Skip to main content
SpringerLink
Log in

Systematic Predicate Abstraction Using Variable Roles

  • Conference paper
  • First Online:
NASA Formal Methods (NFM 2017)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10227))

Included in the following conference series:

Abstract

Heuristics for discovering predicates for abstraction are an essential part of software model checkers. Picking the right predicates affects the runtime of a model checker, or determines if a model checker is able to solve a verification task at all. In this paper we present a method to systematically specify heuristics for generating program-specific abstractions. The heuristics can be used to generate initial abstractions, and to guide abstraction refinement through templates provided for Craig interpolation. We describe the heuristics using variable roles, which allow us to pick domain-specific predicates according to the program under analysis. Variable roles identify typical variable usage patterns and can be computed using lightweight static analysis, for instance with the help of off-the-shelf logical programming engines. We implemented a prototype tool which extracts initial predicates and templates for C programs and passes them to the Eldarica model checker in the form of source code annotations. For evaluation, we defined a set of heuristics, motivated by Eldarica’s previous built-in heuristics and typical verification benchmarks from the literature and SV-COMP. We evaluate our approach on a set of more than 500 programs, and observe an overall increase in the number of solved tasks by 11.2%, and significant speedup on certain benchmark families.

Y. Demyanova and F. Zuleger were supported by the Austrian National Research Network S11403-N23 (RiSE) of the Austrian Science Fund (FWF).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://ctuning.org/wiki/index.php/CTools:CBench.

  2. 2.

    E.g. seq-mthreaded/pals_opt-floodmax.3_true-unreach-call.ufo.BOUNDED-6.pals.c.

  3. 3.

    The tool, the set of used benchmarks and the results of our evaluation are available at http://forsyte.at/software/demy/nfm17.tar.gz.

  4. 4.

    http://map.uniroma2.it/vcgen/benchmark320.tar.gz.

  5. 5.

    Original benchmarks are accessible at http://formal.iti.kit.edu/projects/improve/reve and https://www.matul.de/reve.

  6. 6.

    We evaluate the default configuration of Z3 without command-line options. To execute Spacer, we use the command-line option fixedpoint.xform.slice=false.

References

  1. Aho, A.V., Sethi, R., Ullman, J.D.: Compilers, Principles. Techniques. Addison Wesley, Boston (1986)

    Google Scholar 

  2. Apel, S., Beyer, D., Friedberger, K., Raimondi, F., Rhein, A.: Domain types: abstract-domain selection based on variable usage. In: Bertacco, V., Legay, A. (eds.) HVC 2013. LNCS, vol. 8244, pp. 262–278. Springer, Cham (2013). doi:10.1007/978-3-319-03077-7_18

    Chapter  Google Scholar 

  3. Beyer, D.: Reliable and reproducible competition results with benchexec and witnesses (report on SV-COMP 2016). In: Chechik, M., Raskin, J.-F. (eds.) TACAS 2016. LNCS, vol. 9636, pp. 887–904. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49674-9_55

    Chapter  Google Scholar 

  4. Beyer, D., Löwe, S., Wendler, P.: Refinement selection. In: Fischer, B., Geldenhuys, J. (eds.) SPIN 2015. LNCS, vol. 9232, pp. 20–38. Springer, Cham (2015). doi:10.1007/978-3-319-23404-5_3

    Chapter  Google Scholar 

  5. Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5), 752–794 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  6. Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78800-3_24

    Chapter  Google Scholar 

  7. Demyanova, Y., Pani, T., Veith, H., Zuleger, F.: Empirical software metrics for benchmarking of verification tools. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 561–579. Springer, Cham (2015). doi:10.1007/978-3-319-21690-4_39

    Chapter  Google Scholar 

  8. Demyanova, Y., Pani, T., Veith, H., Zuleger, F.: Empirical software metrics for benchmarking of verification tools. Int. J. Form. Methods Syst. Des., 1–28 (2017). doi:10.1007/s10703-016-0264-5. http://link.springer.com/article/10.1007%2Fs10703-016-0264-5

  9. Demyanova, Y., Veith, H., Zuleger, F.: On the concept of variable roles and its use in software analysis. In: Formal Methods in Computer-Aided Design (FMCAD), pp. 226–230. IEEE (2013)

    Google Scholar 

  10. Dillig, I., Dillig, T., Li, B., McMillan, K.: Inductive invariant generation via abductive inference. ACM SIGPLAN Not. 48, 443–456 (2013). ACM

    Article  MATH  Google Scholar 

  11. Engler, D., Chen, D.Y., Hallem, S., Chou, A., Chelf, B.: Bugs as deviant behavior: a general approach to inferring errors in systems code. In: Operating Systems Principles (SOSP), vol. 35. ACM (2001)

    Google Scholar 

  12. Felsing, D., Grebing, S., Klebanov, V., Rümmer, P., Ulbrich, M.: Automating regression verification. In: Automated software engineering (ASE), pp. 349–360. ACM (2014)

    Google Scholar 

  13. Graf, S., Saidi, H.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997). doi:10.1007/3-540-63166-6_10

    Chapter  Google Scholar 

  14. Grebenshchikov, S., Lopes, N.P., Popeea, C., Rybalchenko, A.: Synthesizing software verifiers from proof rules. In: Programming Language Design and Implementation (PLDI), pp. 405–416. ACM (2012)

    Google Scholar 

  15. Hoder, K., Bjørner, N.: Generalized property directed reachability. In: Cimatti, A., Sebastiani, R. (eds.) SAT 2012. LNCS, vol. 7317, pp. 157–171. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31612-8_13

    Chapter  Google Scholar 

  16. Jhala, R., Majumdar, R.: Software model checking. ACM Comput. Surv. (CSUR) 41(4), 21 (2009)

    Article  Google Scholar 

  17. Komuravelli, A., Gurfinkel, A., Chaki, S., Clarke, E.M.: Automatic abstraction in SMT-based unbounded software model checking. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 846–862. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39799-8_59

    Chapter  Google Scholar 

  18. Leroux, J., Rümmer, P., Subotić, P.: Guiding craig interpolation with domain-specific abstractions. Acta Inform. 53, 1–38 (2016)

    Article  MathSciNet  MATH  Google Scholar 

  19. Nori, A.V., Rajamani, S.K.: An empirical study of optimizations in YOGI. In: Software Engineering (ICSE), vol. 1, pp. 355–364. ACM (2010)

    Google Scholar 

  20. Rümmer, P., Hojjat, H., Kuncak, V.: Disjunctive interpolants for horn-clause verification. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 347–363. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39799-8_24

    Chapter  Google Scholar 

  21. Sajaniemi, J.: An empirical analysis of roles of variables in novice-level procedural programs. In: Human-Centric Computing Languages and Environments (HCC), pp. 37–39. IEEE (2002)

    Google Scholar 

  22. Van Deursen, A., Moonen, L.: Type inference for COBOL systems. In: Reverse Engineering (RE), pp. 220–230. IEEE (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Vienna University of Technology, Vienna, Austria

    Yulia Demyanova & Florian Zuleger

  2. Uppsala University, Uppsala, Sweden

    Philipp Rümmer

Authors
  1. Yulia Demyanova
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Philipp Rümmer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Florian Zuleger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philipp Rümmer .

Editor information

Editors and Affiliations

  1. Stanford University, Palo Alto, California, USA

    Clark Barrett

  2. NASA Ames Research Center, Moffett Field, California, USA

    Misty Davies

  3. NASA Ames Research Center, Moffett Field, California, USA

    Temesghen Kahsai

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Demyanova, Y., Rümmer, P., Zuleger, F. (2017). Systematic Predicate Abstraction Using Variable Roles. In: Barrett, C., Davies, M., Kahsai, T. (eds) NASA Formal Methods. NFM 2017. Lecture Notes in Computer Science(), vol 10227. Springer, Cham. https://doi.org/10.1007/978-3-319-57288-8_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-57288-8_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-57287-1

  • Online ISBN: 978-3-319-57288-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation