Model Checking: From Hardware to Software
While model checking has in.uenced industrial practice in sequential circuit veri- .cation for some time now, the use of model checking for program veri.cation has proved elusive until recently. One of the main reasons is that boolean .nite-state abstractions are readily available for circuits, but not for programs. A central problem in software model checking, therefore, is to .nd an abstraction of the input program which is su.ciently .ne to prove or disprove the desired property, and yet su.ciently coarse to allow the exhaustive exploration of the abstract state space by a model checker. For this purpose, it is often useful to abstract the values of program variables by recording, instead, at each program location the truth values of critical predicates. A key insight is that the critical predicates can be discovered automatically using counterexample-guided abstraction re.nement, which starts with a coarse abstraction of the program and iteratively re.nes the abstraction until either a bug is found or the property is proved. Furthermore, if the abstraction is re.ned lazily, then a critical predicate is evaluated only at those program locations where its value is relevant.
KeywordsModel Check Program Location Error Trace Exhaustive Exploration Software Model Check
- 1.Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: Proc. Principles of Programming Languages (POPL), pp. 58–70. ACM Press, New York (2002)Google Scholar
- 3.Ball, T., Rajamani, S.K.: The Slam project: Debugging system software via static analysis. In: Proc. Principles of Programming Languages (POPL), pp. 1–3. ACM Press, New York (2002)Google Scholar