Model checking recursive programs interacting via the heap

• We model a program with recursive procedure, local variables and dynamic allocation.
• We give an abstraction of the memory model that is precise.
• We show that model checking of programs with bounded visible heap is decidable.
• We introduce a logic for invariants checking using regular expressions.
• We give an implementation for model checking invariants using pushdown system specification.

Almost all modern imperative programming languages include operations for dynamically manipulating the heap, for example by allocating and deallocating objects, and by updating reference fields. In the presence of recursive procedures and local variables, the interactions of a program with the heap can become rather complex, as an unbounded number of objects can be allocated either on the call stack using local variables, or, anonymously, on the heap using reference fields. As such, a static analysis for recursive programs with dynamic manipulation of the heap is, in general, undecidable.In this paper we study the verification of recursive programs with unbounded allocation of objects, in a simple imperative language with heap manipulation. We present a semantics for this language which is improved w.r.t. heap allocation, using an abstraction that is precise (i.e., bisimilar with the standard/concrete semantics). For any program with a bounded visible heap, meaning that the number of objects reachable from variables at any point of execution is bounded, this abstraction is a finitary representation of its behaviour, even though an unbounded number of objects can appear in the state. As a consequence, for such programs model checking is decidable. Finally, we introduce a specification language for heap-properties, and we discuss model checking of heap invariant properties against heap-manipulating programs.