Automatic Verification of Parameterized Data Structures

Verifying correctness of programs operating on data structures has become an integral part of software verification. A method is a program that acts on an input data structure (modeled as a graph) and produces an output data structure. The parameterized correctness problem for such methods can be defined as follows: Given a method and a property of the input graphs, we wish to verify that for all input graphs, parameterized by their size, the output graphs also satisfy the property. We present an automated approach to verify that a given method preserves a given property for a large class of methods. Examples include reversals of linked lists, insertion, deletion and iterative modification of nodes in directed graphs. Our approach draws on machinery from automata theory and temporal logic. For a useful class of data structures and properties, our solution is polynomial in the size of the method and size of the property specification.

[1]  E. Allen Emerson,et al.  Tree automata, mu-calculus and determinacy , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[2]  Thomas W. Reps,et al.  Putting static analysis to work for verification: A case study , 2000, ISSTA '00.

[3]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[4]  E. Allen Emerson,et al.  Automata, Tableaux and Temporal Logics (Extended Abstract) , 1985, Logic of Programs.

[5]  Michael I. Schwartzbach,et al.  The pointer assertion logic engine , 2000, PLDI '01.

[6]  E. Allen Emerson,et al.  The complexity of tree automata and logics of programs , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[7]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[8]  Ahmed Bouajjani,et al.  Verifying Programs with Dynamic 1-Selector-Linked Structures in Regular Model Checking , 2005, TACAS.

[9]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[10]  Michael Benedikt,et al.  A Decidable Logic for Describing Linked Data Structures , 1999, ESOP.

[11]  Philippe Schnoebelen,et al.  The Complexity of Temporal Logic Model Checking , 2002, Advances in Modal Logic.

[12]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[13]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[14]  Arnold L. Rosenberg On multi-head finite automata , 1965, SWCT.

[15]  Vineet Kahlon,et al.  Model Checking Large-Scale and Parameterized Resource Allocation Systems , 2002, TACAS.

[16]  守屋 悦朗,et al.  J.E.Hopcroft, J.D. Ullman 著, "Introduction to Automata Theory, Languages, and Computation", Addison-Wesley, A5変形版, X+418, \6,670, 1979 , 1980 .

[17]  Thomas Schwentick,et al.  Finite state machines for strings over infinite alphabets , 2004, TOCL.

[18]  E. Emerson,et al.  Tree Automata, Mu-Calculus and Determinacy (Extended Abstract) , 1991, FOCS 1991.