Abstraction Refinement for 3-Valued-Logic Analysis

ion Refinement for 3-Valued-Logic Analysis Alexey Loginov, Thomas Reps, and Mooly Sagiv 1 Comp. Sci. Dept., University of Wisconsin; {alexey,reps}@cs.wisc.edu 2 School of Comp. Sci., Tel-Aviv University; msagiv@post.tau.ac.il Abstract. This paper concerns the question of how to create abstractions that are useful for program analysis. It presents a method that refines an abstraction automatically for analysis problems in which the semantics of statements and the query of interest are expressed using logical formulas. Refinement is carried out by introducing new instrumentation relations (defined via logical formulas over core relations, which capture the basic properties of memory configurations). A tool that incorporates the algorithm has been implemented and applied to several algorithms that manipulate linked lists and binary-search trees. In all but a few cases, the tool is able to demonstrate (i) the partial correctness of the algorithms, and (ii) that the algorithms possess additional properties—e.g., stability or antistability. This paper concerns the question of how to create abstractions that are useful for program analysis. It presents a method that refines an abstraction automatically for analysis problems in which the semantics of statements and the query of interest are expressed using logical formulas. Refinement is carried out by introducing new instrumentation relations (defined via logical formulas over core relations, which capture the basic properties of memory configurations). A tool that incorporates the algorithm has been implemented and applied to several algorithms that manipulate linked lists and binary-search trees. In all but a few cases, the tool is able to demonstrate (i) the partial correctness of the algorithms, and (ii) that the algorithms possess additional properties—e.g., stability or antistability.

[1]  David L. Dill,et al.  Counter-Example Based Predicate Discovery in Predicate Abstraction , 2002, FMCAD.

[2]  Matthew B. Dwyer,et al.  Automated environment generation for software model checking , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[3]  David L. Dill,et al.  Successive approximation of abstract transition relations , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[4]  Thomas W. Reps,et al.  Putting static analysis to work for verification: A case study , 2000, ISSTA '00.

[5]  Yassine Lakhnech,et al.  Incremental Verification by Abstraction , 2001, TACAS.

[6]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[7]  Sriram K. Rajamani,et al.  The SLAM Toolkit , 2001, CAV.

[8]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[9]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[10]  Vlad Rusu,et al.  On Proving Safety Properties by Integrating Static Analysis, Theorem Proving and Abstraction , 1999, TACAS.

[11]  Sriram K. Rajamani,et al.  Generating Abstract Explanations of Spurious Counterexamples in C Programs , 2002 .

[12]  Thomas W. Reps,et al.  Symbolically Computing Most-Precise Abstract Operations for Shape Analysis , 2004, TACAS.

[13]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[14]  Patrice Godefroid,et al.  Automatically closing open reactive programs , 1998, PLDI.

[15]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[16]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[17]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[18]  Thomas A. Henzinger,et al.  Thread-Modular Abstraction Refinement , 2003, CAV.

[19]  Thomas W. Reps,et al.  Numeric Domains with Summarized Dimensions , 2004, TACAS.

[20]  Deepak Goyal,et al.  Deriving specialized program analyses for certifying component-client conformance , 2002, PLDI '02.