Towards Complete Specifications with an Error Calculus

  • Quang Loc Le
  • Asankhaya Sharma
  • Florin Craciun
  • Wei-Ngan Chin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7871)


We present an error calculus to support a novel specification mechanism for sound and/or complete safety properties that are to be given by users. With such specifications, our calculus can form a foundation for both proving program safety and/or discovering real bugs. The basis of our calculus is an algebra with a lattice domain of four abstract statuses (namely unreachability, validity, must-error and may-error) on possible program states and four operators for this domain to calculate suitable program status.We show how proof search and error localization can be supported by our calculus. Our calculus can also be extended to separation logic with support for user-defined predicates and lemmas.We have implemented our calculus in an automated verification tool for pointer-based programs. Initial experiments have confirmed that it can achieve the dual objectives, namely of safety proving and bug finding, with modest overheads.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    VSTTE 2012 Software Verification Competition (2012), (accessed July 27, 2012)
  2. 2.
    Chin, W.N., David, C., Nguyen, H.H., Qin, S.: Automated verification of shape, size and bag properties via user-defined predicates in separation logic. Sci. Comput. Program. 77(9), 1006–1036 (2012)MATHCrossRefGoogle Scholar
  3. 3.
    Csallner, C., Smaragdakis, Y., Xie, T.: DSD-Crasher: A hybrid analysis tool for bug finding. ACM Trans. Softw. Eng. Methodol. 17(2) (2008)Google Scholar
  4. 4.
    de Moura, L., Bjørner, N.: Z3: An Efficient SMT Solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Dillig, I., Dillig, T., Aiken, A.: Reasoning about the unknown in static analysis. Commun. ACM 53(8), 115–123 (2010)CrossRefGoogle Scholar
  6. 6.
    Dolby, J., Vaziri, M., Tip, F.: Finding bugs efficiently with a SAT solver. In: ESEC/SIGSOFT FSE, pp. 195–204 (2007)Google Scholar
  7. 7.
    Dolzmann, A., Sturm, T.: Redlog: computer algebra meets computer logic. SIGSAM Bull. 31, 2–9 (1997)CrossRefGoogle Scholar
  8. 8.
    Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: PLDI, pp. 234–245 (2002)Google Scholar
  9. 9.
    Gherghina, C., David, C., Qin, S., Chin, W.-N.: Structured specifications for better verification of heap-manipulating programs. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 386–401. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Godefroid, P., Nori, A.V., Rajamani, S.K., Tetali, S.D.: Compositional may-must program analysis: unleashing the power of alternation. In: POPL 2010, pp. 43–56. ACM (2010)Google Scholar
  11. 11.
    Hoenicke, J., Leino, K.R.M., Podelski, A., Schäf, M., Wies, T.: It’s doomed; we can prove it. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 338–353. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Hyunsook, D., Sebastian, E., Gregg, R.: Supporting controlled experimentation with testing techniques: An infrastructure and its potential impact. Empirical Softw. Engg. 10, 405–435 (2005)CrossRefGoogle Scholar
  13. 13.
    Jackson, D., Vaziri, M.: Finding bugs with a constraint solver. In: ISSTA 2000, pp. 14–25 (2000)Google Scholar
  14. 14.
    Jose, M., Majumdar, R.: Cause clue clauses: error localization using maximum satisfiability. In: PLDI, pp. 437–446. ACM, New York (2011)Google Scholar
  15. 15.
    Klarlund, N., Moller, A.: MONA Version 1.4 - User Manual. BRICS Notes Series (2001)Google Scholar
  16. 16.
    Le, Q.L., Sharma, A., Craciun, F., Chin, W.-N.: Towards complete specifications with error calculus. Technical report, SoC, National Univ. of Singapore (July 2012),
  17. 17.
    Leino, K.R.M., Schulte, W.: Exception safety for c#. In: SEFM, pp. 218–227 (2004)Google Scholar
  18. 18.
    Nguyen, H.H., Chin, W.-N.: Enhancing program verification with lemmas. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 355–369. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    O’Hearn, P.W.: Tutorial on separation logic (Invited tutorial). In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 19–21. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Popeea, C., Chin, W.N.: Dual analysis for proving safety and finding bugs. In: SAC (2010)Google Scholar
  21. 21.
    Pugh, W.: The Omega Test: A fast practical integer programming algorithm for dependence analysis. Communications of the ACM 8, 102–114 (1992)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Quang Loc Le
    • 1
  • Asankhaya Sharma
    • 1
  • Florin Craciun
    • 2
  • Wei-Ngan Chin
    • 1
  1. 1.Department of Computer ScienceNational University of SingaporeSingapore
  2. 2.Faculty of Mathematics and Computer ScienceBabes-Bolyai UniversityRomania

Personalised recommendations