Counterexamples with Loops for Predicate Abstraction

Predicate abstraction is a major abstraction technique for the verification of software. Data is abstracted by means of Boolean variables, which keep track of predicates over the data. In many cases, the technique suffers from the fact that it requires at least one predicate for each iteration of a loop construct in the program. We propose to extract looping counterexamples from the abstract model, and to parameterize the simulation instance in the number of loop iterations.

[1]  Stephan Merz,et al.  Model Checking , 2000 .

[2]  Daniel Kroening,et al.  Predicate Abstraction of ANSI-C Programs Using SAT , 2004, Formal Methods Syst. Des..

[3]  Alessandro Armando,et al.  Software Model Checking Using Linear Constraints , 2004, ICFEM.

[4]  Yichen Xie,et al.  Zing: Exploiting Program Structure for Model Checking Concurrent Software , 2004, CONCUR.

[5]  Alessandro Armando,et al.  Model Checking Linear Programs with Arrays , 2006, Electron. Notes Theor. Comput. Sci..

[6]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[7]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[8]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[9]  Andreas Podelski,et al.  A Complete Method for the Synthesis of Linear Ranking Functions , 2004, VMCAI.

[10]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[11]  Andreas Podelski,et al.  Boolean and Cartesian abstraction for model checking C programs , 2001, International Journal on Software Tools for Technology Transfer.

[12]  Andreas Podelski,et al.  Abstraction Refinement for Termination , 2005, SAS.

[13]  Javier Esparza,et al.  Efficient Algorithms for Model Checking Pushdown Systems , 2000, CAV.

[14]  Helmut Seidl,et al.  Precise interprocedural analysis through linear algebra , 2004, POPL.

[15]  Sriram K. Rajamani,et al.  Boolean Programs: A Model and Process for Software Analysis , 2000 .

[16]  Igor L. Markov,et al.  PBS: A Backtrack-Search Pseudo-Boolean Solver and Optimizer , 2000 .

[17]  Sriram K. Rajamani,et al.  Bebop: A Symbolic Model Checker for Boolean Programs , 2000, SPIN.

[18]  Sriram K. Rajamani,et al.  SLAM and Static Driver Verifier: Technology Transfer of Formal Methods inside Microsoft , 2004, IFM.

[19]  Rupak Majumdar,et al.  Path slicing , 2005, PLDI '05.

[20]  Jian Zhang A path-based approach to the detection of infinite looping , 2001, Proceedings Second Asia-Pacific Conference on Quality Software.

[21]  Sriram K. Rajamani,et al.  Generating Abstract Explanations of Spurious Counterexamples in C Programs , 2002 .

[22]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, POPL.

[23]  David Gries,et al.  The Science of Programming , 1981, Text and Monographs in Computer Science.

[24]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[25]  Daniel Kroening,et al.  Symbolic Model Checking for Asynchronous Boolean Programs , 2005, SPIN.

[26]  Kyle A. Gallivan,et al.  A unified framework for nonlinear dependence testing and symbolic analysis , 2004, ICS '04.