Advertisement

Loop Invariants from Counterexamples

  • Marius Greitschus
  • Daniel Dietsch
  • Andreas Podelski
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10422)

Abstract

We propose a new approach to software model checking where we integrate abstract interpretation and trace abstraction. We use abstract interpretation to derive loop invariants for the path program corresponding to a given spurious counterexample. A path program is the smallest subprogram that still contains a given path in the control flow graph. We use the principle of trace abstraction to construct an overall proof. The key observation of our approach is that proofs by abstract interpretation on individual program fragments can be composed directly if we use the framework of trace abstraction (in trace abstraction, composing proofs amounts to a set-theoretic operation, i.e., set union). We implemented our approach in the open-source software model checking framework Ultimate. Our evaluation shows that we can solve up to 40% more benchmarks.

References

  1. 1.
    Albarghouthi, A., Gurfinkel, A., Chechik, M.: Craig interpretation. In: Miné, A., Schmidt, D. (eds.) SAS 2012. LNCS, vol. 7460, pp. 300–316. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33125-1_21 CrossRefGoogle Scholar
  2. 2.
    Albarghouthi, A., Li, Y., Gurfinkel, A., Chechik, M.: Ufo: a framework for abstraction- and interpolation-based software verification. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 672–678. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-31424-7_48 CrossRefGoogle Scholar
  3. 3.
    Ball, T., Rajamani, S.K.: The SLAM toolkit. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 260–264. Springer, Heidelberg (2001). doi: 10.1007/3-540-44585-4_25 CrossRefGoogle Scholar
  4. 4.
    Barrett, C., Conway, C.L., Deters, M., Hadarean, L., Jovanović, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22110-1_14 CrossRefGoogle Scholar
  5. 5.
    Beyer, D.: Reliable and reproducible competition results with benchexec and witnesses (report on SV-COMP 2016). In: Chechik, M., Raskin, J.-F. (eds.) TACAS 2016. LNCS, vol. 9636, pp. 887–904. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49674-9_55 CrossRefGoogle Scholar
  6. 6.
    Beyer, D., Henzinger, T.A., Jhala, R., Majumdar, R.: The software model checker BLAST. STTT 2007 9(5–6), 505–525 (2007)Google Scholar
  7. 7.
    Beyer, D., Henzinger, T.A., Majumdar, R., Rybalchenko, A.: Invariant synthesis for combined theories. In: Cook, B., Podelski, A. (eds.) VMCAI 2007. LNCS, vol. 4349, pp. 378–394. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-69738-1_27 CrossRefGoogle Scholar
  8. 8.
    Beyer, D., Henzinger, T.A., Majumdar, R., Rybalchenko, A.: Path invariants. In: PLDI 2007, pp. 300–309 (2007)Google Scholar
  9. 9.
    Beyer, D., Keremoglu, M.E.: CPA checker: a tool for configurable software verification. In: CAV 2011, pp. 184–190 (2011)Google Scholar
  10. 10.
    Christ, J., Hoenicke, J., Nutz, A.: SMTInterpol: an interpolating SMT solver. In: Donaldson, A., Parker, D. (eds.) SPIN 2012. LNCS, vol. 7385, pp. 248–254. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-31759-0_19 CrossRefGoogle Scholar
  11. 11.
    Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: CAV 2000, pp. 154–169 (2000). http://dx.doi.org/10.1007/10722167_15
  12. 12.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL 1977, pp. 238–252 (1977). http://doi.acm.org/10.1145/512950.512973
  13. 13.
    Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL 1978, pp. 84–96 (1978). http://doi.acm.org/10.1145/512760.512770
  14. 14.
    Dietsch, D.: Automated verification of system requirements and software specifications. Ph.D. thesis, University of Freiburg (2016)Google Scholar
  15. 15.
    Floyd, R.W.: Assigning meanings to programs. Math. Aspects Comput. Sci. 19(19–32), 1 (1967)zbMATHGoogle Scholar
  16. 16.
    Granger, P.: Static analysis of linear congruence equalities among variables of a program. In: Abramsky, S., Maibaum, T.S.E. (eds.) TAPSOFT 1991. LNCS, vol. 493, pp. 169–192. Springer, Heidelberg (1991). doi: 10.1007/3-540-53982-4_10 Google Scholar
  17. 17.
    Heizmann, M., Christ, J., Dietsch, D., Ermis, E., Hoenicke, J., Lindenmann, M., Nutz, A., Schilling, C., Podelski, A.: Ultimate automizer with SMTInterpol. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013. LNCS, vol. 7795, pp. 641–643. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36742-7_53 CrossRefGoogle Scholar
  18. 18.
    Heizmann, M., Hoenicke, J., Podelski, A.: Refinement of trace abstraction. In: Palsberg, J., Su, Z. (eds.) SAS 2009. LNCS, vol. 5673, pp. 69–85. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03237-0_7 CrossRefGoogle Scholar
  19. 19.
    Heizmann, M., Hoenicke, J., Podelski, A.: Software model checking for people who love automata. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 36–52. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39799-8_2 CrossRefGoogle Scholar
  20. 20.
    Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12(10), 576–580 (1969)CrossRefzbMATHGoogle Scholar
  21. 21.
    Miné, A.: The octagon abstract domain. High. Order Symbolic Comput. 19(1), 31–100 (2006). http://dx.doi.org/10.1007/s10990-006-8609-1 CrossRefzbMATHGoogle Scholar
  22. 22.
    Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78800-3_24 CrossRefGoogle Scholar
  23. 23.
    Sagiv, S., Reps, T.W., Wilhelm, R.: Parametric shape analysis via 3-valued logic. In: POPL 1999, pp. 105–118 (1999). http://doi.acm.org/10.1145/292540.292552
  24. 24.
    Sankaranarayanan, S., Sipma, H.B., Manna, Z.: Scalable analysis of linear systems using mathematical programming. In: VMCAI 2006, pp. 25–41 (2005). http://dx.doi.org/10.1007/978-3-540-30579-8_2

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.University of FreiburgFreiburg im BreisgauGermany

Personalised recommendations