Program verification via iterated specialization

We present a method for verifying properties of imperative programs by using techniques based on the specialization of constraint logic programs (CLP). We consider a class of imperative programs with integer variables and we focus our attention on safety properties, stating that no error configuration can be reached from any initial configuration. We introduce a CLP program I that encodes the interpreter of the language and defines a predicate unsafe equivalent to the negation of the safety property to be verified. Then, we specialize the CLP program I with respect to the given imperative program and the given initial and error configurations, with the objective of deriving a new CLP program Isp that either contains the fact unsafe (and in this case the imperative program is proved unsafe) or contains no clauses with head unsafe (and in this case the imperative program is proved safe). If Isp enjoys neither of these properties, we iterate the specialization process with the objective of deriving a CLP program where we can prove unsafety or safety. During the various specializations we may apply di erent strategies for propagating information (either propagating forward from an initial configuration to an error configuration, or propagating backward from an error configuration to an initial configuration) and di erent operators (such as the widening and the convex hull operators) for generalizing predicate definitions. Each specialization step is guaranteed to terminate, but due to the undecidability of program safety, the iterated specialization process may not terminate. By an experimental evaluation carried out on a significant set of examples taken from the literature, we show that our method improves the precision of program verification with respect to state-of-the-art software model checkers.

[1]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[2]  Alberto Pettorossi,et al.  Using Real Relaxations during Program Specialization , 2011, LOPSTR.

[3]  Alberto Pettorossi,et al.  VeriMAP: A Tool for Verifying Programs through Transformations , 2014, TACAS.

[4]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[5]  Alberto Pettorossi,et al.  Transformation Rules for Locally Stratified Constraint Logic Programs , 2004, Program Development in Computational Logic.

[6]  Jorge A. Navas,et al.  Symbolic Execution for Verification , 2011, ArXiv.

[7]  Michael J. Maher,et al.  Constraint Logic Programming: A Survey , 1994, J. Log. Program..

[8]  John McCarthy,et al.  Towards a Mathematical Science of Computation , 1962, IFIP Congress.

[9]  Andrey Rybalchenko Constraint Solving for Program Verification: Theory and Practice by Example , 2010, CAV.

[10]  Maurice Bruynooghe,et al.  Under Consideration for Publication in Theory and Practice of Logic Programming Logic Program Specialisation through Partial Deduction: Control Issues , 2022 .

[11]  Andreas Podelski,et al.  ARMC: The Logical Choice for Software Model Checking with Abstraction Refinement , 2007, PADL.

[12]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[13]  Hassen Saïdi,et al.  Model Checking Guided Abstraction and Analysis , 2000, SAS.

[14]  Francesco Ranzato,et al.  A Forward-Backward Abstraction Refinement Algorithm , 2008, VMCAI.

[15]  Ashutosh Gupta,et al.  HSF(C): A Software Verifier Based on Horn Clauses - (Competition Contribution) , 2012, TACAS.

[16]  Sandro Etalle,et al.  Transformations of CLP Modules , 1996, Theor. Comput. Sci..

[17]  Alastair F. Donaldson,et al.  Software Model Checking , 2014, Computing Handbook, 3rd ed..

[18]  Supratik Chakraborty,et al.  Automatically Refining Abstract Interpretations , 2008, TACAS.

[19]  Alberto Pettorossi,et al.  Specialization with Constrained Generalization for Software Model Checking , 2012, LOPSTR.

[20]  Danny De Schreye,et al.  Controlling generalization and polyvariance in partial deduction of normal logic programs , 1998, TOPL.

[21]  Alberto Pettorossi,et al.  Generalization strategies for the verification of infinite state systems , 2011, Theory and Practice of Logic Programming.

[22]  John P. Gallagher,et al.  Analysis of Imperative Programs through Analysis of Constraint Logic Programs , 1998, SAS.

[23]  Jorge A. Navas,et al.  TRACER: A Symbolic Execution Tool for Verification , 2012, CAV.

[24]  Ashutosh Gupta,et al.  InvGen: An Efficient Invariant Generator , 2009, CAV.

[25]  Nikolaj Bjørner,et al.  Program Verification as Satisfiability Modulo Theories , 2013, SMT@IJCAR.

[26]  Alberto Pettorossi,et al.  Automated strategies for specializing constraint logic programs , 2000, LOPSTR.

[27]  Dirk Beyer,et al.  Second Competition on Software Verification - (Summary of SV-COMP 2013) , 2013, TACAS.

[28]  Thierry Massart,et al.  Infinite State Model Checking by Abstract Interpretation and Program Specialisation , 1999, LOPSTR.

[29]  John P. Gallagher,et al.  Convex Hull Abstractions in Specialization of CLP Programs , 2002, LOPSTR.

[30]  John P. Gallagher,et al.  Tutorial on specialisation of logic programs , 1993, PEPM '93.

[31]  Andrey Rybalchenko,et al.  Synthesizing software verifiers from proof rules , 2012, PLDI.

[32]  Andrew E. Santosa,et al.  An Interpolation Method for CLP Traversal , 2009, CP.

[33]  Darren D. Cofer,et al.  Software model checking takes off , 2010, Commun. ACM.

[34]  Alberto Pettorossi,et al.  Verifying Array Programs by Transforming Verification Conditions , 2014, VMCAI.

[35]  Patrick Cousot,et al.  Fixpoint-Guided Abstraction Refinements , 2007, SAS.

[36]  Alberto Pettorossi,et al.  Verifying programs via iterated specialization , 2013, PEPM '13.

[37]  S. Rajamani,et al.  A decade of software model checking with SLAM , 2011, Commun. ACM.

[38]  Alberto Pettorossi,et al.  Improving Reachability Analysis of Infinite State Systems by Specialization , 2011, Fundam. Informaticae.

[39]  Derek R. Brough Grammar-related transformations of logic programs , 2009, New Generation Computing.

[40]  David Scott Warren,et al.  A System for Tabled Constraint Logic Programming , 2000, Computational Logic.

[41]  Michael J. Maher,et al.  The Semantics of Constraint Logic Programs , 1998, J. Log. Program..

[42]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[43]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[44]  Thomas A. Henzinger,et al.  The software model checker B last : Applications to software engineering , 2007 .