Underapproximation of procedure summaries for integer programs

TACAS 2013

Abstract

We show how to underapproximate the procedure summaries of recursive programs over the integers using off-the-shelf analyzers for non-recursive programs. The novelty of our approach is that the non-recursive program we compute may capture unboundedly many behaviors of the original recursive program for which stack usage cannot be bounded. Moreover, we identify a class of recursive programs on which our method terminates and returns the precise summary relations without underapproximation. Doing so, we generalize a similar result for non-recursive programs to the recursive case. Finally, we present experimental results of an implementation of our method applied on a number of examples.

Keywords

Program analysis Procedure summaries  Flat counter systems Bounded context-free languages 

References

  1. 1.
  2. 2.
    Atig, M.F., Ganty, P.: Approximating petri net reachability along context-free traces. In: FSTTCS’11, Volume 13 of LIPIcs, pp. 152–163. Schloss Dagstuhl, Wadern (2011)Google Scholar
  3. 3.
    Alur, R., Madhusudan, P.: Adding nesting structure to words. JACM 56(3), 16 (2009)MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Hojjat, H., Konečný, F., Garnier, F., Iosif, R., Kuncak, V., Rümmer, P.: A verification toolkit for numerical transition systems—tool paper. In: FM 2012: Formal Methods, Volume 7436 of LNCS, pp. 247–251. Springer, Berlin, Heidelberg (2012)Google Scholar
  5. 5.
    Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Program Flow Analysis: Theory and Applications, Chapter 7, pp. 189–233. Prentice-Hall, Inc., Upper Saddle River (1981)Google Scholar
  6. 6.
    Esparza, J., Kiefer, S., Luttenberger, M.: Newtonian program analysis. JACM 57(6), 33:1–33:47 (2010)MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: POPL’95, pp. 49–61. ACM, New York (1995)Google Scholar
  8. 8.
    Albarghouthi, A., Gurfinkel, A., Chechik, M.: Whale: an interpolation-based algorithm for inter-procedural verification. In: VMCAI’12, Volume 7148 of LNCS, pp. 39–55. Springer, Berlin (2012)Google Scholar
  9. 9.
    Godefroid, P., Nori, A.V., Rajamani, S.K., Tetali, S.: Compositional may-must program analysis: unleashing the power of alternation. In: POPL’10, pp. 43–56. ACM, New York (2010)Google Scholar
  10. 10.
    Cook, A.P.B., Rybalchenko, A.: Summarization for termination: no return!. Formal Methods Syst. Design 35, 369–387 (2009)Google Scholar
  11. 11.
    Kroening, D., Lewis, M., Weissenbacher, G.: Under-approximating loops in C programs for fast counterexample detection. In: CAV’13: Proc. 23rd Int. Conf. on Computer Aided Verification, LNCS, pp. 381–396. Springer, Berlin (2013)Google Scholar
  12. 12.
    Latteux, M.: Mots infinis et langages commutatifs. Informatique Théorique et Appl. 12(3), 185–192 (1978)Google Scholar
  13. 13.
    Luker, M.: Control sets on grammars using depth-first derivations. Math. Syst. Theory 13, 349–359 (1980)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Ginsburg, S.: The Mathematical Theory of Context-Free Languages. McGraw-Hill Inc, New York (1966)MATHGoogle Scholar
  15. 15.
    Bozga, M., Iosif, R., Konečný, F.: Fast acceleration of ultimately periodic relations. In: CAV’10, Volume 6174 of LNCS, pp. 227–242. Springer, Berlin (2010)Google Scholar
  16. 16.
    Boigelot, B.: Symbolic Methods for Exploring Infinite State Spaces. PhD thesis, University of Liège (1998)Google Scholar
  17. 17.
    Finkel, A., Leroux, J.: How to compose presburger-accelerations: applications to broadcast protocols. In: FSTTCS’02, Volume 2556 of LNCS, pp. 145–156. Springer, Berlin (2002)Google Scholar
  18. 18.
    Luker, M.: A family of languages having only finite-index grammars. Inform. Control 39(1), 14–18 (1978)MathSciNetCrossRefMATHGoogle Scholar
  19. 19.
    Godoy, G., Tiwari, A.: Invariant checking for programs with procedure calls. In: SAS’09, Volume 5673 of LNCS, pp. 326–342. Springer, Berlin (2009)Google Scholar
  20. 20.
    Bardin, S., Finkel, A., Leroux, J., Petrucci, L.: Fast: fast acceleration of symbolic transition systems. In: CAV’03, Volume 2725 of LNCS, pp. 118–121. Springer, Berlin (2003)Google Scholar
  21. 21.
    Bozga, M., Iosif, R., Lakhnech, Y.: Flat parametric counter automata. Fundamenta Informaticae 91(2), 275–303 (2009)MathSciNetMATHGoogle Scholar
  22. 22.
    Ganty, P., Majumdar, R., Monmege, B.: Bounded underapproximations. Formal Methods Syst. Design 40(2), 206–231 (2012)CrossRefMATHGoogle Scholar
  23. 23.
    Termination Competition 2011. http://termcomp.uibk.ac.at/termcomp/home.seam
  24. 24.
    Cowles, J.: Knuth’s generalization of mccarthy’s 91 function. In: Computer-Aided Reasoning: ACL2 Case Studies, pp. 283–299. Kluwer Academic Publishers, Berlin (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.IMDEA Software InstituteMadridSpain
  2. 2.VERIMAG/CNRSGrenobleFrance
  3. 3.École Polytechnique Fédérale de Lausanne (EPFL)LausanneSwitzerland

Personalised recommendations