9 research outputs found
The First-Order Theory of Sets with Cardinality Constraints is Decidable
We show that the decidability of the first-order theory of the language that
combines Boolean algebras of sets of uninterpreted elements with Presburger
arithmetic operations. We thereby disprove a recent conjecture that this theory
is undecidable. Our language allows relating the cardinalities of sets to the
values of integer variables, and can distinguish finite and infinite sets. We
use quantifier elimination to show the decidability and obtain an elementary
upper bound on the complexity.
Precise program analyses can use our decidability result to verify
representation invariants of data structures that use an integer field to
represent the number of stored elements.Comment: 18 page
On Generalized Records and Spatial Conjunction in Role Logic
We have previously introduced role logic as a notation for describing
properties of relational structures in shape analysis, databases and knowledge
bases. A natural fragment of role logic corresponds to two-variable logic with
counting and is therefore decidable. We show how to use role logic to describe
open and closed records, as well the dual of records, inverse records. We
observe that the spatial conjunction operation of separation logic naturally
models record concatenation. Moreover, we show how to eliminate the spatial
conjunction of formulas of quantifier depth one in first-order logic with
counting. As a result, allowing spatial conjunction of formulas of quantifier
depth one preserves the decidability of two-variable logic with counting. This
result applies to two-variable role logic fragment as well. The resulting logic
smoothly integrates type system and predicate calculus notation and can be
viewed as a natural generalization of the notation for constraints arising in
role analysis and similar shape analysis approaches.Comment: 30 pages. A version appears in SAS 200
Typestate verification: Abstraction techniques and complexity results
AbstractWe consider the problem of typestate verification for shallow programs; i.e., programs where pointers from program variables to heap-allocated objects are allowed, but where heap-allocated objects may not themselves contain pointers. We prove a number of results relating the complexity of verification to the nature of the finite state machine used to specify the property. Some properties are shown to be intractable, but others which appear to be quite similar admit polynomial-time verification algorithms. Our results serve to provide insight into the inherent complexity of important classes of verification problems. In addition, the program abstractions used for the polynomial-time verification algorithms may be of independent interest
ABSTRACT Verifying Safety Properties using Separation and Heterogeneous Abstractions
In this paper, we show how separation (decomposing a verification problem into a collection of verification subproblems) can be used to improve the efficiency and precision of verification of safety properties. We present a simple language for specifying separation strategies for decomposing a single verification problem into a set of subproblems. (The strategy specification is distinct from the safety property specification and is specified separately.) We present a general framework of heterogeneous abstractions that allows different parts of the heap to be abstracted using different degrees of precision at different points during the analysis. We show how the goals of separation (i.e., more efficient verification) can be realized by first using a separation strategy to transform (instrument) a verification problem instance (consisting of a safety property specification and an input program), and by then utilizing heterogeneous abstraction during the verification of the transformed verification problem. Some tasks are best done by machine, while others are best done by human insight; and a properly designed system will find the right balance. – D. Knuth 1