Who is Pointing When to Whom? On the Automated Verification of Linked List Structures

This paper introduces an extension of linear temporal logic that allows to express properties about systems that are composed of entities (like objects) that can refer to each other via pointers. Our logic is focused on specifying properties about the dynamic evolution (such as creation, adaptation, and removal) of such pointer structures. The semantics is based on automata on infinite words, extended with appro- priate means to model evolving pointer structures in an abstract manner. A tableau-based model-checking algorithm is proposed to automatically verify these automata against formulae in our logic.

[1]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[2]  Neil D. Jones,et al.  Flow analysis and optimization of LISP-like structures , 1979, POPL.

[3]  David Nowak,et al.  Towards symbolic verification of programs handling pointers , 2004 .

[4]  Joost-Pieter Katoen,et al.  Who is Pointing When to Whom? , 2004, FSTTCS.

[5]  Peter W. O'Hearn,et al.  BI as an assertion language for mutable data structures , 2001, POPL '01.

[6]  Luca Cardelli,et al.  A Spatial Logic for Querying Graphs , 2002, ICALP.

[7]  Greg Nelson,et al.  Verifying reachability invariants of linked structures , 1983, POPL '83.

[8]  Luca Cardelli,et al.  Anytime, anywhere: modal logics for mobile ambients , 2000, POPL '00.

[9]  Arend Rensink,et al.  Canonical Graph Shapes , 2004, ESOP.

[10]  Marius Bozga,et al.  Storeless semantics and alias logic , 2003, PPoPP 2003.

[11]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[12]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[13]  G. De Micheli,et al.  Resolution of dynamic memory allocation and pointers for the behavioral synthesis from C , 2000, Proceedings Design, Automation and Test in Europe Conference and Exhibition 2000 (Cat. No. PR00537).

[14]  Peter W. O'Hearn,et al.  Separation and information hiding , 2004, POPL.

[15]  Eran Yahav,et al.  Verifying Temporal Heap Properties Specified via Evolution Logic , 2006, Log. J. IGPL.

[16]  Dino Salvo Distefano,et al.  On model checking the dynamics of object-based software : a foundational approach , 2003 .

[17]  Stephen A. Cook,et al.  An assertion language for data structures , 1975, POPL '75.

[18]  Nils Klarlund,et al.  Automatic verification of pointer programs using monadic second-order logic , 1997, PLDI '97.

[19]  Marco Pistore,et al.  An Introduction to History Dependent Automata , 1998, HOOTS.

[20]  Joost-Pieter Katoen,et al.  Model Checking Birth and Death , 2002, IFIP TCS.

[21]  Reinhard Wilhelm,et al.  Solving shape-analysis problems in languages with destructive updating , 1998, TOPL.

[22]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.