A framework for describing recursive data structure topologies in Coq

This paper presents an axiomatic framework in Coq for verifying invariants on heap data structures such as lists and trees in a C-like language with a low-level store model. The goal of the framework is to detect common errors such as memory leaks, dangling pointers and looped data structures. The framework provides a language for expressing invariants, and a set of inference axioms for verifying them on code that manipulates the data structures. This work builds on the work done by Cook et al. which uses separation logic with recursive predicates to document data structure invariants. The key extension here is the ability to express and reason about data structures more complex than linked lists. The heap description includes a spatial component describing the basic set of lists and trees in the heap. New logical constructs are included to describe special pointer field invariants such as back pointers. We use the framework to formally prove in Coq the heap invariants of a small example program that generates a linked list representing the tree traversal of a tree. This proof guarantees the integrity of program’s data structures and that common errors such as memory leaks or dangling pointer references did not arise. We define the meaning of the abstract state in terms of a simpler concrete state. We also include a number of axioms for reasoning about the abstract state that are used in the Coq verification. Proving soundness of these abstract axioms in Coq remains future work.