Leaping Loops in the Presence of Abstraction

  • Thomas Ball
  • Orna Kupferman
  • Mooly Sagiv
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4590)

Abstract

Finite abstraction helps program analysis cope with the huge state space of programs. We wish to use abstraction in the process of error detection. Such a detection involves reachability analysis of the program. Reachability in an abstraction that under-approximates the program implies reachability in the concrete system. Under-approximation techniques, however, lose precision in the presence of loops, and cannot detect their termination. This causes reachability analysis that is done with respect to an abstraction to miss states of the program that are reachable via loops. Current solutions to this loop-termination challenge are based on fair termination and involve the use of well-founded sets and ranking functions.

In many cases, the concrete system has a huge, but still finite set of states. Our contribution is to show how, in such cases, it is possible to analyze termination of loops without refinement and without well-founded sets and ranking functions. Instead, our method is based on conditions on the structure of the graph that corresponds to the concrete system — conditions that can be checked with respect to the abstraction. We describe our method, demonstrate its usefulness and show how its application can be automated by means of a theorem prover.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ball, T.: A theory of predicate-complete test coverage and generation. In: 3rd International Symposium on Formal Methods for Components and Objects (2004)Google Scholar
  2. 2.
    Ball, T., Bounimova, E., Cook, B., Levin, V., Lichtenberg, J., McGarvey, C., Ondrusek, B., Rajamani, S.K., Ustuner, A.: Thorough static analysis of device drivers. In: EuroSys (2006)Google Scholar
  3. 3.
    Ball, T., Kupferman, O.: Better under-approximation of programs by hiding of variables. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, Springer, Heidelberg (2005)Google Scholar
  4. 4.
    Berdine, J., Chawdhary, A., Cook, B., Distefano, D., O’Hearn, P.: Variance analyses from invariance analyses. In: Proc. 34th POPL (2007)Google Scholar
  5. 5.
    Bradley, A.R., Manna, Z., Sipma, H.: Linear Ranking with Reachability. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 491–504. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Cook, B., Podelski, A., Rybalchenko, A.: Termination proofs for systems code. In: Proc. ACM PLDI, pp. 415–426. ACM Press, New York (2006)Google Scholar
  7. 7.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for the static analysis of programs by construction or approximation of fixpoints. In: Proc. 4th POPL, pp. 238–252. ACM Press, New York (1977)Google Scholar
  8. 8.
    Dijkstra, E.W.: A Discipline of Programming. Prentice-Hall, Englewood Cliffs (1976)MATHGoogle Scholar
  9. 9.
    Godefroid, P., Jagadeesan, R.: Automatic abstraction using generalized model checking. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 137–150. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Kroening, D., Weissenbacher, G.: Counterexamples with loops for predicate abstraction. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 152–165. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Larsen, K.G., Thomsen, G.B.: A modal process logic. In: Proc. 3th LICS (1988)Google Scholar
  12. 12.
    Larsen, K.G., XinXin, L.: Equation solving using modal transition systems. In: Proc. 5th LICS, pp. 108–117 (1990)Google Scholar
  13. 13.
    Podelski, A., Rybalchenko, A.: Transition invariants. In: Proc. 19th LICS, pp. 32–41 (2004)Google Scholar
  14. 14.
    Shoham, S., Grumberg, O.: Monotonic abstraction-refinement for CTL. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 546–560. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Thomas Ball
    • 1
  • Orna Kupferman
    • 2
  • Mooly Sagiv
    • 3
  1. 1.Microsoft Research 
  2. 2.Hebrew University 
  3. 3.Tel-Aviv University 

Personalised recommendations