Abstract
We propose a new framework, based on predicate abstraction and model checking, for shape analysis of programs. Shape analysis is used to statically collect information—such as possible reachability and sharing—about program stores. Rather than use a specialized abstract interpretation based on shape graphs, we instantiate a generic and automated abstraction procedure with shape predicates from a correctness property. This results in a predicate-discovery procedure that identifies predicates relevant for correctness, using an analysis based on weakest preconditions, and creates a finite state abstract program. The correctness property is then checked on the abstraction with a model checking tool. To enable this process, we calculate weakest preconditions for common shape properties, and present heuristics for accelerating convergence. Exploring abstract state spaces with model checkers enables one to tap into a wealth of techniques and highly optimized implementations for state space exploration, and to analyze properties that go beyond invariances. We illustrate this simple and flexible framework with the analysis of some “classical” list manipulation programs, using our implementation of the abstraction algorithm, and the SPIN and COSPAN model checkers for state space exploration.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
T. Ball, R. Majumdar, T.D. Millstein, and S.K. Rajamani. Automatic predicate abstraction of C programs. In PLDI, 2001.
T. Ball, A. Podelski, and S. Rajamani. Relative completeness of abstraction refinement for software model checking. In TACAS, volume 2280 of LNCS, 2002.
T. Ball and S. Rajamani. The SLAM toolkit. In CAV, volume 2102 of LNCS, 2001.
M. Benedikt, T. Reps, and M. Sagiv. A decidable logic for describing linked data structures. In ESOP, volume 1576 of LNCS, pages 2–19, 1999.
R. Bornat. Proving pointer programs in Hoare logic. In Mathematics of Program Construction, volume 1837 of LNCS, pages 102–126, 2000.
E.M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. In CAV, volume 1855 of LNCS, 2000.
P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, pages 238–252, 1977.
Patrick Cousot and Radhia Cousot. Comparing the Galois connection and widening/narrowing approaches to abstract interpretation. In M. Bruynooghe and M. Wirsing, editors, Programming Language Implementation and Logic Programming, volume 631 of LNCS, pages 269–295, 1992.
S. Das and D. Dill. Successive approximation of abstract transition relations. In LICS, 2001.
S. Das, D. Dill, and S. Park. Experience with predicate abstraction. In CAV, volume 1633 of LNCS, 1999.
M. Davis and H. Putnam. A computing procedure for quantification theory. J. Assoc. Computing Machinery, 7:201–215, 1960.
E.W. Dijkstra. Guarded commands, nondeterminacy, and formal derivation of programs. C.ACM, 18, 1975.
C. Flanagan and S. Qadeer. Predicate abstraction for software verification. In POPL, 2002.
S. Graf and H. Saïdi. Construction of abstract state graphs with PVS. In CAV, volume 1254 of LNCS, 1997.
D. Gries. The Science Of Programming. Springer-Verlag, 1981.
R.H. Hardin, Z. Har’el, and R.P. Kurshan. COSPAN. In CAV, volume 1102 of LNCS, 1996.
T.A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In POPL, 2002.
G. Holzmann. The SPIN model checker. IEEE Transactions on Software Engineering, 23(5), May 1997.
J.L. Jensen, M.E. Jorgensen, N. Klarlund, and M.I. Schwartzbach. Automatic verification of pointer programs using monadic second-order logic. In SIGPLAN Conference on Programming Language Design and Implementation, pages 226–236, 1997.
M. Kaufmann, P. Manolios, and J.S. Moore. Computer-Aided Reasoning: An Approach. Kluwer Academic Publishers, 2000.
N. Klarlund and M.I. Schwartzbach. Graphs and decidable transductions based on edge constraints (extended abstract). In Colloquium on Trees in Algebra and Programming, pages 187–201, 1994.
Y. Lakhnech, S. Bensalem, S. Berezin, and S. Owre. Incremental verification by abstraction. In TACAS, volume 2031 of LNCS, 2001.
D. Lesens, N. Halbwachs, and P. Raymond. Automatic verification of parameterized networks of processes. Theoretical Computer Science, 256:113–144, 2001.
T. Lev-Ami and M. Sagiv. TVLA: A system for implementing static analyses. In SAS, volume 1824 of LNCS, 2000.
J. Morris. (1) A general axiom of assignment (2) Assignment and linked data structures. In M. Broy and G. Schmidt, editors, Theoretical Foundations of Programming Methodology, 1981.
K.S. Namjoshi and R.P. Kurshan. Syntactic program transformations for automatic abstraction. In CAV, volume 1855 of LNCS, 2000.
G. Nelson. Verifying reachability invariants of linked structures. In POPL, 1983.
N. Rinetzky and S. Sagiv. Interprocedural shape analysis for recursive programs. In Computational Complexity, pages 133–149, 2001.
M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. TOPLAS, 24(3):217–298, 2002.
D.A. Schmidt and B. Steffen. Program analysis as model checking of abstract interpretations. In SAS, volume 1503 of LNCS, 1998.
A. Stump, C.W. Barrett, D.L. Dill, and J.R. Levitt. A decision procedure for an extensional theory of arrays. In LICS, pages 29–37, 2001.
E. Yahav. Verifying safety properties of concurrent Java programs using 3-valued logic. In POPL, pages 27–40, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dams, D., Namjoshi, K.S. (2003). Shape Analysis through Predicate Abstraction and Model Checking. In: Zuck, L.D., Attie, P.C., Cortesi, A., Mukhopadhyay, S. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2003. Lecture Notes in Computer Science, vol 2575. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36384-X_25
Download citation
DOI: https://doi.org/10.1007/3-540-36384-X_25
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00348-9
Online ISBN: 978-3-540-36384-2
eBook Packages: Springer Book Archive