Abstract Regular Tree Model Checking of Complex Dynamic Data Structures

article in a collection out of WoS and Scopus

English

We consider the verification of non-recursive C programs manipulating dynamiclinked data structures with possibly several next pointer selectors andwith finite domain non-pointer data. We aim at checking basic memory consistencyproperties (no null pointer assignments, etc.) and shape invariants whoseviolation can be expressed in an existential fragment of a first order logic overgraphs. We formalise this fragment as a logic for specifying bad memory patternswhose formulae may be translated to testers written in C that can be attached tothe program, thus reducing the verification problem considered to checkingreachability of an error control line. We encode configurations of programs,which are essentially shape graphs, in an original way as extended tree automataand we represent program statements by tree transducers. Then, we use theabstract regular tree model checking framework for a fully automatedverification. The method has been implemented and successfully applied on severalcase studies.

Formal verification, symbolic verification, shape analysis, dynamic data structures, tree automata.

BOUAJJANI, A.; HABERMEHL, P.; ROGALEWICZ, A.; VOJNAR, T.

2006

29. 8. 2006

Springer Verlag

Berlin

978-3-540-37756-6

Static Analysis

Lecture Notes in Computer Science

52

70

18

http://www.fit.vutbr.cz/~rogalew/pubs/artmc_pointers.FULL.pdf