Roberto Bruni
Roberto Giacobazzi
Francesco Ranzato
ABSTRACT
Abstract interpretation is a sound-by-construction method for program verification: any erroneous program will raise some alarm. However, the verification of correct programs may yield false-alarms, namely it may be incomplete. Ideally, one would like to perform the analysis on the most abstract domain that is precise enough to avoid false-alarms. We show how to exploit a weaker notion of completeness, called local completeness, to optimally refine abstract domains and thus enhance the precision of program verification. Our main result establishes necessary and sufficient conditions for the existence of an optimal, locally complete refinement, called pointed shell. On top of this, we define two repair strategies to remove all false-alarms along a given abstract computation: the first proceeds forward, along with the concrete computation, while the second moves backward within the abstract computation. Our results pave the way for a novel modus operandi for automating program verification that we call Abstract Interpretation Repair (AIR): instead of choosing beforehand the right abstract domain, we can start in any abstract domain and progressively repair its local incompleteness as needed. In this regard, AIR is for abstract interpretation what CEGAR is for abstract model checking.
- Aws Albarghouthi and Kenneth L. McMillan. 2013. Beautiful Interpolants. In Proceedings of CAV 2013, 25th International Conference on Computer Aided Verification (Lecture Notes in Computer Science, Vol. 8044). Springer, 313–329. https://doi.org/10.1007/978-3-642-39799-8_22 Google Scholar
Cross Ref
- Christel Baier and Joost-Pieter Katoen.. 2008. Principles of Model Checking. The MIT Press.Google ScholarDigital Library
- Thomas Ball, Todd D. Millstein, and Sriram K. Rajamani. 2005. Polymorphic predicate abstraction. ACM Trans. Program. Lang. Syst., 27, 2 (2005), 314–343. https://doi.org/10.1145/1057387.1057391 Google ScholarDigital Library
- Thomas Ball, Andreas Podelski, and Sriram K. Rajamani. 2001. Boolean and Cartesian Abstraction for Model Checking C Programs. In Proceedings of TACAS 2001, 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (Lecture Notes in Computer Science, Vol. 2031). Springer, 268–283. https://doi.org/10.1007/3-540-45319-9_19 Google ScholarCross Ref
- Thomas Ball, Andreas Podelski, and Sriram K. Rajamani. 2003. Boolean and Cartesian abstraction for model checking C programs. Int. J. Softw. Tools Technol. Transf., 5, 1 (2003), 49–58. https://doi.org/10.1007/s10009-002-0095-0 Google ScholarDigital Library
- Bruno Blanchet, Patrick Cousot, Radhia Cousot, Jérome Feret, Laurent Mauborgne, Antoine Miné, David Monniaux, and Xavier Rival. 2003. A Static Analyzer for Large Safety-Critical Software. In Proceedings of PLDI 2003, ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation. Association for Computing Machinery, New York, NY, USA. 196–207. isbn:1581136625 https://doi.org/10.1145/781131.781153 Google ScholarDigital Library
- Roberto Bruni, Roberto Giacobazzi, Roberta Gori, Isabel Garcia-Contreras, and Dusko Pavlovic. 2020. Abstract extensionality: on the properties of incomplete abstract interpretations. Proc. ACM Program. Lang., 4, POPL (2020), 28:1–28:28. https://doi.org/10.1145/3371096 Google ScholarDigital Library
- Roberto Bruni, Roberto Giacobazzi, Roberta Gori, and Francesco Ranzato. 2021. A Logic for Locally Complete Abstract Interpretations. In Proceedings of LICS 2021, 36th Annual ACM/IEEE Symposium on Logic in Computer Science. IEEE, 1–13. https://doi.org/10.1109/LICS52264.2021.9470608 Distinguished paper. Google ScholarDigital Library
- Edmund M. Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith. 2000. Counterexample-guided abstraction refinement. In Proceedings of CAV 2000, 12th International Conference on Computer Aided Verification (Lecture Notes in Computer Science, Vol. 1855). Springer-Verlag, 154–169. https://doi.org/10.1007/10722167_15 Google ScholarCross Ref
- Edmund M. Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith. 2001. Progress on the State Explosion Problem in Model Checking. In Informatics - 10 Years Back. 10 Years Ahead (Lecture Notes in Computer Science, Vol. 2000). Springer, 176–194. https://doi.org/10.1007/3-540-44577-3_12 Google ScholarCross Ref
- Edmund M. Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, and Helmut Veith. 2003. Counterexample-guided abstraction refinement for symbolic model checking. J. ACM, 50, 5 (2003), 752–794. https://doi.org/10.1145/876638.876643 Google ScholarDigital Library
- Edmund M. Clarke, Orna Grumberg, and David E. Long. 1994. Model checking and abstraction. ACM Trans. Program. Lang. Syst., 16, 5 (1994), 1512–1542. https://doi.org/10.1145/186025.186051 Google ScholarDigital Library
- Edmund M. Clarke, Orna Grumberg, and Doron A. Peled. 1999. Model Checking. The MIT Press.Google ScholarDigital Library
- Patrick Cousot. 2007. Proving the absence of run-time errors in safety-critical avionics code. In Proceedings of EMSOFT 2007, 7th ACM & IEEE International conference on Embedded software. ACM, 7–9. https://doi.org/10.1145/1289927.1289932 Google ScholarDigital Library
- Patrick Cousot. 2015. Abstracting Induction by Extrapolation and Interpolation. In Verification, Model Checking, and Abstract Interpretation - 16th International Conference, VMCAI 2015, Mumbai, India, January 12-14, 2015. Proceedings, Deepak D’Souza, Akash Lal, and Kim Guldstrand Larsen (Eds.) (Lecture Notes in Computer Science, Vol. 8931). Springer, 19–42. https://doi.org/10.1007/978-3-662-46081-8_2 Google ScholarDigital Library
- Patrick Cousot. 2021. Principles of Abstract Interpretation. MIT Press. isbn:9780262044905Google Scholar
- Patrick Cousot and Radhia Cousot. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of ACM POPL’77. ACM, 238–252. https://doi.org/10.1145/512950.512973 Google ScholarDigital Library
- Patrick Cousot and Radhia Cousot. 1979. Systematic design of program analysis frameworks. In Proceedings of ACM POPL’79. ACM, 269–282. https://doi.org/10.1145/567752.567778 Google ScholarDigital Library
- Patrick Cousot, Radhia Cousot, Jérome Feret, Laurent Mauborgne, Antoine Miné, David Monniaux, and Xavier Rival. 2005. The ASTRÉE Analyzer. In Proceedings of ESOP 2005, 14th European Symposium on Programming (Lecture Notes in Computer Science, Vol. 3444). Springer, 21–30. https://doi.org/10.1007/978-3-540-31987-0_3 Google ScholarDigital Library
- Patrick Cousot, Radhia Cousot, and Laurent Mauborgne. 2012. Theories, solvers and static analysis by abstract interpretation. J. ACM, 59, 6 (2012), 31:1–31:56. https://doi.org/10.1145/2395116.2395120 Google ScholarDigital Library
- Patrick Cousot and Nicolas Halbwachs. 1978. Automatic discovery of linear restraints among variables of a program. In Proceedings of POPL’78, the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages. ACM Press, 84–96. https://doi.org/10.1145/512760.512770 Google ScholarDigital Library
- Richard A. DeMillo, Richard J. Lipton, and Alan J. Perlis. 1979. Social Processes and Proofs of Theorems and Programs. Commun. ACM, 22, 5 (1979), 271–280. https://doi.org/10.1145/359104.359106 Google ScholarDigital Library
- Edsger W. Dijkstra. 1972. The Humble Programmer. Commun. ACM, 15, 10 (1972), 859–866. https://doi.org/10.1145/355604.361591 Google ScholarDigital Library
- Edsger W. Dijkstra. 1976. A discipline of programming. Prentice-Hall.Google ScholarDigital Library
- Dino Distefano, Manuel Fähndrich, Francesco Logozzo, and Peter W. O’Hearn. 2019. Scaling static analyses at Facebook. Commun. ACM, 62, 8 (2019), 62–70. https://doi.org/10.1145/3338112 Google ScholarDigital Library
- Gilberto Filé, Roberto Giacobazzi, and Francesco Ranzato. 1996. A unifying view of abstract domain design. ACM Comput. Surv., 28, 2 (1996), 333–336. https://doi.org/10.1145/234528.234742 Google ScholarDigital Library
- Luca Gazzola, Daniela Micucci, and Leonardo Mariani. 2019. Automatic Software Repair: A Survey. IEEE Trans. Software Eng., 45, 1 (2019), 34–67. https://doi.org/10.1109/TSE.2017.2755013 Google ScholarDigital Library
- Roberto Giacobazzi, Francesco Logozzo, and Francesco Ranzato. 2015. Analyzing Program Analyses. In Proceedings of POPL 2015, 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, 261–273. https://doi.org/10.1145/2676726.2676987 Google ScholarDigital Library
- Roberto Giacobazzi and Elisa Quintarelli. 2001. Incompleteness, counterexamples and refinements in abstract model-checking. In Proceedings of SAS 2001, 8th International Static Analysis Symposium (Lecture Notes in Computer Science, Vol. 2126). Springer, 356–373. https://doi.org/10.1007/3-540-47764-0_20 Google ScholarCross Ref
- Roberto Giacobazzi and Francesco Ranzato. 2002. States vs. Traces in Model Checking by Abstract Interpretation. In Proceedings of the 9th International Static Analysis Symposium, SAS 2002 (Lecture Notes in Computer Science, Vol. 2477). Springer, 461–476. https://doi.org/10.1007/3-540-45789-5_32 Google ScholarCross Ref
- Roberto Giacobazzi and Francesco Ranzato. 2006. Incompleteness of states w.r.t. traces in model checking. Inf. Comput., 204, 3 (2006), 376–407. https://doi.org/10.1016/j.ic.2006.01.001 Google ScholarCross Ref
- Roberto Giacobazzi and Franceso Ranzato. 2022. History of Abstract Interpretation. IEEE Annals of the History of Computing, 44 (2022), 13 pages. issn:1934-1547 https://doi.org/10.1109/MAHC.2021.3133136 Google ScholarCross Ref
- Roberto Giacobazzi, Francesco Ranzato, and Francesca Scozzari. 2000. Making Abstract Interpretation Complete. Journal of the ACM, 47, 2 (2000), March, 361–416. https://doi.org/10.1145/333979.333989 Google ScholarDigital Library
- Sumit Gulwani, Bill McCloskey, and Ashish Tiwari. 2008. Lifting Abstract Interpreters to Quantified Logical Domains. In Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’08). Association for Computing Machinery, 235–246. isbn:9781595936899 https://doi.org/10.1145/1328438.1328468 Google ScholarDigital Library
- Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, and Kenneth L. McMillan. 2004. Abstractions from proofs. In Proceedings of POPL 2004, 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, 232–244. https://doi.org/10.1145/964001.964021 Google ScholarDigital Library
- Krystof Hoder, Laura Kovács, and Andrei Voronkov. 2012. Playing in the grey area of proofs. In Proceedings of POPL 2012, 39th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, 259–272. https://doi.org/10.1145/2103656.2103689 Google ScholarDigital Library
- Ranjit Jhala and Rupak Majumdar. 2009. Software Model Checking. ACM Comput. Surv., 41, 4 (2009), Article 21, Oct., 54 pages. issn:0360-0300 https://doi.org/10.1145/1592434.1592438 Google ScholarDigital Library
- Ranjit Jhala and Kenneth L. McMillan. 2006. A Practical and Complete Approach to Predicate Refinement. In Proceedings of TACAS 2006, 12th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (Lecture Notes in Computer Science, Vol. 3920). Springer, 459–473. https://doi.org/10.1007/11691372_33 Google ScholarDigital Library
- Jacques-Henri Jourdan, Vincent Laporte, Sandrine Blazy, Xavier Leroy, and David Pichardie. 2015. A Formally-Verified C Static Analyzer. In Proceedings of POPL 2015, 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, 247–259. https://doi.org/10.1145/2676726.2676966 Google ScholarDigital Library
- Dexter Kozen. 1997. Kleene Algebra with Tests. ACM Trans. Program. Lang. Syst., 19, 3 (1997), May, 427–443. issn:0164-0925 https://doi.org/10.1145/256167.256195 Google ScholarDigital Library
- Dexter Kozen. 2000. On Hoare Logic and Kleene Algebra with Tests. ACM Trans. Comput. Logic, 1, 1 (2000), July, 60–76. issn:1529-3785 https://doi.org/10.1145/343369.343378 Google ScholarDigital Library
- Xavier Leroy. 2006. Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In Proceedings of POPL 2006, 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, 42–54. isbn:1-59593-027-2 https://doi.org/10.1145/1111037.1111042 Google ScholarDigital Library
- Claire Loiseaux, Susanne Graf, Joseph Sifakis, Ahmed Bouajjani, and Saddek Bensalem. 1995. Property preserving abstractions for the verification of concurrent systems. Formal Methods Syst. Des., 6 (1995), 11–44. https://doi.org/10.1007/BF01384313 Google ScholarDigital Library
- Antoine Miné. 2006. The octagon abstract domain. High. Order Symb. Comput., 19, 1 (2006), 31–100. https://doi.org/10.1007/s10990-006-8609-1 Google ScholarDigital Library
- Antoine Miné. 2017. Tutorial on Static Inference of Numeric Invariants by Abstract Interpretation. Foundations and Trends in Programming Languages, 4, 3-4 (2017), 120–372. https://doi.org/10.1561/2500000034 Google ScholarDigital Library
- David Monniaux and Julien Le Guen. 2012. Stratified Static Analysis Based on Variable Dependencies. Electron. Notes Theor. Comput. Sci., 288 (2012), 61–74. https://doi.org/10.1016/j.entcs.2012.10.008 Google ScholarDigital Library
- Martin Monperrus. 2018. Automatic Software Repair: A Bibliography. ACM Comput. Surv., 51, 1 (2018), 17:1–17:24. https://doi.org/10.1145/3105906 Google ScholarDigital Library
- Peter W. O’Hearn. 2020. Incorrectness logic. Proc. ACM Program. Lang., 4, POPL (2020), 10:1–10:32. https://doi.org/10.1145/3371078 Google ScholarDigital Library
- Benjamin Pierce. 2002. Types and Programming Languages. MIT Press. isbn:9780262162098Google Scholar
- Benjamin Pierce. 2004. Advanced Topics in Types and Programming Languages. The MIT Press. isbn:0262162288Google ScholarDigital Library
- Azalea Raad, Josh Berdine, Hoang-Hai Dang, Derek Dreyer, Peter W. O’Hearn, and Jules Villard. 2020. Local Reasoning About the Presence of Bugs: Incorrectness Separation Logic. In Proc. CAV 2020 (LNCS, Vol. 12225). Springer, 225–252. https://doi.org/10.1007/978-3-030-53291-8_14 Google ScholarDigital Library
- Francesco Ranzato and Francesco Tapparo. 2004. Strong Preservation as Completeness in Abstract Interpretation. In Proceedings of ESOP 2004, 13th European Symposium on Programming (Lecture Notes in Computer Science, Vol. 2986). Springer, 18–32. https://doi.org/10.1007/978-3-540-24725-8_3 Google ScholarCross Ref
- Francesco Ranzato and Francesco Tapparo. 2007. Generalized Strong Preservation by Abstract Interpretation. J. Log. Comput., 17, 1 (2007), 157–197. https://doi.org/10.1093/logcom/exl035 Google ScholarCross Ref
- Xavier Rival and Kwangkeun Yi. 2020. Introduction to Static Analysis – An Abstract Interpretation Perspective. MIT Press.Google Scholar
- Enric Rodríguez-Carbonell and Deepak Kapur. 2007. Automatic generation of polynomial invariants of bounded degree using abstract interpretation. Sci. Comput. Program., 64, 1 (2007), 54–75. https://doi.org/10.1016/j.scico.2006.03.003 Google ScholarDigital Library
- Enric Rodríguez-Carbonell and Deepak Kapur. 2007. Generating all polynomial invariants in simple loops. J. Symb. Comput., 42, 4 (2007), 443–476. https://doi.org/10.1016/j.jsc.2007.01.002 Google ScholarDigital Library
- Rahul Sharma, Aditya V. Nori, and Alex Aiken. 2012. Interpolants as Classifiers. In Proceedings of CAV 2012, 24th International Conference on Computer Aided Verification (Lecture Notes in Computer Science, Vol. 7358). Springer, 71–87. https://doi.org/10.1007/978-3-642-31424-7_11 Google ScholarDigital Library
- Rahul Sharma, Aditya V. Nori, and Alex Aiken. 2014. Bias-variance tradeoffs in program analysis. In Proceedings of POPL 2014, 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, 127–138. https://doi.org/10.1145/2535838.2535853 Google ScholarDigital Library
- Tachio Terauchi and Hiroshi Unno. 2015. Relaxed Stratification: A New Approach to Practical Complete Predicate Refinement. In Proceedings of ESOP 2015, 24th European Symposium on Programming (Lecture Notes in Computer Science, Vol. 9032). Springer, 610–633. https://doi.org/10.1007/978-3-662-46669-8_25 Google ScholarCross Ref
- Hiroshi Unno and Tachio Terauchi. 2015. Inferring Simple Solutions to Recursion-Free Horn Clauses via Sampling. In Proceedings of TACAS 2015, 21st International Conference on Tools and Algorithms for the Construction and Analysis of Systems (Lecture Notes in Computer Science, Vol. 9035). Springer, 149–163. https://doi.org/10.1007/978-3-662-46681-0_10 Google ScholarDigital Library
- Moshe Y. Vardi. 2021. Program Verification: Vision and Reality. Commun. ACM, 64, 7 (2021), 5. https://doi.org/10.1145/3469113 Google ScholarDigital Library
- Glynn Winskel. 1993. The Formal Semantics of Programming Languages: an Introduction. MIT press.Google ScholarDigital Library
Index Terms
- Abstract interpretation repair
Recommendations
A Correctness and Incorrectness Program Logic
Abstract interpretation is a well-known and extensively used method to extract over-approximate program invariants by a sound program analysis algorithm. Soundness means that no program errors are lost and it is, in principle, guaranteed by construction. ...
Refining Model Checking by Abstract Interpretation
Formal methods combining abstract interpretation and model-checking have been considered for automated analysis of software.
In abstract model-checking, the semantics of an infinite transition system is abstracted to get a finite approximation on which ...
Finding feasible abstract counter-examples
A strength of model checking is its ability to automate the detection of subtle system errors and produce traces that exhibit those errors. Given the high-computational cost of model checking most researchers advocate the use of aggressive property-...
Comments