Boolean and Cartesian Abstraction for Model Checking C Programs

We show how to attack the problem of model checking a C program with recursive procedures using an abstraction that we formally define as the composition of the Boolean and the Cartesian abstractions. It is implemented through a source-to-source transformation into a 'Boolean' C program; we give an algorithm to compute the transformation with a cost that is exponential in its theoretical worst-case complexity but feasible in practice.

[1]  Sriram K. Rajamani,et al.  Bebop: A Symbolic Model Checker for Boolean Programs , 2000, SPIN.

[2]  Joseph Sifakis,et al.  Property preserving abstractions for the verification of concurrent systems , 1995, Formal Methods Syst. Des..

[3]  Rance Cleaveland,et al.  Optimality in Abstractions of Model Checking , 1995, SAS.

[4]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[5]  Bernhard Steffen,et al.  Data Flow Analysis as Model Checking , 1990, TACS.

[6]  Roberto Giacobazzi,et al.  Making abstract interpretations complete , 2000, JACM.

[7]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[8]  Andreas Podelski Model Checking as Constraint Solving , 2000, SAS.

[9]  David A. Schmidt Data flow analysis is model checking of abstract interpretations , 1998, POPL '98.

[10]  David L. Dill,et al.  Experience with Predicate Abstraction , 1999, CAV.

[11]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[12]  Patrick Cousot,et al.  Formal language, grammar and set-constraint-based program analysis by abstract interpretation , 1995, FPCA '95.

[13]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[14]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[15]  Thomas W. Reps,et al.  Program analysis via graph reachability , 1997, Inf. Softw. Technol..

[16]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[17]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[18]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[19]  Orna Grumberg,et al.  Abstract interpretation of reactive systems , 1997, TOPL.

[20]  Radha Jagadeesan,et al.  Modal Transition Systems: A Foundation for Three-Valued Program Analysis , 2001, ESOP.