skip to main content
research-article

DAG inlining: a decision procedure for reachability-modulo-theories in hierarchical programs

Published:03 June 2015Publication History
Skip Abstract Section

Abstract

A hierarchical program is one with multiple procedures but no loops or recursion. This paper studies the problem of deciding reachability queries in hierarchical programs where individual statements can be encoded in a decidable logic (say in SMT). This problem is fundamental to verification and most directly applicable to doing bounded reachability in programs, i.e., reachability under a bound on the number of loop iterations and recursive calls. The usual method of deciding reachability in hierarchical programs is to first inline all procedures and then do reachability on the resulting single-procedure program. Such inlining unfolds the call graph of the program to a tree and may lead to an exponential increase in the size of the program. We design and evaluate a method called DAG inlining that unfolds the call graph to a directed acyclic graph (DAG) instead of a tree by sharing the bodies of procedures at certain points during inlining. DAG inlining can produce much more compact representations than tree inlining. Empirically, we show that it leads to significant improvements in the running time of a state-of-the-art verifier.

References

  1. D. Babic and A. J. Hu. Calysto: Scalable and precise extended static checking. In International Conference on Software Engineering, pages 211–220, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for Boolean programs. In SPIN, pages 113–130, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. T. Ball, R. Majumdar, T. D. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In Programming Language Design and Implementation, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. M. Barnett and K. R. M. Leino. Weakest-precondition of unstructured programs. In Program Analysis for Software Tools and Engineering, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. M. Barnett, B.-Y. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A modular reusable verifier for object-oriented programs. In Formal Methods for Components and Objects, pages 364–387, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. CBMC. Bounded Model Checking for ANSI-C. http://www. cprover.org/cbmc/.Google ScholarGoogle Scholar
  7. E. M. Clarke, D. Kroening, and F. Lerda. A tool for checking ANSI-C programs. In Tools and Algorithms for the Construction and Analysis of Systems, pages 168–176, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  8. J. Esparza and S. Schwoon. A BDD-based model checker for recursive programs. In Computer Aided Verification, pages 324–336, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. F. Ivancic, G. Balakrishnan, A. Gupta, S. Sankaranarayanan, N. Maeda, H. Tokuoka, T. Imoto, and Y. Miyazaki. DC2: A framework for scalable, scope-bounded software verification. In Automated Software Engineering, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. V. Kuznetsov, J. Kinder, S. Bucur, and G. Candea. Efficient state merging in symbolic execution. In Programming Language Design and Implementation, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. A. Lal and S. Qadeer. Reachability modulo theories. In Reachability Problems, 2013.Google ScholarGoogle ScholarCross RefCross Ref
  12. A. Lal and S. Qadeer. Powering the Static Driver Verifier using Corral. In Foundations of Software Engineering, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. A. Lal and S. Qadeer. A program transformation for faster goal-directed search. In Formal Methods in Computer Aided Design, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. A. Lal, S. Qadeer, and S. Lahiri. Corral: A solver for reachability modulo theories. In Computer Aided Verification, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. A. Loginov, E. Yahav, S. Chandra, S. Fink, N. Rinetzky, and M. G. Nanda. Verifying dereference safety via expanding-scope analysis. In International Symposium on Software Testing and Analysis, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Microsoft. Static driver verifier. http://msdn.microsoft. com/en-us/library/windows/hardware/ff552808(v= vs.85).aspx.Google ScholarGoogle Scholar
  17. Z. Rakamaric and M. Emmi. SMACK: Decoupling source language details from verifier implementations. In Computer Aided Verification, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. N. Sinha. Modular bug detection with inertial refinement. In Formal Methods in Computer Aided Design, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. E. Torlak and R. Bodík. A lightweight symbolic virtual machine for solver-aided host languages. In Programming Language Design and Implementation, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. DAG inlining: a decision procedure for reachability-modulo-theories in hierarchical programs

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!