Advertisement

Boolean and Cartesian abstraction for model checking C programs

  • Thomas Ball
  • Andreas Podelski
  • Sriram K. Rajamani
Special section on trends in verification and validation

Abstract

We show how to attack the problem of model checking a C program with recursive procedures using an abstraction that we formally define as the composition of the Boolean and the Cartesian abstractions. It is implemented through a source-to-source transformation into a ‘Boolean’ C program; we give an algorithm to compute the transformation with a cost that is exponential in its theoretical worst-case complexity but feasible in practice.

Keywords

Verification Program analysis Software engineering Model checking Abstract interpretation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ball, T., Majumdar, R., Millstein, T., Rajamani, S.K. (2001) Automatic predicate abstraction of C programs. In: PLDI 01: programming language design and implementation. ACM, New York Google Scholar
  2. 2.
    Ball, T., Rajamani, S.K. (2000) Bebop: a symbolic model checker for Boolean programs. In: SPIN 00: SPIN Workshop, Lecture Notes in Computer Science, vol. 1885. Springer, Berlin Heidelberg New York, pp. 113–130 Google Scholar
  3. 3.
    Clarke, E.M., Emerson, E.A. (1981) Synthesis of synchronization skeletons for branching time temporal logic. In: Logic of programs, Lecture Notes in Computer Science, vol. 131. Springer, Berlin Heidelberg New York, pp. 52–71 Google Scholar
  4. 4.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H. (2000) Counterexample-guided abstraction refinement. In: CAV 00: Computer-aided verification, Lecture Notes in Computer Science, vol. 1885. Springer, Berlin Heidelberg New York,pp. 154–169 Google Scholar
  5. 5.
    Clarke, E.M., Grumberg, O., Long, D. (1992) Model checking and abstraction. In: POPL 92: Principles of programming languages. ACM, New York, pp. 343–354 Google Scholar
  6. 6.
    Cleaveland, R., Iyer, P., Yankelevich, D. (1995) Optimality in abstractions of model checking. In: SAS 95: Static analysis, Lecture Notes in Computer Science, vol. 983. Springer, Berlin Heidelberg New York, pp. 51–63 Google Scholar
  7. 7.
    Corbett, J., Dwyer, M., Hatcliff, J., Pasareanu, C., Robby, Laubach, S., Zheng, H. (2000) Bandera: Extracting finite-state models from Java source code. In: ICSE 2000: International Conference on Software Engineering. ACM, New York,pp. 439–448 Google Scholar
  8. 8.
    Cousot, P., Cousot, R. (1977) Abstract interpretation: a unified lattice model for the static analysis of programs by construction or approximation of fixpoints. In: POPL 77: Principles of programming languages. ACM, New York, pp. 238–252 Google Scholar
  9. 9.
    Cousot, P., Cousot, R. (1995) Formal language, grammar and set-constraint-based program analysis by abstract interpretation. In: FPCA 95: Functional programming and computer architecture. ACM, New York, pp. 170–181 Google Scholar
  10. 10.
    Dams, D., Grumberg, O., Gerth, R. (1994) Abstract interpretation of reactive systems: abstractions preserving ACTL*, ECTL*, and CTL*. In: PROCOMET 94: Programming concepts, methods, and calculi. Elsevier Science, Amsterdam, The Netherlands, pp. 561–581 Google Scholar
  11. 11.
    Das, S., Dill, D.L., Park, S. (1999) Experience with predicate abstraction. In: CAV 00: Computer-aided verification, Lecture Notes in Computer Science, vol. 1633. Springer, Berlin Heidelberg New York, pp. 160–171 Google Scholar
  12. 12.
    Giacobazzi, R., Ranzato, F., Scozzari, F. (2000) Making abstract interpretations complete. J ACM 47(2): 361–416 MathSciNetCrossRefGoogle Scholar
  13. 13.
    Graf, S., Saïdi, H. (1997) Construction of abstract state graphs with PVS. In: CAV 97: Computer aided verification, Lecture Notes in Computer Science, vol. 1254. Springer, Berlin Heidelberg New York, pp. 72–83 Google Scholar
  14. 14.
    Huth, M., Jagadeesan, R., Schmidt, D.A. (2001) Modal transition systems: a foundation for three-valued program analysis. In: ESOP 01: European symposium on programming. Springer, Berlin Heidelberg New York (to appear) Google Scholar
  15. 15.
    Kurshan, R. (1994) Computer-aided verification of coordinating processes. Princeton University, Princeton, N.J., USA Google Scholar
  16. 16.
    Loiseaux, C., Graf, S., Sifakis, J., Bouajjani, A., Bensalem, S. (1995) Property preserving abstractions for the verification of concurrent systems. Formal Methods Syst Design 6(1): 11–44 CrossRefGoogle Scholar
  17. 17.
    Podelski, A. (2000) Model checking as constraint solving. In: SAS 00: Static analysis, Lecture Notes in Computer Science, vol. 1824. Springer, Berlin Heidelberg New York, pp. 221–237 Google Scholar
  18. 18.
    Reps, T. (1998) Program analysis via graph reachability. Inf Software Technol 40(11-12): 701–726 Google Scholar
  19. 19.
    Reps, T., Horwitz, S., Sagiv, M. (1995) Precise interprocedural dataflow analysis via graph reachability. In: POPL 95: Principles of programming languages. ACM, New York,pp. 49–61 Google Scholar
  20. 20.
    Sagiv, M., Reps, T., Wilhelm, R. (1999) Parametric shape analysis via 3-valued logic. In: POPL 99: Principles of programming languages. ACM, New York, pp. 105–118 Google Scholar
  21. 21.
    Saïdi, H. (2000) Model checking guided abstraction and analysis. In: Palsberg, J. (ed) SAS’00: Static analysis, Lecture Notes in Computer Science, vol. 1824. Springer, Berlin Heidelberg New York, pp. 377–396 Google Scholar
  22. 22.
    Schmidt, D. (1998) Data flow analysis is model checking of abstract interpretation. In: POPL 98: Principlesof programming languages. ACM, New York, pp.38–48 Google Scholar
  23. 23.
    Sharir, M., Pnueli, A. (1981) Two approaches to interprocedural data flow analysis. In: Program flow analysis: theory and applications. Prentice-Hall, Englewood Cliffs, N.J., USA,pp. 189–233 Google Scholar
  24. 24.
    Steffen, B. (1991) Data flow analysis as model checking. In: TACS 91: Theoretical aspects of computer science, Lecture Notes in Computer Science, vol. 536. Springer, Berlin Heidelberg New York, pp. 346–365 Google Scholar
  25. 25.
    Yavuz-Kahveci, T., Bultan, T. (2003) A symbolic manipulator for automated verification of reactive systems with heterogeneous data types. Int J Softw Tools Technol Tranfer 5(1): 15, 2003CrossRefGoogle Scholar

Copyright information

© Springer-Verlag 2003

Authors and Affiliations

  • Thomas Ball
    • 1
  • Andreas Podelski
    • 1
  • Sriram K. Rajamani
    • 1
  1. 1.Software Productivity ToolsMicrosoft ResearchRedmondUSA

Personalised recommendations