , 2003, PPoPP 2003.

[29]  Stephen Chong,et al.  Static Analysis of Accessed Regions in Recursive Data Structures , 2003, SAS.

[30]  David Nowak,et al.  Towards symbolic verification of programs handling pointers , 2004 .

[31]  Peter W. O'Hearn,et al.  Separation and information hiding , 2004, POPL.

[32]  Peter W. O'Hearn,et al.  A Decidable Fragment of Separation Logic , 2004, FSTTCS.

[33]  Arend Rensink,et al.  Canonical Graph Shapes , 2004, ESOP.

[34]  Joost-Pieter Katoen,et al.  Who is Pointing When to Whom? , 2004, FSTTCS.

[35]  Yassine Lakhnech,et al.  On Logics of Aliasing , 2004, SAS.

[36]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[37]  Joost-Pieter Katoen,et al.  Who is Pointing When to Whom? On the Automated Verification of Linked List Structures , 2004 .

[38]  Ahmed Bouajjani,et al.  Verifying Programs with Dynamic 1-Selector-Linked Structures in Regular Model Checking , 2005, TACAS.

[39]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[40]  Eran Yahav,et al.  Predicate Abstraction and Canonical Abstraction for Singly-Linked Lists , 2005, VMCAI.

[41]  Dino Distefano A Parametric Model for the Analysis of Mobile Ambients , 2005, APLAS.

[42]  Eran Yahav,et al.  Verifying Temporal Heap Properties Specified via Evolution Logic , 2006, Log. J. IGPL.