Bounded Model Checking of Pointer Programs Revisited
Witold Charatonik, Piotr Witkowski
TL;DR
This paper enhances bounded model checking for pointer programs by extending the underlying logical frameworks, enabling modeling of more complex data structures and dependencies on the heap.
Contribution
It introduces more expressive logics for bounded model checking, allowing analysis of sophisticated data structures and heap dependencies.
Findings
Extended logic can model complex data structures.
Improved analysis of heap-dependent programs.
Demonstrated increased expressivity with examples.
Abstract
Bounded model checking of pointer programs is a debugging technique for programs that manipulate dynamically allocated pointer structures on the heap. It is based on the following four observations. First, error conditions like dereference of a dangling pointer, are expressible in a~fragment of first-order logic with two-variables. Second, the fragment is closed under weakest preconditions wrt. finite paths. Third, data structures like trees, lists etc. are expressible by inductive predicates defined in a fragment of Datalog. Finally, the combination of the two fragments of the two-variable logic and Datalog is decidable. In this paper we improve this technique by extending the expressivity of the underlying logics. In a~sequence of examples we demonstrate that the new logic is capable of modeling more sophisticated data structures with more complex dependencies on heaps and more…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsFormal Methods in Verification · Logic, programming, and type systems · Software Testing and Debugging Techniques