Abstract
Bounded Model Checking is one the most successful techniques for finding bugs in program. However, model checkers are resource hungry and are often unable to verify programs with loops iterating over large arrays. We present a transformation that enables bounded model checkers to verify a certain class of array properties. Our technique transforms an array-manipulating (Ansi-C) program to an array-free and loop-free (Ansi-C) program thereby reducing the resource requirements of a model checker significantly. Model checking of the transformed program using an off-the-shelf bounded model checker simulates the loop iterations efficiently. Thus, our transformed program is a sound abstraction of the original program and is also precise in a large number of cases—we formally characterize the class of programs for which it is guaranteed to be precise. We demonstrate the applicability and usefulness of our technique on both industry code as well as academic benchmarks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Result for motivatingExample.c at
- 2.
Results of analysis may be over-approximated.
- 3.
Programs in ArrayMemSafety access arrays without using index and cannot be transformed.
- 4.
Case by case results available at https://sites.google.com/site/datastructureabstraction/home/sv-comp-benchmark-evaluation-1.
- 5.
TCS Embedded Code Analyzer (TCS ECA) http://www.tcs.com/offerings/engineering_services/Pages/TCS-Embedded-Code-Analyzer.aspx.
- 6.
PRISM implements [22] for slicing.
References
2015 4th International Competition on Software Verification. http://sv-comp.sosy-lab.org/2015/results/. Accessed 12 Feb 2017
2016 5th International Competition on Software Verification. http://sv-comp.sosy-lab.org/2016/results/results-verified/. Accessed 12 Feb 2017
Alberti, F., Bruttomesso, R., Ghilardi, S., Ranise, S., Sharygina, N.: An extension of lazy abstraction with interpolation for programs with arrays. In: Formal Methods in System Design (2014)
Alberti, F., Ghilardi, S., Sharygina, N.: Booster: an acceleration-based verification framework for array programs. In: Cassez, F., Raskin, J.-F. (eds.) ATVA 2014. LNCS, vol. 8837, pp. 18–23. Springer, Cham (2014). doi:10.1007/978-3-319-11936-6_2
Alberti, F., Monniaux, D.: Polyhedra to the rescue of array interpolants. In: Annual ACM Symposium on Applied Computing (2015)
Ball, T., Rajamani, S.K.: The slam project: debugging system software via static analysis. In: ACM SIGPLAN Notices, vol. 37 (2002)
Beyer, D., Henzinger, T.A., Majumdar, R., Rybalchenko, A.: Invariant synthesis for combined theories. In: Cook, B., Podelski, A. (eds.) VMCAI 2007. LNCS, vol. 4349, pp. 378–394. Springer, Heidelberg (2007). doi:10.1007/978-3-540-69738-1_27
Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software. In: Mogensen, T.Æ., Schmidt, D.A., Sudborough, I.H. (eds.) The Essence of Computation. LNCS, vol. 2566, pp. 85–108. Springer, Heidelberg (2002). doi:10.1007/3-540-36377-7_5
CBMC. http://www.cprover.org/cbmc/. Accessed 12 Feb 2017
Chimdyalwar, B., Kumar, S.: Effective false positive filtering for evolving software. In: ISEC (2011)
Copty, F., Fix, L., Fraer, R., Giunchiglia, E., Kamhi, G., Tacchella, A., Vardi, M.Y.: Benefits of bounded model checking at an industrial setting. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 436–453. Springer, Heidelberg (2001). doi:10.1007/3-540-44585-4_43
Cornish, J.R.M., Gange, G., Navas, J.A., Schachte, P., Søndergaard, H., Stuckey, P.J.: Analyzing array manipulating programs by program transformation. In: Proietti, M., Seki, H. (eds.) LOPSTR 2014. LNCS, vol. 8981, pp. 3–20. Springer, Cham (2015). doi:10.1007/978-3-319-17822-6_1
Cousot, P., Cousot, R., Logozzo, F.: A parametric segmentation functor for fully automatic and scalable array content analysis. In: ACM SIGPLAN Notices, vol. 46 (2011)
Darke, P., Chimdyalwar, B., Venkatesh, R., Shrotri, U., Metta, R.: Over-approximating loops to prove properties using bounded model checking. In: DATE (2015)
De Angelis, E., Fioravanti, F., Pettorossi, A., Proietti, M.: A rule-based verification strategy for array manipulating programs. Fundamenta Informaticae 140, 329–355 (2015)
Dillig, I., Dillig, T., Aiken, A.: Fluid updates: beyond strong vs. weak updates. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 246–266. Springer, Heidelberg (2010). doi:10.1007/978-3-642-11957-6_14
Fähndrich, M., Logozzo, F.: Static contract checking with abstract interpretation. In: Beckert, B., Marché, C. (eds.) FoVeOOS 2010. LNCS, vol. 6528, pp. 10–30. Springer, Heidelberg (2011). doi:10.1007/978-3-642-18070-5_2
Flanagan, C., Qadeer, S.: Predicate abstraction for software verification. ACM SIGPLAN Not. 37, 191–202 (2002)
Gopan, D., Reps, T., Sagiv, M.: A framework for numeric analysis of array operations. ACM SIGPLAN Not. 40(1), 338–350 (2005)
Gulwani, S., McCloskey, B., Tiwari, A.: Lifting abstract interpreters to quantified logical domains. In: POPL (2008)
Halbwachs, N., Péron, M.: Discovering properties about arrays in simple programs. ACM SIGPLAN Not. 43, 339–348 (2008)
Horwitz, S., Reps, T., Binkley, D.: Interprocedural slicing using dependence graphs. ACM Trans. Program. Lang. Syst. 12, 26–60 (1990)
Ice Cast. http://icecast.org/. Accessed 12 Feb 2017
Jana, A., Khedker, U.P., Datar, A., Venkatesh, R.: Scaling bounded model checking by transforming programs with arrays. CoRR, arXiv:1606.06974 (2016)
Khare, S., Saraswat, S., Kumar, S.: Static program analysis of large embedded code base: an experience. In: ISEC (2011)
Kroening, D., Lewis, M., Weissenbacher, G.: Under-approximating loops in C programs for fast counterexample detection. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 381–396. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39799-8_26
Liu, J., Rival, X.: Abstraction of arrays based on non contiguous partitions. In: D’Souza, D., Lal, A., Larsen, K.G. (eds.) VMCAI 2015. LNCS, vol. 8931, pp. 282–299. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46081-8_16
Monniaux, D., Gonnord, L.: Cell morphing: from array programs to array-free horn clauses. In: Rival, X. (ed.) SAS 2016. LNCS, vol. 9837, pp. 361–382. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53413-7_18
SV-COMP 2016 Benchmarks. https://sv-comp.sosy-lab.org/2016/benchmarks.php. Accessed 12 Feb 2017
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Jana, A., Khedker, U.P., Datar, A., Venkatesh, R., C., N. (2017). Scaling Bounded Model Checking by Transforming Programs with Arrays. In: Hermenegildo, M., Lopez-Garcia, P. (eds) Logic-Based Program Synthesis and Transformation. LOPSTR 2016. Lecture Notes in Computer Science(), vol 10184. Springer, Cham. https://doi.org/10.1007/978-3-319-63139-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-63139-4_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-63138-7
Online ISBN: 978-3-319-63139-4
eBook Packages: Computer ScienceComputer Science (R0)