Haifa Verification Conference

Hardware and Software: Verification and Testing pp 87-103 | Cite as

PANDA: Simultaneous Predicate Abstraction and Concrete Execution

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9434)


We present a new verification algorithm, Panda, that combines predicate abstraction with concrete execution and dynamic analysis. Both the concrete and abstract state spaces of an input program are traversed simultaneously, guiding each other through on-the-fly mutual interaction. Panda performs dynamic on-the-fly pruning of those branches in the abstract state space that diverge from the corresponding concrete trace. If the abstract branch is actually feasible for a different concrete trace, Panda discovers the covering trace by exploring different data choices. Candidate spurious errors may also arise, for example, due to overapproximation of the points-to relation between heap objects. We eliminate all the spurious errors using the well-known approach based on lazy abstraction refinement with interpolants. Results of experiments with our prototype implementation show that Panda can successfully verify programs that feature loops, recursion, and manipulation with objects and arrays. It has a competitive performance and does not report any spurious error for our benchmarks.


Trace Formula Symbolic Execution Reachability Graph Predicate Abstraction Benchmark Program 



This work was partially supported by the Grant Agency of the Czech Republic project 13-12121P and by Charles University institutional funding SVV-2015-260222.


  1. 1.
    Albarghouthi, A., Gurfinkel, A., Chechik, M.: From under-approximations to over-approximations and back. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 157–172. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  2. 2.
    Albarghouthi, A., Gurfinkel, A., Wei, O., Chechik, M.: Abstract analysis of symbolic executions. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 495–510. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  3. 3.
    Alberti, F., Bruttomesso, R., Ghilardi, S., Ranise, S., Sharygina, N.: Lazy abstraction with interpolants for arrays. In: Bjørner, N., Voronkov, A. (eds.) LPAR-18 2012. LNCS, vol. 7180, pp. 46–61. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  4. 4.
    Barrett, C., Conway, C.L., Deters, M., Hadarean, L., Jovanović, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  5. 5.
    Beckman, N.E., Nori, A.V., Rajamani, S.K., Simmons, R.J.: Proofs from tests. In: Proceedings of ISSTA. ACM (2008)Google Scholar
  6. 6.
    Beyer, D., Henzinger, T.A., Jhala, R., Majumdar, R.: The software model checker BLAST. STTT 9(5–6), 505–525 (2007)CrossRefGoogle Scholar
  7. 7.
    Beyer, D., Henzinger, T.A., Théoduloz, G.: Configurable software verification: concretizing the convergence of model checking and program analysis. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 504–518. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  8. 8.
    Beyer, D., Keremoglu, M.E.: CPAchecker: a tool for configurable software verification. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 184–190. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  9. 9.
    Charlton, N.: Program verification with interacting analysis plugins. Form. Aspects Comput. 19(3), 375–399 (2007)CrossRefMATHGoogle Scholar
  10. 10.
    Cadar, C., Dunbar, D., Engler, D.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of OSDI. USENIX (2008)Google Scholar
  11. 11.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  12. 12.
    Donaldson, A., Kaiser, A., Kroening, D., Wahl, T.: Symmetry-aware predicate abstraction for shared-variable concurrent programs. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 356–371. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  13. 13.
    Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: Proceedings of PLDI. ACM (2005)Google Scholar
  14. 14.
    Godefroid, P., Nori, A., Rajamani, S.K., Tetali, S.: Compositional may-must program analysis: unleashing the power of alternation. In: Proceedings of POPL. ACM (2010)Google Scholar
  15. 15.
    Heizmann, M., Hoenicke, J., Podelski, A.: Nested interpolants. In: Proceedings of POPL. ACM (2010)Google Scholar
  16. 16.
    Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: Proceedings of POPL. ACM (2002)Google Scholar
  17. 17.
    Kroening, D., Weissenbacher, G.: Interpolation-based software verification with Wolverine. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 573–578. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  18. 18.
    McMillan, K.L.: Lazy abstraction with interpolants. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 123–136. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  19. 19.
    de Moura, L., Bjørner, N.S.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  20. 20.
    Nori, A.V., Rajamani, S.K., Tetali, S.D., Thakur, A.V.: The Yogi project: software property checking via static analysis and testing. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 178–181. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  21. 21.
    Parizek, P., Lhotak, O.: Predicate abstraction of java programs with collections. In: Proceedings of OOPSLA. ACM (2012)Google Scholar
  22. 22.
    Qadeer, S., Wu, D.: KISS: keep it simple and sequential. In: Proceedings of PLDI. ACM (2004)Google Scholar
  23. 23.
    Vizel, Y., Grumberg, O.: Interpolation-sequence based model checking. In: Proceedings of FMCAD. IEEE (2009)Google Scholar
  24. 24.
  25. 25.
  26. 26.
    Competition on Software Verification. http://sv-comp.sosy-lab.org/2015/

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Distributed and Dependable Systems, Faculty of Mathematics and PhysicsCharles University in PraguePragueCzech Republic

Personalised recommendations