skip to main content
research-article

Abstractions from proofs

Published:01 July 2014Publication History
Skip Abstract Section

Abstract

The success of model checking for large programs depends crucially on the ability to efficiently construct parsimonious abstractions. A predicate abstraction is parsimonious if at each control location, it specifies only relationships between current values of variables, and only those which are required for proving correctness. Previous methods for automatically refining predicate abstractions until sufficient precision is obtained do not systematically construct parsimonious abstractions: predicates usually contain symbolic variables, and are added heuristically and often uniformly to many or all control locations at once. We use Craig interpolation to efficiently construct, from a given abstract error trace which cannot be concretized, a parsominous abstraction that removes the trace. At each location of the trace, we infer the relevant predicates as an interpolant between the two formulas that define the past and the future segment of the trace. Each interpolant is a relationship between current values of program variables, and is relevant only at that particular program location. It can be found by a linear scan of the proof of infeasibility of the trace.We develop our method for programs with arithmetic and pointer expressions, and call-by-value function calls. For function calls, Craig interpolation offers a systematic way of generating relevant predicates that contain only the local variables of the function and the values of the formal parameters when the function was called. We have extended our model checker BLAST with predicate discovery by Craig interpolation, and applied it successfully to C programs with more than 130,000 lines of code, which was not possible with approaches that build less parsimonious abstractions.

References

  1. T. Ball, T. Millstein, and S.K. Rajamani. Polymorphic predicate abstraction. ACM Transactions on Programming Languages and Systems, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. T. Ball and S.K. Rajamani. Personal communication.Google ScholarGoogle Scholar
  3. T. Ball and S.K. Rajamani. Generating abstract explanations of spurious counterexamples in C programs. Technical Report MSR-TR-2002-09, Microsoft Research, 2002.Google ScholarGoogle Scholar
  4. T. Ball and S.K. Rajamani. The SLAM project: debugging system software via static analysis. In POPL '02: Principles of Programming Languages, pages 1--3. ACM, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. R. Bodik, R. Gupta, and M.L. Soffa. Refining dataflow information using infeasible paths. In FSE '97: Foundations of Software Engineering, LNCS 1301, pages 361--377. Springer, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. W.R. Bush, J.D. Pincus, and D.J. Sielaff. A static analyzer for finding dynamic programming errors. Software Practice and Experience, 30:775--802, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. S. Chaki, E.M. Clarke, A. Groce, and O. Strichman. Predicate abstraction with minimum predicates. In CHARME '03: Correct Hardware Design and Verification, LNCS 2860, pages 19--34. Springer, 2003.Google ScholarGoogle Scholar
  8. E.M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. In CAV '00: Computer-Aided Verification, LNCS 1855, pages 154--169. Springer, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. W. Craig. Linear reasoning. J. Symbolic Logic, 22:250--268, 1957.Google ScholarGoogle ScholarCross RefCross Ref
  10. R. Cytron, J. Ferrante, B.K. Rosen, M.N. Wegman, and F.K. Zadek. Efficiently computing static single assignment form and the program dependence graph. ACM Transactions on Programming Languages and Systems, 13:451--490, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. M. Das, S. Lerner, and M. Seigle. ESP: path-sensitive program verification in polynomial time. In PLDI '02: Programming Language Design and Implementation, pages 57--68. ACM, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. C. Flanagan. Automatic software model checking using CLP. In ESOP '03: European Symposium on Programming, LNCS 2618, pages 189--203. Springer, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. C. Flanagan, K.R.M. Leino, M. Lillibridge, G. Nelson, J.B. Saxe, and R. Stata. Extended static checking for Java. In PLDI '02: Programming Language Design and Implementation, pages 234--245. ACM, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. C. Flanagan and J.B. Saxe. Avoiding exponential explosion: generating compact verification conditions. In POPL '01: Principles of Programming Languages, pages 193--205. ACM, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. J.S. Foster, T. Terauchi, and A. Aiken. Flow-sensitive type qualifiers. In PLDI '02: Programming Language Design and Implementation, pages 1--12. ACM, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. D. Gries. The Science of Programming. Springer, 1981. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. T.A. Henzinger, R. Jhala, R. Majumdar, G.C. Necula, G. Sutre, and W. Weimer. Temporal-safety proofs for systems code. In CAV '02: Computer-Aided Verification, LNCS 2404, pages 526--538. Springer, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. T.A. Henzinger, R. Jhala, R. Majumdar, and M.A.A. Sanvido. Extreme model checking. In International Symposium on Verification, LNCS. Springer, 2003.Google ScholarGoogle ScholarCross RefCross Ref
  19. T.A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In POPL '02: Principles of Programming Languages, pages 58--70. ACM, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. J. Krajicek. Interpolation theorems, lower bounds for proof systems, and independence results for bounded arithmetic. J. Symbolic Logic, 62:457--486, 1997.Google ScholarGoogle ScholarCross RefCross Ref
  21. J. McCarthy and J. Painter. Correctness of a compiler for arithmetic expressions. In Proc. Symposia in Applied Mathematics. American Mathematical Society, 1967.Google ScholarGoogle ScholarCross RefCross Ref
  22. K.L. McMillan. Interpolation and SAT-based model checking. In CAV'03: Computer-Aided Verification, LNCS 2725, pages 1--13. Springer, 2003.Google ScholarGoogle Scholar
  23. J.C. Mitchell. Foundations for Programming Languages. MIT Press, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. J. M. Morris. A general axiom of assignment. In Theoretical Foundations of Programming Methodology, Lecture Notes of an International Summer School, pages 25--34. D. Reidel Publishing Company, 1982.Google ScholarGoogle ScholarCross RefCross Ref
  25. M. Musuvathi, D.Y.W. Park, A. Chou, D.R. Engler, and D.L. Dill. CMC: A pragmatic approach to model checking real code. In OSDI'02: Operating Systems Design and Implementation. ACM, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. G.C. Necula. Proof carrying code. In POPL '97: Principles of Programming Languages, pages 106--119. ACM, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. G. Nelson. Techniques for program verification. Technical Report CSL81-10, Xerox Palo Alto Research Center, 1981.Google ScholarGoogle Scholar
  28. P. Pudlak. Lower bounds for resolution and cutting plane proofs and monotone computations. J. Symbolic Logic, 62:981--998, 1997.Google ScholarGoogle ScholarCross RefCross Ref
  29. T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In POPL '95: Principles of Programming Languages, pages 49--61. ACM, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Abstractions from proofs

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!