Predicate abstraction with adjustable-block encoding

Several successful software model checkers are based on a technique called single-block encoding (SBE), which computes costly predicate abstractions after every single program operation. Large-block encoding (LBE) computes abstractions only after a large number of operations, and it was shown that this significantly improves the verification performance. In this work, we present adjustable-block encoding (ABE), a unifying framework that allows to express both previous approaches. In addition, it provides the flexibility to specify any block size between SBE and LBE, and also beyond LBE, through the adjustment of one single parameter. Such a unification of different concepts makes it easier to understand the fundamental properties of the analysis, and makes the differences of the variants more explicit. We evaluate different configurations on example C programs, and identify one that is currently the best.

[1]  Thomas A. Henzinger,et al.  Configurable Software Verification: Concretizing the Convergence of Model Checking and Program Analysis , 2007, CAV.

[2]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[3]  Dirk Beyer,et al.  Software model checking via large-block encoding , 2009, 2009 Formal Methods in Computer-Aided Design.

[4]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[5]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[6]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[7]  Rupak Majumdar,et al.  CSIsat: Interpolation for LA+EUF , 2008, CAV.

[8]  Sriram K. Rajamani,et al.  SLAM and Static Driver Verifier: Technology Transfer of Formal Methods inside Microsoft , 2004, IFM.

[9]  Andreas Podelski,et al.  Boolean and Cartesian abstraction for model checking C programs , 2001, International Journal on Software Tools for Technology Transfer.

[10]  Albert Oliveras,et al.  SMT Techniques for Fast Predicate Abstraction , 2006, CAV.

[11]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, POPL.

[12]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[13]  Alan J. Hu,et al.  Calysto: scalable and precise extended static checking , 2008, ICSE.

[14]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[15]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[16]  William Craig,et al.  Linear reasoning. A new form of the Herbrand-Gentzen theorem , 1957, Journal of Symbolic Logic.

[17]  Daniel Kroening,et al.  SATABS: SAT-Based Predicate Abstraction for ANSI-C , 2005, TACAS.

[18]  Thomas A. Henzinger,et al.  The software model checker B last : Applications to software engineering , 2007 .

[19]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[20]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[21]  Andreas Podelski,et al.  Boolean and Cartesian Abstraction for Model Checking C Programs , 2001, TACAS.

[22]  K. Rustan M. Leino,et al.  Weakest-precondition of unstructured programs , 2005, PASTE '05.