Using Counterexamples for Improving the Precision of Reachability Computation with Polyhedra

We present an extrapolation with care set operator to accelerate termination of reachability computation with polyhedra. At the same time, a counterexample guided refinement algorithm is used to iteratively expand the care set to improve the precision of the reachability computation. We also introduce two heuristic algorithms called interpolate and restrict to minimize the polyhedral representations without reducing the accuracy. We present some promising experimental results from a preliminary implementation of these techniques.

[1]  Sriram Sankaranarayanan,et al.  Static Analysis in Disjunctive Numerical Domains , 2006, SAS.

[2]  Nicolas Halbwachs,et al.  Verification of Real-Time Systems using Linear Relation Analysis , 1997, Formal Methods Syst. Des..

[3]  Pierre Deransart,et al.  Programming Languages Implementation and Logic Programming , 1989, Lecture Notes in Computer Science.

[4]  Sriram K. Rajamani,et al.  Counterexample Driven Refinement for Abstract Interpretation , 2006, TACAS.

[5]  Nicolas Halbwachs,et al.  Delay Analysis in Synchronous Programs , 1993, CAV.

[6]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[7]  Nicolas Halbwachs,et al.  Dynamic Partitioning in Analyses of Numerical Properties , 1999, SAS.

[8]  Chao Wang,et al.  Disjunctive Image Computation for Embedded Software Verification , 2006, Proceedings of the Design Automation & Test in Europe Conference.

[9]  Richard Gerber,et al.  Verifying systems with integer constraints and Boolean predicates: a composite approach , 1998, ISSTA '98.

[10]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[11]  Chao Wang,et al.  Model checking C programs using F-Soft , 2005, 2005 International Conference on Computer Design.

[12]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[13]  William Pugh,et al.  Going Beyond Integer Programming with the Omega Test to Eliminate False Data Dependences , 1995, IEEE Trans. Parallel Distributed Syst..

[14]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[15]  Chuan Yi Tang,et al.  A 2.|E|-Bit Distributed Algorithm for the Directed Euler Trail Problem , 1993, Inf. Process. Lett..

[16]  Chao Wang,et al.  Disjunctive image computation for software verification , 2007, TODE.

[17]  Steve Alten,et al.  Omega Project , 1978, Encyclopedia of Parallel Computing.

[18]  Marvin V. Zelkowitz,et al.  Programming Languages: Design and Implementation , 1975 .

[19]  Jerzy Tiuryn,et al.  Logics of Programs , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[20]  Chao Wang,et al.  Mixed symbolic representations for model checking software programs , 2006, Fourth ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2006. MEMOCODE '06. Proceedings..

[21]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[22]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[23]  Panos J. Antsaklis,et al.  Hybrid Systems II , 1994, Lecture Notes in Computer Science.

[24]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[25]  Carlo Ghezzi,et al.  Using symbolic execution for verifying safety-critical systems , 2001, ESEC/FSE-9.

[26]  Thomas A. Henzinger,et al.  A Note on Abstract Interpretation Strategies for Hybrid Automata , 1994, Hybrid Systems.

[27]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[28]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[29]  Roberto Bagnara,et al.  Precise widening operators for convex polyhedra , 2003, Sci. Comput. Program..

[30]  Robert K. Brayton,et al.  Heuristic Minimization of BDDs Using Don't Cares , 1994, 31st Design Automation Conference.

[31]  P. Hill,et al.  Widening operators for powerset domains , 2006 .

[32]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[33]  M HillPatricia,et al.  The Parma Polyhedra Library , 2008 .

[34]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[35]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[36]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[37]  Zijiang Yang,et al.  F-Soft: Software Verification Platform , 2005, CAV.

[38]  Thomas W. Reps,et al.  Lookahead Widening , 2006, CAV.