Predicate Abstraction for Linked Data Structures

We present Alias Refinement Types (Art), a new approach to the verification of correctness properties of linked data structures. While there are many techniques for checking that a heap-manipulating program adheres to its specification, they often require that the programmer annotate the behavior of each procedure, for example, in the form of loop invariants and preand post-conditions. Predicate abstraction would be an attractive abstract domain for performing invariant inference, existing techniques are not able to reason about the heap with enough precision to verify functional properties of data structure manipulating programs. In this paper, we propose a technique that lifts predicate abstraction to the heap by factoring the analysis of data structures into two orthogonal components: (1) Alias Types, which reason about the physical shape of heap structures, and (2) Refinement Types, which use simple predicates from an SMT decidable theory to capture the logical or semantic properties of the structures. We prove Art sound by translating types into separation logic assertions, thus translating typing derivations in Art into separation logic proofs. We evaluate Art by implementing a tool that performs type inference for an imperative language. We use the tool to infer functional correctness properties of the implementations of user-defined data structures, such as singly and doubly linked lists, cyclic lists, heaps and red-black trees. Our experiments demonstrate that Art requires only 21% of the annotation required by other techniques to verify intermediate functions in these benchmarks.