Automatic Software Model Checking Using CLP

  • Cormac Flanagan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2618)


This paper proposes the use of constraint logic programming (CLP) to perform model checking of traditional, imperative programs. We present a semantics-preserving translation from an imperative language with heap-allocated mutable data structures and recursive procedures into CLP. The CLP formulation (1) provides a clean way to reason about the behavior and correctness of the original program, and (2) enables the use of existing CLP implementations to perform bounded software model checking, using a combination of symbolic reasoning and explicit path exploration.


Model Check Primitive Function Constraint Logic Programming Loop Invariant Imperative Program 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    T. Ball and S. K. Rajamani. Automatically validating temporal safety properties of interfaces. In M. B. Dwyer, editor, Model Checking Software, 8th International SPIN Workshop, volume 2057 of Lecture Notes in Computer Science, pages 103–122. Springer, May 2001.Google Scholar
  2. 2.
    D. Bruening. Systematic testing of multithreaded Java programs. Master’s thesis, Massachusetts Institute of Technology, 1999.Google Scholar
  3. 3.
    J. R. Burch, E. M. Clarke, K. L. McMillan, D. L. Dill, and L. J. Hwang. Symbolic model checking: 1020 states and beyond. Information and Computation, 98(2):142–170, 1992.zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    W. R. Bush, J. D. Pincus, and D. J. Sielaff. A static analyzer for finding dynamic programming errors. Software-Practice amp; Experience, 30(7):775–802, June 2000.zbMATHCrossRefGoogle Scholar
  5. 5.
    E. M. Clarke and E. A. Emerson. Design and synthesis of synchronization skeletons using branching-time temporal logic. In Workshop on Logic of Programs, Lecture Notes in Computer Science, pages 52–71. Springer-Verlag, 1981.Google Scholar
  6. 6.
    P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analyses of programs by construction or approximation of fixpoints. In Proceedings of the Symposium on the Principles of Programming Languages, pages 238–252, 1977.Google Scholar
  7. 7.
    G. Delzanno and A. Podelski. Model checking in CLP. Lecture Notes in Computer Science, 1579:223–239, 1999.Google Scholar
  8. 8.
    D. L. Detlefs, K. R. M. Leino, G. Nelson, and J. B. Saxe. Extended static checking. Research Report 159, Compaq Systems Research Center, Dec. 1998.Google Scholar
  9. 9.
    D. L. Detlefs, G. Nelson, and J. B. Saxe. A theorem prover for program analysis. Manuscript in preparation, 2002.Google Scholar
  10. 10.
    E. W. Dijkstra. A Discipline of Programming. Prentice Hall, Englewood Cliffs, NJ, 1976.zbMATHGoogle Scholar
  11. 11.
    M. Dwyer, J. Hatcli., R. Joehanes, S. Laubach, C. Pasareanu, Robby, W. Visser, and H. Zheng. Tool-supported program abstraction for finite-state verification. In Proceedings of the 23rd International Conference on Software Engineering, 2001.Google Scholar
  12. 12.
    M. D. Ernst, A. Czeisler, W. G. Griswold, and D. Notkin. Quickly detecting relevant program invariants. In Proceedings of the 22nd International Conference on Software Engineering (ICSE 2000), Limerick, Ireland, June 2000.Google Scholar
  13. 13.
    C. Flanagan, R. Joshi, and K. R. M. Leino. Annotation inference for modular checkers. Inf. Process. Lett., 77(2–4):97–108, Feb. 2001.zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    C. Flanagan, K. Leino, M. Lillibridge, G. Nelson, J. Saxe, and R. Stata. Extended static checking for Java. In Proceedings of the Conference on Programming Language Design and Implementation, pages 234–245, June 2002.Google Scholar
  15. 15.
    C. Flanagan and K. R. M. Leino. Houdini, an annotation assistant for ESC/Java. In J. N. Oliveira and P. Zave, editors, FME 2001: Formal Methods for Increasing Software Productivity, volume 2021 of Lecture Notes in Computer Science, pages 500–517. Springer, Mar. 2001.CrossRefGoogle Scholar
  16. 16.
    C. Flanagan and J. B. Saxe. Avoiding exponential explosion: Generating compact verification conditions. In Conference Record of the 28th Annual ACM Symposium on Principles of Programming Languages, pages 193–205. ACM, Jan. 2001.Google Scholar
  17. 17.
    S. Graf and H. Saïdi. Construction of abstract state graphs via PVS. In O. Grumberg, editor, Computer Aided Veri.cation, 9th International Conference, CAV’ 97, volume 1254 of Lecture Notes in Computer Science, pages 72–83. Springer, 1997.Google Scholar
  18. 18.
    T. A. Henzinger, R. Jhala, and R. Majumdar. Lazy abstraction. In Proceedings of the 29th Symposium on Principles of Programming Languages, January 2001.Google Scholar
  19. 19.
    J. Jaffar and J. L. Lassez. Constraint logic programming. In Proceedings of ACM SIGPLAN Symposium on Principles of Programming Languages, pages 111–119, Jan. 1987.Google Scholar
  20. 20.
    J. Jaffar and M. J. Maher. Constraint logic programming: A survey. Journal of Logic Programming, 19/20:503–581, 1994.CrossRefMathSciNetGoogle Scholar
  21. 21.
    J. Jaffar, M. J. Maher, K. Marriott, and P. J. Stuckey. The semantics of constraint logic programs. Journal of Logic Programming, 37(1–3):1–46, 1998.zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    M. J. Maher. A logic programming view of CLP. In International Conference on Logic Programming, pages 737–753, 1993.Google Scholar
  23. 23.
    K. L. McMillan. Symbolic Model Checking: An Approach to the State-Explosion Problem. Kluwer Academic Publishers, 1993.Google Scholar
  24. 24.
    J.-P. Queille and J. Sifakis. Specification and veri.cation of concurrent systems in CESAR. In M. Dezani-Ciancaglini and U. Montanari, editors, Fifth International Symposium on Programming, volume 137 of Lecture Notes in Computer Science, pages 337–351. Springer-Verlag, 1982.Google Scholar
  25. 25.
    M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. In Proceedings of the 26th Symposium on Principles of Programming Languages, pages 105–118, 1999.Google Scholar
  26. 26.
    A. U. Shankar. An introduction to assertional reasoning for concurrent systems. Computing Surveys, 25(3):225–302, 1993.CrossRefGoogle Scholar
  27. 28.
    S. Stoller. Model-checking multi-threaded distributed Java programs. In Proceedings of the 7th International SPIN Workshop on Model Checking and Software Verification, Lecture Notes in Computer Science 1885, pages 224–244. Springer-Verlag, 2000.Google Scholar
  28. 29.
    M. Turin, A. Deutsch, and G. Gonthier. La vérification des programmes d’ariane. Pour la Science, 243:21–22, Jan. 1998. (In French).Google Scholar
  29. 30.
    E. Yahav. Verifying safety properties of concurrent Java programs using 3-valued logic. In Proceedings of the 28th Symposium on Principles of Programming Languages, pages 27–40, January 2001.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Cormac Flanagan
    • 1
  1. 1.Systems Research Center Hewlett Packard LaboratoriesUSA

Personalised recommendations