skip to main content
10.1145/1111037.1111048acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
Article

Verifying properties of well-founded linked lists

Published: 11 January 2006 Publication History

Abstract

We describe a novel method for verifying programs that manipulate linked lists, based on two new predicates that characterize reachability of heap cells. These predicates allow reasoning about both acyclic and cyclic lists uniformly with equal ease. The crucial insight behind our approach is that a circular list invariably contains a distinguished head cell that provides a handle on the list. This observation suggests a programming methodology that requires the heap of the program at each step to be well-founded, i.e., for any field f in the program, every sequence u.f, u.f.f,... contains at least one head cell. We believe that our methodology captures the most common idiom of programming with linked data structures. We enforce our methodology by automatically instrumenting the program with updates to two auxiliary variables representing these predicates and adding assertions in terms of these auxiliary variables.To prove program properties and the instrumented assertions, we provide a first-order axiomatization of our two predicates. We also introduce a novel induction principle made possible by the well-foundedness of the heap. We use our induction principle to derive from two basic axioms a small set of additional first-order axioms that are useful for proving the correctness of several programs.We have implemented our method in a tool and used it to verify the correctness of a variety of nontrivial programs manipulating both acyclic and cyclic singly-linked lists and doubly-linked lists. We also demonstrate the use of indexed predicate abstraction to automatically synthesize loop invariants for these examples.

References

[1]
T. Andrews, S. Qadeer, S. K. Rajamani, J. Rehof, and Y. Xie. Zing: Exploiting program structure for model checking concurrent software. In CONCUR 04: 15th International Conference on Concurrency Theory, volume 3170 of LNCS, pages 1--15. Springer-Verlag, 2004.]]
[2]
I. Balaban, A. Pnueli, and L. D. Zuck. Shape analysis by predicate abstraction. In VMCAI 05: Verification, Model checking, and Abstract Interpretation, volume 3385 of LNCS, pages 164--180. Springer-Verlag, 2005.]]
[3]
T. Ball, R. Majumdar, T. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In PLDI 01: Programming Language Design and Implementation, pages 203--213, 2001.]]
[4]
C. Barrett and S. Berezin. CVC Lite: A new implementation of the cooperating validity checker. In Computer Aided Verification (CAV'04), volume 3114 of LNCS, pages 515--518. Springer-Verlag, 2004.]]
[5]
M. Benedikt, Thomas W. Reps, and S. Sagiv. A decidable logic for describing linked data structures. In ESOP 99: European Symposium on Programming, volume 1576 of LNCS, pages 2--19. Springer-Verlag, 1999.]]
[6]
J. Berdine, C. Calcagno, and P. W. O'Hearn. A decidable fragment of separation logic. In FSTTCS 04: Foundations of Software Technology and Theoretical Computer Science, volume 3328 of LNCS, pages 97--109. Springer-Verlag, 2004.]]
[7]
R. E. Bryant, S. K. Lahiri, and S. A. Seshia. Modeling and verifying systems using a logic of counter arithmetic with lambda expressions and uninterpreted functions. In Computer-Aided Verification (CAV'02), volume 2404 of LNCS, pages 78--92, July 2002.]]
[8]
D. Dams and K. S. Namjoshi. Shape analysis through predicate abstraction and model checking. In VMCAI 03: Verification, Model checking, and Abstract Interpretation, volume 2575 of LNCS, pages 310--324. Springer-Verlag, 2003.]]
[9]
D. L. Detlefs, G. Nelson, and J. B. Saxe. Simplify: A theorem prover for program checking. Technical report, HPL-2003-148, 2003.]]
[10]
E.W. Dijkstra. A Discipline of Programming. Prentice-Hall, 1976.]]
[11]
G. Dong and J. Su. Incremental and decremental evaluation of transitive closure by first-order queries. Information and Computation, 120(1):101--106, 1995.]]
[12]
C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In PLDI 02: Programming Language Design and Implementation, pages 234--245. ACM Press, 2002.]]
[13]
C. Flanagan and S. Qadeer. Predicate abstraction for software verification. In POPL 02: Principles of Programming Languages, pages 191--202. ACM Press, 2002.]]
[14]
R. Ghiya and L. J. Hendren. Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C. In POPL 96: Principles of Programming Languages, pages 1--15. ACM Press, 1996.]]
[15]
S. Graf and H. Saïdi. Construction of abstract state graphs with PVS. In Computer-Aided Verification (CAV '97), volume 1254 of LNCS, pages 72--83. Springer-Verlag, June 1997.]]
[16]
B. Hackett and R. Rugina. Region-based shape analysis with tracked locations. In POPL 05: Principles of Programming Languages, pages 310--323. ACM Press, 2005.]]
[17]
T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In POPL 02: Principles of Programming Languages, pages 58--70. ACM Press, 2002.]]
[18]
N. Immerman, A. M. Rabinovich, T. W. Reps, S. Sagiv, and G. Yorsh. The boundary between decidability and undecidability for transitive-closure logics. In CSL 04: Computer Science Logic, volume 3210 of LNCS, pages 160--174. Springer-Verlag, 2004.]]
[19]
S. S. Ishtiaq and P. W. O'Hearn. BI as an assertion language for mutable data structures. In POPL 01: Principles of Programming Languages, pages 14--26. ACM Press, 2001.]]
[20]
N. Klarlund and M. I. Schwartzbach. Graph types. In POPL 93: Principles of Programming Languages, pages 196--205. ACM Press, 1993.]]
[21]
S. K. Lahiri and R. E. Bryant. Constructing quantified invariants via predicate abstraction. In VMCAI 04: Verification, Model Checking and Abstract Interpretation, volume 2937 of LNCS, pages 267--281. Springer-Verlag, 2004.]]
[22]
S. K. Lahiri and R. E. Bryant. Indexed predicate discovery for unbounded system verification. In Computer Aided Verification (CAV'04), volume 3114 of LNCS, pages 135--147. Springer-Verlag, 2004.]]
[23]
S. K. Lahiri and S. Qadeer. Verifying properties of well-founded linked lists. Technical Report MSR-TR-2005-97, Microsoft Research, 2005.]]
[24]
T. Lev-Ami, N. Immerman, T. W. Reps, S. Sagiv, S. Srivastava, and G. Yorsh. Simulating reachability using first-order logic with applications to verification of linked data structures. In CADE 05: Conference on Automated Deduction, volume 3632 of LNCS, pages 99--115. Springer-Verlag, 2005.]]
[25]
T. Lev-Ami and S. Sagiv. TVLA: A system for implementing static analyses. In SAS 00: Static Analysis Symposium, volume 1824 of LNCS, pages 280--301. Springer-Verlag, 2000.]]
[26]
R. Manevich, E. Yahav, G. Ramalingam, and M. Sagiv. Predicate abstraction and canonical abstraction for singly-linked lists. In VMCAI 05: Verification, Model Checking and Abstract Interpretation, volume 3148 of LNCS, pages 181--198. Springer-Verlag, 2005.]]
[27]
S. McPeak and G. C. Necula. Data structure specifications via local equality axioms. In Computer-Aided Verification (CAV '05), volume 3576 of LNCS, pages 476--490. Springer-Verlag, 2005.]]
[28]
A. Møller and M. I. Schwartzbach. The pointer assertion logic engine. In PLDI 01: Programming Language Design and Implementation, pages 221--231, 2001.]]
[29]
M. Moskewicz, C. Madigan, Y. Zhao, L. Zhang, and S. Malik. Chaff: Engineering an efficient SAT solver. In 38th Design Automation Conference (DAC '01), 2001.]]
[30]
G. Nelson and D. C. Oppen. Simplification by cooperating decision procedures. ACM Transactions on Programming Languages and Systems (TOPLAS), 2(1):245--257, 1979.]]
[31]
G. Nelson and F. F. Yao. Solving reachability constraints for linear lists, 1982. Unpublished manuscript.]]
[32]
G. Nelson. Verifying reachability invariants of linked structures. In POPL 83: Principles of Programming Languages, pages 38--47. ACM Press, 1983.]]
[33]
P. W. O'Hearn, J. C. Reynolds, and H. Yang. Local reasoning about programs that alter data structures. In CSL 01: 15th International Workshop on Computer Science Logic, volume 2142 of LNCS, pages 1--19. Springer-Verlag, 2001.]]
[34]
P. W. O'Hearn, H. Yang, and J. C. Reynolds. Separation and information hiding. In POPL 04: Principles of Programming Languages, pages 268--280. ACM Press, 2004.]]
[35]
S. Ranise and C. Zarba. A decidable logic for pointer programs manipulating linked lists, 2004. Unpublished manuscript.]]
[36]
T. Reps, M. Sagiv, and A. Loginov. Finite differencing of logical formulas for static analysis. In ESOP 03: European Symposium on Programming, volume 2618 of LNCS, pages 380--398. Springer-Verlag, 2003.]]
[37]
J. C. Reynolds. Separation logic: A logic for shared mutable data structures. In LICS 02: Logic in Computer Science, pages 55--74. IEEE Computer Society Press, 2002.]]
[38]
R. Wilhelm S. Sagiv, T. W. Reps. Solving shape-analysis problems in languages with destructive updating. ACM Transactions on Programming Languages and Systems (TOPLAS), 20(1):1--50, 1998.]]
[39]
M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. In POPL 99: Principles of Programming Languages, pages 105--118. ACM Press, 1999.]]

Cited By

View all
  • (2025)Axe ’Em: Eliminating Spurious States with Induction AxiomsProceedings of the ACM on Programming Languages10.1145/37048539:POPL(479-508)Online publication date: 9-Jan-2025
  • (2022)Verifying OpenJDK’s LinkedList using KeY (extended paper)International Journal on Software Tools for Technology Transfer10.1007/s10009-022-00679-724:5(783-802)Online publication date: 17-Oct-2022
  • (2017)Property-Directed Inference of Universal Invariants or Proving Their AbsenceJournal of the ACM10.1145/302218764:1(1-33)Online publication date: 29-Mar-2017
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
POPL '06: Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
January 2006
432 pages
ISBN:1595930272
DOI:10.1145/1111037
  • cover image ACM SIGPLAN Notices
    ACM SIGPLAN Notices  Volume 41, Issue 1
    Proceedings of the 2006 POPL Conference
    January 2006
    421 pages
    ISSN:0362-1340
    EISSN:1558-1160
    DOI:10.1145/1111320
    Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 January 2006

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. automated theorem proving
  2. decision procedure
  3. first-order axiomatization
  4. heap abstraction
  5. well-founded linked lists

Qualifiers

  • Article

Conference

POPL06

Acceptance Rates

Overall Acceptance Rate 824 of 4,130 submissions, 20%

Upcoming Conference

POPL '26

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)16
  • Downloads (Last 6 weeks)2
Reflects downloads up to 17 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Axe ’Em: Eliminating Spurious States with Induction AxiomsProceedings of the ACM on Programming Languages10.1145/37048539:POPL(479-508)Online publication date: 9-Jan-2025
  • (2022)Verifying OpenJDK’s LinkedList using KeY (extended paper)International Journal on Software Tools for Technology Transfer10.1007/s10009-022-00679-724:5(783-802)Online publication date: 17-Oct-2022
  • (2017)Property-Directed Inference of Universal Invariants or Proving Their AbsenceJournal of the ACM10.1145/302218764:1(1-33)Online publication date: 29-Mar-2017
  • (2017)Bounded Quantifier Instantiation for Checking Inductive InvariantsProceedings, Part I, of the 23rd International Conference on Tools and Algorithms for the Construction and Analysis of Systems - Volume 1020510.1007/978-3-662-54577-5_5(76-95)Online publication date: 22-Apr-2017
  • (2017)From Shapes to Amortized ComplexityVerification, Model Checking, and Abstract Interpretation10.1007/978-3-319-73721-8_10(205-225)Online publication date: 29-Dec-2017
  • (2016)Semantics-based program verifiers for all languagesACM SIGPLAN Notices10.1145/3022671.298402751:10(74-91)Online publication date: 19-Oct-2016
  • (2016)Semantics-based program verifiers for all languagesProceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications10.1145/2983990.2984027(74-91)Online publication date: 19-Oct-2016
  • (2015)Automatic induction proofs of data-structures in imperative programsACM SIGPLAN Notices10.1145/2813885.273798450:6(457-466)Online publication date: 3-Jun-2015
  • (2015)Automatic induction proofs of data-structures in imperative programsProceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/2737924.2737984(457-466)Online publication date: 3-Jun-2015
  • (2014)JKelloyProceedings of the 6th International Symposium on NASA Formal Methods - Volume 843010.1007/978-3-319-06200-6_13(173-187)Online publication date: 29-Apr-2014
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media