Forest automata for verification of heap manipulation

Authors:
Peter Habermehl;Lukáš Holík;Adam Rogalewicz;Jiří Šimáček;Tomáš Vojnar
Affiliations:
LIAFA, Université Paris Diderot-Paris 7, CNRS, France;FIT, Brno University of Technology, Czech Republic and Uppsala University, Sweden;FIT, Brno University of Technology, Czech Republic;FIT, Brno University of Technology, Czech Republic and VERIMAG, UJF, CNRS, INPG, Gières, France;FIT, Brno University of Technology, Czech Republic
Venue:
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Year:
2011

Citing 17
Cited 4

The pointer assertion logic engine

Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Parametric shape analysis via 3-valued logic

ACM Transactions on Programming Languages and Systems (TOPLAS)
Separation Logic: A Logic for Shared Mutable Data Structures

LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Shape analysis with inductive recursion synthesis

Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Full functional verification of linked data structures

Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Monotonic Abstraction for Programs with Dynamic Memory Heaps

CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Scalable Shape Analysis for Systems Code

CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Compositional shape analysis by means of bi-abduction

Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Abstract Regular Tree Model Checking

Electronic Notes in Theoretical Computer Science (ENTCS)
Automated verification of shape and size properties via separation logic

VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Shape analysis for composite data structures

CAV'07 Proceedings of the 19th international conference on Computer aided verification
Computing simulations over tree automata: efficient techniques for reducing tree automata

TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Decidable logics combining heap structures and data

Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Abstract regular tree model checking of complex dynamic data structures

SAS'06 Proceedings of the 13th international conference on Static Analysis
Programs with lists are counter automata

CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
When simulation meets antichains: on checking language inclusion of nondeterministic finite (tree) automata

TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Automatic verification of parameterized data structures

TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems

Efficient inclusion checking on explicit and semi-symbolic tree automata

ATVA'11 Proceedings of the 9th international conference on Automated technology for verification and analysis
An easy to use infrastructure for building static analysis tools

EUROCAST'11 Proceedings of the 13th international conference on Computer Aided Systems Theory - Volume Part I
VATA: a library for efficient manipulation of non-deterministic tree automata

TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Fully automated shape analysis based on forest automata

CAV'13 Proceedings of the 25th international conference on Computer Aided Verification

Quantified Score

Hi-index	0.00

Visualization

Abstract

We consider verification of programs manipulating dynamic linked data structures such as various forms of singly and doubly-linked lists or trees. We consider important properties for this kind of systems like no null-pointer dereferences, absence of garbage, shape properties, etc. We develop a verification method based on a novel use of tree automata to represent heap configurations. A heap is split into several "separated" parts such that each of them can be represented by a tree automaton. The automata can refer to each other allowing the different parts of the heaps to mutually refer to their boundaries. Moreover, we allow for a hierarchical representation of heaps by allowing alphabets of the tree automata to contain other, nested tree automata. Program instructions can be easily encoded as operations on our representation structure. This allows verification of programs based on a symbolic state-space exploration together with refinable abstraction within the so-called abstract regular tree model checking. A motivation for the approach is to combine advantages of automata-based approaches (higher generality and flexibility of the abstraction) with some advantages of separation-logic-based approaches (efficiency). We have implemented our approach and tested it successfully on multiple non-trivial case studies.