Verifying reference counting implementations

M Emmi, R Jhala, E Kohler, R Majumdar - … on Tools and Algorithms for the …, 2009 - Springer
International Conference on Tools and Algorithms for the Construction and …, 2009Springer
Reference counting is a widely-used resource management idiom which maintains a count
of references to each resource by incrementing the count upon an acquisition, and
decrementing upon a release; resources whose counts fall to zero may be recycled. We
present an algorithm to verify the correctness of reference counting with minimal user
interaction. Our algorithm performs compositional verification through the combination of
symbolic temporal case splitting and predicate abstraction-based reachability. Temporal …
Abstract
Reference counting is a widely-used resource management idiom which maintains a count of references to each resource by incrementing the count upon an acquisition, and decrementing upon a release; resources whose counts fall to zero may be recycled. We present an algorithm to verify the correctness of reference counting with minimal user interaction. Our algorithm performs compositional verification through the combination of symbolic temporal case splitting and predicate abstraction-based reachability. Temporal case splitting reduces the verification of an unbounded number of processes and resources to verification of a finite number through the use of Skolem variables. The finite state instances are discharged by symbolic model checking, with an auxiliary invariant correlating reference counts with the number of held references. We have implemented our algorithm in Referee, a reference counting analysis tool for C programs, and applied Referee to two real programs: the memory allocator of an OS kernel and the file interface of the Yaffs file system. In both cases our algorithm proves correct the use of reference counts in less than one minute.
Springer
Showing the best result for this search. See all results