Advertisement

Counterexample Validation and Interpolation-Based Refinement for Forest Automata

  • Lukáš Holík
  • Martin Hruška
  • Ondřej LengálEmail author
  • Adam Rogalewicz
  • Tomáš Vojnar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10145)

Abstract

In the context of shape analysis, counterexample validation and abstraction refinement are complex and so far not sufficiently resolved problems. We provide a novel solution to both of these problems in the context of fully-automated and rather general shape analysis based on forest automata. Our approach is based on backward symbolic execution on forest automata, allowing one to derive automata-based interpolants and refine the automata abstraction used. The approach allows one to distinguish true and spurious counterexamples and guarantees progress of the abstraction refinement. We have implemented the approach in the Forester tool and present promising experimental results.

Keywords

Symbolic Execution Tree Automaton Predicate Abstraction Dynamic Data Structure Abstraction Refinement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Abdulla, P.A., Holík, L., Jonsson, B., Lengál, O., Trinh, C.Q., Vojnar, T.: Verification of heap manipulating programs with ordered data by extended forest automata. Acta Informatica 53(4), 357–385 (2016). http://dx.doi.org/ 10.1007/s00236-015-0235-0 MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Albargouthi, A., Berdine, J., Cook, B., Kincaid, Z.: Spatial interpolants. In: Vitek, J. (ed.) ESOP 2015. LNCS, vol. 9032, pp. 634–660. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46669-8_26 CrossRefGoogle Scholar
  3. 3.
    Berdine, J., Cox, A., Ishtiaq, S., Wintersteiger, C.M.: Diagnosing abstraction failure for separation logic–based analyses. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 155–173. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-31424-7_16 CrossRefGoogle Scholar
  4. 4.
    Beyer, D., Henzinger, T.A., Théoduloz, G.: Lazy shape analysis. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 532–546. Springer, Heidelberg (2006). doi: 10.1007/11817963_48 CrossRefGoogle Scholar
  5. 5.
    Botinčan, M., Dodds, M., Magill, S.: Refining existential properties in separation logic analyses. Technical report (2015). arXiv:1504.08309
  6. 6.
    Bouajjani, A., Habermehl, P., Moro, P., Vojnar, T.: Verifying programs with dynamic 1-selector-linked structures in regular model checking. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 13–29. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-31980-1_2 CrossRefGoogle Scholar
  7. 7.
    Bouajjani, A., Habermehl, P., Rogalewicz, A., Vojnar, T.: Abstract regular tree model checking of complex dynamic data structures. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 52–70. Springer, Heidelberg (2006). doi: 10.1007/11823230_5 CrossRefGoogle Scholar
  8. 8.
    Bouajjani, A., Bozga, M., Habermehl, P., Iosif, R., Moro, P., Vojnar, T.: Programs with lists are counter automata. Form. Methods Syst. Des. 38(2), 158–192 (2011)CrossRefzbMATHGoogle Scholar
  9. 9.
    Bouajjani, A., Drăgoi, C., Enea, C., Sighireanu, M.: Accurate invariant checking for programs manipulating lists and arrays with infinite data. In: Chakraborty, S., Mukund, M. (eds.) ATVA 2012. LNCS, vol. 7561, pp. 167–182. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33386-6_14 CrossRefGoogle Scholar
  10. 10.
    Bouajjani, A., Habermehl, P., Rogalewicz, A., Vojnar, T.: Abstract regular (tree) model checking. Int. J. Softw. Tools Technol. Transf. 14(2), 167–191 (2012)CrossRefzbMATHGoogle Scholar
  11. 11.
    Chang, B.-Y.E., Rival, X., Necula, G.C.: Shape analysis with structural invariant checkers. In: Nielson, H.R., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 384–401. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74061-2_24 CrossRefGoogle Scholar
  12. 12.
    Deshmukh, J.V., Emerson, E.A., Gupta, P.: Automatic verification of parameterized data structures. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 27–41. Springer, Heidelberg (2006). doi: 10.1007/11691372_2 CrossRefGoogle Scholar
  13. 13.
    Dudka, K., Peringer, P., Vojnar, T.: Byte-precise verification of low-level list manipulation. In: Logozzo, F., Fähndrich, M. (eds.) SAS 2013. LNCS, vol. 7935, pp. 215–237. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38856-9_13 CrossRefGoogle Scholar
  14. 14.
    Habermehl, P., Holík, L., Rogalewicz, A., Šimáček, J., Vojnar, T.: Forest automata for verification of heap manipulation. Form. Methods Syst. Des. 41(1), 83–106 (2012)CrossRefzbMATHGoogle Scholar
  15. 15.
    Heinen, J., Noll, T., Rieger, S.: Juggrnaut: graph grammar abstraction for unbounded heap structures. In: Proceedings of 3rd International Workshop on Harnessing Theories for Tool Support in Software–TTSS 2009. ENTCS, vol. 266, pp. 93–107. Elsevier (2010)Google Scholar
  16. 16.
    Holík, L., Hruška, M., Lengál, O., Rogalewicz, A., Vojnar, T.: Counterexample validation and interpolation-based refinement for forest automata. Technical report FIT-TR-2016-03 (2016). http://www.fit.vutbr.cz/~lengal/pub/FIT-TR-2016-03.pdf
  17. 17.
    Holík, L., Lengál, O., Rogalewicz, A., Šimáček, J., Vojnar, T.: Fully automated shape analysis based on forest automata. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 740–755. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39799-8_52 CrossRefGoogle Scholar
  18. 18.
    Jensen, J.L., Jørgensen, M.E., Schwartzbach, M.I., Klarlund, N.: Automatic verification of pointer programs using monadic second-order logic. In: Proceedings of 1997 ACM SIGPLAN Conference on Programming Language Design and Implementation–PLDI 1997, pp. 226–234. ACM (1997)Google Scholar
  19. 19.
    McMillan, K.L.: Lazy abstraction with interpolants. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 123–136. Springer, Heidelberg (2006). doi: 10.1007/11817963_14 CrossRefGoogle Scholar
  20. 20.
    Loginov, A., Reps, T., Sagiv, M.: Abstraction refinement via inductive learning. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 519–533. Springer, Heidelberg (2005). doi: 10.1007/11513988_50 CrossRefGoogle Scholar
  21. 21.
    Magill, S., Tsai, M.H., Lee, P., Tsay, Y.K.: Automatic numeric abstractions for heap-manipulating programs. In: Proceedings of 37th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages–POPL 2010, pp. 211–222. ACM (2010)Google Scholar
  22. 22.
    McMillan, K.L.: Interpolation and SAT-based model checking. In: Hunt, W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 1–13. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45069-6_1 CrossRefGoogle Scholar
  23. 23.
    Podelski, A., Wies, T.: Counterexample-guided focus. In: Proceedings of 37th Annual SIGPLAN-SIGACT Symposium on Principles of Programming Languages–POPL 2010, pp. 249–260. ACM (2010)Google Scholar
  24. 24.
    Qin, S., He, G., Luo, C., Chin, W.N., Chen, X.: Loop invariant synthesis in a combined abstract domain. J. Symbol. Comput. 50, 386–408 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24(3), 217–298 (2002)CrossRefGoogle Scholar
  26. 26.
    Šimáček, J.: Harnessing forest automata for verification of heap manipulating programs. Ph.D. thesis, Grenoble Alpes University, France (2012). https://tel.archives-ouvertes.fr/tel-00805794
  27. 27.
    Yang, H., Lee, O., Berdine, J., Calcagno, C., Cook, B., Distefano, D., O’Hearn, P.: Scalable shape analysis for systems code. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 385–398. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-70545-1_36 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Lukáš Holík
    • 1
  • Martin Hruška
    • 1
  • Ondřej Lengál
    • 1
    Email author
  • Adam Rogalewicz
    • 1
  • Tomáš Vojnar
    • 1
  1. 1.FITBrno University of Technology, IT4Innovations Centre of ExcellenceBrnoCzech Republic

Personalised recommendations