11,889 research outputs found
A Logic of Reachable Patterns in Linked Data-Structures
We define a new decidable logic for expressing and checking invariants of
programs that manipulate dynamically-allocated objects via pointers and
destructive pointer updates. The main feature of this logic is the ability to
limit the neighborhood of a node that is reachable via a regular expression
from a designated node. The logic is closed under boolean operations
(entailment, negation) and has a finite model property. The key technical
result is the proof of decidability. We show how to express precondition,
postconditions, and loop invariants for some interesting programs. It is also
possible to express properties such as disjointness of data-structures, and
low-level heap mutations. Moreover, our logic can express properties of
arbitrary data-structures and of an arbitrary number of pointer fields. The
latter provides a way to naturally specify postconditions that relate the
fields on entry to a procedure to the fields on exit. Therefore, it is possible
to use the logic to automatically prove partial correctness of programs
performing low-level heap mutations
A Metric Encoding for Bounded Model Checking (extended version)
In Bounded Model Checking both the system model and the checked property are
translated into a Boolean formula to be analyzed by a SAT-solver. We introduce
a new encoding technique which is particularly optimized for managing
quantitative future and past metric temporal operators, typically found in
properties of hard real time systems. The encoding is simple and intuitive in
principle, but it is made more complex by the presence, typical of the Bounded
Model Checking technique, of backward and forward loops used to represent an
ultimately periodic infinite domain by a finite structure. We report and
comment on the new encoding technique and on an extensive set of experiments
carried out to assess its feasibility and effectiveness
- …