Juggrnaut: Graph Grammar Abstraction for Unbounded Heap Structures

We present a novel abstraction framework for heap data structures that uses graph grammars, more precisely context-free hyperedge replacement grammars, as an intuitive formalism for efficiently modeling dynamic data structures. It aims at extending finite-state verification techniques to handle pointer-manipulating programs operating on complex dynamic data structures that are potentially unbounded in their size. We demonstrate how our framework can be employed for analysis and verification purposes by instantiating it for binary trees, and by applying this instantiation to the well-known Deutsch-Schorr-Waite traversal algorithm. Our approach is supported by a prototype tool, enabling the quick verification of essential program properties such as heap invariants, completeness, and termination.

[1]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 2002, TOPL.

[2]  Thomas W. Reps,et al.  Automated Verification of the Deutsch-Schorr-Waite Tree-Traversal Algorithm , 2006, SAS.

[3]  Amir Pnueli,et al.  Shape Analysis by Predicate Abstraction , 2005, VMCAI.

[4]  Ahmed Bouajjani,et al.  Abstract Regular Tree Model Checking of Complex Dynamic Data Structures , 2006, SAS.

[5]  Arend Rensink,et al.  Canonical Graph Shapes , 2004, ESOP.

[6]  Arend Rensink,et al.  Model Checking Dynamic States in GROOVE , 2006, SPIN.

[7]  Peter W. O'Hearn,et al.  Separation and information hiding , 2004, POPL.

[8]  Thomas A. Henzinger,et al.  Lazy Shape Analysis , 2006, CAV.

[9]  Thomas Noll,et al.  Abstracting Complex Data Structures by Hyperedge Replacement , 2008, ICGT.

[10]  B. König,et al.  Verifying Finite-State Graph Grammars: An Unfolding-Based Approach , 2004, CONCUR.

[11]  Andreas Podelski,et al.  Boolean Heaps , 2005, SAS.

[12]  Joost Engelfriet,et al.  A Greibach Normal Form for Context-free Graph Grammars , 1992, ICALP.

[13]  William M. Waite,et al.  An efficient machine-independent procedure for garbage collection in various list structures , 1967, CACM.

[14]  Arend Rensink,et al.  Abstract Graph Transformation , 2006, SVV@ICFEM.

[15]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[16]  Annegret Habel,et al.  Hyperedge Replacement, Graph Grammars , 1997, Handbook of Graph Grammars.

[17]  Paolo Baldan,et al.  Approximating the Behaviour of Graph Transformation Systems , 2002, ICGT.

[18]  Thomas Noll,et al.  Verifying Dynamic Pointer-Manipulating Threads , 2008, FM.

[19]  Ahmed Bouajjani,et al.  Verifying Programs with Dynamic 1-Selector-Linked Structures in Regular Model Checking , 2005, TACAS.

[20]  Detlef Plump,et al.  Extending C for Checking Shape Safety , 2006, Electron. Notes Theor. Comput. Sci..

[21]  Arend Rensink Model Checking Quantified Computation Tree Logic , 2006, CONCUR.

[22]  Hongseok Yang,et al.  Automatic Verification of Pointer Programs Using Grammar-Based Shape Analysis , 2005, ESOP.

[23]  Hartmut Ehrig,et al.  Handbook of graph grammars and computing by graph transformation: vol. 3: concurrency, parallelism, and distribution , 1999 .

[24]  Colin Runciman,et al.  Specifying Pointer Structures by Graph Reduction , 2003, AGTIVE.

[25]  Gary Lindstrom,et al.  Scanning List Structures Without Stacks or Tag Bits , 1973, Information Processing Letters.

[26]  Kedar S. Namjoshi,et al.  Shape Analysis through Predicate Abstraction and Model Checking , 2003, VMCAI.