skip to main content
research-article

Full functional verification of linked data structures

Published:07 June 2008Publication History
Skip Abstract Section

Abstract

We present the first verification of full functional correctness for a range of linked data structure implementations, including mutable lists, trees, graphs, and hash tables. Specifically, we present the use of the Jahob verification system to verify formal specifications, written in classical higher-order logic, that completely capture the desired behavior of the Java data structure implementations (with the exception of properties involving execution time and/or memory consumption). Given that the desired correctness properties include intractable constructs such as quantifiers, transitive closure, and lambda abstraction, it is a challenge to successfully prove the generated verification conditions.

Our Jahob verification system uses integrated reasoning to split each verification condition into a conjunction of simpler subformulas, then apply a diverse collection of specialized decision procedures, first-order theorem provers, and, in the worst case, interactive theorem provers to prove each subformula. Techniques such as replacing complex subformulas with stronger but simpler alternatives, exploiting structure inherently present in the verification conditions, and, when necessary, inserting verified lemmas and proof hints into the imperative source code make it possible to seamlessly integrate all of the specialized decision procedures and theorem provers into a single powerful integrated reasoning system. By appropriately applying multiple proof techniques to discharge different subformulas, this reasoning system can effectively prove the complex and challenging verification conditions that arise in this context.

References

  1. The Jahob project web page. http://javaverification.org. last accessed: March 2008.]]Google ScholarGoogle Scholar
  2. Verisoft project. http://www.verisoft.de, Last accessed March 2008.]]Google ScholarGoogle Scholar
  3. W. Ahrendt, T. Baar, B. Beckert, R. Bubel, M. Giese, R. Hähnle, W. Menzel, W. Mostowski, A. Roth, S. Schlager, and P. H. Schmitt. The KeY tool. Software and System Modeling, 4:32--54, 2005.]]Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. K. Arkoudas, K. Zee, V. Kuncak, and M. Rinard. Verifying a file system implementation. In ICFEM, volume 3308 of LNCS, 2004.]]Google ScholarGoogle Scholar
  5. D. Aspinall. Proof general: A generic tool for proof development. In TACAS, 2000.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. T. Ball, R. Majumdar, T. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In Proc. ACM PLDI, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. M. Balser,W. Reif, G. Schellhorn, K. Stenzel, and A. Thums. Formal system development with KIV. In FASE, number 1783 in LNCS, 2000.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. M. Barnett, R. DeLine, M. F¨ahndrich, K. R. M. Leino, and W. Schulte. Verification of object-oriented programs with invariants. Journal of Object Technology, 3(6):27--56, 2004.]]Google ScholarGoogle ScholarCross RefCross Ref
  9. D. Basin and S. Friedrich. Combining WS1S and HOL. In Frontiers of Combining Systems 2, 2000.]]Google ScholarGoogle Scholar
  10. J. Berdine, C. Calcagno, and P. W. O?Hearn. Smallfoot: Modular automatic assertion checking with separation logic. In FMCO, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Y. Bertot and P. Castéran. Interactive Theorem Proving and Program Development?Coq?Art: The Calculus of Inductive Constructions. Springer, 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. D. Beyer, T. A. Henzinger, and G. Th´eoduloz. Lazy shape analysis. In CAV, 2006.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. A. Bouali, S. Gnesi, and S. Larosa. The integration project for the JACK environment. Bulletin of the EATCS, (54):207--223, 1994.]]Google ScholarGoogle Scholar
  14. C. Bouillaguet, V. Kuncak, T. Wies, K. Zee, and M. Rinard. Using first-order theorem provers in a data structure verification system. In VMCAI?07, November 2007.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. C. Boyapati, S. Khurshid, and D. Marinov. Korat: Automated testing based on Java predicates. In ISSTA, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. R. S. Boyer and J. S. Moore. Integrating decision procedures into heuristic theorem provers: A case study of linear arithmetic. In Machine Intelligence, volume 11, pages 83--124. OUP, 1988.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. P. Chalin, C. Hurlin, and J. Kiniry. Integrating static checking and interactive verification: Supporting multiple theories and provers in verification. In VSTTE, 2005.]]Google ScholarGoogle Scholar
  18. S. Chong and R. Rugina. Static analysis of accessed regions in recursive data structures. In Proc. 10th SAS, volume 2694 of LNCS. Springer, 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. L. de Moura and N. Bjørner. Efficient E-matching for SMT solvers. In CADE, 2007.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. G. Dennis, F. Chang, and D. Jackson. Modular verification of code with SAT. In ISSTA, 2006.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. D. L. Detlefs, K. R. M. Leino, G. Nelson, and J. B. Saxe. Extended static checking. Technical Report 159, COMPAQ Systems Research Center, 1998.]]Google ScholarGoogle Scholar
  22. J. Dunfield. A Unified System of Type Refinements. PhD thesis, Carnegie Mellon University, 2007. CMU-CS-07-129.]]Google ScholarGoogle Scholar
  23. J.-C. Filliatre. Verification of non-functional programs using interpretations in type theory. Journal of Functional Programming, 13(4):709--745, 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. C. Flanagan, K. R. M. Leino, M. Lilibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended Static Checking for Java. In ACM Conf. Programming Language Design and Implementation (PLDI), 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. C. Flanagan and J. B. Saxe. Avoiding exponential explosion: Generating compact verification conditions. In Proc. 28th ACM POPL, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Y. Ge, C. Barrett, and C. Tinelli. Solving quantified verification conditions using satisfiability modulo theories. In CADE, 2007.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. M. J. C. Gordon and T. F. Melham. Introduction to HOL, a theorem proving environment for higher-order logic. Cambridge University Press, Cambridge, England, 1993.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. B. Guo, N. Vachharajani, and D. I. August. Shape analysis with inductive recursion synthesis. In PLDI, 2007.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. D. Haneberg, G. Schellhorn, H. Grandy, and W. Reif. Verification of Mondex electronic purses with KIV: from transactions to a security protocol. Formal Asp. Comput., 20(1):41--59, 2008.]] Google ScholarGoogle ScholarCross RefCross Ref
  30. J. Henriksen, J. Jensen, M. Jørgensen, N. Klarlund, B. Paige, T. Rauhe, and A. Sandholm. Mona: Monadic second-order logic in practice. In TACAS, 1995.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. T. A. Henzinger, R. Jhala, R. Majumdar, and K. L. McMillan. Abstractions from proofs. In 31st POPL, 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. M. Hirzel, A. Diwan, and M. Hind. Pointer analysis in the presence of dynamic class loading. In ECOOP, 2004.]]Google ScholarGoogle ScholarCross RefCross Ref
  33. M. Huisman. Java program verification in higher order logic with PVS and Isabelle. PhD thesis, University of Nijmegen, 2001.]]Google ScholarGoogle Scholar
  34. M. Huisman, B. Jacobs, and J. van den Berg. A case study in class library verification: Java?s vector class. STTT, 3(3):332--352, 2001.]]Google ScholarGoogle ScholarCross RefCross Ref
  35. J. Hurd. An LCF-style interface between HOL and first-order logic. In CADE-18, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. N. Immerman, A. M. Rabinovich, T.W. Reps, S. Sagiv, and G. Yorsh. The boundary between decidability and undecidability for transitiveclosure logics. In Computer Science Logic (CSL), pages 160--174, 2004.]]Google ScholarGoogle ScholarCross RefCross Ref
  37. N. Immerman, A. M. Rabinovich, T.W. Reps, S. Sagiv, and G. Yorsh. Verification via structure simulation. In CAV, pages 281--294, 2004.]]Google ScholarGoogle Scholar
  38. S. Khurshid and D. Marinov. TestEra: Specification-based testing of Java programs using SAT. Autom. Softw. Eng., 11(4):403--434, 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. V. Kuncak. Binary search trees. The Archive of Formal Proofs, http://afp.sourceforge.net/, April 2004.]]Google ScholarGoogle Scholar
  40. V. Kuncak. Modular Data Structure Verification. PhD thesis, EECS Department, Massachusetts Institute of Technology, February 2007.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. V. Kuncak, P. Lam, and M. Rinard. Role analysis. In Annual ACM Symp. on Principles of Programming Languages (POPL), 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. V. Kuncak, P. Lam, K. Zee, and M. Rinard. Modular pluggable analyses for data structure consistency. IEEE Transactions on Software Engineering, 32(12), December 2006.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. V. Kuncak, H. H. Nguyen, and M. Rinard. An algorithm for deciding BAPA: Boolean Algebra with Presburger Arithmetic. In CADE-20, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. V. Kuncak, H. H. Nguyen, and M. Rinard. Deciding Boolean Algebra with Presburger Arithmetic. J. of Automated Reasoning, 2006. http://dx.doi.org/10.1007/s10817-006-9042-1.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. V. Kuncak and M. Rinard. Existential heap abstraction entailment is undecidable. In SAS, 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. V. Kuncak and M. Rinard. Towards efficient satisfiability checking for Boolean Algebra with Presburger Arithmetic. In CADE-21, 2007.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. S. Lahiri and S. Qadeer. Back to the future: revisiting precise program verification using smt solvers. In POPL, 2008.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. S. K. Lahiri and S. Qadeer. Verifying properties of well-founded linked lists. In POPL, 2006.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. P. Lam. The Hob System for Verifying Software Design Properties. PhD thesis, Massachusetts Institute of Technology, February 2007.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. O. Lee, H. Yang, and K. Yi. Automatic verification of pointer programs using grammar-based shape analysis. In ESOP, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. T. Lev-Ami, N. Immerman, T. Reps, M. Sagiv, S. Srivastava, and G. Yorsh. Simulating reachability using first-order logic with applications to verification of linked data structures. In CADE-20, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. T. Lev-Ami, T. Reps, M. Sagiv, and R. Wilhelm. Putting static analysis to work for verification: A case study. In Int. Symp. Software Testing and Analysis, 2000.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. C. Marché, C. Paulin-Mohring, and X. Urbain. The Krakatoa tool for certification of JAVA/JAVACARD programs annotated in JML. Journal of Logic and Algebraic Programming, 2003.]]Google ScholarGoogle Scholar
  54. S. McLaughlin, C. Barrett, and Y. Ge. Cooperating theorem provers: A case study combining HOL-Light and CVC Lite. In PDPAR, volume 144(2) of ENTCS, pages 43--51, Jan. 2006.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. S. McPeak and G. C. Necula. Data structure specifications via local equality axioms. In CAV, pages 476--490, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. F. Mehta and T. Nipkow. Proving pointer programs in higher-order logic. In CADE-19, 2003.]]Google ScholarGoogle ScholarCross RefCross Ref
  57. J. Meng and L. C. Paulson. Translating higher-order problems to first-order clauses. In ESCoR: Empir. Successful Comp. Reasoning, pages 70--80, 2006.]]Google ScholarGoogle Scholar
  58. A. Møller and M. I. Schwartzbach. The Pointer Assertion Logic Engine. In Programming Language Design and Implementation, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. C. Morgan. Programming from Specifications (2nd ed.). Prentice-Hall, Inc., 1994.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. G. Nelson. Techniques for program verification. Technical report, XEROX Palo Alto Research Center, 1981.]]Google ScholarGoogle Scholar
  61. G. Nelson. Verifying reachability invariants of linked structures. In POPL, 1983.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. H. H. Nguyen, C. David, S. Qin, and W.-N. Chin. Automated verification of shape, size and bag properties via separation logic. In VMCAI, 2007.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. T. Nipkow, L. C. Paulson, and M. Wenzel. Isabelle/HOL: A Proof Assistant for Higher-Order Logic, volume 2283 of LNCS. Springer-Verlag, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. T. Nipkow and C. Pusch. AVL trees. The Archive of Formal Proofs, http://afp.sourceforge.net/, March 2004.]]Google ScholarGoogle Scholar
  65. S. Owre, J. M. Rushby, and N. Shankar. PVS: A prototype verification system. In D. Kapur, editor, 11th CADE, volume 607 of LNAI, pages 748--752, jun 1992.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. A. Podelski and T. Wies. Boolean heaps. In Proc. Int. Static Analysis Symposium, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. S. Ranise and C. Tinelli. The SMT-LIB Standard: Version 1.2. Technical report, Department of Computer Science, The University of Iowa, 2006. Available at www.SMT-LIB.org.]]Google ScholarGoogle Scholar
  68. J. Reineke. Shape analysis of sets. Master?s thesis, Universität des Saarlandes, Germany, June 2005.]]Google ScholarGoogle Scholar
  69. M. Rinard and P. Diniz. Commutativity analysis: A new analysis technique for parallelizing compilers. TOPLAS, 19(6), Nov. 1997.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. Robby, E. Rodríguez, M. B. Dwyer, and J. Hatcliff. Checking JML specifications using an extensible software model checking framework. STTT, 8(3), 2006.]]Google ScholarGoogle Scholar
  71. A. Roth. Deduktiver Softwareentwurf am Beispiel des Java Collections Frameworks. Diplomarbeit, Fakultät für Informatik, Universität Karlsruhe, June 2002.]]Google ScholarGoogle Scholar
  72. R. Rugina and M. C. Rinard. Pointer analysis for structured parallel programs. ACM Trans. Program. Lang. Syst., 25(1), 2003.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  73. R. Rugina and M. C. Rinard. Symbolic bounds analysis of pointers, array indices, and accessed memory regions. ACM Trans. Program. Lang. Syst., 27(2), 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  74. M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. ACM TOPLAS, 24(3):217--298, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  75. A. Salcianu and M. Rinard. Pointer and escape analysis for multithreaded programs. In PPoPP, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  76. S. Schulz. E ? A Brainiac Theorem Prover. Journal of AI Communications, 15(2/3):111--126, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  77. K. Sen, D. Marinov, and G. Agha. Cute: a concolic unit testing engine for c. In ESEC/SIGSOFT FSE, pages 263--272, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  78. A. Sobeih, V. Mahesh, D. Marinov, and J. Hou. J-Sim: An integrated environment for simulation and model checking of network protocols. In IPDPS, 2007.]]Google ScholarGoogle ScholarCross RefCross Ref
  79. S. Stepney, D. Cooper, and J. Woodcock. An electronic purse: Specification, refinement, and proof. Technical monograph PRG-126, Oxford University Computing Laboratory, 2000.]]Google ScholarGoogle Scholar
  80. G. Sutcliffe and C. B. Suttner. The TPTP problem library: CNF release v1.2.1. Journal of Automated Reasoning, 21(2):177--203, 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  81. I. Tonin. Verifying the Mondex case study: The KeY approach. Technical Report 2007-4, Uni. Karlsruhe, July 2007]]Google ScholarGoogle Scholar
  82. J. van der Berg and B. Jacobs. The LOOP compiler for Java and UML. Technical Report CSI-R0019, Computing Science Institute, Univ. of Nijmegen, Dec. 2000.]]Google ScholarGoogle Scholar
  83. F. Vivien and M. Rinard. Incrementalized pointer and escape analysis. In Proc. ACM PLDI, June 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  84. C. Weidenbach. Combining superposition, sorts and splitting. In A. Robinson and A. Voronkov, editors, Handbook of Automated Reasoning, volume II, chapter 27, pages 1965--2013. Elsevier Science, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  85. M. Wenzel. Isabelle/Isar ? a versatile environment for humanreadable formal proof documents. PhD thesis, Technische Universitaet Muenchen, 2002.]]Google ScholarGoogle Scholar
  86. J. Whaley and M. Rinard. Compositional pointer and escape analysis for Java programs. In OOPSLA, Denver, Nov. 1999.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  87. T. Wies, V. Kuncak, P. Lam, A. Podelski, and M. Rinard. Field constraint analysis. In VMCAI, 2006.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  88. T. Wies, V. Kuncak, K. Zee, A. Podelski, and M. Rinard. Verifying complex properties using symbolic shape analysis. In Heap Abstraction and Verification, 2007.]]Google ScholarGoogle Scholar
  89. D. Zhu and H. Xi. Safe programming with pointers through stateful views. In PADL, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Full functional verification of linked data structures

                        Recommendations

                        Comments

                        Login options

                        Check if you have access through your login credentials or your institution to get full access on this article.

                        Sign in

                        Full Access

                        • Published in

                          cover image ACM SIGPLAN Notices
                          ACM SIGPLAN Notices  Volume 43, Issue 6
                          PLDI '08
                          June 2008
                          382 pages
                          ISSN:0362-1340
                          EISSN:1558-1160
                          DOI:10.1145/1379022
                          Issue’s Table of Contents
                          • cover image ACM Conferences
                            PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation
                            June 2008
                            396 pages
                            ISBN:9781595938602
                            DOI:10.1145/1375581
                            • General Chair:
                            • Rajiv Gupta,
                            • Program Chair:
                            • Saman Amarasinghe

                          Copyright © 2008 ACM

                          Publisher

                          Association for Computing Machinery

                          New York, NY, United States

                          Publication History

                          • Published: 7 June 2008

                          Check for updates

                          Qualifiers

                          • research-article

                        PDF Format

                        View or Download as a PDF file.

                        PDF

                        eReader

                        View online with eReader.

                        eReader
                        About Cookies On This Site

                        We use cookies to ensure that we give you the best experience on our website.

                        Learn more

                        Got it!