Advertisement

Specialization with Constrained Generalization for Software Model Checking

  • Emanuele De Angelis
  • Fabio Fioravanti
  • Alberto Pettorossi
  • Maurizio Proietti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7844)

Abstract

We present a method for verifying properties of imperative programs by using techniques based on constraint logic programming (CLP). We consider a simple imperative language, called SIMP, extended with a nondeterministic choice operator and we address the problem of checking whether or not a safety property ϕ (that specifies that an unsafe configuration cannot be reached) holds for a SIMP program P. The operational semantics of the language SIMP is specified via an interpreter I written as a CLP program. The first phase of our verification method consists in specializing I with respect to P, thereby deriving a specialized interpreter I P . Then, we specialize I P with respect to the property ϕ and the input values of P, with the aim of deriving, if possible, a program whose least model is a finite set of constrained facts. To this purpose we introduce a novel generalization strategy which, during specialization, has the objecting of preserving the so called branching behaviour of the predicate definitions. We have fully automated our method and we have made its experimental evaluation on some examples taken from the literature. The evaluation shows that our method is competitive with respect to state-of-the-art software model checkers.

Keywords

Generalization Operator Safety Property Symbolic Execution Constraint Logic Programming Static Program Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ball, T., Rajamani, S.K.: Boolean programs: a model and process for software analysis. MSR TR 2000-14, Microsoft Report (2000)Google Scholar
  2. 2.
    Bjørner, N., Browne, A., Manna, Z.: Automatic generation of invariants and intermediate assertions. In: Montanari, U., Rossi, F. (eds.) CP 1995. LNCS, vol. 976, pp. 589–623. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  3. 3.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-Guided Abstraction Refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximation of fixpoints. In: Proc. POPL 1977, pp. 238–252. ACM Press (1977)Google Scholar
  5. 5.
    Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: Proc. POPL 1978, pp. 84–96. ACM Press (1978)Google Scholar
  6. 6.
    Dershowitz, N.: Termination of rewriting. Journal of Symbolic Computation 3(1-2), 69–116 (1987)MathSciNetzbMATHCrossRefGoogle Scholar
  7. 7.
    Etalle, S., Gabbrielli, M.: Transformations of CLP modules. Theoretical Computer Science 166, 101–146 (1996)MathSciNetzbMATHCrossRefGoogle Scholar
  8. 8.
    Fioravanti, F., Pettorossi, A., Proietti, M.: Automated strategies for specializing constraint logic programs. In: Lau, K.-K. (ed.) LOPSTR 2000. LNCS, vol. 2042, pp. 125–146. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Fioravanti, F., Pettorossi, A., Proietti, M.: Verifying CTL properties of infinite state systems by specializing constraint logic programs. In: Proc. VCL 2001, DSSE-TR-2001-3, pp. 85–96. University of Southampton, UK (2001)Google Scholar
  10. 10.
    Fioravanti, F., Pettorossi, A., Proietti, M.: Verifying infinite state systems by specializing constraint logic programs. R. 657, IASI-CNR, Rome, Italy (2007)Google Scholar
  11. 11.
    Fioravanti, F., Pettorossi, A., Proietti, M., Senni, V.: Generalization strategies for the verification of infinite state systems. Theo. Pract. Log. Pro. 13(2), 175–199 (2013)CrossRefGoogle Scholar
  12. 12.
    Gallagher, J.P.: Tutorial on specialisation of logic programs. In: Proc. PEPM 1993, pp. 88–98. ACM Press (1993)Google Scholar
  13. 13.
    Grebenshchikov, S., Gupta, A., Lopes, N.P., Popeea, C., Rybalchenko, A.: HSF(C): A Software Verifier based on Horn Clauses. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 549–551. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. 14.
    Gulavani, B.S., Chakraborty, S., Nori, A.V., Rajamani, S.K.: Automatically Refining Abstract Interpretations. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 443–458. Springer, Heidelberg (2008), www.cfdvs.iitb.ac.in/~bhargav/dagger.php CrossRefGoogle Scholar
  15. 15.
    Halbwachs, N., Proy, Y.E., Roumanoff, P.: Verification of real-time systems using linear relation analysis. Formal Methods in System Design 11, 157–185 (1997)CrossRefGoogle Scholar
  16. 16.
    Jaffar, J., Navas, J.A., Santosa, A.E.: Symbolic execution for verification. Computing Research Repository (2011)Google Scholar
  17. 17.
    Jaffar, J., Navas, J.A., Santosa, A.E.: TRACER: A Symbolic Execution Tool for Verification (2012), paella.d1.comp.nus.edu.sg/tracer/
  18. 18.
    Jaffar, J., Santosa, A.E., Voicu, R.: An interpolation method for CLP traversal. In: Gent, I.P. (ed.) CP 2009. LNCS, vol. 5732, pp. 454–469. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Jhala, R., Majumdar, R.: Software model checking. ACM Computing Surveys 41(4), 21:1–21:54 (2009)Google Scholar
  20. 20.
    Jhala, R., McMillan, K.L.: A Practical and Complete Approach to Predicate Refinement. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 459–473. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Jones, N.D., Gomard, C.K., Sestoft, P.: Partial Evaluation and Automatic Program Generation. Prentice Hall (1993)Google Scholar
  22. 22.
    Leuschel, M., Bruynooghe, M.: Logic program specialisation through partial deduction: Control issues. Theo. Pract. Log. Pro. 2(4&5), 461–515 (2002)MathSciNetzbMATHCrossRefGoogle Scholar
  23. 23.
    Leuschel, M., Martens, B., De Schreye, D.: Controlling generalization and polyvariance in partial deduction of normal logic programs. ACM Transactions on Programming Languages and Systems 20(1), 208–258 (1998)CrossRefGoogle Scholar
  24. 24.
    Leuschel, M., De Schreye, D.: Constrained partial deduction. In: Proc. WLP 1997, Munich, Germany, pp. 116–126 (1997)Google Scholar
  25. 25.
    Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate language and tools for analysis and transformation of C programs. In: Nigel Horspool, R. (ed.) CC 2002. LNCS, vol. 2304, pp. 213–228. Springer, Heidelberg (2002), kerneis.github.com/cil/ CrossRefGoogle Scholar
  26. 26.
    The MAP transformation system, www.iasi.cnr.it/~proietti/system.html
  27. 27.
    Peralta, J.C., Gallagher, J.P., Saglam, H.: Analysis of Imperative Programs through Analysis of Constraint Logic Programs. In: Levi, G. (ed.) SAS 1998. LNCS, vol. 1503, pp. 246–261. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  28. 28.
    Podelski, A., Rybalchenko, A.: ARMC: The Logical Choice for Software Model Checking with Abstraction Refinement. In: Hanus, M. (ed.) PADL 2007. LNCS, vol. 4354, pp. 245–259. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  29. 29.
    Reynolds, C.J.: Theories of Programming Languages. Cambridge Univ. Press (1998)Google Scholar
  30. 30.
    Saïdi, H.: Model checking guided abstraction and analysis. In: Palsberg, J. (ed.) SAS 2000. LNCS, vol. 1824, pp. 377–396. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  31. 31.
    Smith, S.F., Wang, T.: Polyvariant flow analysis with constrained types. In: Smolka, G. (ed.) ESOP 2000. LNCS, vol. 1782, pp. 382–396. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  32. 32.
    Sharygina, N., Tonetta, S., Tsitovich, A.: An abstraction refinement approach combining precise and approximated techniques. Soft. Tools Techn. Transf. 14(1), 1–14 (2012)CrossRefGoogle Scholar
  33. 33.
    Sørensen, M.H., Glück, R.: An algorithm of generalization in positive supercompilation. In: Proc. ILPS 1995, pp. 465–479. MIT Press (1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Emanuele De Angelis
    • 1
  • Fabio Fioravanti
    • 1
  • Alberto Pettorossi
    • 2
  • Maurizio Proietti
    • 3
  1. 1.DECUniversity ‘G. D’Annunzio’PescaraItaly
  2. 2.DICIIUniversity of Rome Tor VergataRomeItaly
  3. 3.IASI-CNRRomeItaly

Personalised recommendations