Cormac Flanagan
Shaz Qadeer
ABSTRACT
Software verification is an important and difficult problem. Many static checking techniques for software require annotations from the programmer in the form of method specifications and loop invariants. This annotation overhead, particularly of loop invariants, is a significant hurdle in the acceptance of static checking. We reduce the annotation burden by inferring loop invariants automatically.Our method is based on predicate abstraction, an abstract interpretation technique in which the abstract domain is constructed from a given set of predicates over program variables. A novel feature of our approach is that it infers universally-quantified loop invariants, which are crucial for verifying programs that manipulate unbounded data such as arrays. We present heuristics for generating appropriate predicates for each loop automatically; the programmer can specify additional predicates as well. We also present an efficient algorithm for computing the abstraction of a set of states in terms of a collection of predicates.Experiments on a 44KLOC program show that our approach can automatically infer the necessary predicates and invariants for all but 31 of the 396 routines that contain loops.
- BBM97.N.S.Bj~rner,A.Browne,and Z.Manna.Automatic generation of invariants and intermediate assertions. Theoretical Computer Science 173(1):49 -87,1997.]] Google Scholar
Digital Library
- BLS96.S.Bensalem,Y.Lakhnech,and H.Saidi.Powerful techniques for the automatic eneration of invariants. In R.Alur and T.A.Henzinger,editors,CAV 96: Computer Aided Verification Lecture Notes in Computer Science 1102,pages 325 -335.Springer-Verlag, 1996.]] Google ScholarDigital Library
- BMMR01.T.Ball,R.Majumdar,T.Millstein,and S.K.Rajamani.Automatic predicate abstraction of C programs.In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI),pages 203 -213,2001.]] Google ScholarDigital Library
- Bry86.R.E.Bryant.Graph-based algorithms for boolean function manipulation.IEEE Transactions on Computers C-35(8):677 -691,1986.]] Google ScholarDigital Library
- BvW98.R.-J.Back and J.von Wright.Refinement Calculus: A Systematic Introduction Graduate Texts in Computer Science.Springer-Verlag,1998.]] Google ScholarDigital Library
- CC77.P.Cousot and R.Cousot.Abstract interpretation: a uni .ed lattice model for the static analysis of programs by construction or approximation of fixpoints. In Proceedings of the Fourth Annual Symposium on Principles of Programming Languages ACM Press, 1977.]] Google ScholarDigital Library
- CGJ+00.E.M.Clarke,O.Grumber ,S.Jha,Y.Lu,and H.Veith.Counterexample-uided abstraction refinement.In E.A.Emerson and A.P.Sistla,editors,CAV 2000: Computer Aided Verification Lecture Notes in Computer Science 1855,pages 154 -169.Springer- Verlag,2000.]] Google ScholarDigital Library
- CH78.P.Cousot and N.Halbwachs.Automatic discovery of linear restraints amon variables of a pro ram.In Proceedings of the 5th Annual Symposium on Princiles of Programming Languages pages 84 -96.ACM Press,1978.]] Google ScholarDigital Library
- DDP99.S.Das,D.L.Dill,and S.Park.Experience with predicate abstraction.In N.Halbwachs and D.Peled, editors,CAV 99: Computer Aided Verification Lecture Notes in Computer Science 1633,pages 160 -171. Springer-Verlag,1999.]] Google ScholarDigital Library
- Dij76.E.W.Dijkstra.A Discipline of Programming Prentice-Hall,1976.]] Google ScholarDigital Library
- DLNS98.D.L.Detlefs,K.R.M.Leino,C.G.Nelson,and J.B. Saxe.Extended static checking.Research Report 159,Compaq Systems Research Center,December 1998.]]Google Scholar
- FS01.C.Flanagan and J.B.Saxe.Avoiding exponential explosion:Generating compact verification conditions. In Conference Record of the 28th Annual ACM Symposium on Principles of Programming Languages pages 193 -205.ACM,January 2001.]] Google ScholarDigital Library
- GS97.S.Graf and H.Saidi.Construction of abstract state graphs with PVS.In O.Grumber, editor,CAV 97: Computer Aided Verification Lecture Notes in Computer Science 1254,pages 72 -83.Springer-Verlag, 1997.]] Google ScholarDigital Library
- GW74.I.Greif and R.Waldin er.A more mechanical heuristic approach to program veri .cation.In Proceedings of the International Symposium on Programming pages 83 -90,1974.]] Google ScholarDigital Library
- GW75.S.M.German and B.Wegbreit.A synthesizer of inductive assertions.IEEE Transactions on Software Engineering SE-1(1):68 -75,1975.]]Google ScholarDigital Library
- KM76.S.M.Katz and Z.Manna.A logical analysis of programs.Communications of the ACM 19(4):188 -206, 1976.]] Google ScholarDigital Library
- LSS99.K.R.M.Leino,J.B.Saxe,and R.Stata.Checkin Java programs via guarded commands.In Bart Jacobs,Gary T.Leavens,Peter Muller,and Arnd Poetzsch-Heffter,editors,Formal Techniques for Java Programs Technical Report 251.Fernuniversitat Hagen,May 1999.]]Google Scholar
- MP92.Z.Manna and A.Pnueli.The Temporal Logic of Reactive and Concurrent Systems: Specification Springer-Verlag,1992.]] Google ScholarDigital Library
- Nel81.C.G.Nelson.Techniques for program verification. Technical Report CSL-81-10,Xerox Palo Alto Research Center,1981.]]Google Scholar
- Nel89.C.G.Nelson.A eneralization of Dijkstra's calculus. ACM Transactions on Programming Languages and Systems 11(4):517 -561,1989.]] Google ScholarDigital Library
- SI77.N.Suzuki and K.Ishihata.Implementation of an array bound checker.In Proceedings of the 4th Annual Symposium on Principles of Programming Languages pages 132 -143.ACM Press,1977.]] Google ScholarDigital Library
- SS99.S.Saidi and N.Shankar.Abstract and model check while you prove.In N.Halbwachs and D.Peled,editors,CAV 99: Computer Aided Verification Lecture Notes in Computer Science 1633,pages 443 -454. Springer-Verlag,1999.]] Google ScholarDigital Library
- TML97.C.A.Thekkath,T.Mann,and E.K.Lee.Frangipani: A scalable distributed file system.In Proceedings of the 16th ACM Symposium on Operating Systems Principles pages 224 -237,October 1997.]] Google ScholarDigital Library
- Weg74.B.We breit.The synthesis of loop predicates.Communications of the ACM 17(2):102 -112,1974.]] Google ScholarDigital Library
- Predicate abstraction for software verification
Recommendations
Automatic predicate abstraction of C programs
PLDI '01: Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementationModel checking has been widely successful in validating and debugging designs in the hardware and protocol domains. However, state-space explosion limits the applicability of model checking tools, so model checkers typically operate on abstractions of ...
Transition predicate abstraction and fair termination
POPL '05: Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languagesPredicate abstraction is the basis of many program verification tools. Until now, the only known way to overcome the inherent limitation of predicate abstraction to safety properties was to manually annotate the finite-state abstraction of a program. We ...
Transition predicate abstraction and fair termination
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languagesPredicate abstraction is the basis of many program verification tools. Until now, the only known way to overcome the inherent limitation of predicate abstraction to safety properties was to manually annotate the finite-state abstraction of a program. We ...
Comments