Abstract
Predicate abstraction is a major abstraction technique for the verification of software. Data is abstracted by means of Boolean variables, which keep track of predicates over the data. In many cases, predicate abstraction suffers from the need for at least one predicate for each iteration of a loop construct in the program. We propose to extract looping counterexamples from the abstract model, and to parametrise the simulation instance in the number of loop iterations. We present a novel technique that speeds up the detection of long counterexamples as well as the verification of programs with loops.
Similar content being viewed by others
References
Armando A, Benerecetti M, Carotenuto D, Mantovani J, Spica P (2007) The EUREKA tool for software model checking. In: Automated software engineering (ASE), pp 541–542. ACM Press, New York
Armando A, Benerecetti M, Mantovani J (2006) Model checking linear programs with arrays. In: Software model checking (SoftMC). Electronic notes in theoretical computer science, vol 144. Elsevier, Amsterdam, pp 79–94
Armando A, Castellini C, Mantovani J (2004) Software model checking using linear constraints. In: International conference on formal engineering methods (IFCEM). Lecture notes in computer science, vol 3308. Springer, Berlin, pp 209–223
Ball T (2005) Engineering theories of software intensive systems. NATO Science Series II: mathematics, physics and chemistry, vol 195. Formalizing counterexample-driven refinement with weakest preconditions. Springer, Berlin, pp 121–139
Ball T, Cook B, Levin V, Rajamani SK (2004) Slam and Static driver verifier: technology transfer of formal methods inside Microsoft. In: Integrated formal verification (IFM). Lecture Notes in Computer Science, vol 2999. Springer, Berlin
Bardin S, Finkel A, Leroux J, Petrucci L (2003) FAST: Fast acceleration of symbolic transition systems. In: Computer aided verification (CAV). Lecture notes in computer science, vol 2752. Springer, Berlin, pp 118–121
Blanc N, Groce A, Kroening D (2007) Verifying C++ with STL containers via predicate abstraction. In: Automated software engineering (ASE). IEEE, USA, pp 521–524
Beyer D, Henzinger TA, Majumdar R, Rybalchenko A (2007) Invariant synthesis for combined theories. In: Verification, model checking and abstract interpretation (VMCAI). Lecture notes in computer science, vol 4349. Springer, Berlin, pp 378–394
Beyer D, Henzinger TA, Majumdar R, Rybalchenko A (2007) Path invariants. In: Programming language design and implementation (PLDI). ACM Press, New York, pp 300–309
Ball T, Kupferman O, Sagiv M (2007) Leaping loops in the presence of abstraction. In: Computer aided verification (CAV). Lecture notes in computer science, vol 4590. Springer, Berlin, pp 491–503
Ball T, Majumdar R, Millstein T, Rajamani SK (2001) Automatic predicate abstraction of C programs. In: Programming language design and implementation (PLDI). ACM Press, New York, pp 203–213
Ball T, Podelski A, Rajamani SK (2001) Boolean and Cartesian abstraction for model checking C programs. In: Tools and algorithms for the construction and analysis of systems (TACAS). Lecture notes in computer science, vol 2031. Springer, Berlin, pp 268–283
Ball T, Podelski A, Rajamani SK (2002) Relative completeness of abstraction refinement for software model checking. In: Tools and algorithms for the construction and analysis of systems (TACAS). Lecture notes in computer science, vol 2280. Springer, Berlin, pp 158–172
Ball T, Rajamani SK (2000) Bebop: a symbolic model checker for Boolean programs. In: Model checking and software verification (SPIN), Lecture notes in computer science, vol 1885. Springer, Berlin, pp 113–130
Ball T, Rajamani S (2002) Generating abstract explanations of spurious counterexamples in C Programs. Technical Report MSR-TR-2002-09, Microsoft Research, Redmond
Ball T, Rajamani SK (2002) The slam project: debugging system software via static analysis. In: Principles of programming languages (POPL). ACM Press, New York, pp 1–3
Cousot P, Cousot R (1977) Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Principles of programming languages (POPL). ACM Press, New York, pp 238–252
Cousot P, Cousot R (1979) Systematic design of program analysis frameworks. In: Principles of programming languages (POPL). ACM Press, New York, pp 269–282
Chaki S, Clarke EM, Groce A, Jha S, Veith H (2004) Modular verification of software components in C. IEEE Trans Softw Eng 30(6): 388–402
Cytron R, Ferrante J, Rosen BK, Wegman MN, Zadeck FK (1991) Efficiently computing static single assignment form and the control dependence graph. ACM Trans Program Lang Syst 13(4): 451–490
Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2000) Counterexample-guided abstraction refinement. In: Computer aided verification (CAV). Lecture notes in computer science, vol 1855. Springer, Berlin, pp 154–169
Clarke E, Grumberg O, Long DE (1992) Model checking and abstraction. In: Principles of programming languages (POPL). ACM Press, New York, pp 343–354
Clarke E, Grumberg O, Peled D (1999) Model checking. MIT Press, Cambridge
Cook B, Kroening D, Sharygina N (2005) Symbolic model checking for asynchronous Boolean programs. In: Model checking and software verification (SPIN). Lecture notes in computer science, vol 3639. Springer, Berlin, pp 75–90
Clarke E, Kroening D, Sharygina N, Yorav K (2004) Predicate abstraction of ANSI-C programs using SAT. Formal Methods Syst Des (FMSD) 25: 105–127
Clarke EM, Kroening D, Sharygina N, Yorav K (2005) SATABS: SAT-based predicate abstraction for ANSI-C. In: Tools and algorithms for the construction and analysis of systems (TACAS). Lecture notes in computer science, vol 3440. Springer, Berlin, pp 570–574
Cousot P (2000) Partial completeness of abstract fixpoint checking. In: International symposium on abstraction, reformulation, and approximation (SARA). Lecture notes in computer science, vol 1864. Springer, Berlin, pp 1–25.
Cook B, Podelski A, Rybalchenko A (2005) Abstraction-refinement for termination. In: Static analysis symposium (SAS). Lecture notes in computer science, vol 3672. Springer, Berlin, pp 87–101
Dijkstra EW (1975) Guarded commands, nondeterminacy and formal derivation of programs. Commun ACM 18(8): 453–457
Esparza J, Hansel D, Rossmanith P, Schwoon S (2000) Efficient algorithms for model checking pushdown systems. In: Computer aided verification (CAV). Lecture notes in computer science, vol 1855. Springer, Berlin, pp 232–247
Ernst MD, Perkins JH, Guo PJ, McCamant S, Pacheco C, Tschantz MS, Xiao C (2007) The Daikon system for dynamic detection of likely invariants. Sci Comput Program 69(1–3): 35–45
Eén N, Sörensson N (2004) An extensible SAT-solver. In: Theory and applications of satisfiability testing (SAT), vol 2919. Springer, Berlin, pp 502–518
Finkel A, Leroux J (2002) How to compose Presburger-accelerations: applications to broadcast protocols. In: Foundations of software technology and theoretical computer science (FST TCS). Lecture notes in computer science. Springer, Berlin, pp 145–156
Floyd RW (1967) Assigning meanings to programs. In: Symposium on applied mathematics. Mathematical aspects of computer science, vol 19. American Mathematical Society, Providence, pp 19–32
Graham RL, Knuth DE, Patashnik O (1989) Concrete mathematics: a foundation for computer science. Addison-Wesley Longman Publishing Co., Inc., Reading
Gries D (1987) The science of programming. Springer, Berlin
Graf S, Saïdi H (1997) Construction of abstract state graphs with PVS. In: Computer aided verification (CAV). Lecture notes in computer science, vol 1254. Springer, Berlin, pp 72–83
Henzinger TA, Jhala R, Majumdar R, Necula GC, Sutre G, Weimer W (2002) Temporal-safety proofs for systems code. In: Computer aided verification (CAV). Lecture notes in computer science, vol 2404. Springer, Berlin, pp 526–538
Henzinger TA, Jhala R, Majumdar R, McMillan KL (2004) Abstractions from proofs. In: Principles of programming languages (POPL). ACM Press, New York, pp 232–244
Henzinger TA, Jhala R, Majumdar R, Sutre G (2002) Lazy abstraction. In: Principles of programming languages (POPL). ACM Press, New York, pp 58–70
Hoare CAR (1969) An axiomatic basis for computer programming. Commun ACM 12(10): 576–580
Ivančić F, Yang Z, Ganai MK, Gupta A, Shlyakhter I, Ashar P (2005) F-Soft: Software verification platform. In: Computer aided verification (CAV). Lecture notes in computer science, vol 3576. Springer, Berlin, pp 301–306
Jain H, Ivancic F, Gupta A, Shlyakhter I, Wang C (2006) Using statically computed invariants inside the predicate abstraction and refinement loop. In: Computer aided verification (CAV). Lecture notes in computer science, vol 4144. Springer, Berlin, pp 137–151
Jhala R, Majumdar R (2005) Path slicing. In: Programming language design and implementation (PLDI). ACM Press, New York, pp 38–47
Jhala R, McMillan KL (2006) A practical and complete approach to predicate refinement. In: Tools and algorithms for the construction and analysis of systems (TACAS). Lecture notes in computer science, vol 3920. Springer, Berlin, pp 459–473
Ku K, Hart TE, Chechik M, Lie D (2007) A buffer overflow benchmark for software model checkers. In: Automated software engineering (ASE). ACM Press, New York, pp 389–392
Kroening D, Sharygina N (2006) Approximating predicate images for bit-vector logic. In: Proceedings of TACAS 2006. Lecture notes in computer science, vol 3920. Springer, Berlin, pp 242–256
Kurshan R (1995) Computer-aided verification of coordinating processes. Princeton University Press, Princeton
Kroening D, Weissenbacher G (2006) Counterexamples with loops for predicate abstraction. In: Computer aided verification (CAV). Lecture notes in computer science, vol 4144. Springer, Berlin, pp 152–165
Leino KRM, Logozzo F (2005) Loop invariants on demand. In: Programming languages and systems (APLAS). Lecture notes in computer science, vol 3780. Springer, Berlin, pp 119–134
McMillan KL (1992) The SMV system. Technical Report CMU-CS-92-131, Carnegie Mellon University
McMillan KL (2006) Lazy abstraction with interpolants. In: Computer aided verification (CAV). Lecture notes in computer science, vol 4144. Springer, Berlin, pp 123–136
Nelson G (1989) A generalization of Dijkstra’s calculus. ACM Trans Program Lang Syst (TOPLAS) 11(4): 517–561
Podelski A, Rybalchenko A (2004) A complete method for the synthesis of linear ranking functions. In: Verification, model checking and abstract interpretation (VMCAI). Lecture notes in computer science, vol 2937. Springer, Berlin, pp 239–25
van Engelen RA, Birch J, Gallivan KA (2004) Array data dependence testing with the chains of recurrences algebra. In: Innovative architecture for future generation high-performance processors and systems (IWIA). IEEE, USA, pp 70–81
Wang C, Gupta A, Ivančić F (2007) Induction in CEGAR for detecting counterexamples. In: Formal methods in computer-aided design (FMCAD). IEEE, USA, pp 77–84
Author information
Authors and Affiliations
Corresponding author
Additional information
C.B. Jones and J.C.P. Woodcock
Supported by Microsoft Research through its European PhD scholarship programme and by the EU FP7 STREP MOGENTES (project ID ICT-216679). This paper is an extension of [KW06]. The work was mainly carried out at ETH Zurich.
Rights and permissions
About this article
Cite this article
Kroening, D., Weissenbacher, G. Verification and falsification of programs with loops using predicate abstraction. Form Asp Comp 22, 105–128 (2010). https://doi.org/10.1007/s00165-009-0110-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-009-0110-2