Skip to main content
Springer Nature Link
Log in

A Shape Graph Logic and A Shape System

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

Analysis and verification of pointer programs are still difficult problems so far. This paper uses a shape graph logic and a shape system to solve these problems in two stages. First, shape graphs at every program point are constructed using an analysis tool. Then, they are used to support the verification of other properties (e.g., orderedness). Our prototype supports automatic verification of programs manipulating complex data structures such as splay trees, treaps, AVL trees and AA trees, etc. The proposed shape graph logic, as an extension to Hoare logic, uses shape graphs directly as assertions. It can be used in the analysis and verification of programs manipulating mutable data structures. The benefit using shape graphs as assertions is that it is convenient for acquiring the relations between pointers in the verification stage. The proposed shape system requires programmers to provide lightweight shape declarations in recursive structure type declarations. It can help rule out programs that construct shapes deviating from what programmers expect (reflected in shape declarations) in the analysis stage. As a benefit, programmers need not provide specifications (e.g., pre-/post-conditions, loop invariants) about pointers. Moreover, we present a method doing verification in the second stage using traditional Hoare logic rules directly by eliminating aliasing with the aid of shape graphs. Thus, verification conditions could be discharged by general theorem provers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

References

  1. Paulson L C. Isabelle: A Generic Theorem Prover. Springer-Verlag Berlin, 1994.

  2. Nanevski A, Morrisett G, Shinnar A, Govereau P, Birkedal L. Ynot: Dependent types for imperative programs. In Proc. the 13th ACM SIGPLAN Int. Conf. Functional Programming, September 2008, pp.229-240.

  3. Barnett M, M. Leino K R, Schulte W. The spec# programming system: An overview. In Proc. Int. Conf. Construction and Analysis of Safe, Secure and Interoperable Smart Devices (CASSIS), March 2004, pp.49-69.

  4. Flanagan C, Rustan K, Lillibridge M et al. Extended static checking for Java. In Proc. the ACM SIGPLAN 2002 Conf. Programming Language Design and Implementation, June 2002, pp.234-245.

  5. Berdine J, Calcagno C, O’Hearn P W. Smallfoot: Modular automatic assertion checking with separation logic. In Proc. the 4th Int. Symp. Formal Methods for Components and Objects, Nov. 2005, pp.115-137.

  6. Distefano D, Parkinson M. jStar: Towards practical verification for Java. In Proc. the 23rd ACM SIGPLAN Int. Conf. Object-Oriented Programming, Systems, Languages, and Applications, Oct. 2008, pp.213-226.

  7. Li Z P, Zhang Y, Chen Y Y, Meng J C. Automated theorem proving for theory of shape graphs and its application in program verification. Technical Report, USTC-Yale Joint Research Center for High-Confidence Software, http://kyhcs.ustcsz.edu.cn/SGL, Nov. 2012.

  8. Chen Y Y, Li Z P, Wang Z F, Hua B J. A pointer logic for pointer program verification. Chinese Journal of Software, 2010, 21(3): 124–137. (Chinese, English Version at http://kyhcs.ustcsz.edu.cn/∼zpli/pl.pdf)

    Google Scholar 

  9. Fradet P, Metayer D L. Shape types. In Proc. the ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, Jan. 1997, pp.27-39.

  10. de Moura L D, Bjørner N. Z3: An efficient SMT solver. In Proc. the 14th Int. Conf. Tools and Algorithms for the Construction and Analysis of Systems, Mar. 29-Apr. 6, 2008, pp.337-340.

  11. Lahiri S, Qadeer S. Verifying properties of well-founded linked lists. In Proc. the 33rd ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, Jan. 2006, pp.115-126.

  12. Chin W N, David C, Nguyen H H, Qin S. Automated verification of shape, size and bag properties. In Proc. the 12th Int. Conf. Engineering of Complex Computer Systems, July 2007, pp.307-320.

  13. Lahiri S, Qadeer S. Back to the future: Revisiting precise program verification using SMT solvers. In Proc. the 35th ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, Jan. 2008, pp.171-182.

  14. Bouajjani A, Dragoi C, Enea C, Sighireanu M. A logic-based framework for reasoning about composite data structures. In Proc. the 20th Int. Conf. Concurrency Theory, Sept. 2009, pp.178-195.

  15. Madhusudan P, Parlato G, Qiu X K. Decidable logics combining heap structures and data. In Proc. the 38th ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, Jan. 2011, pp.611-622.

  16. Reynolds J C. Separation logic: A logic for shared mutable data structures. In Proc. the 17th IEEE Symp. Logic in Computer Science, July 2002, pp.55-74.

  17. O’Hearn P W, Yang H, Reynolds J C. Separation and information hiding. In Proc. the 31st ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, Jan. 2004, pp.268-280.

  18. Pérez J A N, Rybalchenko A. Separation logic + superposition calculus = Heap theorem prover. In Proc. ACM SIGPLAn Conf. Programming Language Design and Implementation, Jun. 2011, pp.556-566.

  19. Berdine J, Calcagno C, O’Hearn P W. A decidable fragment of separation logic. In Proc. the 24th Int. Conf. Foundations of Software Technology and Theoretical Computer Science, Dec. 2004, pp.97-109.

  20. Sagiv M, Reps T, Wilhelm R. Solving shape-analysis problems in languages with destructive updating. ACM Transactions on Programming Languages and Systems, 1998, 20(1): 1–50.

    Article  Google Scholar 

  21. Sagiv M, Reps T, Wilhelm R. Parametric shape analysis via 3-valued logic. ACM Transactions on Programming Languages and Systems, 2002, 24(3): 217–298.

    Article  Google Scholar 

  22. Lee O, Yang H, Yi K. Automatic verification of pointer programs using grammar-based shape analysis. In Proc. the 19th European Conf. Programming Languages and Systems, Apr. 2005, pp.124-140.

  23. Chang B E, Rival X, Necula G C. Shape analysis with structural invariant checkers. In Proc. the 14th Int. Static Analysis Symp., Aug. 2007, pp.384-401.

  24. Chang B E, Rival X. Relational inductive shape analysis. In Proc. the 35th ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, Jan. 2008, pp.247-260.

  25. Laviron V, Chang B E, Rival X. Separating shape graphs. In Proc. the 19th European Conf. Programming Languages and Systems, Mar. 2010, pp.387-406.

  26. Lev-Ami T, Reps T, Sagiv M, Wilhelm R. Putting static analysis to work for verification: A case study. In Proc. the Int. Symp. Software Testing and Analysis, Aug. 2000, pp.26-38.

  27. Clarke E M, Grumberg O, Jha S, Lu Y, Veith H. Counterexample-guided abstraction refinement. In Proc. the 12th Int. Conf. Computer Aided Verification, July 2000, pp.154-169.

  28. Podelski A, Wies T. Counterexample-guided focus. In Proc. the 27th ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, Jan. 2010, pp.249-260.

  29. Madhusudan P, Qiu X K, Stefanescu A. Recursive proofs for inductive tree data-structures. In Proc. the 39th ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, Jan. 2012, pp.123-135.

  30. Calcagno C, Distefano D, O’Hearn P W, Yang H. Compositional shape analysis by means of bi-abduction. In Proc. the 36th ACM SIGPLAN-SIGACT Symp. Principles of Programming Languages, Jan. 2009, pp.289-300.

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, University of Science and Technology of China, Hefei, 230027, China

    Zhao-Peng Li, Yu Zhang & Yi-Yun Chen

  2. Software Security Laboratory, Suzhou Institute for Advanced Study, University of Science and Technology of China, Suzhou, 215123, China

    Zhao-Peng Li, Yu Zhang & Yi-Yun Chen

Authors
  1. Zhao-Peng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yi-Yun Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yu Zhang.

Additional information

This research was supported by the National Natural Science Foundation of China under Grant Nos. 61003043, 61170018, the National High Technology Research and Development 863 Program of China under Grant No. 2012AA010901-2, and the Postdoctoral Science Foundation of China under Grant No. 2012M521250.

Electronic supplementary material

Below is the link to the electronic supplementary material.

ESM 1

(DOC 28 kb)

Rights and permissions

Reprints and permissions

About this article

Cite this article

Li, ZP., Zhang, Y. & Chen, YY. A Shape Graph Logic and A Shape System. J. Comput. Sci. Technol. 28, 1063–1084 (2013). https://doi.org/10.1007/s11390-013-1398-1

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-013-1398-1

Keywords