Abstract Regular Tree Model Checking of Complex Dynamic Data Structures

Bouajjani, Ahmed; Habermehl, Peter; Rogalewicz, Adam; Vojnar, Tomáš

doi:10.1007/11823230_5

Cited by 66 publications

(92 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, in [9], the authors verify safety properties on programs manipulating singly-linked lists using abstract regular model-checking. They have extended their work to programs with more complex data structures [10]. In [8], the authors also propose a translation towards counter systems very similar to the one of [5].…”

Section: Contributionmentioning

confidence: 99%

Towards Model-Checking Programs with Lists

Finkel

Lozes

2009

Infinity in Logic and Computation

View full text Add to dashboard Cite

Abstract. We aim at checking safety and temporal properties over models representing the behavior of programs manipulating dynamic singly-linked lists. The properties we consider not only allow to perform a classical shape analysis, but we also want to check quantitative aspect on the manipulated memory heap. We first explain how a translation of programs into counter systems can be used to check safety problems and temporal properties. We then study the decidability of these two problems considering some restricted classes of programs, namely flat programs without destructive update. We obtain the following results : (1) the model-checking problem is decidable if the considered program works over acyclic lists (2) the safety problem is decidable for programs without alias test. We finally explain the limit of our decidability results, showing that relaxing one of the hypothesis leads to undecidability results.

show abstract

Section: Contributionmentioning

confidence: 99%

Towards Model-Checking Programs with Lists

Finkel

Lozes

2009

Infinity in Logic and Computation

View full text Add to dashboard Cite

show abstract

“…However, this work does not state the complexity of the reasoning task and the presented automata constructions appear to require running time beyond NP. Regular tree model checking with abstraction has yielded excellent results so far [3] and continues to improve, but has so far not resulted in a logic whose complexity is in NP, which we believe to be an important milestone.…”

Section: Introductionmentioning

confidence: 99%

An Efficient Decision Procedure for Imperative Tree Data Structures

Wies

Muñiz

Kunčak

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We present a new decidable logic called TREX for expressing constraints about imperative tree data structures. In particular, TREX supports a transitive closure operator that can express reachability constraints, which often appear in data structure invariants. We show that our logic is closed under weakest precondition computation, which enables its use for automated software verification. We further show that satisfiability of formulas in TREX is decidable in NP. The low complexity makes it an attractive alternative to more expensive logics such as monadic second-order logic (MSOL) over trees, which have been traditionally used for reasoning about tree data structures.

show abstract

“…The transition relation of the system is represented by a set of rewriting rules. Contrary to specific approaches that are dedicated to specific applications, TRMC is generic and expressive enough to describe a broad class of communication protocols [5], various C programs [16] with complex data structures, multi-threaded programs [34], cryptographic protocols [26,28,6], and Java [13].…”

Section: Introductionmentioning

confidence: 99%

“…An obstacle is that this set is in general neither regular nor computable in a finite time. Most existing solutions rely on computing the transitive closure of the transition relation of the systems through heuristic-based semi-algorithms [31,5], or on the computation of some regular abstraction of the set of reachable states [19,16]. While the first approach is precise, it is acknowledged to be ineffective on complex systems.…”

Section: Introductionmentioning

confidence: 99%