A logic of reachable patterns in linked data-structures

Greta Yorsh, Alexander Rabinovich, Mooly Sagiv, Antoine Meyer, Ahmed Bouajjani

Research output: Contribution to journalArticlepeer-review

Abstract

We define a new decidable logic for expressing and checking invariants of programs that manipulate dynamically-allocated objects via pointers and destructive pointer updates. The main feature of this logic is the ability to limit the neighborhood of a node that is reachable via a regular expression from a designated node. The logic is closed under boolean operations (entailment, negation) and has a finite model property. The key technical result is the proof of decidability. We show how to express preconditions, postconditions, and loop invariants for some interesting programs. It is also possible to express properties such as disjointness of data-structures, and low-level heap mutations. Moreover, our logic can express properties of arbitrary data-structures and of an arbitrary number of pointer fields. The latter provides a way to naturally specify postconditions that relate the fields on the entry of a procedure to the field on the exit of a procedure. Therefore, it is possible to use the logic to automatically prove partial correctness of programs performing low-level heap mutations.

Original languageEnglish
Pages (from-to)111-142
Number of pages32
JournalJournal of Logic and Algebraic Programming
Volume73
Issue number1-2
DOIs
StatePublished - Sep 2007

Keywords

  • Decidable logic with reachability
  • Heap-manipulating programs
  • Pattern
  • Program verification
  • Reachability
  • Routing expression
  • Shape analysis
  • Transitive closure logics
  • Weak monadic second-order logic

Fingerprint

Dive into the research topics of 'A logic of reachable patterns in linked data-structures'. Together they form a unique fingerprint.

Cite this