research-article

Program analysis as constraint solving

Authors:
Sumit Gulwani

Microsoft Research, Redmond, WA, USA

Microsoft Research, Redmond, WA, USA
View Profile

,
Saurabh Srivastava

University of Maryland, College Park, College Park, MD, USA

University of Maryland, College Park, College Park, MD, USA
View Profile

,
Ramarathnam Venkatesan

Microsoft Research, Redmond, WA, USA

Microsoft Research, Redmond, WA, USA
View Profile

PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and ImplementationJune 2008Pages 281–292https://doi.org/10.1145/1375581.1375616

Published:07 June 2008Publication History

PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 281–292

ABSTRACT

A constraint-based approach to invariant generation in programs translates a program into constraints that are solved using off-the-shelf constraint solvers to yield desired program invariants.

In this paper we show how the constraint-based approach can be used to model a wide spectrum of program analyses in an expressive domain containing disjunctions and conjunctions of linear inequalities. In particular, we show how to model the problem of context-sensitive interprocedural program verification. We also present the first constraint-based approach to weakest precondition and strongest postcondition inference. The constraints we generate are boolean combinations of quadratic inequalities over integer variables. We reduce these constraints to SAT formulae using bitvector modeling and use off-the-shelf SAT solvers to solve them.

Furthermore, we present interesting applications of the above analyses, namely bounds analysis and generation of most-general counter-examples for both safety and termination properties. We also present encouraging preliminary experimental results demonstrating the feasibility of our technique on a variety of challenging examples.

References

I. Balaban, A. Cohen, and A. Pnueli. Ranking abstraction of recursive programs. In VMCAI, pages 267--281, 2006. Google ScholarDigital Library
J. Berdine, A. Chawdhary, B. Cook, D. Distefano, and P.W. OHearn. Variance analyses from invariance analyses. In POPL, pages 211--224, 2007. Google ScholarDigital Library
D. Beyer, T. Henzinger, R. Majumdar, and A. Rybalchenko. Invariant synthesis for combined theories. In VMCAI07, pages 378--394, 2007. Google ScholarDigital Library
D. Beyer, T. A. Henzinger, R. Majumdar, and A. Rybalchenko. Path invariants. In PLDI, pages 300--309, 2007. Google ScholarDigital Library
B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Mine, D. Monniaux, and X. Rival. Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software. In The Essence of Computation: Complexity, Analysis, Transformation., LNCS 2566, pages 85--108. Oct. 2002. Google ScholarDigital Library
A. R. Bradley and Z. Manna. Verification constraint problems with strengthening. In ICTAC, pages 35--49, 2006. Google ScholarDigital Library
A. R. Bradley, Z. Manna, and H. B. Sipma. Linear ranking with reachability. In Proc. 17th Intl. Conference on Computer Aided Verification (CAV), volume 3576 of Lecture Notes in Computer Science. Springer Verlag, July 2005. Google ScholarDigital Library
M. Colon, S. Sankaranarayanan, and H. Sipma. Linear invariant generation using non-linear constraint solving. In CAV, pages 420--432, 2003.Google Scholar
M. Colon and H. Sipma. Practical methods for proving program termination. In CAV 02: Proceedings of the 14th International Conference on Computer Aided Verification, pages 442--454. Springer-Verlag, 2002. Google ScholarDigital Library
P. Cousot. Proving program invariance and termination by parametric abstraction, lagrangian relaxation and semidefinite programming. In VMCAI, pages 1--24, 2005. Google ScholarDigital Library
P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, pages 238--252, 1977. Google ScholarDigital Library
L. M. de Moura and N. Bjrner. Efficient e-matching for smt solvers. In CADE, pages 183--198, 2007. Google ScholarDigital Library
J. Edmund M. Clarke, O. Grumberg, and D. A. Peled. Model checking. MIT Press, Cambridge, MA, USA, 1999. Google ScholarDigital Library
R. Giacobazzi and F. Ranzato. Optimal domains for disjunctive abstract interpretation. Sci. of Comp. Prg., 32(1--3):177--210, 1998. Google ScholarDigital Library
L. Gonnord and N. Halbwachs. Combining widening and acceleration in linear relation analysis. In 13th International Static Analysis Symposium, SAS06, LNCS 4134, Aug. 2006. Google ScholarDigital Library
D. Gopan and T. W. Reps. Lookahead widening. In CAV, pages 452--466, 2006. Google ScholarDigital Library
D. Gopan and T. W. Reps. Guided static analysis. In SAS, pages 349--365, 2007. Google ScholarDigital Library
B. S. Gulavani, S. Chakraborty, A. V. Nori, and S. K. Rajamani. Automatically refining abstract interpretations. Technical Report TR-07-23, IIT Bombay, 2007.Google Scholar
B. S. Gulavani and S. K. Rajamani. Counterexample driven refinement for abstract interpretation. In TACAS, pages 474--488, 2006. Google ScholarDigital Library
S. Gulwani, K. Mehra, and T. Chilimbi. Statically computing complexity bounds for programs with recursive data-structures. Technical Report MSR-TR-2008-16, Microsoft Research, Jan. 2008.Google Scholar
S. Gulwani, S. Srivastava, and R. Venkatesan. Program analysis as constraint solving. Full version. Technical Report MSR-TR-2008-44, Microsoft Research, Mar. 2008.Google Scholar
A. Gupta, T. Henzinger, R. Majumdar, A. Rybalchenko, and R.-G. Xu. Proving non-termination. In POPL, 2008. Google ScholarDigital Library
C. B. Jones. Specification and design of (parallel) programs. In IFIP Congress, pages 321--332, 1983.Google Scholar
D. Kapur. Automatically generating loop invariants using quantifier elimination. In Deduction and Applications, 2005.Google Scholar
G. A. Kildall. A unified approach to global program optimization. In POPL, pages 194--206, 1973. Google ScholarDigital Library
Z. Manna. Mathematical Theory of Computation. McGraw-Hill, New York, 74.Google Scholar
Z. Manna and J. McCarthy. Properties of programs and partial function logic. Machine Intelligence, 5, 1970.Google Scholar
Z. Manna and A. Pnueli. Formalization of properties of functional programs. Journal of the ACM, 17(3):555--569, 1970. Google ScholarDigital Library
M.Muller-Olm and H. Seidl. Precise interprocedural analysis through linear algebra. In POPL, pages 330--341, 2004. Google ScholarDigital Library
M. Muller-Olm, H. Seidl, and B. Steffen. Interprocedural analysis (almost) for free. In Technical Report 790, Fachbereich Informatik, Universitt Dortmund, 2004.Google Scholar
M. Muller-Olm, H. Seidl, and B. Steffen. Interprocedural herbrand equalities. In ESOP, pages 31--45, 2005. Google ScholarDigital Library
A. Podelski and A. Rybalchenko. A complete method for the synthesis of linear ranking functions. In VMCAI, pages 239--251, 2004.Google ScholarCross Ref
S. Sagiv, T.W. Reps, and S. Horwitz. Precise interprocedural dataflow analysis with applications to constant propagation. Theor. Comput. Sci., 167(1&2):131--170, 1996. Google ScholarDigital Library
S. Sankaranarayanan, F. Ivancic, I. Shlyakhter, and A. Gupta. Static analysis in disjunctive numerical domains. In SAS, pages 317, 2006. {35} S. Sankaranarayanan, H. Sipma, and Z. Manna. Non-linear loop invariant generation using grobner bases. In POPL, pages 318--329, 2004. Google ScholarDigital Library
S. Sankaranarayanan, H. B. Sipma, and Z. Manna. Constraint-based linear-relations analysis. In SAS, pages 53--68, 2004.Google ScholarCross Ref
S. Sankaranarayanan, H. B. Sipma, and Z. Manna. Scalable analysis of linear systems using mathematical programming. In VMCAI, pages 25--41, 2005. Google ScholarDigital Library
A. Schrijver. Theory of Linear and Integer Programming. 1986. Google ScholarDigital Library
H. Seidl, A. Flexeder, and M. Petter. Interprocedurally analysing linear inequality relations. In ESOP, pages 284--299, 2007. Google ScholarDigital Library
C. Wang, Z. Yang, A. Gupta, and F. Ivancic. Using counterex. for improv. the prec. of reachability comput. with polyhedra. In CAV, pages 352--365, 2007. Google ScholarDigital Library
Y. Xie and A. Aiken. Saturn: A sat-based tool for bug detection. In CAV, pages 139--143, 2005. Google ScholarDigital Library

Index Terms

Program analysis as constraint solving

Recommendations

Program analysis as constraint solving
PLDI '08

A constraint-based approach to invariant generation in programs translates a program into constraints that are solved using off-the-shelf constraint solvers to yield desired program invariants.

In this paper we show how the constraint-based approach can ...
Read More
Extensions of constraint solving for proof planning
ECAI'00: Proceedings of the 14th European Conference on Artificial Intelligence

The integration of constraint solvers into proof planning has pushed the problem solving horizon. Proof planning benefits from the general functionalities of a constraint solver such as consistency check, constraint inference, as well as the search for ...
Read More
An Interface Theory for Program Verification
Leveraging Applications of Formal Methods, Verification and Validation: Verification Principles
Abstract
Program verification is the problem, for a given program and a specification , of constructing a proof of correctness for the statement “program satisfies specification ” () or a proof of violation ([inline-graphic not available: see fulltext]). ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2008
396 pages
ISBN:9781595938602
DOI:10.1145/1375581
General Chair:
Rajiv Gupta
University of California, Riverside, USA
,
Program Chair:
Saman Amarasinghe
Massachusetts Institute of Technology, USA
ACM SIGPLAN Notices Volume 43, Issue 6
PLDI '08
June 2008
382 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1379022
Issue’s Table of Contents
Copyright © 2008 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 7 June 2008
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
bounds analysis
constraint solving
most-general counterexamples
non-termination analysis
program verification
strongest postcondition
weakest precondition
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate406of2,067submissions,20%
Upcoming Conference
PLDI '24

Sponsor:

sigplan

ACM SIGPLAN Conference on Programming Language Design and Implementation

June 24 - 28, 2024

Copenhagen , Denmark
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 191
  Total Citations
  View Citations
- 1,385
  Total Downloads
- Downloads (Last 12 months)88
- Downloads (Last 6 weeks)13
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Program analysis as constraint solving

PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation

ABSTRACT

References

Cited By

Index Terms

Recommendations

Program analysis as constraint solving

Extensions of constraint solving for proof planning

An Interface Theory for Program Verification