An inference-rule-based decision procedure for verification of heap-manipulating programs with mutable data and cyclic data structures

An inference-rule-based decision procedure for verification of heap-manipulating programs with mutable data and cyclic data structures (2007)

Cached

Download Links

[www.cs.ubc.ca]
[www.cs.ubc.ca]
[www.cs.ubc.ca]

Other Repositories/Bibliography

DBLP

by Zvonimir Rakamarić , Jesse Bingham , Alan J. Hu

Venue:	In Verification, Model Checking, and Abstract Interpretation (VMCAI ’06), LNCS 4349
Citations:	12 - 0 self

BibTeX

@INPROCEEDINGS{Rakamarić07aninference-rule-based,
    author = {Zvonimir Rakamarić and Jesse Bingham and Alan J. Hu},
    title = {An inference-rule-based decision procedure for verification of heap-manipulating programs with mutable data and cyclic data structures},
    booktitle = {In Verification, Model Checking, and Abstract Interpretation (VMCAI ’06), LNCS 4349},
    year = {2007},
    pages = {106--121},
    publisher = {Springer-Verlag}
}

Bookmark

OpenURL

Abstract

Abstract. Research on the automatic verification of heap-manipulating programs (HMPs) — programs that manipulate unbounded linked data structures via pointers — has blossomed recently, with many different approaches all showing leaps in performance and expressiveness. A year ago, we proposed a small logic for specifying predicates about HMPs and demonstrated that an inference-rule-based decision procedure could be performance-competitive, and in many cases superior to other methods known at the time. That work, however, was a proof-ofconcept, with a logic fragment too small to verify most real programs. In this work, we generalize our previous results to be practically useful: we allow the data in heap nodes to be mutable, we allow more than a single pointer field, and we add new primitives needed to verify cyclic structures. Each of these extensions necessitates new or changed inference rules, with the concomitant changes to the proofs and decision procedure. Yet, our new decision procedure, with the more general logic, actually runs as fast as our previous results. With these generalizations, we can automatically verify many more HMP examples, including three small container functions from the Linux kernel. 1

Citations

1635	Abstract Interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints - COUSOT, COUSOT - 1977
1219	An axiomatic basis for computer programming - Hoare - 1969
1085	Automatic verification of finite-state concurrent systems using temporal logic specifications - Clarke, Emerson, et al. - 1986
520	H.: Construction of abstract state graphs with PVS - Graf, Saïdi - 1997
378	G.: Lazy abstraction - Henzinger, Jhala, et al. - 2002
348	S.K.: Automatic predicate abstraction of C programs 36(5 - Ball, Majumdar, et al. - 2001
148	as an assertion language for mutable data structures - BI - 2001
128	The pointer assertion logic engine - Møller, Schwartzbach - 2001
126	Experience with predicate abstraction - Das, Dill, et al.
108	A local shape analysis based on separation logic - Distefano, O’Hearn, et al. - 2006
106	M.: TVLA: A system for implementing static analyses - Lev-Ami, Sagiv - 2000
92	Techniques for program verification - Nelson - 1981
85	Predicate abstraction for software verification - Flanagan, Qadeer - 2002
83	Smallfoot: Modular automatic assertion checking with separation logic - Berdine, Calcagno, et al. - 2005
64	MONA implementation secrets - Klarlund, Moller, et al. - 2000
56	A decidable fragment of separation logic - Berdine, Calcagno, et al. - 2004
56	Shape analysis by predicate abstraction - Balaban, Pnueli, et al. - 2005
48	Verifying reachability invariants of linked structures - Nelson - 1983
46	Interprocedural Shape Analysis with Separated Heap Abstractions - Gotsman, Berdine, et al. - 2006
46	Predicate abstraction and canonical abstraction for singly-linked lists - Manevich, Yahav, et al. - 2005
46	Symbolically computing mostprecise abstract operations for shape analysis - Yorsh, Reps, et al. - 2004
37	Verifying properties of well-founded linked lists - Lahiri, Qadeer - 2006
34	A decidable logic for describing linked data structures - Benedikt, Reps, et al. - 1999
34	Simulating reachability using first–order logic with applications to verification of linked data structures - Lev-Ami, Immerman, et al. - 2005
31	Finite differencing of logical formulas for static analysis, in - Reps, Sagiv, et al.
30	Field constraint analysis - Wies, Kuncak, et al. - 2006
30	Abstraction refinement via inductive learning - Loginov, Reps, et al. - 2005
27	The boundary between decidability and undecidability for transitive-closure logics - Immerman, Rabinovich, et al. - 2004
26	Shape analysis through predicate abstraction and model checking - Dams, Namjoshi - 2003
22	Applications of Craig interpolants in model checking - McMillan - 2005
21	Abstraction for shape analysis with fast and precise transfomers - Lev-Ami, Immerman, et al.
20	A logic of reachable patterns in linked data-structures - Yorsh, Sagiv, et al. - 2005
19	Verification via structure simulation - Immerman, Rabinovich, et al. - 2004
18	A logic and decision procedure for predicate abstraction of heapmanipulating programs - Bingham, Rakamaric - 2006
18	Inferring invariants in separation logic for imperative list-processing programs - Magill, Nanevski, et al.
14	A theory of singly-linked lists and its extensible decision procedure - Ranise, Zarba - 1974
3	A Better Logic and Decision Procedure for Predicate Abstraction of Heap-Manipulating Programs - Rakamarić, Bingham, et al. - 2006