Abstract
The problem of verifying software systems that use dynamic data structures (such as linked lists, queues, or binary trees) has attracted increasing interest over the last decade. Dynamic structures are not easily supported by verification techniques because, among other reasons, it is difficult to efficiently manage the pointer-based internal representation. This is a key aspect when, for instance, the goal is to construct a verification tool based on model checking techniques. In addition, since new nodes can be dynamically inserted or extracted from the structure, the shape of the dynamic data (and other more specific properties) may vary at runtime, with errors such as the non desirable sharing between two nodes being difficult to detect. In this paper, we propose to use mu-calculus to describe and analyze with model checking techniques dynamic data structures such as lists and trees. The expressiveness of mu-calculus makes it possible to naturally describe these structures. In addition, following the ideas of separation logic, the logic has been extended with a new operator capable of describing the non-sharing property, which is essential when analyzing dynamic data structures.
Similar content being viewed by others
Notes
In order to simplify the presentation, we have identified pointer variables n 0,n 1 and n 2 with their value.
References
Anand, S., Pasareanu, C.S., Visser, W.: Symbolic execution with abstraction. Int. J. Softw. Tools Technol. Transf. 11(1), 53–67 (2009)
Avots, D., Dalton, M., Livshits, V.B., Lam, M.S.: Improving software security with a C pointer analysis. In: ICSE ’05: Proceedings of the 27th International Conference on Software Engineering, pp. 332–341. ACM, New York (2005)
Berdine, J., Calcagno, C., O’Hearn, P.W.: Smallfoot: modular automatic assertion checking with separation logic. In: International Symposium on Formal Methods for Components and Objects, pp. 115–137. Springer, Berlin (2005)
Berdine, J., Calcagno, C., Cook, B., Distefano, D., O’Hearn, P.W., Wies, T., Yang, H.: Shape analysis for composite data structures. In: CAV, pp. 178–192. Springer, Berlin (2007)
Bogudlov, I., Lev-Ami, T., Reps, T.W., Sagiv, M.: Revamping TVLA: making parametric shape analysis competitive. In: CAV, pp. 221–225 (2007)
Bouajjani, A., Habermehl, P., Rogalewicz, A., Vojnar, T.: Abstract regular tree model checking of complex dynamic data structures. In: Static Analysis, vol. 2006, pp. 52–70. Springer, Berlin (2006)
Brochenin, R., Demri, S., Lozes, E.: Reasoning about sequences of memory states. In: Artemov, S., Nerode, A. (eds.) Logical Foundations of Computer Science. Lecture Notes in Computer Science, vol. 4514, pp. 100–114. Springer, Berlin (2007)
Calcagno, C., Distefano, D., O’Hearn, P., Yang, H.: Compositional shape analysis by means of bi-abduction. In: Proceedings of the 36th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL ’09, pp. 289–300. ACM, New York (2009)
Clarke, E.M., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (1999)
Cleaveland, R., Steffen, B.: A linear-time model-checking algorithm for the alternation-free modal mu-calculus. In: Formal Methods in System Design, pp. 48–58. Springer, Berlin (1993)
Corbett, J.C., Dwyer, M.B., Hatcliff, J., Laubach, S., Pasareanu, C.S., Robby, Zheng, H.: Bandera: extracting finite-state models from Java source code. In: ICSE ’00: Proceedings of the 22nd International Conference on Software Engineering, pp. 439–448. ACM, New York (2000)
Demartini, C., Iosif, R., Sisto, R.: dSPIN: a dynamic extension of SPIN. In: Proceedings of the 5th and 6th International SPIN Workshops on Theoretical and Practical Aspects of SPIN Model Checking, pp. 261–276. Springer, London (1999)
Distefano, D., Parkinson, M.J.: jStar: towards practical verification for Java. In: OOPSLA, pp. 213–226 (2008)
Emerson, E.A.: Model checking and the mu-calculus. In: Immerman, N., Kolaitis, P.G. (eds.) Descriptive Complexity and Finite Models. DIMACS Series in Discrete Mathematics and Theoretical Computer Science, vol. 31, pp. 185–214. Am. Math. Soc., Providence (1996)
Gallardo, M.M., Sanán, D.: Verification of dynamic data tree with mu-calculus extended with separation. In: Proceedings of the 2010 8th IEEE International Conference on Software Engineering and Formal Methods, SEFM ’10, pp. 211–221. IEEE Comput. Soc., Washington (2010)
Gallardo, M.M., Merino, P., Pimentel, E.: Refinement of LTL formulas for abstract model checking. In: SAS, pp. 395–410 (2002)
Gallardo, M.M., Martinez, J., Merino, P., Pimentel, E.: aSPIN: a tool for abstract model checking. Int. J. Softw. Tools Technol. Transf. 5, 165–184 (2004)
Gallardo, M.M., Merino, P., Sanán, D.: Model checking dynamic memory allocation in operating systems. J. Autom. Reason. 42(2), 229–264 (2009)
Garavel, H., Lang, F., Mateescu, R., Serwe, W.: CADP 2006: a toolbox for the construction and analysis of distributed processes. In: Proc. of CAV’07, pp. 158–163 (2007)
Havelund, K., Pressburger, T.: Model checking JAVA programs using JAVA PathFinder. Int. J. Softw. Tools Technol. Transf. 2(4), 366–381 (2000)
Holzmann, G.: An analysis of bitstate hashing. In: Formal Methods in System Design, pp. 301–314. Chapman & Hall, London (1995)
Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley, Reading (2003)
Holzmann, G.J., Joshi, R.: Model-driven software verification. In: SPIN, pp. 76–91 (2004)
Huth, M., Jagadeesan, R., Schmidt, D.A.: Modal transition systems: a foundation for three-valued program analysis. In: ESOP ’01: Proceedings of the 10th European Symposium on Programming Languages and Systems, pp. 155–169. Springer, London (2001)
Khurshid, S., Pasareanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: Proceedings of the Ninth International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pp. 553–568. Springer, Berlin (2003)
Klarlund, N., Schwartzbach, M.I.: Graph types. In: POPL, pp. 196–205 (1993)
Lerda, F., Visser, W.: Addressing dynamic issues of program model checking. In: Proceedings of the 8th International SPIN Workshop on Model Checking of Software, SPIN ’01, pp. 80–102. Springer, New York (2001)
Manevich, R., Yahav, E., Ramalingam, G., Sagiv, M.: Predicate abstraction and canonical abstraction for singly-linked lists. In: Proc. of VMCAI05. LNCS, vol. 3385, pp. 181–198. Springer, Berlin (2005)
Møller, A., Schwartzbach, M.I.: The pointer assertion logic engine. In: Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pp. 221–231 (2001)
Musuvathi, M., Park, D.Y.W., Chou, A., Engler, D.R., Dill, D.L.: CMC: a pragmatic approach to model checking real code. Oper. Syst. Rev. 36(SI), 75–88 (2002)
Reynolds, J.C.: Separation logic: a logic for shared mutable data structures. In: LICS, pp. 55–74 (2002)
Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. In: POPL ’99: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 105–118. ACM, New York (1999)
Stirling, C.: Modal and temporal logics for processes. In: Proceedings of the VIII Banff Higher Order Workshop Conference on Logics for Concurrency: Structure Versus Automata, pp. 149–237. Springer, New York (1996)
Visser, W., Havelund, K., Brat, G.P., Park, S.: Model checking programs. In: ASE, pp. 3–12 (2000)
Author information
Authors and Affiliations
Corresponding author
Appendices
Appendix A: Reversing a list
1.1 A.1 C code
1.2 A.2 Promela model
Appendix B: Creating a binary search tree
2.1 B.1 C code
2.2 B.2 Promela model
Rights and permissions
About this article
Cite this article
del Mar Gallardo, M., Sanán, D. Verification of complex dynamic data tree with mu-calculus. Autom Softw Eng 20, 569–612 (2013). https://doi.org/10.1007/s10515-012-0113-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10515-012-0113-8