Predicate Abstraction and Canonical Abstraction for Singly-Linked Lists

Predicate abstraction and canonical abstraction are two finitary abstractions used to prove properties of programs. We study the relationship between these two abstractions by considering a very limited case: abstraction of (potentially cyclic) singly-linked lists. We provide a new and rather precise family of abstractions for potentially cyclic singly-linked lists. The main observation behind this family of abstractions is that the number of shared nodes in linked lists can be statically bounded. Therefore, the number of possible “heap shapes” is also bounded. We present the new abstraction in both predicate abstraction form as well as in canonical abstraction form. As we illustrate in the paper, given any canonical abstraction, it is possible to define a predicate abstraction that is equivalent to the canonical abstraction. However, with this straightforward simulation, the number of predicates used for the predicate abstraction is exponential in the number of predicates used by the canonical abstraction. An important feature of the family of abstractions we present in this paper is that the predicate abstraction representation we define is far more practical as it uses a number of predicates that is quadratic in the number of predicates used by the corresponding canonical abstraction representation. In particular, for the most abstract abstraction in this family, the number of predicates used by the canonical abstraction is linear in the number of program variables, while the number of predicates used by the predicate abstraction is quadratic in the number of program variables. We have encoded this particular predicate abstraction and corresponding transformers in TVLA, and used this implementation to successfully verify safety properties of several list manipulating programs, including programs that were not previously verified using predicate abstraction or canonical abstraction.

[1]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI '03.

[2]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[3]  Neil D. Jones,et al.  Flow analysis and optimization of LISP-like structures , 1979, POPL.

[4]  Thomas W. Reps,et al.  Symbolic Implementation of the Best Transformer , 2004, VMCAI.

[5]  Thomas W. Reps,et al.  Numeric Domains with Summarized Dimensions , 2004, TACAS.

[6]  Nils Klarlund,et al.  Automatic verification of pointer programs using monadic second-order logic , 1997, PLDI '97.

[7]  Kedar S. Namjoshi,et al.  Shape Analysis through Predicate Abstraction and Model Checking , 2003, VMCAI.

[8]  Eran Yahav,et al.  Verifying safety properties using separation and heterogeneous abstractions , 2004, PLDI '04.

[9]  K RajamaniSriram,et al.  The SLAM project , 2002 .

[10]  Sriram K. Rajamani,et al.  Generating Abstract Explanations of Spurious Counterexamples in C Programs , 2002 .

[11]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[12]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[13]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[14]  Eran Yahav,et al.  Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management , 2003, SAS.

[15]  Neil Immerman,et al.  The Boundary Between Decidability and Undecidability for Transitive-Closure Logics , 2004, CSL.

[16]  Deepak Goyal,et al.  Deriving specialized program analyses for certifying component-client conformance , 2002, PLDI '02.

[17]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[18]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[19]  Michael Benedikt,et al.  A Decidable Logic for Describing Linked Data Structures , 1999, ESOP.

[20]  Venkatesan T. Chakaravarthy New results on the computability and complexity of points - to analysis , 2003, POPL.

[21]  M. Rabin Decidability of second-order theories and automata on infinite trees. , 1969 .

[22]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[23]  M. Rabin Decidability of second-order theories and automata on infinite trees , 1968 .