Skip to main content
SpringerLink
Log in

Shape Analysis through Predicate Abstraction and Model Checking

  • Conference paper
  • First Online:
Verification, Model Checking, and Abstract Interpretation (VMCAI 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2575))

Abstract

We propose a new framework, based on predicate abstraction and model checking, for shape analysis of programs. Shape analysis is used to statically collect information—such as possible reachability and sharing—about program stores. Rather than use a specialized abstract interpretation based on shape graphs, we instantiate a generic and automated abstraction procedure with shape predicates from a correctness property. This results in a predicate-discovery procedure that identifies predicates relevant for correctness, using an analysis based on weakest preconditions, and creates a finite state abstract program. The correctness property is then checked on the abstraction with a model checking tool. To enable this process, we calculate weakest preconditions for common shape properties, and present heuristics for accelerating convergence. Exploring abstract state spaces with model checkers enables one to tap into a wealth of techniques and highly optimized implementations for state space exploration, and to analyze properties that go beyond invariances. We illustrate this simple and flexible framework with the analysis of some “classical” list manipulation programs, using our implementation of the abstraction algorithm, and the SPIN and COSPAN model checkers for state space exploration.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. T. Ball, R. Majumdar, T.D. Millstein, and S.K. Rajamani. Automatic predicate abstraction of C programs. In PLDI, 2001.

    Google Scholar 

  2. T. Ball, A. Podelski, and S. Rajamani. Relative completeness of abstraction refinement for software model checking. In TACAS, volume 2280 of LNCS, 2002.

    Google Scholar 

  3. T. Ball and S. Rajamani. The SLAM toolkit. In CAV, volume 2102 of LNCS, 2001.

    Google Scholar 

  4. M. Benedikt, T. Reps, and M. Sagiv. A decidable logic for describing linked data structures. In ESOP, volume 1576 of LNCS, pages 2–19, 1999.

    Google Scholar 

  5. R. Bornat. Proving pointer programs in Hoare logic. In Mathematics of Program Construction, volume 1837 of LNCS, pages 102–126, 2000.

    Chapter  Google Scholar 

  6. E.M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. In CAV, volume 1855 of LNCS, 2000.

    Google Scholar 

  7. P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, pages 238–252, 1977.

    Google Scholar 

  8. Patrick Cousot and Radhia Cousot. Comparing the Galois connection and widening/narrowing approaches to abstract interpretation. In M. Bruynooghe and M. Wirsing, editors, Programming Language Implementation and Logic Programming, volume 631 of LNCS, pages 269–295, 1992.

    Chapter  Google Scholar 

  9. S. Das and D. Dill. Successive approximation of abstract transition relations. In LICS, 2001.

    Google Scholar 

  10. S. Das, D. Dill, and S. Park. Experience with predicate abstraction. In CAV, volume 1633 of LNCS, 1999.

    Google Scholar 

  11. M. Davis and H. Putnam. A computing procedure for quantification theory. J. Assoc. Computing Machinery, 7:201–215, 1960.

    MATH  MathSciNet  Google Scholar 

  12. E.W. Dijkstra. Guarded commands, nondeterminacy, and formal derivation of programs. C.ACM, 18, 1975.

    Google Scholar 

  13. C. Flanagan and S. Qadeer. Predicate abstraction for software verification. In POPL, 2002.

    Google Scholar 

  14. S. Graf and H. Saïdi. Construction of abstract state graphs with PVS. In CAV, volume 1254 of LNCS, 1997.

    Google Scholar 

  15. D. Gries. The Science Of Programming. Springer-Verlag, 1981.

    Google Scholar 

  16. R.H. Hardin, Z. Har’el, and R.P. Kurshan. COSPAN. In CAV, volume 1102 of LNCS, 1996.

    Google Scholar 

  17. T.A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In POPL, 2002.

    Google Scholar 

  18. G. Holzmann. The SPIN model checker. IEEE Transactions on Software Engineering, 23(5), May 1997.

    Google Scholar 

  19. J.L. Jensen, M.E. Jorgensen, N. Klarlund, and M.I. Schwartzbach. Automatic verification of pointer programs using monadic second-order logic. In SIGPLAN Conference on Programming Language Design and Implementation, pages 226–236, 1997.

    Google Scholar 

  20. M. Kaufmann, P. Manolios, and J.S. Moore. Computer-Aided Reasoning: An Approach. Kluwer Academic Publishers, 2000.

    Google Scholar 

  21. N. Klarlund and M.I. Schwartzbach. Graphs and decidable transductions based on edge constraints (extended abstract). In Colloquium on Trees in Algebra and Programming, pages 187–201, 1994.

    Google Scholar 

  22. Y. Lakhnech, S. Bensalem, S. Berezin, and S. Owre. Incremental verification by abstraction. In TACAS, volume 2031 of LNCS, 2001.

    Google Scholar 

  23. D. Lesens, N. Halbwachs, and P. Raymond. Automatic verification of parameterized networks of processes. Theoretical Computer Science, 256:113–144, 2001.

    Article  MATH  MathSciNet  Google Scholar 

  24. T. Lev-Ami and M. Sagiv. TVLA: A system for implementing static analyses. In SAS, volume 1824 of LNCS, 2000.

    Google Scholar 

  25. J. Morris. (1) A general axiom of assignment (2) Assignment and linked data structures. In M. Broy and G. Schmidt, editors, Theoretical Foundations of Programming Methodology, 1981.

    Google Scholar 

  26. K.S. Namjoshi and R.P. Kurshan. Syntactic program transformations for automatic abstraction. In CAV, volume 1855 of LNCS, 2000.

    Google Scholar 

  27. G. Nelson. Verifying reachability invariants of linked structures. In POPL, 1983.

    Google Scholar 

  28. N. Rinetzky and S. Sagiv. Interprocedural shape analysis for recursive programs. In Computational Complexity, pages 133–149, 2001.

    Google Scholar 

  29. M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. TOPLAS, 24(3):217–298, 2002.

    Article  Google Scholar 

  30. D.A. Schmidt and B. Steffen. Program analysis as model checking of abstract interpretations. In SAS, volume 1503 of LNCS, 1998.

    Google Scholar 

  31. A. Stump, C.W. Barrett, D.L. Dill, and J.R. Levitt. A decision procedure for an extensional theory of arrays. In LICS, pages 29–37, 2001.

    Google Scholar 

  32. http://www.cs.bell-labs.com/~kedar/shape analysis.html.

  33. E. Yahav. Verifying safety properties of concurrent Java programs using 3-valued logic. In POPL, pages 27–40, 2001.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Bell Labs, Lucent Technologies, 600 Mountain Ave., Murray Hill, 07974, NJ

    Dennis Dams & Kedar S. Namjoshi

Authors
  1. Dennis Dams
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kedar S. Namjoshi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, New York University, 715 Broadway (7th floor), NY 10003, NewYork, USA

    Lenore D. Zuck

  2. College of Computer Science, Northeastern University, 360 Huntington Ave., 02115, Boston, MA, USA

    Paul C. Attie

  3. Computer Science Department, Venice University C’Foscari, Via Torino 155, 30170, Mestre-Venezia, Italy

    Agostino Cortesi

  4. Department of Computer Science and Electrical Engineering, West Virginia University, 26505, Morgantown, WV, USA

    Supratik Mukhopadhyay

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dams, D., Namjoshi, K.S. (2003). Shape Analysis through Predicate Abstraction and Model Checking. In: Zuck, L.D., Attie, P.C., Cortesi, A., Mukhopadhyay, S. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2003. Lecture Notes in Computer Science, vol 2575. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36384-X_25

Download citation

  • DOI: https://doi.org/10.1007/3-540-36384-X_25

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00348-9

  • Online ISBN: 978-3-540-36384-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation