Abstract
This paper presents a collection of techniques, a methodology, in which abstract interpretation, flow analysis, and model checking are employed in the representation, abstraction, and analysis of programs. The methodology shows the areas of intersection of the different techniques as well as the opportunites that exist when one technique is used in support of another. The methodology is presented as a three-step process: First, from a (small-step) operational semantics definition and a program, one constructs a program model, which is a state-transition system that encodes the program’s executions. Second, abstraction upon the program model is performed, reducing the detail of information in the model’s nodes and arcs. Finally, the program model is analyzed for properties of its states and paths.
Supported by NSF/DARPA CCR-9633388 and NASA NAG-2-1209.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
P. Aczel. Non-Well-Founded Sets, Lecture Notes 14, Center for Study of Language and Information, Stanford, CA, 1988.
S. Bensalem and A. Bouajjani and C. Loiseaux and J. Sifakis. Property preserving simulations. Computer Aided Verification: CAV’92. Lecture Notes in Computer Science 663, Springer, 1992, 260–273.
D. Berry. Generating Program Animators from Programming Language Semantics, Ph.D. Thesis, LFCS Report ECS-LFCS-91-148, University of Edinburgh, 1991.
O. Burkart and B. Steffen. Model Checking for Context-Free Processes. Proceedings of the International Conference on Concurrency Theory, Concur95, LNCS 630, 1992
S. C. Cheung and J. Kramer. An Integrated Method For Effective Behaviour Analysis of Distributed Systems. Proceedings of the 16th International Conference on Software Engineering, Sorrento, CA, USA, 1994, pp. 309–320.
S. C. Cheung and J. Kramer. Tractable Flow Analysis for Distributed Systems. IEEE Transactions on Software Engineering 20-9 (1994).
E. Clarke and E. Emerson and A. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems 8 (1986) 244–263.
E.M. Clarke and O. Grumberg and D.E. Long. Verification tools for finite-state concurrent systems. In A Decade of Concurrency: Reflections and Perspectives, J.W. deBakker and W.-P. deRoever and G. Rozenberg”, editors, Springer LNCS 803, 1993, pp. 124–175.
R. Cleaveland and P. Iyer and D. Yankelevich. Optimality in abstractions of model checking. Proc. SAS’95: Proc. 2d. Static Analysis Symposium, Lecture Notes in Computer Science 983, Springer, 1995, 1995.
R. Cleaveland, M. Klein and B. Steffen. Faster Model Checking for the Modal μ Calculus. Proceedings of the International Workshop on Computer Aided Verification, CAV’92, LNCS 663, 1992
M. Codish and S. Debray and R. Giacobazzi. Compositional analysis of modular logic programs. Proc. 20th ACM Symp. on Principles of Programming Languages, 1993, pp. 451–464.
M. Codish and M. Falaschi and K. Marriott, Suspension analysis for concurrent logic programs. Proc. 8th Int’l. Conf. on Logic Programming, MIT Press, 1991, pp. 331–345.
G. Cousineau and M. Nivat. On rational expressions representing infinite rational trees. Proc. 8th Conf. Math. Foundations of Computer Science: MFCS’79, Lecture Notes in Computer Science 74, Springer, 1979, pp. 567–580.
P. Cousot, R. Cousot. Abstract interpretation: A unified Lattice Model for static Analysis of Programs by Construction or Approximation of Fixpoints. In Proceedings 4th ACM Symp. on Principles of Programming Languages, POPL’77, Los Angeles, California, January, 1977
P. Cousot and R. Cousot. Systematic design of program analysis frameworks. Proc. 6th ACM Symp. on Principles of Programming Languages, POPL’79, 1979, pages 269–282.
P. Cousot and R. Cousot. Inductive Definitions, Semantics, and Abstract Interpretation. Proc. 19th ACM Symp. on Principles of Programming Languages, POPL’92, 1992, pp. 83–94.
P. Cousot and R. Cousot. Abstract interpretation frameworks. Journal of Logic and Computation 2 (1992) 511–547.
D. Dams. Abstract interpretation and partition refinement for model checking. Ph.D. thesis, Technische Universiteit Eindhoven, The Netherlands, 1996.
M. Dwyer and L. Clark. Data Flow Analysis for Verifying Properties of Concurrent Programs. Proc. 2d ACM SIGSOFT Symposium on Foundations of Software Engineering, 1994, pp.62–75.
M. Dwyer and D. Schmidt, Limiting State Explosion with Filter-Based Refinement. Proc. International Workshop on Verification, Model Checking and Abstract Interpretation, Port Jefferson, Long Island, N.Y., http://www.cis.ksu.edu/~schmidt/papers/filter.ps.Z, 1997.
M. Dwyer and C. Pasareanu. Filter-based Model Checking of Partial Systems. Proceedings of the 6th ACM SIGSOFT Symposium on the Foundations of Software Engineering, Orlando, FL, USA, 1998.
E. Emerson, J. Lei, Efficient model checking in fragments of the propositional mucalculus. In Proceedings LICS’86, 267–278, 1986
F. Giannotti and D. Latella, Gate splitting in LOTOS specifications using abstract interpretation. In Proc. TAPSOFT’93, M.-C. Gaudel and J.-P. Jouannaud, eds. LNCS 668, Springer, 1993, pp. 437–452.
Godefroid, P. and Wolper, P. Using Partial orders for the eficient verification of deadlock freedom and safety properties. Proc. of the Third Workshop on Computer Aided Verification, Springer-Verlag, LNCS 575, 1991, pp. 417–428.
M. Hecht, Flow Analysis of Computer Programs. Elsevier, 1977
N.D. Jones and C. Gomard and P. Sestoft, Partial Evaluation and Automatic Program Generation. Prentice Hall, 1993.
J. Kam and J. Ullman. Global data flow analysis and iterative algorithms. Journal of the ACM 23 (1976) 158–171.
G. A. Kildall. A unified approach to global program optimization. In Conf. Rec. 1st ACM Symposium on Principles of Programming Languages (POPL’73), pages 194–206. ACM, New York, 1973.
J. Knoop, B. Steffen and J. Vollmer Parallelism for Free: Bitvector Analysis-No State explosion! Proceedings of the International Workshop on Tools and Algorithms for the Construction and Analysis of Systems, TACAS’95, LNCS 1019, 1995
J. Knoop, O. Rüthing and B. Steffen. Lazy Code Motion. Proceedings of the ACM SIGPLAN’94 Conference on Programming Language Design and Implementation (PLDI’94), Olando, Florida, SIPLAN Notices 30, 6 (1994), 233–245.
D. Kozen, Results on the propositional mu-calculus. Theoretical Computer Science, 27 (1983) 333–354.
Y.S. Kwong, On reduction of asynchronous systems. Theoretical Computer Science 5 (1977) 25–50.
S.P. Masticola and B.G. Ryder. Static Infinite Wait Anomaly Detection in Polynomial Time. Proceedings of ACM International Conference on Parallel Processing, 1990.
S.P. Masticola and B.G. Ryder. A Model of Ada Programs for Static Deadlock Detection in Polynomial Time. Proceedings ACM Workshop on Parallel and Distributed Debugging, 1991.
R. Milner. Communication and Concurrency. Prentice Hall, 1989.
R. Milner and M. Tofte. Co-induction in relational semantics. Theoretical Computer Science, 17 (1992) 209–220.
A. Mycroft and N.D. Jones. A relational framework for abstract interpretation. In Programs as Data Objects, Lecture Notes in Computer Science 217, Springer, 1985, pp. 156–171.
F. Nielson, A Denotational Framework for Data Flow Analysis. Acta Informatica 18 (1982) 265–287.
K.M. Olender and L.J. Osterweil. Cecil: A Sequencing Constraint Language for Automatic Static Analysis Generation. IEEE Transactions on Software Engineering 16-3 (1990) 268–280.
K.M. Olender and L.J. Osterweil. Interprocedural Static Analysis of Sequencing Constraints. ACM Transactions on Software Engineering and Methodology 1-1 (1992) 21–52.
Gordon D. Plotkin. A Structural Approach to Operational Semantics. Technical Report DAIMI FN-19, University of Aarhus, Denmark, 1981.
D.A. Schmidt, Abstract interpretation of small-step semantics. Proc. 5th LOMAPS Workshop on Analysis and Verification of Multiple-Agent Languages, M. Dam and F. Orava, eds. Springer, 1996.
D.A. Schmidt, Trace-based abstract interpretation of operational semantics. J. Lisp and Symbolic Computation, 10 (1998) 237–271.
D.A. Schmidt, Data-flow analysis is model checking of abstract interpretations. Proc. 25th ACM Symp. on Principles of Prog. Languages, POPL98, 1998.
F. daSilva. Correctness Proofs of Compilers and Debuggers: an Approach Based on Structural Operational Semantics. Ph.D. thesis, LFCS report ECS-LFCS-92-241, Edinburgh University, Scotland, 1992.
B. Steffen, T. Margaria, V. Braun: The Electronic Tool Integration platform: concepts and design, [51] 1(1), pp. 9–30.
B. Steffen. Data Flow Analysis as Model Checking. Proceedings of the International Concerence on Theoretical Aspects of Computer Software, TACS’91, LNCS 526, 1991
B. Steffen. Generating Data Flow Analysis Algorithms from Modal Specifications, International Journal on Science of Computer Programming, N. 21, 1993, pp. 115–139.
B. Steffen, Property-oriented expansion. Proc. Static Analysis Symposium: SAS’96, Lecture Notes in Computer Science 1145. Springer, 1996, pp. 22–41.
B. Steffen, Unifying Models. Proc. of the Annual Symposium on Theoretical Aspects of Computer Science, STACS’97, Lecture Notes in Computer Science 1200. Springer, 1997, pp. 1–20.
Special Section on Programming Language Tools, Int. Journal on Software Tools for Technology Transfer, Vol. 3, Springer Verlag, October 1998
A. Venet, Abstract interpretation of the pi-calculus. Proc. LOMAPS Workshop on Analysis and Verification of Multiple-Agent Languages, M. Dam and F. Orava, eds., LNCS 1192, Springer, 1996.
A. Venet, Automatic Determination of Communication Topologies in Mobile Systems. Proc. SAS’98, G. Levi, ed. Springer LNCS, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schmidt, D., Steffen, B. (1998). Program Analysis as Model Checking of Abstract Interpretations. In: Levi, G. (eds) Static Analysis. SAS 1998. Lecture Notes in Computer Science, vol 1503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49727-7_22
Download citation
DOI: https://doi.org/10.1007/3-540-49727-7_22
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65014-0
Online ISBN: 978-3-540-49727-1
eBook Packages: Springer Book Archive