Verifying Pointer Programs using Graph Grammars Christina Jansen, - - PowerPoint PPT Presentation

verifying pointer programs using graph grammars
SMART_READER_LITE
LIVE PREVIEW

Verifying Pointer Programs using Graph Grammars Christina Jansen, - - PowerPoint PPT Presentation

Aug 18, 2023 218 likes •551 views

Verifying Pointer Programs using Graph Grammars Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll Overview The Abstract Execution Approach Juggrnaut Abstract State Space Pointer-Program 1 1 l r l r completeness

slide-1
SLIDE 1

Verifying Pointer Programs using Graph Grammars

Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll

slide-2
SLIDE 2

Overview The Abstract Execution Approach

1 r l 1 r l B 1

Pointer-Program Graph Grammar Juggrnaut Abstract State Space

LTL

Model Checker

Yes or No

Specification

◮ completeness

∀x : F(x = cur)

◮ termination 2 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-3
SLIDE 3

The Concrete State Space Heap Modelling & Operational Semantics

Linked List Reversal

while (pos != null){ tmp = pos.next; pos.next = pos.prev; pos.prev = tmp; pos = pos.prev;} Heap Representation: Doubly-Linked List

  • • •

head tail pos tmp 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤

tmp := pos.next;

3 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-4
SLIDE 4

The Concrete State Space Heap Modelling & Operational Semantics

Linked List Reversal

while (pos != null){ tmp = pos.next; pos.next = pos.prev; pos.prev = tmp; pos = pos.prev;} Heap Representation: Doubly-Linked List

  • • •

head tail pos tmp 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤

tmp := pos.next;

3 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-5
SLIDE 5

The Concrete State Space Heap Modelling & Operational Semantics

Linked List Reversal

while (pos != null){ tmp = pos.next; pos.next = pos.prev; pos.prev = tmp; pos = pos.prev;} Heap Representation: Doubly-Linked List

  • • •

head tail pos tmp 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤

tmp := pos.next;

3 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-6
SLIDE 6

The Concrete State Space Heap Modelling & Operational Semantics

Linked List Reversal

while (pos != null){ tmp = pos.next; pos.next = pos.prev; pos.prev = tmp; pos = pos.prev;} Heap Representation: Doubly-Linked List

  • • •

head tail pos tmp 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤

tmp := pos.next;

3 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-7
SLIDE 7

The Abstract State Space Data Abstraction Heap Representation

next prev next prev next prev head tail head tail

  • • •

𝑀 1 1 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 1 21 2 1 2 1 2 1 2 1 2 1 2

  • placeholders: nonterminal (labelled) edges of rank 𝑜
  • variables: edges of rank 1
  • pointers: terminal (labelled) edges of rank 2

4 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-8
SLIDE 8

The Abstract State Space Data Abstraction Heap Representation : Hypergraph

next prev next prev next prev head tail head tail

  • • •

𝑀 1 1 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 1 21 2 1 2 1 2 1 2 1 2 1 2

  • placeholders: nonterminal (labelled) edges of rank 𝑜
  • variables: edges of rank 1
  • pointers: terminal (labelled) edges of rank 2

4 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-9
SLIDE 9

The Abstract State Space Data Abstraction Heap Representation : Hypergraph

next prev next prev next prev head tail head tail

  • • •

𝑀 1 1 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 1 21 2 1 2 1 2 1 2 1 2 1 2

  • placeholders: nonterminal (labelled) edges of rank 𝑜
  • variables: edges of rank 1
  • pointers: terminal (labelled) edges of rank 2

4 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-10
SLIDE 10

The Abstract State Space Data Abstraction Heap Representation : Hypergraph

next prev next prev next prev head tail head tail

  • • •

𝑀 1 1 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 𝑜𝑓𝑦𝑢 𝑞𝑠𝑓𝑤 1 21 2 1 2 1 2 1 2 1 2 1 2

  • placeholders: nonterminal (labelled) edges of rank 𝑜
  • variables: edges of rank 1
  • pointers: terminal (labelled) edges of rank 2

Specify Placeholder: Hyperedge Replacement Grammar 𝑀 →

1 2 𝑜 𝑞 1 𝑀 2 𝑜 𝑞 1 2

4 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-11
SLIDE 11

The Abstract State Space Abstract Execution tmp := pos.next;

𝑀 𝑜 𝑞 𝑞 1 2 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 concr. concr. 𝑀 𝑜 𝑞 𝑞 𝑜 𝑞 1 2 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 𝑜 𝑞 𝑞 𝑜 𝑞 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 abstr. abstr. 𝑀 𝑀 𝑞 𝑞 𝑜 𝑞 1 2 1 2 𝑞𝑝𝑡 𝑜 𝑢𝑛𝑞 𝑀 𝑞 𝑞 𝑜 𝑞 𝑞𝑝𝑡 𝑜 𝑢𝑛𝑞 1 2 𝑞𝑝𝑡

Concretise whenever necessary; abstract whenever possible.

5 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-12
SLIDE 12

The Abstract State Space Abstract Execution tmp := pos.next;

𝑀 𝑜 𝑞 𝑞 1 2 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 concr. concr. 𝑀 𝑜 𝑞 𝑞 𝑜 𝑞 1 2 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 𝑜 𝑞 𝑞 𝑜 𝑞 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 abstr. abstr. 𝑀 𝑀 𝑞 𝑞 𝑜 𝑞 1 2 1 2 𝑞𝑝𝑡 𝑜 𝑢𝑛𝑞 𝑀 𝑞 𝑞 𝑜 𝑞 𝑞𝑝𝑡 𝑜 𝑢𝑛𝑞 1 2 𝑞𝑝𝑡

Reminder: Linked Lists HRG 𝑀 →

1 2 𝑜 𝑞 1 𝑀 2 𝑜 𝑞 1 2

Concretise whenever necessary; abstract whenever possible.

5 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-13
SLIDE 13

The Abstract State Space Abstract Execution tmp := pos.next;

𝑀 𝑜 𝑞 𝑞 1 2 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 concr. concr. 𝑀 𝑜 𝑞 𝑞 𝑜 𝑞 1 2 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 𝑜 𝑞 𝑞 𝑜 𝑞 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 abstr. abstr. 𝑀 𝑀 𝑞 𝑞 𝑜 𝑞 1 2 1 2 𝑞𝑝𝑡 𝑜 𝑢𝑛𝑞 𝑀 𝑞 𝑞 𝑜 𝑞 𝑞𝑝𝑡 𝑜 𝑢𝑛𝑞 1 2 𝑞𝑝𝑡

Reminder: Linked Lists HRG 𝑀 →

1 2 𝑜 𝑞 1 𝑀 2 𝑜 𝑞 1 2

Concretise whenever necessary; abstract whenever possible.

5 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-14
SLIDE 14

The Abstract State Space Abstract Execution tmp := pos.next;

𝑀 𝑜 𝑞 𝑞 1 2 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 concr. concr. 𝑀 𝑜 𝑞 𝑞 𝑜 𝑞 1 2 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 𝑜 𝑞 𝑞 𝑜 𝑞 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 abstr. abstr. 𝑀 𝑀 𝑞 𝑞 𝑜 𝑞 1 2 1 2 𝑞𝑝𝑡 𝑜 𝑢𝑛𝑞 𝑀 𝑞 𝑞 𝑜 𝑞 𝑞𝑝𝑡 𝑜 𝑢𝑛𝑞 1 2 𝑞𝑝𝑡

Reminder: Linked Lists HRG 𝑀 →

1 2 𝑜 𝑞 1 𝑀 2 𝑜 𝑞 1 2

Concretise whenever necessary; abstract whenever possible.

5 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-15
SLIDE 15

The Abstract State Space Abstract Execution tmp := pos.next;

𝑀 𝑜 𝑞 𝑞 1 2 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 concr. concr. 𝑀 𝑜 𝑞 𝑞 𝑜 𝑞 1 2 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 𝑜 𝑞 𝑞 𝑜 𝑞 𝑞𝑝𝑡 𝑜 𝑞 𝑢𝑛𝑞 abstr. abstr. 𝑀 𝑀 𝑞 𝑞 𝑜 𝑞 1 2 1 2 𝑞𝑝𝑡 𝑜 𝑢𝑛𝑞 𝑀 𝑞 𝑞 𝑜 𝑞 𝑞𝑝𝑡 𝑜 𝑢𝑛𝑞 1 2 𝑞𝑝𝑡

Reminder: Linked Lists HRG 𝑀 →

1 2 𝑜 𝑞 1 𝑀 2 𝑜 𝑞 1 2

Concretise whenever necessary; abstract whenever possible.

5 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-16
SLIDE 16

The Abstract State Space Concretisation: Always possible? Example 𝑀 →

1 2 𝑜 𝑞 1 𝑀 2 𝑜 𝑞 1 2 1 𝑀 2 𝑜 𝑞 1 2

Example (tmp := pos.prev;)

𝑀 𝑜 𝑞 1 2 𝑞𝑝𝑡 𝑜 𝑞 𝑞 𝑜 𝑞𝑝𝑡 𝑀 𝑜 𝑞 𝑜 𝑞 1 2 𝑞𝑝𝑡

6 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-17
SLIDE 17

The Abstract State Space Concretisation: Always possible? Example 𝑀 →

1 2 𝑜 𝑞 1 𝑀 2 𝑜 𝑞 1 2 1 𝑀 2 𝑜 𝑞 1 2

Example (tmp := pos.prev;)

𝑀 𝑜 𝑞 1 2 𝑞𝑝𝑡 𝑜 𝑞 𝑞 𝑜 𝑞𝑝𝑡 𝑀 𝑜 𝑞 𝑜 𝑞 1 2 𝑞𝑝𝑡

6 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-18
SLIDE 18

The Abstract State Space Concretisation: Always possible? Example 𝑀 →

1 2 𝑜 𝑞 1 𝑀 2 𝑜 𝑞 1 2 1 𝑀 2 𝑜 𝑞 1 2

Solution: Heap Abstraction Properties

  • Local Greibach Normal Form
  • Increasingness
  • backward confluence

Theorem For every HRG (describing data structures) an equivalent HRG satisfying the heap abstraction properties (except backward confluence) can be constructed.

6 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-19
SLIDE 19

The Abstract State Space And what about correctness? Theorem The abstract transition relation is an over-approximation of the concrete one. For backward confluent HRGs the abstract transition relation is a precise

  • ver-approximation of the concrete one.
  • l1

l2 m1 m2 vM f f γ α

  • Schematic: Precise Overapproximation

7 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-20
SLIDE 20

The Abstract State Space Analysable Data Structures

  • linked lists
  • trees
  • rooted trees, trees with linked leaves
  • combinations thereof (e.g. list of trees)

HRG: Trees with Linked Leaves

𝑈฀ 𝑀฀ 𝑀฀ l r n 𝑈฀ 𝑀฀ 𝑈 𝐶 𝑀฀ 𝑀 l r n 1 2 3 𝑈฀ 𝑈 𝑀฀ 𝐶 𝑀฀ 𝑀 l r n 1 2 3 𝑈฀ 𝑈 𝑈 𝐶 𝐶 𝑀฀ 𝑀฀ 𝑀 𝑀 l r n 1 2 3 1 2 3

In general: graphs of bounded tree width ⇒ no DAGS, grids of unbounded size, etc.

8 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-21
SLIDE 21

Juggrnaut: Experimental Results Properties

  • (1) null pointer dereferences
  • (2) structure preservation
  • (3) completeness
  • (4) correctness of the algorithm

Method Property Markings Rules States Preprocessing Verification ReverseList (1+2)

  • 3

192 0.202 s 0.028 s ReverseList (3) 𝑦 '' 5,615 0.232 s 0.215 s ReverseList (4) 𝑦, 𝑧 '' 5,107 0.221 s 0.178 s TreeFlatten (1+2)

  • 14

2,887 0.284 s 0.338 s TreeFlatten (3) 𝑦, 𝑧 '' 77,373 0.329 s 1.117 s TreeFlatten (4, preorder) 𝑦, 𝑧, 𝑨 '' 423,525 0.364 s 5.246 s Lindstrom (1)

  • 12

4,520 0.223 s 0.283 s Lindstrom (3 + termination) 𝑦 '' 160,855 0.245 s 1.292 s Lindstrom (4, preservation) 𝑦, 𝑧, 𝑨 '' 983,680 0.245 s 6.291 s

Experimental results.

9 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-22
SLIDE 22

Small Tool Comparison (Victor Lanvin, ENS Cachan) Tools

  • TVLA - Shape Analysis
  • Groove - Graph Transformation
  • Juggrnaut - HRGs
  • jStar - Separation Logic

Algorithms

  • List Reversal
  • Bubble Sort (on lists)
  • Deutsch-Schorr-Waite tree traversal
  • Lindstrom tree traversal

10 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-23
SLIDE 23

Small Tool Comparison (Victor Lanvin, ENS Cachan) Tools

  • TVLA - Shape Analysis
  • Groove - Graph Transformation
  • Juggrnaut - HRGs
  • jStar - Separation Logic

Algorithms

  • List Reversal
  • Bubble Sort (on lists)
  • Deutsch-Schorr-Waite tree traversal
  • Lindstrom tree traversal

TVLA Groove Juggrnaut jStar List Rev. 4/4 3/4 4/4 2/4 Bubble Sort 4/4 3/4 4/4 1/4 DSW 4/4

  • Lindstrom

4/4 3/4 4/4

  • Verified properties.

TVLA Groove Juggrnaut List Rev. 2/2 1/2 2/2 Bubble Sort 3/6 4/6 6/6 Lindstrom 3/3 3/3 3/3

Robustness.

10 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-24
SLIDE 24

Recent Work Translation Separation Logic ↔ HRGs [Dodds08][ICGT14] 𝑀 →

1 2 𝑜 1 𝑀 2 𝑜 1 2

𝜏𝙼(𝑦1,𝑦2) = (𝑦1.𝚘 ↦ 𝑦2) ∨ (∃𝑠 ∶ 𝑦1.𝚘 ↦ 𝑠 ∗ 𝜏𝙼(𝑠,𝑦2)) Heap Abstraction Property Preservation [ICGT14] HRG HAG

11 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-25
SLIDE 25

Recent Work Translation Separation Logic ↔ HRGs [Dodds08][ICGT14] 𝑀 →

1 2 𝑜 1 𝑀 2 𝑜 1 2

𝜏𝙼(𝑦1,𝑦2) = (𝑦1.𝚘 ↦ 𝑦2) ∨ (∃𝑠 ∶ 𝑦1.𝚘 ↦ 𝑠 ∗ 𝜏𝙼(𝑠,𝑦2)) Heap Abstraction Property Preservation [ICGT14] HRG HAG

11 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-26
SLIDE 26

Recent Work Translation Separation Logic ↔ HRGs [Dodds08][ICGT14] 𝑀 →

1 2 𝑜 1 𝑀 2 𝑜 1 2

𝜏𝙼(𝑦1,𝑦2) = (𝑦1.𝚘 ↦ 𝑦2) ∨ (∃𝑠 ∶ 𝑦1.𝚘 ↦ 𝑠 ∗ 𝜏𝙼(𝑠,𝑦2)) Heap Abstraction Property Preservation [ICGT14] HRG HAG SL(F)

translation translation

11 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-27
SLIDE 27

Recent Work Translation Separation Logic ↔ HRGs [Dodds08][ICGT14] 𝑀 →

1 2 𝑜 1 𝑀 2 𝑜 1 2

𝜏𝙼(𝑦1,𝑦2) = (𝑦1.𝚘 ↦ 𝑦2) ∨ (∃𝑠 ∶ 𝑦1.𝚘 ↦ 𝑠 ∗ 𝜏𝙼(𝑠,𝑦2)) Heap Abstraction Property Preservation [ICGT14] HRG HAG SL(F) ?

translation translation

11 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-28
SLIDE 28

Recent Work Translation Separation Logic ↔ HRGs [Dodds08][ICGT14] 𝑀 →

1 2 𝑜 1 𝑀 2 𝑜 1 2

𝜏𝙼(𝑦1,𝑦2) = (𝑦1.𝚘 ↦ 𝑦2) ∨ (∃𝑠 ∶ 𝑦1.𝚘 ↦ 𝑠 ∗ 𝜏𝙼(𝑠,𝑦2)) Heap Abstraction Property Preservation [ICGT14] HRG HAG SL(F) ?

translation translation property preservation property preservation

11 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-29
SLIDE 29

Recent Work Theorem (Language Inclusion) Tree-like grammars (TLGs) feature a decidable inclusion problem and are closed under union, intersection and difference as well as under intersection with general context-free graph languages. [APLAS15] Consequences: Language Inclusion vs. SL Entailment

  • satisfiability & extended entailment problem (whether an arbitrary SL formula

entails an SL(TLG) formula) are decidable

  • SL(TLG) is closed under intersection and difference
  • SL(TLG) strictly more expressive than largest known SL fragment [Iosif13]

Thursday: Thomas Noll

  • Interprocedural analysis [ICGT14]
  • Permission-based analysis

12 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-30
SLIDE 30

Conclusion Summary

  • Analysis of pointer programs
  • HRGs as abstraction mechanism
  • Concretisation and abstraction as reverse
  • perations
  • Tool Juggrnaut

𝑀 1 2 𝑀 𝑜 𝑞 1 2 Concretisation Abstraction

Ongoing & Future Work

  • Parameterised HRGs: value domains, permissions etc.
  • Inference of permission-enriched contracts
  • Heap abstraction beyond HRGs: control mechanisms
  • Relation to other approaches

13 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015

slide-31
SLIDE 31

Conclusion Literature

  • 1. Juggrnaut: Using Graph Grammars for Abstracting Unbounded Heap Structures.

[Heinen, Jansen, Katoen and Noll, FMSD'15]

  • 2. From Hyperedge Replacement to Separation Logic and Back.

[Dodds and Plump, ECEASST '08]

  • 3. Generating Inductive Predicates for Symbolic Execution of Pointer-Manipulating

Programs.

[Jansen, Göbe and Noll, ICGT '14]

  • 4. Generating Abstract Graph-Based Procedure Summaries for Pointer Programs.

[Jansen and Noll, ICGT'14]

  • 5. The tree width of separation logic with recursive definitions.

[Iosif, Rogalewicz, and Simacek, CADE'13]

  • 6. Tree-Like Grammars and Separation Logic.

[Matheja, Jansen and Noll, APLAS'15]

14 of 14 Verifying Pointer Programs using Graph Grammars | Christina Jansen, Joost-Pieter Katoen, Christoph Matheja, Thomas Noll | RWTH Aachen University | Dagstuhl Seminar “Verification of Evolving Graph Structures” | 03.11.2015