Open AccessSimulating Reachability Using First-Order Logic with Applications to Verification of Linked Data Structures
Author(s) -
Tal Lev-Ami,
Neil Immerman,
Thomas Reps,
Mooly Sagiv,
Saurabh Srivastava,
G. Yorsh
Publication year - 2005
Publication title -
lecture notes in computer science
Language(s) - English
Resource type - Book series
SCImago Journal Rank - 0.249
H-Index - 400
eISSN - 1611-3349
pISSN - 0302-9743
DOI - 10.1007/11532231_8
Subject(s) - reachability , computer science , pointer (user interface) , programmer , programming language , garbage collection , reachability problem , java , model checking , data structure , automated theorem proving , set (abstract data type) , formal verification , theoretical computer science , algorithm , garbage , artificial intelligence
This paper shows how to harness existing theorem provers for first-orderlogic to automatically verify safety properties of imperative programs thatperform dynamic storage allocation and destructive updating of pointer-valuedstructure fields. One of the main obstacles is specifying and proving the(absence) of reachability properties among dynamically allocated cells. The main technical contributions are methods for simulating reachability in aconservative way using first-order formulas--the formulas describe a supersetof the set of program states that would be specified if one had a precise wayto express reachability. These methods are employed for semi-automatic programverification (i.e., using programmer-supplied loop invariants) on programs suchas mark-and-sweep garbage collection and destructive reversal of a singlylinked list. (The mark-and-sweep example has been previously reported as beingbeyond the capabilities of ESC/Java.)
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom