A logic of reachable patterns in linked data-structures. (English) Zbl 1121.03040
A formalism based on the first-order logic over finite graphs with transitive closures is offered for verification of programs with dynamic memory allocation and pointer manipulation. The vocabulary is \(\tau={(C,U,F)}\), where \(C\) is a finite set of constant symbols for designated objects in the heap, pointed to by program variables; \(U\) is a set of unary relation symbols for properties, e.g., the color of a node in a Red-Black tree; \(F\) is a finite set of binary relation symbols for pointer fields. For instance, there can be described a doubly-linked list with forward pointer \(f\) and backward pointer \(b\), pointed to by a program variable \(x\), using the vocabulary with \(C=\{x\}\), \(U=\{\dots \}\), \(F=\{f,b\}\). There can be described a Red-Black tree pointer by a program variable root using the vocabulary with \(C= \{\text{\textit{root}}\}\), \({U}= \{\text{red},\text{black}\}\), \(F=\{\text{right},\text{left}\}\). A term \(t\) is either a variable or a constant. An atomic formula is an equality \(t=t'\), a monadic formula \(u(t)\) for \(u\in U\), or an edge formula \({t\overrightarrow{f}t'}\) for some \(f\in F\). A quantifier-free formula \(\psi (v_{0},\dots,v_{n})\) over \(\tau\) with variables \(v_{0},\dots,v_{n}\) is an arbitrary Boolean combination of atomic formulas. A neighbourhood formula \(N(v_{0},\dots,v_{n})\) is a conjunction of edge formulas of the form \(v\overrightarrow{f}v'\), where \(f\in F\), \(v'\in \{v_{0},\dots,v_{n}\}\), and also monadic formulas and their negations. A reachability constraint is a closed formula of the form \(\forall v_{0},\dots,v_{n}\) \(R(c,\dots,v_{0})\Rightarrow (N(v_{0},\dots,v_{n}) \Rightarrow \psi (v_{0},\dots,v_{n}))\), where \(R\) is a routing expression and the conclusion of this formula defines a pattern denoted by \(p(v_{0})\). An \(\mathcal{L}_{0}\) formula is a Boolean combination of reachability constraints. \(\mathcal{L}_{0}\) formulas are interpreted over labeled directed graphs which can be given as finite automata or as regular expressions. The validity problem of \(\mathcal{L}_{0}\) formulas is proved as algorithmically undecidable. Decidable fragments \(\mathcal{L}_{1}\), \(\mathcal{L}_{2}\), \(\mathcal{L}_{3}\) of \(\mathcal{L}_{0}\) are constructed which turned out to be useful for program verification in several interesting cases of verification. Pre-conditions, post-conditions, loop invariants, disjointness of data structures, low-level heap mutations, and an arbitrary number of pointer fields for some interesting programs are expressible in the offered decidable logics, which therefore can be used for automatically proving partial correctness of programs performing low-level heap mutations.
Reviewer: Alex Nabebin (Moskva)
MSC:
| 03B70 | Logic in computer science |
| 03B25 | Decidability of theories and sets of sentences |
| 68P05 | Data structures |
| 03B15 | Higher-order logic; type theory (MSC2010) |
| 03D05 | Automata and formal grammars in connection with logical questions |
| 68N30 | Mathematical aspects of software engineering (specification, verification, metrics, requirements, etc.) |
| 68Q60 | Specification and verification (program logics, model checking, etc.) |
Keywords:
program verification; shape analysis; heap-manipulating programs; decidable logic with reachability; routing expression; pattern; transitive closure logics; weak monadic second-order logicReferences:
| [1] | Areces, C.; Blackburn, P.; Marx, M., Hybrid logics: characterization, interpolation and complexity, J. Symbolic Logic, 66, 3, 977-1010 (2001) · Zbl 0984.03018 |
| [2] | Arnborg, S.; Lagergren, J.; Seese, D., Easy problems for tree-decomposable graphs, J. Algorithms, 12, 2, 308-340 (1991) · Zbl 0734.68073 |
| [3] | I. Balaban, A. Pnueli, L.D. Zuck, Shape analysis by predicate abstraction, in: VMCAI, 2005, pp. 164-180.; I. Balaban, A. Pnueli, L.D. Zuck, Shape analysis by predicate abstraction, in: VMCAI, 2005, pp. 164-180. · Zbl 1111.68396 |
| [4] | M. Benedikt, T. Reps, M. Sagiv, A decidable logic for describing linked data structures, in: European Symp. on Programming, March 1999, pp. 2-19.; M. Benedikt, T. Reps, M. Sagiv, A decidable logic for describing linked data structures, in: European Symp. on Programming, March 1999, pp. 2-19. |
| [5] | J. Berdine, C. Calcagno, P. O’Hearn, A decidable fragment of separation logic, in: FSTTCS’04, LNCS, vol. 3328, 2004.; J. Berdine, C. Calcagno, P. O’Hearn, A decidable fragment of separation logic, in: FSTTCS’04, LNCS, vol. 3328, 2004. · Zbl 1117.03337 |
| [6] | Bonatti, P. A., Towards service description logics, (JELIA (2002), Springer-Verlag: Springer-Verlag London, UK), 74-85 · Zbl 1014.03515 |
| [7] | Bonatti, P. A.; Peron, A., On the undecidability of logics with converse, nominals, recursion and counting, Artificial Intelligence, 158, 1, 75-96 (2004) · Zbl 1085.68158 |
| [8] | Bouajjani, A.; Habermehl, P.; Moro, P.; Vojnar, T., Verifying programs with dynamic 1-selector-linked structures in regular model checking, (Proc. of TACAS ’05. Proc. of TACAS ’05, LNCS, vol. 3440 (2005), Springer) · Zbl 1087.68585 |
| [9] | Bozga, M.; Iosif, R., Quantitative verification of programs with lists, (VISSAS Int. Workshop (2005), IOS Press) |
| [10] | M. Bozga, R. Iosif, Y. Lakhnech, On logics of aliasing, in: Static Analysis Symp., 2004, pp. 344-360.; M. Bozga, R. Iosif, Y. Lakhnech, On logics of aliasing, in: Static Analysis Symp., 2004, pp. 344-360. · Zbl 1104.68016 |
| [11] | Burdy, L.; Cheon, Y.; Cok, D.; Ernst, M.; Kiniry, J.; Leavens, G. T.; Leino, K. R.M.; Poll, E., An overview of jml tools and applications, Int. J. Software Tools Technol. Transfer, 7, 3, 212-232 (2005) |
| [12] | C. Calcagno, P. Gardner, M. Hague, From separation logic to first-order logic, in: FOSSACS’05, LNCS, vol. 3441, 2005.; C. Calcagno, P. Gardner, M. Hague, From separation logic to first-order logic, in: FOSSACS’05, LNCS, vol. 3441, 2005. · Zbl 1119.03022 |
| [13] | C. Calcagno, H. Yang, P. O’Hearn, Computability and complexity results for a spatial assertion language for data structures, in: FSTTCS’01, LNCS, vol. 2245, 2001.; C. Calcagno, H. Yang, P. O’Hearn, Computability and complexity results for a spatial assertion language for data structures, in: FSTTCS’01, LNCS, vol. 2245, 2001. · Zbl 1052.68590 |
| [14] | D. Calvanese, G. De Giacomo, M. Lenzerini, Reasoning in expressive description logics with fixpoints based on automata on infinite trees, in: IJCAI, 1999, pp. 84-89.; D. Calvanese, G. De Giacomo, M. Lenzerini, Reasoning in expressive description logics with fixpoints based on automata on infinite trees, in: IJCAI, 1999, pp. 84-89. |
| [15] | Courcelle, B., The monadic second-order logic of graphs, ii: Infinite graphs of bounded width, Math. Syst. Theory, 21, 4, 187-221 (1989) · Zbl 0694.68043 |
| [16] | Reinhard Diestel, Graph Theory, Springer-Verlag, 2000. Electronic Edition.; Reinhard Diestel, Graph Theory, Springer-Verlag, 2000. Electronic Edition. · Zbl 0957.05001 |
| [17] | (Baader, F.; etal., The Description Logic Handbook: Theory, Implementation, and Applications (2003), Cambridge University Press) · Zbl 1058.68107 |
| [18] | T. Genet, V. Tong, Reachability analysis of term rewriting systems with timbuk, in: LPAR, 2001, pp. 695-706.; T. Genet, V. Tong, Reachability analysis of term rewriting systems with timbuk, in: LPAR, 2001, pp. 695-706. · Zbl 1275.68083 |
| [19] | L. Georgieva, P. Maier, Description logics for shape analysis, in: SEFM, 2005, pp. 321-331.; L. Georgieva, P. Maier, Description logics for shape analysis, in: SEFM, 2005, pp. 321-331. |
| [20] | Grädel, E., Guarded fixed point logic and the monadic theory of trees, Theor. Comput. Sci., 288, 129-152 (2002) · Zbl 1061.03022 |
| [21] | Grädel, E.; Otto, M.; Rosen, E., Undecidability results on two-variable logics, Arch. Math. Logic, 38, 313-354 (1999) · Zbl 0927.03015 |
| [22] | Grädel, E.; Walukiewicz, I., Guarded fixed point logic, (LICS’99 (1999), IEEE) |
| [23] | Graedel, E.; Kolaitis, P.; Vardi, M., On the decision problem for two variable logic, Bull. Symbolic Logic (1997) |
| [24] | L. Hendren, Parallelizing programs with recursive data structures, Ph.D. thesis, Cornell Univ., Ithaca, NY, January 1990.; L. Hendren, Parallelizing programs with recursive data structures, Ph.D. thesis, Cornell Univ., Ithaca, NY, January 1990. |
| [25] | Hendren, L.; Hummel, J.; Nicolau, A., Abstractions for recursive pointer data structures: improving the analysis and the transformation of imperative programs, (SIGPLAN Conf. on Prog. Lang. Design and Impl. (1992), ACM Press: ACM Press New York, NY), 249-260 |
| [26] | J.G. Henriksen, J. Jensen, M. Jørgensen, N. Klarlund, B. Paige, T. Rauhe, A. Sandholm, Mona: Monadic second-order logic in practice, in: TACAS, 1995.; J.G. Henriksen, J. Jensen, M. Jørgensen, N. Klarlund, B. Paige, T. Rauhe, A. Sandholm, Mona: Monadic second-order logic in practice, in: TACAS, 1995. |
| [27] | Hoare, C. A.R., Recursive data structures, Int. J. Comput. Inform. Sci., 4, 2, 105-132 (1975) · Zbl 0301.68037 |
| [28] | Immerman, N., Languages that capture complexity classes, SIAM J. Comput., 16, 760-778 (1987) · Zbl 0634.68034 |
| [29] | N. Immerman, A. Rabinovich, T. Reps, M. Sagiv, G. Yorsh, The boundary between decidability and undecidability of transitive closure logics, in: CSL, 2004.; N. Immerman, A. Rabinovich, T. Reps, M. Sagiv, G. Yorsh, The boundary between decidability and undecidability of transitive closure logics, in: CSL, 2004. · Zbl 1095.03008 |
| [30] | N. Immerman, A. Rabinovich, T. Reps, M. Sagiv, G. Yorsh, Verification via structure simulation, in: CAV, 2004.; N. Immerman, A. Rabinovich, T. Reps, M. Sagiv, G. Yorsh, Verification via structure simulation, in: CAV, 2004. · Zbl 1103.68623 |
| [31] | S.S. Ishtiaq, P.W. O’Hearn, Bi as an assertion language for mutable data structures, in: POPL, 2001, pp. 14-26,.; S.S. Ishtiaq, P.W. O’Hearn, Bi as an assertion language for mutable data structures, in: POPL, 2001, pp. 14-26,. · Zbl 1323.68077 |
| [32] | Klarlund, N.; Schwartzbach, M. I., Graph types, (POPL’93 (1993), ACM) |
| [33] | V. Kuncak, M. Rinard, Generalized records and spatial conjunction in role logic, in: Static Analysis Symp., Verona, Italy, August 26-28, 2004.; V. Kuncak, M. Rinard, Generalized records and spatial conjunction in role logic, in: Static Analysis Symp., Verona, Italy, August 26-28, 2004. · Zbl 1104.68021 |
| [34] | S.K. Lahiri, S. Qadeer, Verifying properties of well-founded linked lists, in: Symp. on Princ. of Prog. Lang., 2006.; S.K. Lahiri, S. Qadeer, Verifying properties of well-founded linked lists, in: Symp. on Princ. of Prog. Lang., 2006. · Zbl 1369.68143 |
| [35] | T. Lev-Ami, M. Sagiv, TVLA: a system for implementing static analyses, in: Static Analysis Symp., 2000, pp. 280-301.; T. Lev-Ami, M. Sagiv, TVLA: a system for implementing static analyses, in: Static Analysis Symp., 2000, pp. 280-301. · Zbl 0966.68580 |
| [36] | Albert R. Meyer, Weak monadic second-order theory of successor is not elementary recursive, in: Logic Colloquium (Proc. Symposium on Logic, Boston, 1972), vol. 453, 1975, pp. 132-154.; Albert R. Meyer, Weak monadic second-order theory of successor is not elementary recursive, in: Logic Colloquium (Proc. Symposium on Logic, Boston, 1972), vol. 453, 1975, pp. 132-154. · Zbl 0326.02036 |
| [37] | A. Møller, M.I. Schwartzbach, The pointer assertion logic engine, in: SIGPLAN Conf. on Prog. Lang. Design and Impl., 2001, pp. 221-231.; A. Møller, M.I. Schwartzbach, The pointer assertion logic engine, in: SIGPLAN Conf. on Prog. Lang. Design and Impl., 2001, pp. 221-231. |
| [38] | Mortimer, M., On languages with two variables, Z. Math. Logik Grundlagen Math., 21, 135-140 (1975) · Zbl 0343.02009 |
| [39] | F. Nielson, H. Riis Nielson, H. Seidl, Normalizable horn clauses, strongly recognizable relations, and spi, in: SAS, 2002, pp. 20-35.; F. Nielson, H. Riis Nielson, H. Seidl, Normalizable horn clauses, strongly recognizable relations, and spi, in: SAS, 2002, pp. 20-35. · Zbl 1015.68042 |
| [40] | C.M. Papadimitriou, Addison-Wesley, 1994.; C.M. Papadimitriou, Addison-Wesley, 1994. |
| [41] | Rabin, M., Decidability of second-order theories and automata on infinite trees, Trans. Amer. Math. Soc., 141, 1-35 (1969) · Zbl 0221.02031 |
| [42] | T. Reps, M. Sagiv, R. Wilhelm, Static program analysis via 3-valued logic, in: CAV, 2004, pp. 15-30.; T. Reps, M. Sagiv, R. Wilhelm, Static program analysis via 3-valued logic, in: CAV, 2004, pp. 15-30. · Zbl 1103.68635 |
| [43] | Reynolds, J. C., Separation logic: a logic for shared mutable data structures, (LICS’02 (2002), IEEE) |
| [44] | Robertson, N.; Seymour, P. D., Graph minors. ii. algorithmic aspects of tree-width, J. Algorithms, 7, 3, 309-322 (1986) · Zbl 0611.05017 |
| [45] | Sagiv, M.; Reps, T.; Wilhelm, R., Solving shape-analysis problems in languages with destructive updating, ACM Trans. Program. Lang. Syst., 20, 1, 1-50 (1998) |
| [46] | M. Sagiv, T. Reps, R. Wilhelm, Parametric shape analysis via 3-valued logic, ACM Trans. Program. Lang. Syst., 2002.; M. Sagiv, T. Reps, R. Wilhelm, Parametric shape analysis via 3-valued logic, ACM Trans. Program. Lang. Syst., 2002. · Zbl 1103.68635 |
| [47] | U. Sattler, M.Y. Vardi, The hybrid-calculus, in: IJCAR, 2001, pp. 76-91.; U. Sattler, M.Y. Vardi, The hybrid-calculus, in: IJCAR, 2001, pp. 76-91. · Zbl 0988.03053 |
| [48] | D. Seese, Interpretability and tree automata: a simple way to solve algorithmic problems on graphs closely related to trees, in: Tree Automata and Languages, 1992, pp. 83-114.; D. Seese, Interpretability and tree automata: a simple way to solve algorithmic problems on graphs closely related to trees, in: Tree Automata and Languages, 1992, pp. 83-114. · Zbl 0798.68059 |
| [49] | G. Yorsh, M. Sagiv, A. Rabinovich, A. Bouajjani, A. Meyer, Verification framework based on the logic of reachable patterns, in preparation.; G. Yorsh, M. Sagiv, A. Rabinovich, A. Bouajjani, A. Meyer, Verification framework based on the logic of reachable patterns, in preparation. · Zbl 1121.03040 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
