Formal Methods in System Design

, Volume 52, Issue 3, pp 229–259 | Cite as

Automating regression verification of pointer programs by predicate abstraction

  • Vladimir Klebanov
  • Philipp Rümmer
  • Mattias Ulbrich


Regression verification is an approach complementing regression testing with formal verification. The goal is to formally prove that two versions of a program behave either equally or differently in a precisely specified way. In this paper, we present a novel automated approach for regression verification that reduces the equivalence of two related imperative pointer programs to constrained Horn clauses over uninterpreted predicates. Subsequently, state-of-the-art SMT solvers are used to solve the clauses. We have implemented the approach, and our experiments show that non-trivial programs with integer and pointer arithmetic can now be proved equivalent without further user input.


Regression verification Horn constraint solving Program equivalence Relational program verification 



This work was partially supported by the German National Science Foundation (DFG) under the IMPROVE project within the priority program SPP 1593 “Design For Future—Managed Software Evolution”, and by the Swedish Research Council.


  1. 1.
    Alexandrescu A (2012) Three optimization tips for C++. A presentation at Facebook NYC.
  2. 2.
    Almeida J, Barbosa M, Sousa Pinto J, Vieira B (2009) Verifying cryptographic software correctness with respect to reference implementations. In: Alpuente M, Cook B, Joubert C (eds) Formal methods for industrial critical systems. Lecture notes in computer science, vol 5825. Springer, Berlin, pp 37–52Google Scholar
  3. 3.
    Ammann P, Offutt J (2008) Introduction to software testing, 1st edn. Cambridge University Press, New YorkCrossRefGoogle Scholar
  4. 4.
    Amtoft T, Bandhakavi S, Banerjee A (2006) A logic for information flow in object-oriented programs. In: Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on principles of programming languages, POPL’06, pp 91–102. ACM, New York, NY, USAGoogle Scholar
  5. 5.
    Backes J, Person S, Rungta N, Tkachuk O (2013) Regression verification using impact summaries. In: Bartocci E, Ramakrishnan C (eds) Model checking software. Lecture notes in computer science, vol 7976. Springer, Berlin, pp 99–116Google Scholar
  6. 6.
    Banerjee A, Naumann DA (2005) Ownership confinement ensures representation independence for object-oriented programs. J ACM 52(6):894–960MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Banerjee A, Naumann DA (2005) State based ownership, reentrance, and encapsulation. In: Proceedings of the 19th European conference on object-oriented programming, ECOOP’05. Springer, Berlin, pp 387–411Google Scholar
  8. 8.
    Barthe G, Crespo J, Grégoire B, Kunz C, Zanella Béguelin S (2012) Computer-aided cryptographic proofs. In: Beringer L, Felty A (eds) Interactive theorem proving. Lecture notes in computer science, vol 7406. Springer, Berlin, pp 11–27Google Scholar
  9. 9.
    Barthe G, Crespo JM, Kunz C (2011) Relational verification using product programs. In: Butler M, Schulte W (eds) Proceedings of the 17th international symposium on formal methods (FM). Lecture notes in computer science, vol 6664. Springer, Berlin, pp 200–214Google Scholar
  10. 10.
    Barthe G, D’Argenio PR, Rezk T (2004) Secure information flow by self-composition. In: 17th IEEE computer security foundations workshop, CSFW-17, Pacific Grove, CA, USA. IEEE Computer Society, pp 100–114Google Scholar
  11. 11.
    Beckert B, Bruns D, Klebanov V, Scheben C, Schmitt PH, Ulbrich M (2013) Information flow in object-oriented software. In: Gupta G, Peña R (eds) 23rd international symposium on logic-based program synthesis and transformation (LOPSTR 2013). Dpto. de Systemas Informáticos y Computation, Universidad Complutense de Madrid, TR-11-13, pp 15–32Google Scholar
  12. 12.
    Bjørner N, McMillan KL, Rybalchenko A (2013) On solving universally quantified horn clauses. In: Logozzo F, Fähndrich M (eds) Proceedings of the 20th international symposium on static analysis, SAS 2013, Seattle, WA, USA, June 20–22, 2013. Lecture notes in computer science, vol 7935. Springer, pp 105–125. doi: 10.1007/978-3-642-38856-9_8
  13. 13.
    Darvas A, Hähnle R, Sands D (2005) A theorem proving approach to analysis of secure information flow. In: Proceedings of the second international conference on security in pervasive computing, SPC’05. Springer, Berlin, pp 193–209Google Scholar
  14. 14.
    Detlefs D, Nelson G, Saxe JB (2005) Simplify: a theorem prover for program checking. J ACM 52(3):365–473MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Dijkstra EW (1975) Guarded commands, nondeterminacy and formal derivation of programs. Commun ACM 18(8):453–457. doi: 10.1145/360933.360975 MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Falke S, Kapur D, Sinz C (2012) Termination analysis of imperative programs using bitvector arithmetic. In: Proceedings of the 4th international conference on verified software: theories, tools, experiments (VSTTE’12). Springer, Berlin, pp 261–277Google Scholar
  17. 17.
    Felsing D, Grebing S, Klebanov V, Rümmer P, Ulbrich M (2014) Automating regression verification. In: Proceedings of the 29th ACM/IEEE international conference on automated software engineering, ASE’14. ACM, pp 349–360Google Scholar
  18. 18.
    Giesl J, Thiemann R, Schneider-Kamp P, Falke S (2004) Automated termination proofs with AProVE. In: van Oostrom V (ed) Proceedings of the 15th international conference on rewriting techniques and applications (RTA 2004). Lecture notes in computer science, vol 3091. Springer, pp 210–220Google Scholar
  19. 19.
    Godlin B, Strichman O (2008) Inference rules for proving the equivalence of recursive procedures. Acta Inform 45(6):403–439MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Godlin B, Strichman O (2009) Regression verification. In: Proceedings of the 46th annual design automation conference, DAC’09. ACM, pp 466–471Google Scholar
  21. 21.
    Godlin B, Strichman O (2013) Regression verification: proving the equivalence of similar programs. Softw Test Verif Reliab 23(3):241–258. doi: 10.1002/stvr.1472 CrossRefGoogle Scholar
  22. 22.
    Grebenshchikov S, Lopes NP, Popeea C, Rybalchenko A (2012) Synthesizing software verifiers from proof rules. In: Proceedings of the 33rd ACM SIGPLAN conference on programming language design and implementation, PLDI’12. ACM, pp 405–416Google Scholar
  23. 23.
    Harrison J (2009) Handbook of practical logic and automated reasoning. Cambridge University Press, CambridgeCrossRefzbMATHGoogle Scholar
  24. 24.
    Hawblitzel C, Kawaguchi M, Lahiri SK, Rebêlo H (2011) Mutual summaries: unifying program comparison techniques. In: Proceedings, first international workshop on intermediate verification languages (BOOGIE).
  25. 25.
    Hawblitzel C, Kawaguchi M, Lahiri SK, Rebêlo H (2013) Towards modularly comparing programs using automated theorem provers. In: Bonacina MP (ed) Proceedings of the 24th international conference on automated deduction, CADE-24, Lake Placid, NY, USA, June 9–14, 2013. Lecture notes in computer science, vol 7898, pp 282–299. SpringerGoogle Scholar
  26. 26.
    Hoder K, Bjørner N (2012) Generalized property directed reachability. In: Proceedings of the 15th international conference on theory and applications of satisfiability testing, SAT’12. Springer, Berlin, pp 157–171Google Scholar
  27. 27.
    Huang SY, Cheng KT (1998) Formal equivalence checking and design debugging. Kluwer Academic Publishers, NorwellCrossRefzbMATHGoogle Scholar
  28. 28.
    Lahiri SK, Hawblitzel C, Kawaguchi M, Rebêlo H (2012) SymDiff: a language-agnostic semantic diff tool for imperative programs. In: Proceedings of the 24th international conference on computer aided verification, CAV’12. Springer, Berlin, pp 712–717Google Scholar
  29. 29.
    Lahiri SK, McMillan KL, Sharma R, Hawblitzel C (2013) Differential assertion checking. In: Proceedings of the 2013 9th joint meeting on foundations of software engineering, ESEC/FSE 2013. ACM, pp 345–355Google Scholar
  30. 30.
    Leroux J, Rümmer P, Subotic P (2016) Guiding Craig interpolation with domain-specific abstractions. Acta Inform 53(4):387–424. doi: 10.1007/s00236-015-0236-z MathSciNetCrossRefzbMATHGoogle Scholar
  31. 31.
    McCarthy J (1962) Towards a mathematical science of computation. In: IFIP congress, pp 21–28Google Scholar
  32. 32.
    Post H, Sinz C (2009) Proving functional equivalence of two AES implementations using bounded model checking. In: Proceedings of the 2009 international conference on software testing verification and validation, ICST’09. IEEE Computer Society, pp 31–40Google Scholar
  33. 33.
    Rümmer P, Hojjat H, Kuncak V (2013) Disjunctive interpolants for Horn-clause verification. In: Proceedings of the 25th international conference on computer aided verification, CAV’13. Springer, Berlin, pp 347–363Google Scholar
  34. 34.
    Scheben C, Schmitt PH (2014) Efficient self-composition for weakest precondition calculi. In: Jones CB, Pihlajasaari P, Sun J (eds) Proceedings, 19th international symposium on formal methods (FM). Lecture notes in computer science, vol 8442. Springer, pp 579–594Google Scholar
  35. 35.
    van Eijk C (2000) Sequential equivalence checking based on structural similarities. IEEE Trans Comput Aided Des Integr Circuits Syst 19(7):814–819CrossRefGoogle Scholar
  36. 36.
    Verdoolaege S, Janssens G, Bruynooghe M (2012) Equivalence checking of static affine programs using widening to handle recurrences. ACM Trans Program Lang Syst 34(3):11:1–11:35. doi: 10.1145/2362389.2362390 CrossRefzbMATHGoogle Scholar
  37. 37.
    Verdoolaege S, Palkovic M, Bruynooghe M, Janssens G, Catthoor F (2010) Experience with widening based equivalence checking in realistic multimedia systems. J Electron Test 26(2):279–292CrossRefGoogle Scholar
  38. 38.
    Welsch Y, Poetzsch-Heffter A (2012) Verifying backwards compatibility of object-oriented libraries using Boogie. In: Proceedings of the 14th workshop on formal techniques for Java-like programs, FTfJP’12. ACM, pp 35–41Google Scholar
  39. 39.
    Wood T, Drossopoulou S, Lahiri SK, Eisenbach S (2017) Modular verification of procedure equivalence in the presence of memory allocation. In: Proceedings of the 26th European symposium on programming languages and systems, ESOP 2017, held as part of the European joint conferences on theory and practice of software, ETAPS 2017, Uppsala, Sweden, April 22–29, 2017, pp 937–963. doi: 10.1007/978-3-662-54434-1_35

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  1. 1.Institute of Theoretical InformaticsKarlsruhe Institute of TechnologyKarlsruheGermany
  2. 2.Uppsala UniversityUppsalaSweden

Personalised recommendations