Verification of heap manipulating programs with ordered data by extended forest automata

We present a general framework for verifying programs with complex dynamic linked data structures whose correctness depends on ordering relations between stored data values. The underlying formalism of our framework is that of forest automata (FA), which has previously been developed for verification of heap-manipulating programs. We extend FA with constraints between data elements associated with nodes of the heaps represented by FA, and we present extended versions of all operations needed for using the extended FA in a fully-automated verification approach, based on abstract interpretation. We have implemented our approach as an extension of the Forester tool and successfully applied it to a number of programs dealing with data structures such as various forms of singly- and doubly-linked lists, binary search trees, as well as skip lists.

[1]  Thomas A. Henzinger,et al.  Lazy Shape Analysis , 2006, CAV.

[2]  Lukás Holík,et al.  Forest Automata for Verification of Heap Manipulation , 2011, CAV.

[3]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[4]  William Pugh,et al.  Skip Lists: A Probabilistic Alternative to Balanced Trees , 1989, WADS.

[5]  Parosh Aziz Abdulla,et al.  Verification of Heap Manipulating Programs with Ordered Data by Extended Forest Automata , 2013, ATVA.

[6]  Parosh Aziz Abdulla,et al.  Automated Analysis of Data-Dependent Programs with Dynamic Memory , 2009, ATVA.

[7]  Peter W. O'Hearn,et al.  Scalable Shape Analysis for Systems Code , 2008, CAV.

[8]  Thomas Noll,et al.  Juggrnaut: Graph Grammar Abstraction for Unbounded Heap Structures , 2010, TTSS.

[9]  Constantin Enea,et al.  Accurate Invariant Checking for Programs Manipulating Lists and Arrays with Infinite Data , 2012, ATVA.

[10]  Zvonimir Rakamaric,et al.  A Logic and Decision Procedure for Predicate Abstraction of Heap-Manipulating Programs , 2006, VMCAI.

[11]  Nils Klarlund,et al.  Automatic verification of pointer programs using monadic second-order logic , 1997, PLDI '97.

[12]  Lukás Holík,et al.  Fully Automated Shape Analysis Based on Forest Automata , 2013, CAV.

[13]  Alan J. Hu,et al.  Verifying Heap-Manipulating Programs in an SMT Framework , 2007, ATVA.

[14]  Ahmed Bouajjani,et al.  Programs with lists are counter automata , 2011, Formal Methods Syst. Des..

[15]  Peter Lee,et al.  Automatic numeric abstractions for heap-manipulating programs , 2010, POPL '10.

[16]  Parosh Aziz Abdulla,et al.  Correction to: An integrated specification and verification technique for highly concurrent data structures , 2013, TACAS.

[17]  Shuvendu K. Lahiri,et al.  Back to the future: revisiting precise program verification using SMT solvers , 2008, POPL '08.

[18]  Viktor Kuncak,et al.  Full functional verification of linked data structures , 2008, PLDI '08.

[19]  Bor-Yuh Evan Chang,et al.  Relational inductive shape analysis , 2008, POPL '08.

[20]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[21]  Viktor Kuncak,et al.  On Verifying Complex Properties using Symbolic Shape Analysis , 2006, ArXiv.

[22]  Serdar Tasiran,et al.  A calculus of atomic actions , 2009, POPL '09.

[23]  Shengchao Qin,et al.  Automated Verification of Shape, Size and Bag Properties , 2007, ICECCS.

[24]  George C. Necula,et al.  Data Structure Specifications via Local Equality Axioms , 2005, CAV.

[25]  George C. Necula,et al.  Shape Analysis with Structural Invariant Checkers , 2007, SAS.

[26]  Shengchao Qin,et al.  Loop invariant synthesis in a combined abstract domain , 2013, J. Symb. Comput..

[27]  Tomás Vojnar,et al.  Byte-Precise Verification of Low-Level List Manipulation , 2013, SAS.

[28]  Thomas W. Reps,et al.  Abstraction Refinement via Inductive Learning , 2005, CAV.

[29]  Shuvendu K. Lahiri,et al.  A Reachability Predicate for Analyzing Low-Level Software , 2007, TACAS.

[30]  Lukás Holík,et al.  Forest automata for verification of heap manipulation , 2012, Formal Methods Syst. Des..

[31]  Andreas Podelski,et al.  Counterexample-guided focus , 2010, POPL '10.