Formal Methods in System Design

, Volume 37, Issue 2–3, pp 171–199 | Cite as

Doomed program points

  • Jochen Hoenicke
  • K. Rustan M. Leino
  • Andreas Podelski
  • Martin Schäf
  • Thomas WiesEmail author


Any programming error that can be revealed before compiling a program saves precious time for the programmer. While integrated development environments already do a good job by detecting, e.g., data-flow abnormalities, current static analysis tools suffer from false positives (“noise”) or require strong user interaction.

We propose to avoid this deficiency by defining a new class of errors. A program fragment is doomed if its execution will inevitably fail, regardless of which state it is started in. We use a formal verification method to identify such errors fully automatically and, most significantly, without producing noise. We report on experiments with a prototype tool.


Reliability Program falsification Static checking 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ayewah N, Pugh W, Morgenthaler JD, Penix J, Zhou Y (2007) Evaluating static analysis defect warnings on production software. In: Workshop on program analysis for software tools and engineering, PASTE’07. ACM, New York, pp 1–8 Google Scholar
  2. 2.
    Ball T, Kupferman O, Yorsh G (2005) Abstraction for falsification. In: Computer aided verification, CAV’05. LNCS, vol 3576. Springer, Berlin, pp 67–81 CrossRefGoogle Scholar
  3. 3.
    Barnett M, Leino KRM (2005) Weakest-precondition of unstructured programs. In: Workshop on program analysis for software tools and engineering, PASTE’05. ACM, New York, pp 82–87 CrossRefGoogle Scholar
  4. 4.
    Barnett M, Chang B-YE, DeLine R, Jacobs B, Leino KRM (2005) Boogie: a modular reusable verifier for object-oriented programs. In: Formal methods for components and objects: 4th international symposium, FMCO’05. LNCS, vol 4111. Springer, Berlin, pp 364–387 CrossRefGoogle Scholar
  5. 5.
    Barnett M, Leino KRM, Schulte W (2005) The Spec# programming system: an overview. In: CASSIS 2004, construction and analysis of safe, secure and interoperable smart devices. LNCS, vol 3362. Springer, Berlin, pp 49–69 CrossRefGoogle Scholar
  6. 6.
    Beer I, Ben-David S, Eisner C, Rodeh Y (1997) Efficient detection of vacuity in actl formulas. In: Computer aided verification, CAV’97. Springer, Berlin, pp 279–290 Google Scholar
  7. 7.
    Bornat R (2000) Proving pointer programs in Hoare logic Google Scholar
  8. 8.
    Burstall RM (1972) Some techniques for proving correctness of programs which alter data structures. Mach Learn 7 Google Scholar
  9. 9.
    Clarke EM, Kroening D, Lerda F (2004) A tool for checking ANSI-C programs. In: International conference on tools and algorithms for the construction and analysis of systems, TACAS’04. LNCS, vol 2988. Springer, Berlin, pp 168–176 CrossRefGoogle Scholar
  10. 10.
    Cohen E, Moskal M, Schulte W, Tobies S (2000) A practical verification methodology for concurrent programs. Technical report MSR-TR-2009-15, Microsoft Research Google Scholar
  11. 11.
    Cytron R, Ferrante J, Rosen BK, Wegman MN, Zadeck FK (1991) Efficiently computing static single assignment form and the control dependence graph. ACM Trans Program Lang Syst 13(4):451–490 CrossRefGoogle Scholar
  12. 12.
    Dijkstra EW (1976) A discipline of programming. Prentice Hall, Englewood Cliffs zbMATHGoogle Scholar
  13. 13.
    Ernie Cohen MD, Hillebrand M, Leinenbach D, Moskal M, Santen T, Schulte W, Tobies S (2009) VCC: a practical system for verifying concurrent C. In: Theorem proving in higher order logics, TPHOLs’09, pp 23–42 CrossRefGoogle Scholar
  14. 14.
    Evans D, Larochelle D (2002) Improving security using extensible lightweight static analysis. IEEE Softw 19(1):42–51 CrossRefGoogle Scholar
  15. 15.
    Filliâtre J-C, Marché C (2007) The Why/Krakatoa/Caduceus platform for deductive program verification. In: Computer aided verification, CAV’07, pp 173–177 CrossRefGoogle Scholar
  16. 16.
    Flanagan C, Saxe JB (2001) Avoiding exponential explosion: generating compact verification conditions. In: Annual ACM symposium on the principles of programming languages, POPL’01. ACM, New York, pp 193–205 Google Scholar
  17. 17.
    Flanagan C, Leino KRM, Lillibridge M, Nelson G, Saxe JB, Stata R (2002) Extended static checking for Java. In: ACM conference on programming language design and implementation, PLDI’02. ACM, New York, pp 234–245 Google Scholar
  18. 18.
    Godefroid P, Nori AV, Rajamani SK, Tetali S (2010) Compositional may-must program analysis: unleashing the power of alternation. In: Annual ACM symposium on the principles of programming languages, POPL’10. ACM, New York, pp 43–56 CrossRefGoogle Scholar
  19. 19.
    Gulavani BS, Henzinger TA, Kannan Y, Nori AV, Rajamani SK (2006) Synergy: a new algorithm for property checking. In: Symposium on the foundations of software engineering, FSE’06. ACM, New York, pp 117–127 Google Scholar
  20. 20.
    Hayes IJ, Fidge CJ, Lermer K (2001) Semantic characterisation of dead control-flow paths. IEE Proc, Softw 148(6):175–186 CrossRefGoogle Scholar
  21. 21.
    Henzinger TA, Jhala R, Majumdar R, Sutre G (2003) Software verification with BLAST. In: Model checking software, 10th international SPIN workshop. LNCS, vol 2648. Springer, Berlin, pp 235–239 Google Scholar
  22. 22.
    Hillebrand MA, Leinenbach DC (2009) Formal verification of a reader-writer lock implementation in c. Electron Notes Theor Comput Sci 254:123–141 CrossRefGoogle Scholar
  23. 23.
    Hoenicke J, Leino KRM, Podelski A, Schäf M, Wies T (2009) It’s doomed; we can prove it. In: International symposium on formal methods, FM’09, pp 338–353 Google Scholar
  24. 24.
    Hovemeyer D, Pugh W (2007) Finding more null pointer bugs, but not too many. In: Workshop on program analysis for software tools and engineering, PASTE’07. ACM, New York, pp 9–14 Google Scholar
  25. 25.
    Hovemeyer D, Spacco J, Pugh W (2006) Evaluating and tuning a static analysis to find null pointer bugs. Softw Eng Notes 31(1):13–19 CrossRefGoogle Scholar
  26. 26.
    Immerman N, Rabinovich A, Reps T, Sagiv M, Yorsh G (2004) The boundary between decidability and undecidability for transitive-closure logics. In: Computer science logic, CSL’04, pp 160–174 CrossRefGoogle Scholar
  27. 27.
    Janota M, Grigore R, Moskal M (2007) Reachability analysis for annotated code. In: Specification and verification of component-based systems, SAVCBS’07. ACM, New York, pp 23–30 Google Scholar
  28. 28.
    Janssen J, Corporaal H (1997) Making graphs reducible with controlled node splitting. ACM Trans Program Lang Syst 19(6):1031–1052 CrossRefGoogle Scholar
  29. 29.
    Kuncak V (2007) Modular data structure verification. PhD thesis, EECS Department, Massachusetts Institute of Technology Google Scholar
  30. 30.
    Leino KRM (2005) Efficient weakest preconditions. Inf Process Lett 93(6):281–288 zbMATHCrossRefMathSciNetGoogle Scholar
  31. 31.
    Leino KRM This is Boogie 2. Manuscript KRML 178, June 2008. Available at
  32. 32.
    Lengauer T, Tarjan RE (1979) A fast algorithm for finding dominators in a flowgraph. ACM Trans Program Lang Syst 1(1):121–141 zbMATHCrossRefGoogle Scholar
  33. 33.
    Luckham DC, Suzuki N (1979) Verification of array, record, and pointer operations in Pascal. ACM Trans Program Lang Syst 1(2):226–244 zbMATHCrossRefGoogle Scholar
  34. 34.
    Manna Z, Pnueli A (1995) Temporal verification of reactive systems: safety. Springer, Berlin Google Scholar
  35. 35.
    Nelson G (1989) A generalization of Dijkstra’s calculus. ACM Trans Program Lang Syst 11(4):517–561 CrossRefGoogle Scholar
  36. 36.
    Prosser RT (1959) Applications of Boolean matrices to the analysis of flow diagrams. In: IRE-AIEE-ACM’59, Eastern. ACM, New York, pp 133–138 CrossRefGoogle Scholar
  37. 37.
    Samer M, Veith H (2007) On the notion of vacuous truth. In: Proceedings of the 14th international conference on logic for programming, artificial intelligence and reasoning, LPAR’07. Springer, Berlin, pp 2–14 CrossRefGoogle Scholar
  38. 38.
    Shelekhov VI, Kuksenko SV (1999) On the practical static checker of semantic run-time errors. In: Asia pacific software engineering conference, APSEC, p 434 Google Scholar
  39. 39.
    Technologies P (2004) PolySpace for C. Documentation Google Scholar
  40. 40.
    Yorsh G, Ball T, Sagiv M (2006) Testing, abstraction, theorem proving: better together! In: International symposium on software testing and analysis, ISSTA’06. ACM, New York, pp 145–156 CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Jochen Hoenicke
    • 1
  • K. Rustan M. Leino
    • 2
  • Andreas Podelski
    • 1
  • Martin Schäf
    • 1
  • Thomas Wies
    • 3
    Email author
  1. 1.University of FreiburgFreiburg im BreisgauGermany
  2. 2.Microsoft ResearchRedmondUSA
  3. 3.Institute of Science and TechnologyKlosterneuburgAustria

Personalised recommendations