Skip to main content
SpringerLink
Log in

Verification and falsification of programs with loops using predicate abstraction

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

Predicate abstraction is a major abstraction technique for the verification of software. Data is abstracted by means of Boolean variables, which keep track of predicates over the data. In many cases, predicate abstraction suffers from the need for at least one predicate for each iteration of a loop construct in the program. We propose to extract looping counterexamples from the abstract model, and to parametrise the simulation instance in the number of loop iterations. We present a novel technique that speeds up the detection of long counterexamples as well as the verification of programs with loops.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Armando A, Benerecetti M, Carotenuto D, Mantovani J, Spica P (2007) The EUREKA tool for software model checking. In: Automated software engineering (ASE), pp 541–542. ACM Press, New York

  2. Armando A, Benerecetti M, Mantovani J (2006) Model checking linear programs with arrays. In: Software model checking (SoftMC). Electronic notes in theoretical computer science, vol 144. Elsevier, Amsterdam, pp 79–94

  3. Armando A, Castellini C, Mantovani J (2004) Software model checking using linear constraints. In: International conference on formal engineering methods (IFCEM). Lecture notes in computer science, vol 3308. Springer, Berlin, pp 209–223

  4. Ball T (2005) Engineering theories of software intensive systems. NATO Science Series II: mathematics, physics and chemistry, vol 195. Formalizing counterexample-driven refinement with weakest preconditions. Springer, Berlin, pp 121–139

  5. Ball T, Cook B, Levin V, Rajamani SK (2004) Slam and Static driver verifier: technology transfer of formal methods inside Microsoft. In: Integrated formal verification (IFM). Lecture Notes in Computer Science, vol 2999. Springer, Berlin

  6. Bardin S, Finkel A, Leroux J, Petrucci L (2003) FAST: Fast acceleration of symbolic transition systems. In: Computer aided verification (CAV). Lecture notes in computer science, vol 2752. Springer, Berlin, pp 118–121

  7. Blanc N, Groce A, Kroening D (2007) Verifying C++ with STL containers via predicate abstraction. In: Automated software engineering (ASE). IEEE, USA, pp 521–524

  8. Beyer D, Henzinger TA, Majumdar R, Rybalchenko A (2007) Invariant synthesis for combined theories. In: Verification, model checking and abstract interpretation (VMCAI). Lecture notes in computer science, vol 4349. Springer, Berlin, pp 378–394

  9. Beyer D, Henzinger TA, Majumdar R, Rybalchenko A (2007) Path invariants. In: Programming language design and implementation (PLDI). ACM Press, New York, pp 300–309

  10. Ball T, Kupferman O, Sagiv M (2007) Leaping loops in the presence of abstraction. In: Computer aided verification (CAV). Lecture notes in computer science, vol 4590. Springer, Berlin, pp 491–503

  11. Ball T, Majumdar R, Millstein T, Rajamani SK (2001) Automatic predicate abstraction of C programs. In: Programming language design and implementation (PLDI). ACM Press, New York, pp 203–213

  12. Ball T, Podelski A, Rajamani SK (2001) Boolean and Cartesian abstraction for model checking C programs. In: Tools and algorithms for the construction and analysis of systems (TACAS). Lecture notes in computer science, vol 2031. Springer, Berlin, pp 268–283

  13. Ball T, Podelski A, Rajamani SK (2002) Relative completeness of abstraction refinement for software model checking. In: Tools and algorithms for the construction and analysis of systems (TACAS). Lecture notes in computer science, vol 2280. Springer, Berlin, pp 158–172

  14. Ball T, Rajamani SK (2000) Bebop: a symbolic model checker for Boolean programs. In: Model checking and software verification (SPIN), Lecture notes in computer science, vol 1885. Springer, Berlin, pp 113–130

  15. Ball T, Rajamani S (2002) Generating abstract explanations of spurious counterexamples in C Programs. Technical Report MSR-TR-2002-09, Microsoft Research, Redmond

  16. Ball T, Rajamani SK (2002) The slam project: debugging system software via static analysis. In: Principles of programming languages (POPL). ACM Press, New York, pp 1–3

  17. Cousot P, Cousot R (1977) Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Principles of programming languages (POPL). ACM Press, New York, pp 238–252

  18. Cousot P, Cousot R (1979) Systematic design of program analysis frameworks. In: Principles of programming languages (POPL). ACM Press, New York, pp 269–282

  19. Chaki S, Clarke EM, Groce A, Jha S, Veith H (2004) Modular verification of software components in C. IEEE Trans Softw Eng 30(6): 388–402

    Article  Google Scholar 

  20. Cytron R, Ferrante J, Rosen BK, Wegman MN, Zadeck FK (1991) Efficiently computing static single assignment form and the control dependence graph. ACM Trans Program Lang Syst 13(4): 451–490

    Article  Google Scholar 

  21. Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2000) Counterexample-guided abstraction refinement. In: Computer aided verification (CAV). Lecture notes in computer science, vol 1855. Springer, Berlin, pp 154–169

  22. Clarke E, Grumberg O, Long DE (1992) Model checking and abstraction. In: Principles of programming languages (POPL). ACM Press, New York, pp 343–354

  23. Clarke E, Grumberg O, Peled D (1999) Model checking. MIT Press, Cambridge

    Google Scholar 

  24. Cook B, Kroening D, Sharygina N (2005) Symbolic model checking for asynchronous Boolean programs. In: Model checking and software verification (SPIN). Lecture notes in computer science, vol 3639. Springer, Berlin, pp 75–90

  25. Clarke E, Kroening D, Sharygina N, Yorav K (2004) Predicate abstraction of ANSI-C programs using SAT. Formal Methods Syst Des (FMSD) 25: 105–127

    Article  MATH  Google Scholar 

  26. Clarke EM, Kroening D, Sharygina N, Yorav K (2005) SATABS: SAT-based predicate abstraction for ANSI-C. In: Tools and algorithms for the construction and analysis of systems (TACAS). Lecture notes in computer science, vol 3440. Springer, Berlin, pp 570–574

  27. Cousot P (2000) Partial completeness of abstract fixpoint checking. In: International symposium on abstraction, reformulation, and approximation (SARA). Lecture notes in computer science, vol 1864. Springer, Berlin, pp 1–25.

  28. Cook B, Podelski A, Rybalchenko A (2005) Abstraction-refinement for termination. In: Static analysis symposium (SAS). Lecture notes in computer science, vol 3672. Springer, Berlin, pp 87–101

  29. Dijkstra EW (1975) Guarded commands, nondeterminacy and formal derivation of programs. Commun ACM 18(8): 453–457

    Article  MATH  MathSciNet  Google Scholar 

  30. Esparza J, Hansel D, Rossmanith P, Schwoon S (2000) Efficient algorithms for model checking pushdown systems. In: Computer aided verification (CAV). Lecture notes in computer science, vol 1855. Springer, Berlin, pp 232–247

  31. Ernst MD, Perkins JH, Guo PJ, McCamant S, Pacheco C, Tschantz MS, Xiao C (2007) The Daikon system for dynamic detection of likely invariants. Sci Comput Program 69(1–3): 35–45

    Article  MATH  MathSciNet  Google Scholar 

  32. Eén N, Sörensson N (2004) An extensible SAT-solver. In: Theory and applications of satisfiability testing (SAT), vol 2919. Springer, Berlin, pp 502–518

  33. Finkel A, Leroux J (2002) How to compose Presburger-accelerations: applications to broadcast protocols. In: Foundations of software technology and theoretical computer science (FST TCS). Lecture notes in computer science. Springer, Berlin, pp 145–156

  34. Floyd RW (1967) Assigning meanings to programs. In: Symposium on applied mathematics. Mathematical aspects of computer science, vol 19. American Mathematical Society, Providence, pp 19–32

  35. Graham RL, Knuth DE, Patashnik O (1989) Concrete mathematics: a foundation for computer science. Addison-Wesley Longman Publishing Co., Inc., Reading

    MATH  Google Scholar 

  36. Gries D (1987) The science of programming. Springer, Berlin

    MATH  Google Scholar 

  37. Graf S, Saïdi H (1997) Construction of abstract state graphs with PVS. In: Computer aided verification (CAV). Lecture notes in computer science, vol 1254. Springer, Berlin, pp 72–83

  38. Henzinger TA, Jhala R, Majumdar R, Necula GC, Sutre G, Weimer W (2002) Temporal-safety proofs for systems code. In: Computer aided verification (CAV). Lecture notes in computer science, vol 2404. Springer, Berlin, pp 526–538

  39. Henzinger TA, Jhala R, Majumdar R, McMillan KL (2004) Abstractions from proofs. In: Principles of programming languages (POPL). ACM Press, New York, pp 232–244

  40. Henzinger TA, Jhala R, Majumdar R, Sutre G (2002) Lazy abstraction. In: Principles of programming languages (POPL). ACM Press, New York, pp 58–70

  41. Hoare CAR (1969) An axiomatic basis for computer programming. Commun ACM 12(10): 576–580

    Article  MATH  Google Scholar 

  42. Ivančić F, Yang Z, Ganai MK, Gupta A, Shlyakhter I, Ashar P (2005) F-Soft: Software verification platform. In: Computer aided verification (CAV). Lecture notes in computer science, vol 3576. Springer, Berlin, pp 301–306

  43. Jain H, Ivancic F, Gupta A, Shlyakhter I, Wang C (2006) Using statically computed invariants inside the predicate abstraction and refinement loop. In: Computer aided verification (CAV). Lecture notes in computer science, vol 4144. Springer, Berlin, pp 137–151

  44. Jhala R, Majumdar R (2005) Path slicing. In: Programming language design and implementation (PLDI). ACM Press, New York, pp 38–47

  45. Jhala R, McMillan KL (2006) A practical and complete approach to predicate refinement. In: Tools and algorithms for the construction and analysis of systems (TACAS). Lecture notes in computer science, vol 3920. Springer, Berlin, pp 459–473

  46. Ku K, Hart TE, Chechik M, Lie D (2007) A buffer overflow benchmark for software model checkers. In: Automated software engineering (ASE). ACM Press, New York, pp 389–392

  47. Kroening D, Sharygina N (2006) Approximating predicate images for bit-vector logic. In: Proceedings of TACAS 2006. Lecture notes in computer science, vol 3920. Springer, Berlin, pp 242–256

  48. Kurshan R (1995) Computer-aided verification of coordinating processes. Princeton University Press, Princeton

    MATH  Google Scholar 

  49. Kroening D, Weissenbacher G (2006) Counterexamples with loops for predicate abstraction. In: Computer aided verification (CAV). Lecture notes in computer science, vol 4144. Springer, Berlin, pp 152–165

  50. Leino KRM, Logozzo F (2005) Loop invariants on demand. In: Programming languages and systems (APLAS). Lecture notes in computer science, vol 3780. Springer, Berlin, pp 119–134

  51. McMillan KL (1992) The SMV system. Technical Report CMU-CS-92-131, Carnegie Mellon University

  52. McMillan KL (2006) Lazy abstraction with interpolants. In: Computer aided verification (CAV). Lecture notes in computer science, vol 4144. Springer, Berlin, pp 123–136

  53. Nelson G (1989) A generalization of Dijkstra’s calculus. ACM Trans Program Lang Syst (TOPLAS) 11(4): 517–561

    Article  Google Scholar 

  54. Podelski A, Rybalchenko A (2004) A complete method for the synthesis of linear ranking functions. In: Verification, model checking and abstract interpretation (VMCAI). Lecture notes in computer science, vol 2937. Springer, Berlin, pp 239–25

  55. van Engelen RA, Birch J, Gallivan KA (2004) Array data dependence testing with the chains of recurrences algebra. In: Innovative architecture for future generation high-performance processors and systems (IWIA). IEEE, USA, pp 70–81

  56. Wang C, Gupta A, Ivančić F (2007) Induction in CEGAR for detecting counterexamples. In: Formal methods in computer-aided design (FMCAD). IEEE, USA, pp 77–84

Download references

Author information

Authors and Affiliations

  1. Computing Laboratory, Oxford University, Wolfson Building, Parks Road, Oxford, OX1 3QD, UK

    Daniel Kroening & Georg Weissenbacher

  2. Computer Systems Institute, ETH Zurich, Zurich, Switzerland

    Georg Weissenbacher

Authors
  1. Daniel Kroening
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Georg Weissenbacher
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Georg Weissenbacher.

Additional information

C.B. Jones and J.C.P. Woodcock

Supported by Microsoft Research through its European PhD scholarship programme and by the EU FP7 STREP MOGENTES (project ID ICT-216679). This paper is an extension of [KW06]. The work was mainly carried out at ETH Zurich.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kroening, D., Weissenbacher, G. Verification and falsification of programs with loops using predicate abstraction. Form Asp Comp 22, 105–128 (2010). https://doi.org/10.1007/s00165-009-0110-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-009-0110-2

Keywords

Search

Navigation