Value Slice: A New Slicing Concept for Scalable Property Checking

A backward slice is a commonly used preprocessing step for scaling property checking. For large programs though, the reduced size of the slice may still be too large for verifiers to handle. We propose an aggressive slicing method that, apart from slicing out the same statements as backward slice, also eliminates computations that only decide whether the point of property assertion is reachable. However, for precision, we also carefully identify and retain all computations that influence the values of the variables in the property. The resulting slice, called value slice, is smaller and scales better for property checking than backward slice. We carry experiments on property checking of industry strength programs using three comparable slicing techniques: backward slice, value slice and an even more aggressive slicing technique called thin slice that retains only those statements on which the variables in the property are data dependent. While backward slicing enables highest precision and thin slice scales best, value slice based property checking comes close to the best in both scalability and precision. This makes value slice a good compromise between backward and thin slice for property checking.

[1]  Joe D. Warren,et al.  The program dependence graph and its use in optimization , 1987, TOPL.

[2]  Keshav Pingali,et al.  A framework for generalized control dependence , 1996, PLDI '96.

[3]  Claudio Carpineto,et al.  A Survey of Automatic Query Expansion in Information Retrieval , 2012, CSUR.

[4]  Mark Harman,et al.  An empirical study of static program slice size , 2007, TSEM.

[5]  Daniel Jackson,et al.  Chopping: A Generalization of Slicing , 1994 .

[6]  Janusz W. Laski,et al.  Dynamic Program Slicing , 1988, Inf. Process. Lett..

[7]  Josep Silva,et al.  A vocabulary of program slicing-based techniques , 2012, CSUR.

[8]  Mark Weiser,et al.  Program Slicing , 1981, IEEE Transactions on Software Engineering.

[9]  Johnson M. Hart,et al.  Program Slicing Using Weakest Preconditions , 1996, FME.

[10]  Shrawan Kumar,et al.  Effective false positive filtering for evolving software , 2011, ISEC.

[11]  Aniello Cimitile,et al.  Conditioned program slicing , 1998, Inf. Softw. Technol..

[12]  Shrawan Kumar,et al.  Static program analysis of large embedded code base: an experience , 2011, ISEC.

[13]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[14]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[15]  Robert E. Tarjan,et al.  Depth-First Search and Linear Graph Algorithms , 1972, SIAM J. Comput..

[16]  Daniel Kroening,et al.  SATABS: SAT-Based Predicate Abstraction for ANSI-C , 2005, TACAS.

[17]  Bernard Carré,et al.  Information-flow and data-flow analysis of while-programs , 1985, TOPL.

[18]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1988, SIGP.

[19]  Manu Sridharan,et al.  Thin slicing , 2007, PLDI '07.

[20]  Pedro Rangel Henriques,et al.  Assertion-based Slicing and Slice Graphs , 2010, SEFM.