Infeasible Code Detection

  • Cristiano Bertolini
  • Martin Schäf
  • Pascal Schweitzer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7152)


A piece of code in a computer program is infeasible if it cannot be part of any normally-terminating execution of the program. We develop an algorithm for the automatic detection of all infeasible code in a program. We first translate the task of determining all infeasible code into the problem of finding all statements that can be covered by a feasible path. We prove that in order to identify all coverable statements, it is sufficient to find all coverable statements within a certain minimal subset. For this, our algorithm repeatedly queries an oracle, asking for the infeasibility of specific sets of control-flow paths.

We present a sound implementation of the proposed algorithm on top of the Boogie program verifier utilizing a theorem prover to provide the oracle required by the algorithm. We show experimentally a drastic decrease in the number of theorem prover queries compared to existing approaches, resulting in an overall speedup of the entire computation.


Theorem Prover Feasible Path Feasible Statement Path Cover Back Edge 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barnett, M., Leino, K.R.M.: Weakest-precondition of unstructured programs. In: Proceedings of the 6th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, PASTE 2005, pp. 82–87. ACM, New York (2005)Google Scholar
  2. 2.
    Bertolini, C., Schäf, M., Schweitzer, P.: Infeasible code detection. Technical Report 455, United Nations University, IIST (November 2011)Google Scholar
  3. 3.
    Bertolino, A.: Unconstrained edges and their application to branch analysis and testing of programs. Journal of Systems and Software 20, 125–133 (1993)CrossRefGoogle Scholar
  4. 4.
    Bertolino, A., Marré, M.: Automatic generation of path covers based on the control flow analysis of computer programs. IEEE Trans. Softw. Eng. 20, 885–899 (1994)CrossRefGoogle Scholar
  5. 5.
    Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., Zadeck, F.K.: Efficiently computing static single assignment form and the control dependence graph. ACM Trans. Program. Lang. Syst. 13, 451–490 (1991)CrossRefGoogle Scholar
  6. 6.
    De Moura, L., Bjørner, N.: Z3: An Efficient SMT Solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Dijkstra, E.W.: A discipline of programming. Prentice-Hall, Englewood Cliffs (1976)zbMATHGoogle Scholar
  8. 8.
    Emanuelsson, P., Nilsson, U.: A comparative study of industrial static analysis tools. Electron. Notes Theor. Comput. Sci. 217, 5–21 (2008)CrossRefGoogle Scholar
  9. 9.
    Filliâtre, J.-C., Marché, C.: The why/krakatoa/caduceus Platform for Deductive Program Verification. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 173–177. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Grigore, R., Charles, J., Fairmichael, F., Kiniry, J.: Strongest postcondition of unstructured programs. In: Proceedings of the 11th International Workshop on Formal Techniques for Java-like Programs, FTfJP 2009, pp. 6:1–6:7. ACM, New York (2009)Google Scholar
  11. 11.
    Hoenicke, J., Leino, K.R., Podelski, A., Schäf, M., Wies, T.: It’s Doomed; We Can Prove It. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 338–353. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Hoenicke, J., Leino, K.R., Podelski, A., Schäf, M., Wies, T.: Doomed program points. Form. Methods Syst. Des. 37, 171–199 (2010)CrossRefzbMATHGoogle Scholar
  13. 13.
    Hovemeyer, D., Pugh, W.: Finding bugs is easy. In: Companion to the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications, OOPSLA 2004, pp. 132–136. ACM, New York (2004)CrossRefGoogle Scholar
  14. 14.
    Janota, M., Grigore, R., Moskal, M.: Reachability analysis for annotated code. In: Proceedings of the 2007 Conference on Specification and Verification of Component-Based Systems: 6th Joint Meeting of the European Conference on Software Engineering and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, SAVCBS 2007, pp. 23–30. ACM, New York (2007)Google Scholar
  15. 15.
    Johnson, D.S.: Approximation algorithms for combinatorial problems, vol. 9, pp. 256–278. Academic Press, Inc., Orlando (1974)zbMATHGoogle Scholar
  16. 16.
    Leino, K., Rümmer, P.: A Polymorphic Intermediate Verification Language: Design and Logical Encoding. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 312–327. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Leino, K.R.M.: Efficient weakest preconditions. Inf. Process. Lett. 93, 281–288 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Raz, R., Safra, S.: A sub-constant error-probability low-degree test, and a sub-constant error-probability PCP characterization of NP. In: Proceedings of the Twenty-Ninth Annual ACM Symposium on Theory of Computing, STOC 1997, pp. 475–484. ACM, New York (1997)CrossRefGoogle Scholar
  19. 19.
    Rutar, N., Almazan, C.B., Foster, J.S.: A comparison of bug finding tools for java. In: Proceedings of the 15th International Symposium on Software Reliability Engineering, pp. 245–256. IEEE Computer Society, Washington, DC, USA (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Cristiano Bertolini
    • 1
  • Martin Schäf
    • 1
  • Pascal Schweitzer
    • 2
  1. 1.United Nations University, IISTMacauChina
  2. 2.Australian National UniversityAustralia

Personalised recommendations