Formalizing Counterexample-Driven Refinement with Weakest Preconditions

Ball, Thomas

doi:10.1007/1-4020-3532-2_5

Formalizing Counterexample-Driven Refinement with Weakest Preconditions

Thomas Ball⁴

Conference paper

410 Accesses
3 Citations
3 Altmetric

Part of the book series: NATO Science Series ((NAII,volume 195))

Abstract

To check a safety property of a program, it is sufficient to check the property on an abstraction that has more behaviors than the original program. If the safety property holds of the abstraction then it also holds of the original program.

However, if the property does not hold of the abstraction along some trace t (a counterexample), it may or may not hold of the original program on trace t. If it can be proved that the property does not hold in the original program on trace t then it makes sense to refine the abstraction to eliminate the “spurious counterexample” t (rather than a report a known false negative to the user).

The SLAM tool developed at Microsoft Research implements such an automated abstraction-refinement process. In this paper, we reformulate this process for a tiny while language using the concepts of weakest preconditions, bounded model checking and Craig interpolants. This representation of SLAM simplifies and distills the concepts of counterexample-driven refinement in a form that should be suitable for teaching the process in a few lectures of a graduate-level course.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Hardcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Ball, T., Podelski, A., and Rajamani, S. K. (2001). Boolean and cartesian abstractions for model checking C programs. In TACAS 01: Tools and Algorithms for Construction and Analysis of Systems, LNCS 2031, pages 268–283. Springer-Verlag.
Google Scholar
Ball, T. and Rajamani, S. K. (2000). Boolean programs: A model and process for software analysis. Technical Report MSR-TR-2000-14, Microsoft Research.
Google Scholar
Ball, T. and Rajamani, S. K. (2001). Automatically validating temporal safety properties of interfaces. In SPIN 01: SPIN Workshop, LNCS 2057, pages 103–122. Springer-Verlag.
Google Scholar
Bryant, R. (1986). Graph-based algorithms for boolean function manipulation. IEEE Transactions on Computers, C-35(8):677–691.
Google Scholar
Burch, J., Clarke, E., McMillan, K., Dill, D., and Hwang, L. (1992). Symbolic model checking: 10²⁰ states and beyond. Information and Computation, 98(2):142–170.
Article MathSciNet Google Scholar
Clarke, E., Grumberg, O., Jha, S., Lu, Y., and Veith, H. (2000). Counterexample-guided abstraction refinement. In CAV 00: Computer Aided Verification, LNCS 1855, pages 154–169. Springer-Verlag.
Google Scholar
Clarke, E. M. and Emerson, E. A. (1981). Synthesis of synchronization skeletons for branching time temporal logic. In Logic of Programs, LNCS 131, pages 52–71. Springer-Verlag.
Google Scholar
Cousot, P. and Cousot, R. (1977). Abstract interpretation: a unified lattice model for the static analysis of programs by construction or approximation of fixpoints. In POPL 77: Principles of Programming Languages, pages 238–252. ACM.
Google Scholar
Cousot, P. and Cousot, R. (1978). Static determination of dynamic properties of recursive procedures. In Neuhold, E., editor, Formal Descriptions of Programming Concepts, (IFIP WG 2.2, St. Andrews, Canada, August 1977), pages 237–277. North-Holland.
Google Scholar
Craig, W. (1957). Linear reasoning. a new form of the herbrand-gentzen theorem. J. Symbolic Logic, 22:250–268.
MATH MathSciNet Google Scholar
Das, M. (2000). Unification-based pointer analysis with directional assignments. In PLDI 00: Programming Language Design and Implementation, pages 35–46. ACM.
Google Scholar
Detlefs, D., Nelson, G., and Saxe, J. B. (2003). Simplify: A theorem prover for program checking. Technical Report HPL-2003-148, HP Labs.
Google Scholar
Dijkstra, E. (1976). A Discipline of Programming. Prentice-Hall.
Google Scholar
Flanagan, C., Leino, K. R. M., Lillibridge, M., Nelson, G., Saxe, J. B., and Stata, R. (2002). Extended static checking for java. In PLDI 02: Programming Language Design and Implementation, pages 234–245. ACM.
Google Scholar
Graf, S. and Saidi, H. (1997). Construction of abstract state graphs with PVS. In CAV 97: Computer-aided Verification, LNCS 1254, pages 72–83. Springer-Verlag.
Google Scholar
Henzinger, T. A., Jhala, R., Majumdar, R., and McMillan, K. L. (2004). Abstractions from proofs. In POPL 04: Principles of Programming Languages, pages 232–244. ACM.
Google Scholar
Henzinger, T. A., Jhala, R., Majumdar, R., and Sutre, G. (2002). Lazy abstraction. In POPL’ 02, pages 58–70. ACM.
Google Scholar
Hoare, C. A. R. (1969). An axiomatic basis for computer programming. Communications of the ACM, 12(10):576–583.
Article MATH Google Scholar
Knoop, J. and Steffen, B. (1992). The interprocedural coincidence theorem. In CC 92: Compiler Construction, pages 125–140.
Google Scholar
Kurshan, R. (1994). Computer-aided Verification of Coordinating Processes. Princeton University Press.
Google Scholar
McMillan, K. (1993). Symbolic Model Checking: An Approach to the State-Explosion Problem. Kluwer Academic Publishers.
Google Scholar
McMillan, K. (2003). Interpolation and sat-based model checking. In CAV 03: Computer-Aided Verification, LNCS 2725, pages 1–13. Springer-Verlag.
Google Scholar
Morris, J. M. (1982). A general axiom of assignment. In Theoretical Foundations of Programming Methodology, Lecture Notes of an International Summer School, pages 25–34. D. Reidel Publishing Company.
Google Scholar
Nelson, G. and Oppen, D. C. (1979). Simplification by cooperating decision procedures. ACM Transactions on Programming Languages and Systems, 1(2):245–257.
Article Google Scholar
Queille, J. and Sifakis, J. (1981). Specification and verification of concurrent systems in Cesar. In Proc. 5th International Symp. on Programming, volume 137 of Lecture Notes in Computer Science, pages 337–351. Springer-Verlag.
MathSciNet Google Scholar
Reps, T., Horwitz, S., and Sagiv, M. (1995). Precise interprocedural dataflow analysis via graph reachability. In POPL 95: Principles of Programming Languages, pages 49–61. ACM.
Google Scholar
Sagiv, M., Reps, T., and Wilhelm, R. (1999). Parametric shape analysis via 3-valued logic. In POPL 99: Principles of Programming Languages, pages 105–118. ACM.
Google Scholar
Sharir, M. and Pnueli, A. (1981). Two approaches to interprocedural data flow analysis. In Program Flow Analysis: Theory and Applications, pages 189–233. Prentice-Hall.
Google Scholar

Download references

Author information

Authors and Affiliations

Microsoft Research, UK
Thomas Ball

Authors

Thomas Ball
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Technische Universität München, Garching, Germany
Manfred Broy & Johannes Grünbauer &
The Weizmann Institute of Science, Rehovot, Israel
David Harel
Microsoft Research, Cambridge, UK
Tony Hoare

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ball, T. (2005). Formalizing Counterexample-Driven Refinement with Weakest Preconditions. In: Broy, M., Grünbauer, J., Harel, D., Hoare, T. (eds) Engineering Theories of Software Intensive Systems. NATO Science Series, vol 195. Springer, Dordrecht. https://doi.org/10.1007/1-4020-3532-2_5

Download citation

DOI: https://doi.org/10.1007/1-4020-3532-2_5
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-3530-2
Online ISBN: 978-1-4020-3532-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics