The Pointer Assertion Logic Engine

Möller, Anders; Schwartzbach, Michael I.

doi:10.7146/brics.v7i39.20205

Cited by 51 publications

(82 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Various approaches to verification of such programs differing in their principles, degree of automation, generality, and scalability have emerged. They are based, e.g., on monadic second-order logic [40], 3-valued predicate logic with transitive closure [47], separation logic [20,31,45,60], 16 or automata [12,14,25]. Among all of these approaches, the method presented here is one of the most general and fully automated at the same time.…”

Section: Related Approachesmentioning

confidence: 97%

See 1 more Smart Citation

Abstract regular (tree) model checking

Bouajjani

Habermehl

Rogalewicz

et al. 2011

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

Regular model checking is a generic technique for verification of infinite-state and/or parametrised systems which uses finite word automata or finite tree automata to finitely represent potentially infinite sets of reachable configurations of the systems being verified. The problems addressed by regular model checking are typically undecidable. In order to facilitate termination in as many cases as possible, acceleration is needed in the incremental computation of the set of reachable configurations in regular model checking. In this work, we describe how various incrementally refinable abstractions on finite (word and tree) automata can be used for this purpose. Moreover, the use of abstraction does not only increase chances of the technique to terminate, but it also significantly reduces the problem of an explosion in the number of states of the automata that are generated by regular model checking. We illustrate the efficiency of abstract regular (tree) model checking in verification of simple systems with various sources of infinity such as unbounded counters, queues, stacks, and parameters. We then show how abstract regular tree model checking can be used for verification of programs manipulating tree-like dynamic data structures. Even more complex data structures can be handled using a suitable tree-like encoding.

show abstract

Section: Related Approachesmentioning

confidence: 97%

“…Both the tree skeletons and the routing expressions are automatically discovered by our method. The idea of using routing expressions is inspired by PALE [40] and graph types [38].…”

Section: Verification Of Programs With Pointersmentioning

confidence: 99%

Abstract regular (tree) model checking

Bouajjani

Habermehl

Rogalewicz

et al. 2011

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

show abstract

“…Various approaches to verification of such programs differing in their principles, degree of automation, generality, and scalability have been proposed. The approaches are based, e.g., on monadic second order logic [30], 3-valued predicate logic with transitive closure [33], separation logic [8,21,31,35], other logics [3,14,29], automata [7,11,12,19], or other symbolic representations such as [1,4,17,27,36].…”

Section: Related Workmentioning

confidence: 99%

Programs with lists are counter automata

Bouajjani

Bozga

Habermehl

et al. 2011

Form Methods Syst Des

112

View full text Add to dashboard Cite

We address the problem of verifying programs manipulating one-selector linked data structures. We propose and study in detail an application of counter automata as an accurate abstract model for this problem. We let control states of the counter automata correspond to abstract heap graphs where list segments without sharing are collapsed, and use counters to keep track of the number of elements in these segments. As a significant theoretical result, we show that the obtained counter automata are bisimilar to the original programs. Moreover, from a practical point of view, our translation allows one to apply efficient automatic analysis techniques and tools developed for counter automata (integer programs) in order to verify both safety as well as termination of list-manipulating programs. As another This work is a full and revised version of the extended abstract [10] published in Proceedings of CAV'06. Form Methods Syst Des (2011) 38: 158-192 159 theoretical contribution, we prove that if the control of the generated counter automata does not contain nested loops (i.e., these automata are flat), both safety and termination are decidable for the original programs. Subsequently, we generalise our counter-automata-based model to keep track of ordering properties over lists storing ordered data. Finally, we show effectiveness of our approach by verifying automatically safety as well as termination of several sorting programs.

show abstract

“…Similarly, Hallem et al [14] use static analyses to find bugs in system code. More sophisticated abstract domains are used in shape analyses [27,40], which can show some structural invariants, such as the absence of loops in linked lists. Separation logic decision procedures [4] can also show similar properties.…”

Section: Related Workmentioning

confidence: 99%

Formal Verification of C Systems Code

Tuch

2009

J Autom Reasoning

View full text Add to dashboard Cite

Systems code is almost universally written in the C programming language or a variant. C has a very low level of type and memory abstraction and formal reasoning about C systems code requires a memory model that is able to capture the semantics of C pointers and types. At the same time, proof-based verification demands abstraction, in particular from the aliasing and frame problems. In this paper we present a study in the mechanisation of two proof abstractions for pointer program verification in the Isabelle/HOL theorem prover, based on a low-level memory model for C. The language's type system presents challenges for the multiple independent typed heaps (Burstall-Bornat) and separation logic proof techniques. In addition to issues arising from explicit value size/alignment, padding, type-unsafe casts and pointer address arithmetic, structured types such as C's arrays and structs are problematic due to the non-monotonic nature of pointer and lvalue validity in the presence of the unary &-operator. For example, type-safe updates through pointers to fields of a struct break the independence of updates across typed heaps or ∧ * -conjuncts. We provide models and rules that are able to cope with these language features and types, eschewing common over-simplifications and utilising expressive shallow embeddings in higher-order logic. Two case studies are provided that demonstrate the applicability of the mechanised models to real-world systems code; a working of the standard in-place list reversal example and an overview of the verification of the L4 microkernel's memory allocator.

show abstract

The Pointer Assertion Logic Engine

Cited by 51 publications

References 19 publications

Abstract regular (tree) model checking

Abstract regular (tree) model checking

Programs with lists are counter automata

Formal Verification of C Systems Code

Contact Info

Product

Resources

About