Bounded Model Checking of Pointer Programs

Charatonik, Witold; Georgieva, Lilia; Maier, Patrick; Ong, Luke

Local TagsRelease HistoryDetailsSummary

Bounded Model Checking of Pointer Programs

Charatonik, W., Georgieva, L., & Maier, P. (2005). Bounded Model Checking of Pointer Programs. In Computer Science Logic; 19th International Workshop, CSL 2005; 14th Annual Conference of the EACSL (pp. 397-412). Berlin, Germany: Springer.

Item is Released

show all hide all

Basic

show hide

Item Permalink: https://hdl.handle.net/11858/00-001M-0000-000F-25FC-E Version Permalink: https://hdl.handle.net/11858/00-001M-0000-000F-25FE-A

Genre: Conference Paper

Files

show Files

Locators

show

Creators

show

hide

Creators:
Charatonik, Witold¹, Author
Georgieva, Lilia¹, Author
Maier, Patrick¹, Author
Ong, Luke, Editor

Affiliations:
1Programming Logics, MPI for Informatics, Max Planck Society, ou_40045

Content

show

hide

Free keywords: -

Abstract: We propose a bounded model checking procedure for programs manipulating dynamically allocated pointer structures. Our procedure checks whether a program execution of length n ends in an error (e.g., a NULL dereference) by testing if the weakest precondition of the error condition together with the initial condition of the program (e.g., program variable x points to a circular list) is satisfiable. We express error conditions as formulas in the 2-variable fragment of the Bernays-Schoenfinkel class with equality. We show that this fragment is closed under computing weakest preconditions. We express the initial conditions by unary relations which are defined by monadic Datalog programs. Our main contribution is a small model theorem for the 2-variable fragment of the Bernays-Schoenfinkel class extended with least fixed points expressible by certain monadic Datalog programs. The decidability of this extension of first-order logic gives us a bounded model checking procedure for programs manipulating dynamically allocated pointer structures. In contrast to SAT-based bounded model checking, we do not bound the size of the heap a priori, but allow for pointer structures of arbitrary size. Thus, we are doing bounded model checking of infinite state transition systems.

Details

show

hide

Language(s): eng - English

Dates: Modified: 2005-12-21Date issued: 2005

Publication Status: Issued

Pages: -

Publishing info: -

Table of Contents: -

Rev. Type: -

Identifiers: eDoc: 279105
Other: Local-ID: C1256104005ECAFC-B84D6259621B6394C12570B50065D231-CharatonikGeorgievaMaier2005

Degree: -

Event

show

hide

Title: Untitled Event

Place of Event: Oxford, UK

Start-/End Date: 2005-08-22

Legal Case

show

Project information

show

Source 1

show

hide

Title: Computer Science Logic; 19th International Workshop, CSL 2005; 14th Annual Conference of the EACSL

Source Genre: Proceedings

Creator(s):

Affiliations:

Publ. Info: Berlin, Germany : Springer

Pages: - Volume / Issue: - Sequence Number: - Start / End Page: 397 - 412 Identifier: ISBN: 3-540-28231-9

Source 2

show

hide

Title: Lecture Notes in Computer Science

Source Genre: Series

Creator(s):

Affiliations:

Publ. Info: -

Pages: - Volume / Issue: 3634 Sequence Number: - Start / End Page: - Identifier: -