Abstract
A constraint-based approach to invariant generation in programs translates a program into constraints that are solved using off-the-shelf constraint solvers to yield desired program invariants.
In this paper we show how the constraint-based approach can be used to model a wide spectrum of program analyses in an expressive domain containing disjunctions and conjunctions of linear inequalities. In particular, we show how to model the problem of context-sensitive interprocedural program verification. We also present the first constraint-based approach to weakest precondition and strongest postcondition inference. The constraints we generate are boolean combinations of quadratic inequalities over integer variables. We reduce these constraints to SAT formulae using bitvector modeling and use off-the-shelf SAT solvers to solve them.
Furthermore, we present interesting applications of the above analyses, namely bounds analysis and generation of most-general counter-examples for both safety and termination properties. We also present encouraging preliminary experimental results demonstrating the feasibility of our technique on a variety of challenging examples.
- I. Balaban, A. Cohen, and A. Pnueli. Ranking abstraction of recursive programs. In VMCAI, pages 267--281, 2006. Google Scholar
Digital Library
- J. Berdine, A. Chawdhary, B. Cook, D. Distefano, and P.W. OHearn. Variance analyses from invariance analyses. In POPL, pages 211--224, 2007. Google Scholar
Digital Library
- D. Beyer, T. Henzinger, R. Majumdar, and A. Rybalchenko. Invariant synthesis for combined theories. In VMCAI07, pages 378--394, 2007. Google Scholar
Digital Library
- D. Beyer, T. A. Henzinger, R. Majumdar, and A. Rybalchenko. Path invariants. In PLDI, pages 300--309, 2007. Google Scholar
Digital Library
- B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Mine, D. Monniaux, and X. Rival. Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software. In The Essence of Computation: Complexity, Analysis, Transformation., LNCS 2566, pages 85--108. Oct. 2002. Google Scholar
Digital Library
- A. R. Bradley and Z. Manna. Verification constraint problems with strengthening. In ICTAC, pages 35--49, 2006. Google Scholar
Digital Library
- A. R. Bradley, Z. Manna, and H. B. Sipma. Linear ranking with reachability. In Proc. 17th Intl. Conference on Computer Aided Verification (CAV), volume 3576 of Lecture Notes in Computer Science. Springer Verlag, July 2005. Google Scholar
Digital Library
- M. Colon, S. Sankaranarayanan, and H. Sipma. Linear invariant generation using non-linear constraint solving. In CAV, pages 420--432, 2003.Google Scholar
- M. Colon and H. Sipma. Practical methods for proving program termination. In CAV 02: Proceedings of the 14th International Conference on Computer Aided Verification, pages 442--454. Springer-Verlag, 2002. Google Scholar
Digital Library
- P. Cousot. Proving program invariance and termination by parametric abstraction, lagrangian relaxation and semidefinite programming. In VMCAI, pages 1--24, 2005. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, pages 238--252, 1977. Google Scholar
Digital Library
- L. M. de Moura and N. Bjrner. Efficient e-matching for smt solvers. In CADE, pages 183--198, 2007. Google Scholar
Digital Library
- J. Edmund M. Clarke, O. Grumberg, and D. A. Peled. Model checking. MIT Press, Cambridge, MA, USA, 1999. Google Scholar
Digital Library
- R. Giacobazzi and F. Ranzato. Optimal domains for disjunctive abstract interpretation. Sci. of Comp. Prg., 32(1--3):177--210, 1998. Google Scholar
Digital Library
- L. Gonnord and N. Halbwachs. Combining widening and acceleration in linear relation analysis. In 13th International Static Analysis Symposium, SAS06, LNCS 4134, Aug. 2006. Google Scholar
Digital Library
- D. Gopan and T. W. Reps. Lookahead widening. In CAV, pages 452--466, 2006. Google Scholar
Digital Library
- D. Gopan and T. W. Reps. Guided static analysis. In SAS, pages 349--365, 2007. Google Scholar
Digital Library
- B. S. Gulavani, S. Chakraborty, A. V. Nori, and S. K. Rajamani. Automatically refining abstract interpretations. Technical Report TR-07-23, IIT Bombay, 2007.Google Scholar
- B. S. Gulavani and S. K. Rajamani. Counterexample driven refinement for abstract interpretation. In TACAS, pages 474--488, 2006. Google Scholar
Digital Library
- S. Gulwani, K. Mehra, and T. Chilimbi. Statically computing complexity bounds for programs with recursive data-structures. Technical Report MSR-TR-2008-16, Microsoft Research, Jan. 2008.Google Scholar
- S. Gulwani, S. Srivastava, and R. Venkatesan. Program analysis as constraint solving. Full version. Technical Report MSR-TR-2008-44, Microsoft Research, Mar. 2008.Google Scholar
- A. Gupta, T. Henzinger, R. Majumdar, A. Rybalchenko, and R.-G. Xu. Proving non-termination. In POPL, 2008. Google Scholar
Digital Library
- C. B. Jones. Specification and design of (parallel) programs. In IFIP Congress, pages 321--332, 1983.Google Scholar
- D. Kapur. Automatically generating loop invariants using quantifier elimination. In Deduction and Applications, 2005.Google Scholar
- G. A. Kildall. A unified approach to global program optimization. In POPL, pages 194--206, 1973. Google Scholar
Digital Library
- Z. Manna. Mathematical Theory of Computation. McGraw-Hill, New York, 74.Google Scholar
- Z. Manna and J. McCarthy. Properties of programs and partial function logic. Machine Intelligence, 5, 1970.Google Scholar
- Z. Manna and A. Pnueli. Formalization of properties of functional programs. Journal of the ACM, 17(3):555--569, 1970. Google Scholar
Digital Library
- M.Muller-Olm and H. Seidl. Precise interprocedural analysis through linear algebra. In POPL, pages 330--341, 2004. Google Scholar
Digital Library
- M. Muller-Olm, H. Seidl, and B. Steffen. Interprocedural analysis (almost) for free. In Technical Report 790, Fachbereich Informatik, Universitt Dortmund, 2004.Google Scholar
- M. Muller-Olm, H. Seidl, and B. Steffen. Interprocedural herbrand equalities. In ESOP, pages 31--45, 2005. Google Scholar
Digital Library
- A. Podelski and A. Rybalchenko. A complete method for the synthesis of linear ranking functions. In VMCAI, pages 239--251, 2004.Google Scholar
Cross Ref
- S. Sagiv, T.W. Reps, and S. Horwitz. Precise interprocedural dataflow analysis with applications to constant propagation. Theor. Comput. Sci., 167(1&2):131--170, 1996. Google Scholar
Digital Library
- S. Sankaranarayanan, F. Ivancic, I. Shlyakhter, and A. Gupta. Static analysis in disjunctive numerical domains. In SAS, pages 317, 2006. {35} S. Sankaranarayanan, H. Sipma, and Z. Manna. Non-linear loop invariant generation using grobner bases. In POPL, pages 318--329, 2004. Google Scholar
Digital Library
- S. Sankaranarayanan, H. B. Sipma, and Z. Manna. Constraint-based linear-relations analysis. In SAS, pages 53--68, 2004.Google Scholar
Cross Ref
- S. Sankaranarayanan, H. B. Sipma, and Z. Manna. Scalable analysis of linear systems using mathematical programming. In VMCAI, pages 25--41, 2005. Google Scholar
Digital Library
- A. Schrijver. Theory of Linear and Integer Programming. 1986. Google Scholar
Digital Library
- H. Seidl, A. Flexeder, and M. Petter. Interprocedurally analysing linear inequality relations. In ESOP, pages 284--299, 2007. Google Scholar
Digital Library
- C. Wang, Z. Yang, A. Gupta, and F. Ivancic. Using counterex. for improv. the prec. of reachability comput. with polyhedra. In CAV, pages 352--365, 2007. Google Scholar
Digital Library
- Y. Xie and A. Aiken. Saturn: A sat-based tool for bug detection. In CAV, pages 139--143, 2005. Google Scholar
Digital Library
Index Terms
Program analysis as constraint solving
Recommendations
Program analysis as constraint solving
PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and ImplementationA constraint-based approach to invariant generation in programs translates a program into constraints that are solved using off-the-shelf constraint solvers to yield desired program invariants.
In this paper we show how the constraint-based approach can ...
Formal Verification for C Program
Iterative abstraction refinement has emerged in the last few years as the leading approach to software model checking. We present an approach for automatically verifying C programs against safety specifications based on finite state machine. The ...
A framework for testing first-order logic axioms in program verification
Program verification systems based on automated theorem provers rely on user-provided axioms in order to verify domain-specific properties of code. However, formulating axioms correctly (that is, formalizing properties of an intended mathematical ...







Comments