Refining Approximations in Software Predicate Abstraction

  • Thomas Ball
  • Byron Cook
  • Satyaki Das
  • Sriram K. Rajamani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2988)

Abstract

Predicate abstraction is an automatic technique that can be used to find abstract models of large or infinite-state systems. In tools like Slam, where predicate abstraction is applied to software model checking, a number of heuristic approximations must be used to improve the performance of computing an abstraction from a set of predicates. For this reason, Slam can sometimes reach a state in which it is not able to further refine the abstraction.

In this paper we report on an application of Das & Dill’s algorithm for predicate abstraction refinement. Slam now uses this strategy lazily to recover precision in cases where the abstractions generated are too coarse. We describe how we have extended Das & Dill’s original algorithm for use in software model checking. Our extension supports procedures, threads, and potential pointer aliasing. We also present results from experiments with Slam on device driver sources from the Windows operating system.

References

  1. 1.
    Ball, T., Rajamani, S.K.: Automatically validating temporal safety properties of interfaces. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN 2000. LNCS, vol. 1885, pp. 113–130. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Ball, T., Podelski, A., Rajamani, S.K.: Boolean and Cartesian abstractions for model checking C programs. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 268–283. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Ball, T., Majumdar, R., Millstein, T., Rajamani, S.K.: Automatic predicate abstraction of C programs. In: PLDI 2001: Programming Language Design and Implementation, pp. 203–213. ACM, New York (2001)CrossRefGoogle Scholar
  4. 4.
    Lahiri, S.K., Bryant, R.E., Cook, B.: A symbolic approach to predicate abstraction. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 141–153. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Das, S., Dill, D.L.: Successive approximation of abstract transition relations. In: Proceedings of the Sixteenth Annual IEEE Symposium on Logic in Computer Science, Boston, USA (June 2001)Google Scholar
  6. 6.
    Graf, S., Saïdi, H.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997)Google Scholar
  7. 7.
    Colón, M.A., Uribe, T.E.: Generating finite-state abstractions of reactive systems using decision procedures. In: Y. Vardi, M. (ed.) CAV 1998. LNCS, vol. 1427, pp. 293–304. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for Boolean programs. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN 2000. LNCS, vol. 1885, pp. 113–130. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Ball, T., Rajamani, S.K.: Bebop: A path-sensitive interprocedural dataflow engine. In: PASTE 2001:Workshop on Program Analysis for Software Tools and Engineering, pp. 97–103. ACM, New York (2001)CrossRefGoogle Scholar
  10. 10.
    Ball, T., Rajamani, S.K.: Generating abstract explanations of spurious counterexamples in C programs. Technical Report MSR-TR-2002-09, Microsoft Research (2002)Google Scholar
  11. 11.
    Detlefs, D., Nelson, G., Saxe, J.B.: Simplify: A theorem prover for program checking. Technical Report HPL-2003-148, HP Labs (2003)Google Scholar
  12. 12.
    Flanagan, C., Joshi, R., Ou, X., Saxe, J.B.: Theorem proving using lazy proof explication. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 355–367. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Stump, A., Barrett, C., Dill, D.: CVC: a cooperating validity checker. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 87–105. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Dijkstra, E.: A Discipline of Programming. Prentice-Hall, Englewood Cliffs (1976)MATHGoogle Scholar
  15. 15.
    Morris, J.M.: A general axiom of assignment. In: Theoretical Foundations of Programming Methodology. Lecture Notes of an International Summer School, pp. 25–34. D. Reidel Publishing Company, Dordercht (1982)Google Scholar
  16. 16.
    Alur, R., Itai, A., Kurshan, R., Yannakakis, M.: Timing verification by successive approximation. Information and Computation 118(1), 142–157 (1995)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Balarin, F.: Sangiovanni-Vincentelli, A.L.: An iterative approach to language containment. In: Courcoubetis, C. (ed.) CAV 1993. LNCS, vol. 697, pp. 29–40. Springer, Heidelberg (1993)Google Scholar
  18. 18.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  19. 19.
    Lakhnech, Y., Bensalem, S., Berezin, S., Owre, S.: Incremental verification by abstraction. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, p. 98. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Weissenbacher, G.: An abstraction/refinement scheme for model checking C programs. Master’s thesis, Graz University of Technology, Graz, Austria (2003)Google Scholar
  21. 21.
    Henzinger, T.A., Jhala, R., Majumdar, R., Qadeer, S.: Thread modular abstraction refinement. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 262–274. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Das, S., Dill, D.L.: Counter-example based predicate discovery in predicate abstraction. In: Aagaard, M.D., O’Leary, J.W. (eds.) FMCAD 2002. LNCS, vol. 2517, Springer, Heidelberg (2002)CrossRefGoogle Scholar
  23. 23.
    Chaki, S., Clarke, E., Groce, A., Strichman, O.: Predicate abstraction with minimum predicates. In: Geist, D., Tronci, E. (eds.) CHARME 2003. LNCS, vol. 2860, pp. 19–34. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Henzinger, T.A., Ranjit Jhala, R.M., McMillan, K.L.: Abstractions from proofs. In: POPL 2004: Symposium on Principles of Programming Languages, ACM Press, New York (2004)Google Scholar
  25. 25.
    Clarke, E., Grumberg, O., Talupur, M., Wang, D.: Making predicate abstraction efficient: How to eliminate redundant predicates. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 355–367. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Thomas Ball
    • 1
  • Byron Cook
    • 1
  • Satyaki Das
    • 2
  • Sriram K. Rajamani
    • 1
  1. 1.Microsoft Corporation 
  2. 2.Stanford University 

Personalised recommendations