Verification via Structure Simulation [chapter]

Niel Immerman, Alexander Rabinovich, Thomas W. Reps, Mooly Sagiv, Great Yorsh
<span title="">2004</span> <i title="Springer Berlin Heidelberg"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/2w3awgokqne6te4nvlofavy5a4" style="color: black;">Lecture Notes in Computer Science</a> </i> &nbsp;
This paper shows how to harness decision procedures to automatically verify safety properties of imperative programs that perform dynamic storage allocation and destructive updating of structure fields. Decidable logics that can express reachability properties are used to state properties of linked data structures, while guaranteeing that the verification method always terminates. The main technical contribution is a method of structure simulation in which a set of original structures that we
more &raquo; ... sh to model, e.g., doubly linked lists, nested linked lists, binary trees, etc., are mapped to a set of tractable structures that can be reasoned about using decidable logics. Decidable logics that can express reachability are rather limited in the data structures that they can directly model. For instance, our examples use the logic MSO-E, which can only model function graphs; however, the simulation technique provides an indirect way to model additional data structures. In this section, we illustrate the simulation technique by showing its applicability to semi-automatic Hoare-style verification. The technique can also be applied to improve the precision of operations used in abstract interpretation [14] . Hoare-style verification: Recall that in Hoare-style verification, a programmer expresses partial-correctness requirements of the form {pre}st{post}, where pre and post are logical formulas that express the pre-and post-condition of statement st. To handle loops, it is necessary that loop invariants be provided (also specified as logical formulas). From these annotations, a formula ϕ is generated, called the verification condition of the program; ϕ is valid if and only if the program is partially correct. In this paper, we allow pre-conditions, post-conditions, and loop invariants to be specified in FO(TC): first-order formulas with transitive closure. The generated verification condition is also an FO(TC) formula. The logic FO(TC) is natural because it can express pointer dereferencing and dynamic creation of objects and threads. However, validity in this logic is undecidable, and therefore the validity of a program's verification condition cannot be checked directly.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-540-27813-9_22">doi:10.1007/978-3-540-27813-9_22</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/xphcjvwsh5gezajsaooxwxbnm4">fatcat:xphcjvwsh5gezajsaooxwxbnm4</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170808232547/http://www.cs.tau.ac.il/~msagiv/simulation_cav04_final.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/8b/00/8b00073ad37686f196318b839b7661be19ded7da.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-540-27813-9_22"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>