Advertisement

A Lightweight Approach for Loop Summarization

  • Mohamed Nassim Seghir
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6996)

Abstract

A problem common to most of the tools based on the abstraction refinement paradigm is the divergence of the CEGAR process. In particular, infinitely many (spurious) counterexamples may arise from unfolding the same (while- or for-) loop in the given program again and again; this leads to an infinite or at least too large sequence of refinement steps. Loop summarization is an approach that permits to overcome this problem. It consists of abstracting not just states but also the state changes (transition relation) induced by structured program statements. The effectiveness of this approach depends on two factors: (a) the computation of loop summaries must not be the bottleneck of the verification algorithm (b) loop summaries must be precise enough to prove the property of interest. We present a technique that permits to achieve both goals. It uses inference rules to compute summaries. A lightweight test is performed to check whether a given loop matches the premise of a given rule. If so, a summary is automatically inferred by instantiating the rule. Despite its simplicity, our technique performs well in practice. We were able to verify safety properties for many examples which are out of the scope of several existing tools.

Keywords

Inference Rule Program Variable Index Expression Predicate Abstraction Transition Constraint 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ball, T., Rajamani, S.K.: The SLAM project: debugging system software via static analysis. In: POPL, pp. 1–3 (2002)Google Scholar
  2. 2.
    Chaki, S., Clarke, E.M., Groce, A., Jha, S., Veith, H.: Modular verification of software components in C. In: ICSE, pp. 385–395 (2003)Google Scholar
  3. 3.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Clarke, E.M., Kroening, D., Sharygina, N., Yorav, K.: SATABS: SAT-based predicate abstraction for ANSI-C. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 570–574. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Cook, B., Podelski, A., Rybalchenko, A.: Terminator: Beyond safety. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 415–418. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Detlefs, D., Nelson, G., Saxe, J.B.: Simplify: A theorem prover for program checking. Technical Report HPL-2003-148, HP Lab. (2003)Google Scholar
  7. 7.
    Dutertre, B., de Moura, L.M.: A fast linear-arithmetic solver for DPLL(T). In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 81–94. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Chaki, S., et al.: Modular verification of software components in C. In: ICSE, pp. 385–395 (2003)Google Scholar
  9. 9.
    Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Software verification with BLAST. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 235–239. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Godefroid, P., Nori, A.V., Rajamani, S.K., Tetali, S.: Compositional may-must program analysis: unleashing the power of alternation. In: POPL, pp. 43–56 (2010)Google Scholar
  11. 11.
    Graf, S., Saïdi, H.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  12. 12.
    Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: POPL, pp. 58–70 (2002)Google Scholar
  13. 13.
    Jhala, R., Majumdar, R.: Path slicing. In: PLDI, pp. 38–47 (2005)Google Scholar
  14. 14.
    Jhala, R., McMillan, K.L.: A practical and complete approach to predicate refinement. In: Hermanns, H. (ed.) TACAS 2006. LNCS, vol. 3920, pp. 459–473. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Karr, M.: Affine relationships among variables of a program. Acta Inf. 6, 133–151 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Kroening, D., Sharygina, N., Tonetta, S., Tsitovich, A., Wintersteiger, C.M.: Loop summarization using abstract transformers. In: Cha, S(S.), Choi, J.-Y., Kim, M., Lee, I., Viswanathan, M. (eds.) ATVA 2008. LNCS, vol. 5311, pp. 111–125. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Kroening, D., Weissenbacher, G.: Counterexamples with loops for predicate abstraction. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 152–165. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Müller-Olm, M., Seidl, H.: A note on karr’s algorithm. In: Díaz, J., Karhumäki, J., Lepistö, A., Sannella, D. (eds.) ICALP 2004. LNCS, vol. 3142, pp. 1016–1028. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Podelski, A., Rybalchenko, A.: Transition invariants. In: LICS, pp. 32–41 (2004)Google Scholar
  20. 20.
    Sankaranarayanan, S., Sipma, H.B., Manna, Z.: Scalable analysis of linear systems using mathematical programming. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 25–41. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Seghir, M.N., Podelski, A.: ACSAR: Software model checking with transfinite refinement. In: Bošnački, D., Edelkamp, S. (eds.) SPIN 2007. LNCS, vol. 4595, pp. 274–278. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    Sharygina, N., Browne, J.C.: Model checking software via abstraction of loop transitions. In: Pezzé, M. (ed.) FASE 2003. LNCS, vol. 2621, pp. 325–340. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Mohamed Nassim Seghir
    • 1
  1. 1.Computer Science DepartmentUniversity of OxfordUK

Personalised recommendations