Abstract
We present a general framework for verifying programs with complex dynamic linked data structures whose correctness depends on ordering relations between stored data values. The underlying formalism of our framework is that of forest automata (FA), which has previously been developed for verification of heap-manipulating programs. We extend FA with constraints between data elements associated with nodes of the heaps represented by FA, and we present extended versions of all operations needed for using the extended FA in a fully-automated verification approach, based on abstract interpretation. We have implemented our approach as an extension of the Forester tool and successfully applied it to a number of programs dealing with data structures such as various forms of singly- and doubly-linked lists, binary search trees, as well as skip lists.
Similar content being viewed by others
Notes
The use of \(\ne \) is forbidden because it would lead to a disjunction of constraints, which we do not support in this work.
Note that from the definitions of languages of TAs and FAs, the effect of the \(\sim _{\mathtt {ra}}\) data constraint (both local and global) is local to the TAs it is related to.
References
Abdulla, P.A., Atto, M., Cederberg, J., Ji, R.: Automated analysis of data-dependent programs with dynamic memory. In Proceedings of the 7th International Symposium on Automated Technology for Verification and Analysis–ATVA’09, volume 5799 of LNCS, pp. 197–212. Springer, Berlin (2009)
Abdulla, P.A., Haziza, F., Holík, L., Jonsson, B., Rezine, A.: An integrated specification and verification technique for highly concurrent data structures. In Proceedings of the 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems–TACAS’13, volume 7795 of LNCS, pp. 324–338. Springer (2013)
Abdulla, P., Holík, L., Jonsson, B., Lengál, O., Trinh, C. Q., Vojnar, T.: Verification of heap manipulating programs with ordered data by extended forest automata. In Proceedings of the 11th International Symposium on Automated Technology for Verification and Analysis–ATVA’13, volume 8172 of LNCS, pp. 224–239. Springer (2013)
Beyer, D., Henzinger, T.A., Théoduloz, G.: Lazy shape analysis. In Proceedings of the 18th International Conference on Computer Aided Verification–CAV’06, volume 4144 of LNCS, pp. 532–546. Springer (2006)
Bingham, J., Rakamarić, Z.: A logic and decision procedure for predicate abstraction of heap-manipulating programs. In Proceedings of the 7th International Conference on Verification, Model Checking, and Abstract Interpretation–VMCAI’06, volume 3855 of LNCS, pp. 207–221. Springer (2006)
Bouajjani, A., Bozga, M., Habermehl, P., Iosif, R., Moro, P., Vojnar, T.: Programs with lists are counter automata. Form. Methods Syst. Des. 38(2), 158–192 (2011)
Bouajjani, A., Drăgoi, C., Enea, C., Sighireanu, M.: Accurate invariant checking for programs manipulating lists and arrays with infinite data. In Proceedings of the 10th International Symposium on Automated Technology for Verification and Analysis–ATVA’12, volume 7561 of LNCS, pp 167–182. Springer (2012)
Bouajjani, A., Habermehl, P., Rogalewicz, A., Vojnar, T.: Abstract regular (tree) model checking. Int. J. Softw. Tools Technol. Transf. 14(2), 167–191 (2012)
Chang, B.-Y. E., Rival, X.: Relational inductive shape analysis. In Proceedings of the 35th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages–POPL’08, pp. 247–260. ACM (2008)
Chang, B.-Y.E., Rival, X., Necula, G.C.: Shape analysis with structural invariant checkers. In Proceedings of the 14th International Static Analysis Symposium–SAS’07, volume 4634 of LNCS, pp. 384–401. Springer (2007)
Chatterjee, S., Lahiri, S. K., Qadeer, S., Rakaramarić, Z.: A reachability predicate for analyzing low-level software. In Proceedings of the 13th International Conference on Tools and Algorithms for the Construction and Analysis of Systems–TACAS’07, volume 4424 of LNCS, pp. 19–33. Springer (2007)
Chin, W.-N., David, C., Nguyen, H.H., Qin, S.: Automated verification of shape, size and bag properties via user-defined predicates in separation logic. Sci. Comput. Program. 77(9), 1006–1036 (2012)
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages–POPL’77, pp. 238–252. ACM (1977)
Dudka, K., Peringer, P., Vojnar, T.: Byte-precise verification of low-level list manipulation. In Proceedings of the 20th International Static Analysis Symposium–SAS’13, volume 7935 of LNCS, pp. 215–237. Springer (2013)
Habermehl, P., Holík, L., Rogalewicz, A., Šimáček, J., Vojnar, T.: Forest automata for verification of heap manipulation. Form. Methods Syst. Des. 41(1), 83–106 (2012)
Heinen, J., Noll, T., Rieger, S.: Juggrnaut: Graph grammar abstraction for unbounded heap structures. In Proceedings of the 3rd International Workshop on Harnessing Theories for Tool Support in Software–TTSS’09, volume 266 of ENTCS, pp. 93–107. Elsevier (2010)
Holík, L., Lengál, O., Rogalewicz, A., Šimáček, J., Vojnar, T.: Fully automated shape analysis based on forest automata. In Proceedings of the 25th International Conference on Computer Aided Verification–CAV’13, volume 8044 of LNCS, pp. 740–755. Springer (2013)
Jensen, J.L., Jørgensen, M. E., Schwartzbach, M. I., Klarlund, N.: Automatic verification of pointer programs using monadic second-order logic. In Proceedings of the 1997 ACM SIGPLAN Conference on Programming Language Design and Implementation–PLDI’97, pp. 226–234. ACM (1997)
Lahiri, S.K., Qadeer, S.: Back to the future: revisiting precise program verification using SMT solvers. In Proceedings of the 35th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages–POPL’08, pp. 171–182. ACM (2008)
Loginov, A., Reps, T., Sagiv, M.: Abstraction refinement via inductive learning. In Proceedings of the 17th International Conference on Computer Aided Verification–CAV’05, volume 3576 of LNCS, pp. 519–533. Springer (2005)
Magill, S., Tsai, M.-H., Lee, P., Tsay, Y.-K.: Automatic numeric abstractions for heap-manipulating programs. In Proceedings of the 37th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages–POPL’10, pp. 211–222. ACM (2010)
McPeak, S., Necula, G.C.: Data structure specifications via local equality axioms. In Proceedings of the 17th International Conference on Computer Aided Verification–CAV’05, volume 3576 of LNCS, pp. 476–490. Springer (2005)
Pugh, W.: Skip lists: a probabilistic alternative to balanced trees. Commun ACM 33(6), 668–676 (1990)
Qin, S., He, G., Luo, C., Chin, W.-N., Chen, X.: Loop invariant synthesis in a combined abstract domain. J. Symb. Comput. 50, 386–408 (2013)
Rakamarić, Z., Bruttomesso, R., Hu, A.J., Cimatti, A.: Verifying heap-manipulating programs in an SMT framework. In Proceedings of the 5th International Symposium on Automated Technology for Verification and Analysis–ATVA’07, volume 4762 of LNCS, pp. 237–252. Springer (2007)
Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24(3), 217–298 (2002)
Wies, T., Kuncak, V., Zee, K., Podelski, A., Rinard, M.: On verifying complex properties using symbolic shape analysis. In Proceedings of Heap Analysis and Verification 2007–HAV’07 (2007)
Wies, T., Podelski, A.: Counterexample-guided focus. In Proceedings of the 37th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages–POPL’10, pp. 249–260. ACM (2010)
Yang, H., Lee, O., Berdine, J., Calcagno, C., Cook, B., Distefano, D., O’Hearn, P.W.: Scalable shape analysis for systems code. In Proceedings of the 20th International Conference on Computer Aided Verification–CAV’08, volume 5123 of LNCS, pp. 385–398. Springer (2008)
Zee, K., Kuncak, V., Rinard, M.C.: Full functional verification of linked data structures. In Proceedings of the 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation–PLDI’08, pp. 349–361. ACM (2008)
Acknowledgments
We thank the anonymous reviewers for their useful feedback on the paper.
Author information
Authors and Affiliations
Corresponding author
Additional information
This paper is an extended version of a paper published in the proceedings of ATVA’13. The work was supported by the Czech Science Foundation (Projects 14-11384S and 13-37876P), the internal BUT project FIT-S-14-2486, the EU/Czech IT4Innovations Centre of Excellence Project CZ.1.05/1.1.00/02.0070, the Swedish Foundation for Strategic Research within the ProFuN project, and by the Swedish Research Council within the UPMARC centre of excellence.
Rights and permissions
About this article
Cite this article
Abdulla, P.A., Holík, L., Jonsson, B. et al. Verification of heap manipulating programs with ordered data by extended forest automata. Acta Informatica 53, 357–385 (2016). https://doi.org/10.1007/s00236-015-0235-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00236-015-0235-0