Hector: Software Model Checking with Cooperating Analysis Plugins

(Tool Paper)
  • Nathaniel Charlton
  • Michael Huth
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4590)


We present Hector, a software tool for combining different abstraction methods to extract sound models of heap-manipulating imperative programs with recursion. Extracted models may be explored visually and model checked with a wide range of “propositional” temporal logic safety properties, where “propositions” are formulae of a first order logic with transitive closure and arithmetic (\({\mathcal L}\)). Hector uses techniques initiated in [4,5] to wrap up different abstraction methods as modular analysis plugins, and to exchange information about program state between plugins through formulae of \({\cal L}\). This approach aims to achieve both (apparently conflicting) advantages of increased precision and modularity. When checking safety properties containing non-independent “propositions”, our model checking algorithm gives greater precision than a naïve three-valued one since it maintains some dependencies.


Model Check Safety Property Model Check Algorithm Predicate Abstraction List Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for boolean programs. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN Model Checking and Software Verification. LNCS, vol. 1885, pp. 113–130. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Ball, T., Podelski, A., Rajamani, S.K.: Boolean and Cartesian Abstraction for Model Checking C programs. In: Margaria, T., Yi, W. (eds.) ETAPS 2001 and TACAS 2001. LNCS, vol. 2031, Springer, Heidelberg (2001)Google Scholar
  3. 3.
    Bruns, G., Godefroid, P.: Generalized model checking: Reasoning about partial state spaces. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 168–182. Springer, Heidelberg (2000)Google Scholar
  4. 4.
    Charlton, N.: Verification of Java Programs with Interacting Analysis Plugins. ENTCS 145, 131–150 (2006)Google Scholar
  5. 5.
    Charlton, N.: Program Verification with Interacting Analysis Plugins. In: Formal Aspects of Computing, Springer, Heidelberg (2007), doi:10.1007/s00165-007-0029-4Google Scholar
  6. 6.
    Charlton, N.: HECTOR tool online,
  7. 7.
    GraphViz graph-drawing library:
  8. 8.
    Latvala, T.: scheck,
  9. 9.
    Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM TOPLAS 24, 217–298 (2002)CrossRefGoogle Scholar
  10. 10.
    Sistla, A.P.: Safety, liveness and fairness in temporal logic. Formal Aspects of Computing 6(5), 495–512 (1994)zbMATHCrossRefGoogle Scholar
  11. 11.
  12. 12.
    TVLA, 3-valued logic analyzer:
  13. 13.
    Gulavani, B.S., Rajamani, S.K.: Counterexample Driven Refinement for Abstract Interpretation. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006 and ETAPS 2006. LNCS, vol. 3920, Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Nathaniel Charlton
    • 1
  • Michael Huth
    • 1
  1. 1.Department of Computing, Imperial College London 

Personalised recommendations