Counter-Example Guided Program Verification

This paper presents a novel counter-example guided abstraction refinement algorithm for the automatic verification of concurrent programs. Our algorithm proceeds in different steps. It first constructs an abstraction of the original program by slicing away a given subset of variables. Then, it uses an external model checker as a backend tool to analyze the correctness of the abstract program. If the model checker returns that the abstract program is safe then we conclude that the original one is also safe. If the abstract program is unsafe, we extract an “abstract” counter-example. In order to check if the abstract counter-example can lead to a real counter-example of the original program, we add back to the abstract counter-example all the omitted variables (that have been sliced away) to obtain a new program. Then, we call recursively our algorithm on the new obtained program. If the recursive call of our algorithm returns that the new program is unsafe, then we can conclude that the original program is also unsafe and our algorithm terminates. Otherwise, we refine the abstract program by removing the abstract counter-example from its set of possible runs. Finally, we repeat the procedure with the refined abstract program. We have implemented our algorithm, and run it successfully on the concurrency benchmarks in SV-COMP15. Our experimental results show that our algorithm significantly improves the performance of the backend tool.

[1]  William R. Harris,et al.  Program analysis via satisfiability modulo path programs , 2010, POPL '10.

[2]  Parosh Aziz Abdulla,et al.  Stateless model checking for TSO and PSO , 2015, Acta Informatica.

[3]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[4]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[5]  Thomas A. Henzinger,et al.  The software model checker Blast , 2007, International Journal on Software Tools for Technology Transfer.

[6]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[7]  Sagar Chaki,et al.  Automatic Abstraction in SMT-Based Unbounded Software Model Checking , 2013, CAV.

[8]  Parosh Aziz Abdulla,et al.  Optimal dynamic partial order reduction , 2014, POPL.

[9]  Lucas C. Cordeiro,et al.  Verifying multi-threaded software using smt-based context-bounded model checking , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[10]  Zohar Manna,et al.  Time for Verification, Essays in Memory of Amir Pnueli , 2010, Essays in Memory of Amir Pnueli.

[11]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[12]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[13]  Padmanabhan Krishnan,et al.  A Method for Scalable and Precise Bug Finding Using Program Analysis and Model Checking , 2014, APLAS.

[14]  Thomas A. Henzinger,et al.  The software model checker B last : Applications to software engineering , 2007 .

[15]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[16]  Nissim Francez,et al.  Program verification , 1992, International computer science series.

[17]  Robert S. Boyer,et al.  Program Verification , 1985, J. Autom. Reason..

[18]  Shuvendu K. Lahiri,et al.  A Solver for Reachability Modulo Theories , 2012, CAV.

[19]  Dirk Beyer,et al.  CPAchecker: A Tool for Configurable Software Verification , 2009, CAV.

[20]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[21]  Helmut Veith,et al.  The Localization Reduction and Counterexample-Guided Abstraction Refinement , 2010, Essays in Memory of Amir Pnueli.

[22]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[23]  Hassen Saïdi,et al.  Model Checking Guided Abstraction and Analysis , 2000, SAS.

[24]  Sorav Bansal,et al.  Variable and thread bounding for systematic testing of multithreaded programs , 2012, ISSTA.