Advertisement

Formal Methods in System Design

, Volume 25, Issue 2–3, pp 105–127 | Cite as

Predicate Abstraction of ANSI-C Programs Using SAT

  • Edmund Clarke
  • Daniel Kroening
  • Natasha Sharygina
  • Karen Yorav
Article

Abstract

Predicate abstraction is a major method for verification of software. However, the generation of the abstract Boolean program from the set of predicates and the original program suffers from an exponential number of theorem prover calls as well as from soundness issues. This paper presents a novel technique that uses an efficient SAT solver for generating the abstract transition relations of ANSI-C programs. The SAT-based approach computes a more precise and safe abstraction compared to existing predicate abstraction techniques.

predicate abstraction ANSI-C SAT 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    T. Ball, R. Majumdar, T. Millstein, and S. Rajamani, "Automatic predicate abstraction of C programs," in SIGPLAN Conference on Programming Language Design and Implementation, 2001, pp. 203–213.Google Scholar
  2. 2.
    T. Ball and S. Rajamani, "Boolean programs: A model and process for software analysis," Technical Report 2000–14, Microsoft Research.Google Scholar
  3. 3.
    T. Ball and S.K. Rajamani, "Automatically validating temporal safety properties of interfaces," in The 8th International SPIN Workshop on Model Checking of Software, 2001, LNCS Vol. 2057, pp. 103–122.Google Scholar
  4. 4.
    S. Bensalem, Y. Lakhnech, and S. Owre, "Computing abstractions of infinite state systems compositionally and automatically," in A.J. Hu and M.Y. Vardi (Eds.), Computer–Aided Verification, CAV '98, Vol. 1427, Vancouver, Canada, 1998, pp. 319–331.Google Scholar
  5. 5.
    BOOP. http://boop.sourceforge.net/.Google Scholar
  6. 6.
    G. Brat, K. Havelund, S. Park, and W. Visser, "Java PathFinder–A second generation of a Java model checker," in Workshop on Advances in Verification, Chicago, Illinois, 2000, pp. 130–135.Google Scholar
  7. 7.
    S. Chaki, E. Clarke, A. Groce, S. Jha, and H. Veith, "Modular verification of software components in C," in Proceedings of the 25th International Conference on Software Engineering (ICSE), 2003, pp. 385–395.Google Scholar
  8. 8.
    S. Chaki, E. Clarke, A. Groce, and O. Strichman, "Predicate abstraction with minimum predicates," in Advanced Research Working Conference on Correct Hardware Design and Verification Methods (CHARME), 2003.Google Scholar
  9. 9.
    E. Clarke, O. Grumberg, S. Jha, Y. Lu, and V.H., "Counterexample–guided abstraction refinement," in Computer Aided Verification, 2000, pp. 154–169.Google Scholar
  10. 10.
    E. Clarke, O. Grumberg, and D. Long, “Model checking and abstraction,” in Principle of Programming Languages, 1992.Google Scholar
  11. 11.
    E. Clarke, O. Grumberg, and D. Peled, Model Checking, MIT Press, 1999.Google Scholar
  12. 12.
    E. Clarke, M. Talupur, and D. Wang, "SAT based predicate abstraction for hardware verification," in Sixth International Conference on Theory and Applications of Satisfiability Testing, 2003.Google Scholar
  13. 13.
    M. Colon and T. Uribe, "Generating finite–state abstractions of reactive systems using decision procedures," in Computer Aided Verification, 1998, pp. 293–304.Google Scholar
  14. 14.
    P. Cousot and R. Cousot, "Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints," in Principles of Programming Languages, POPL '77, 1977, pp. 238–252.Google Scholar
  15. 15.
    D.W. Currie, A.J. Hu, S. Rajan, and M. Fujita, "Automatic formal verification of DSP software," in 37th ACM/IEEE Design Automation Conference, 2000, pp. 130–135.Google Scholar
  16. 16.
    D. Dams, R. Gerth, and O. Grumberg, "Abstract interpretation of reactive systems," ACM Transactions on Programming Languages and Systems (TOPLAS), Vol. 19, No. 2, 1997.Google Scholar
  17. 17.
    S. Das and D. Dill, "Successive approximation of abstract transition relations," in 16th Annual IEEE Symposium on Logic in Computer Science (LICS), 2001.Google Scholar
  18. 18.
    D. Detlefs, G. Nelson, and J.B. Saxe, "Simplify: A theorem prover for program checking," Technical Report HPL–2003–148, HP Labs, 2003.Google Scholar
  19. 19.
    Digital Signature Standard, "Secure hash standard (FIPS 180–1)," National Institute of Standards and Technology, 1995.Google Scholar
  20. 20.
    S. Graf and H. Saidi, "Construction of abstract state graphs with PVS," in O. Grumberg (Ed.), Proc. 9th INternational Conference on Computer Aided Verification (CAV'97), Vol. 1254, 1997, pp. 72–83.Google Scholar
  21. 21.
    D. Gries and G. Levin, "Assignment and procedure call proof rules," ACM Transactions on Programming Languages and Systems (TOPLAS), Vol. 2, No. 4, pp. 564–579, 1980.Google Scholar
  22. 22.
    A. Gupta, Z. Yang, P. Ashar, and A. Gupta, "SAT–based image computation with application in reachability analysis," in Formal Methods in Computer–Aided Design (FMCAD), 2000, pp. 354–372.Google Scholar
  23. 23.
    T.A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre, "Lazy abstraction," in Symposium on Principles of Programming Languages, 2002, pp. 58–70.Google Scholar
  24. 24.
    Y. Kesten and A. Pnueli, "Control and data abstraction: Cornerstones of the practical formal verification," Software Tools and Technology Transfer, Vol. 2, No. 4, pp. 328–342, 2000.Google Scholar
  25. 25.
    D. Kroening, E. Clarke, and K. Yorav, "Behavioral consistency of C and Verilog programs using bounded model checking," in 40th Desgin Automation Conference, 2003, pp. 368–371.Google Scholar
  26. 26.
    D. Kroening, E. Clarke, and K. Yorav, "Behavioral consistency of C and verilog programs using bounded model checking," Technical Report CMU–CS–03–126, Carnegie Mellon University, 2003.Google Scholar
  27. 27.
    R. Kurshan, Computer–Aided Verification of Coordinating Processes: The Automata–Theoretic Approach, Princeton University Press, 1994.Google Scholar
  28. 28.
    S.K. Lahiri, R.E. Bryant, and B. Cook, "A symbolic approach to predicate abstraction," in W.A. Hunt and F. Somenzi (Eds.), Computer–Aided Verification (CAV), 2003, pp. 141–153.Google Scholar
  29. 29.
    C. Loiseaux, S. Graf, J. Sifakis, A. Bouajjani, and S. Bensalem, "Property preserving abstractions for the verification of concurrent systems," Formal Methods in System Design, Vol. 6, pp. 11–45, 1995.Google Scholar
  30. 30.
    K. McMillan, "Applying SAT methods in unbounded symbolic model checking," in 14th Conference on Computer Aided Verification, 2002, pp. 250–264.Google Scholar
  31. 31.
    M.W. Moskewicz, C.F. Madigan, Y. Zhao, L. Zhang, and S. Malik, "Chaff: Engineering an efficient SAT solver," in Proceedings of the 38th Design Automation Conference (DAC'01), 2001, pp. 530–535.Google Scholar
  32. 32.
    D. Plaisted, "Method for design verification of hardware and non–hardware systems," United States Patent, 6,131,078, 2000.Google Scholar
  33. 33.
    D. Plaisted, A. Biere, and Y. Zhu, "A satisfiability tester for quantified Boolean formulae," Journal of Discrete Applied Mathematics (DAM), in press, available online, 2003.Google Scholar
  34. 34.
    SMV, http://www-2.cs.cmu.edu/~modelcheck/smv.htmlGoogle Scholar

Copyright information

© Kluwer Academic Publishers 2004

Authors and Affiliations

  • Edmund Clarke
    • 1
  • Daniel Kroening
    • 2
  • Natasha Sharygina
    • 3
  • Karen Yorav
    • 4
  1. 1.Computer Science DepartmentCarnegie Mellon UniversityPittsburgh
  2. 2.Computer Systems InstituteSwiss Institute of TechnologyZurichSwitzerland
  3. 3.Software Engineering InstituteCarnegie Mellon UniversityPittsburgh
  4. 4.IBMHaifaIsrael

Personalised recommendations