Lazy abstraction

One approach to model checking software is based on the abstract-check-refine paradigm: build an abstract model, then check the desired property, and if the check fails, refine the model and start over. We introduce the concept of lazy abstraction to integrate and optimize the three phases of the abstract-check-refine loop. Lazy abstraction continuously builds and refines a single abstract model on demand, driven by the model checker, so that different parts of the model may exhibit different degrees of precision, namely just enough to verify the desired property. We present an algorithm for model checking safety properties using lazy abstraction and describe an implementation of the algorithm applied to C programs. We also provide sufficient conditions for the termination of the method.

[1]  A. Turing On Computable Numbers, with an Application to the Entscheidungsproblem. , 1937 .

[2]  John McCarthy,et al.  Correctness of a compiler for arithmetic expressions , 1966 .

[3]  ZOHAR MANNA,et al.  The Correctness of Programs , 1969, J. Comput. Syst. Sci..

[4]  Patrick J. Hayes,et al.  Computation and Deduction , 1973, MFCS.

[5]  Gary A. Kildall,et al.  A unified approach to global program optimization , 1973, POPL.

[6]  C. V. Ramamoorthy,et al.  On the Automated Generation of Program Test Data , 1976, IEEE Transactions on Software Engineering.

[7]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[8]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[9]  Lori A. Clarke,et al.  A System to Generate Test Data and Symbolically Execute Programs , 1976, IEEE Transactions on Software Engineering.

[10]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[11]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[12]  Jayadev Misra,et al.  Assertion Graphs for Verifying and Synthesizing Programs , 1978 .

[13]  Robin Milner,et al.  A Theory of Type Polymorphism in Programming , 1978, J. Comput. Syst. Sci..

[14]  Glenford J. Myers,et al.  Art of Software Testing , 1979 .

[15]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[16]  K. Mani Chandy,et al.  Proofs of Networks of Processes , 1981, IEEE Transactions on Software Engineering.

[17]  David Gries,et al.  The Science of Programming , 1981, Text and Monographs in Computer Science.

[18]  Joseph M. Morris A General Axiom of Assignment , 1982 .

[19]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[20]  Robin Milner,et al.  Principal type-schemes for functional programs , 1982, POPL '82.

[21]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[22]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[23]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[24]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[25]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[26]  Martín Abadi,et al.  The existence of refinement mappings , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[27]  Philip Wadler,et al.  Linear Types can Change the World! , 1990, Programming Concepts and Methods.

[28]  Edith Schonberg,et al.  Detecting access anomalies in programs with critical sections , 1991, PADD '91.

[29]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[30]  Alon Itai,et al.  Timing Verification by Successive Approximation , 1992, CAV.

[31]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[32]  Furio Honsell,et al.  A framework for defining logics , 1993, JACM.

[33]  Glynn Winskel,et al.  The formal semantics of programming languages - an introduction , 1993, Foundation of computing series.

[34]  Nicholas Sterling,et al.  WARLOCK - A Static Data Race Analysis Tool , 1993, USENIX Winter.

[35]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[36]  Lori A. Clarke,et al.  Data flow analysis for verifying properties of concurrent programs , 1994, SIGSOFT '94.

[37]  Pierre Wolper,et al.  Symbolic Verification with Periodic Sets , 1994, CAV.

[38]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[39]  Bernard Boigelot,et al.  Symbolic Veri cation with Periodic Sets ? , 1994 .

[40]  Chuck Allison Data abstraction , 1995 .

[41]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[42]  Thomas A. Henzinger,et al.  Computing simulations on finite and infinite graphs , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[43]  David E. Evans,et al.  Static detection of dynamic memory errors , 1996, PLDI '96.

[44]  N. Shankar,et al.  Pvs: Combining Speciication, Proof Checking, and Model Checking ? 1 Combining Theorem Proving and Typechecking , 1996 .

[45]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[46]  Patrice Godefroid,et al.  Symbolic Verification of Communication Protocols with Infinite State Spaces Using QDDs (Extended Abstract) , 1996, CAV.

[47]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multi-threaded programs , 1997, TOCS.

[48]  Rajiv Gupta,et al.  Interprocedural conditional branch elimination , 1997, PLDI '97.

[49]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[50]  Pavel Pudlák,et al.  Lower bounds for resolution and cutting plane proofs and monotone computations , 1997, Journal of Symbolic Logic.

[51]  Robert O'Callahan,et al.  Lackwit: A Program Understanding Tool Based on Type Inference , 1997, Proceedings of the (19th) International Conference on Software Engineering.

[52]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[53]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[54]  Kenneth L. McMillan,et al.  A Compositional Rule for Hardware Design Refinement , 1997, CAV.

[55]  Jan Krajícek,et al.  Interpolation theorems, lower bounds for proof systems, and independence results for bounded arithmetic , 1997, Journal of Symbolic Logic.

[56]  George C. Necula,et al.  Efficient representation and validation of proofs , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[57]  Ásgeir Th. Eiríksson The Formal Design of 1M-gate ASICs , 1998, FMCAD.

[58]  Arnaud Gotlieb,et al.  Automatic test data generation using constraint solving techniques , 1998, ISSTA '98.

[59]  Thomas A. Henzinger,et al.  Formal specification and verification of a dataflow processor array , 1999, 1999 IEEE/ACM International Conference on Computer-Aided Design. Digest of Technical Papers (Cat. No.99CH37051).

[60]  Alain Finkel,et al.  On the verification of broadcast protocols , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[61]  Natarajan Shankar,et al.  Abstract and Model Check While You Prove , 1999, CAV.

[62]  Alexander Aiken,et al.  A theory of type qualifiers , 1999, PLDI '99.

[63]  Patrice Godefroid,et al.  Symbolic Verification of Communication Protocols with Infinite State Spaces using QDDs , 1999, Formal Methods Syst. Des..

[64]  Thomas A. Henzinger,et al.  Reactive Modules , 1999, Formal Methods Syst. Des..

[65]  Giorgio Delzanno,et al.  Model Checking in CLP , 1999, TACAS.

[66]  Ahmed Bouajjani,et al.  Symbolic Reachability Analysis of FIFO-Channel Systems with Nonregular Sets of Configurations , 1999, Theor. Comput. Sci..

[67]  David L. Dill,et al.  Experience with Predicate Abstraction , 1999, CAV.

[68]  Mary Lou Soffa,et al.  Generating test data for branch coverage , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[69]  Michael D. Ernst,et al.  Dynamically discovering likely program invariants , 2000 .

[70]  Robert Szewczyk,et al.  System architecture directions for networked sensors , 2000, ASPLOS IX.

[71]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[72]  William R. Bush,et al.  A static analyzer for finding dynamic programming errors , 2000, Softw. Pract. Exp..

[73]  Thomas A. Henzinger,et al.  A Classification of Symbolic Transition Systems , 2000, STACS.

[74]  Alain Finkel,et al.  Well-Abstracted Transition Systems , 2000, CONCUR.

[75]  Hassen Saïdi,et al.  Model Checking Guided Abstraction and Analysis , 2000, SAS.

[76]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[77]  Kenneth L. McMillan,et al.  A methodology for hardware verification using compositional model checking , 2000, Sci. Comput. Program..

[78]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[79]  Sriram K. Rajamani,et al.  Boolean Programs: A Model and Process for Software Analysis , 2000 .

[80]  Daniel Jackson,et al.  Finding bugs with a constraint solver , 2000, ISSTA '00.

[81]  Gerard J. Holzmann,et al.  Logic Verification of ANSI-C Code with SPIN , 2000, SPIN.

[82]  M. Moskewicz,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[83]  Ranjit Jhala,et al.  Microarchitecture Verification by Compositional Model Checking , 2001, CAV.

[84]  Stephen N. Freund,et al.  Detecting race conditions in large programs , 2001, PASTE '01.

[85]  David L. Dill,et al.  Successive approximation of abstract transition relations , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[86]  Doron A. Peled,et al.  From model checking to a temporal proof , 2001, SPIN '01.

[87]  Cormac Flanagan,et al.  Avoiding exponential explosion: generating compact verification conditions , 2001, POPL '01.

[88]  Sagar Chaki,et al.  Parameterized Verification of Multithreaded Software Libraries , 2001, TACAS.

[89]  George C. Necula,et al.  Oracle-based checking of untrusted software , 2001, POPL '01.

[90]  Eran Yahav,et al.  Verifying safety properties of concurrent Java programs using 3-valued logic , 2001, POPL '01.

[91]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[92]  Doron A. Peled,et al.  Software Reliability Methods , 2001, Texts in Computer Science.

[93]  Natarajan Shankar,et al.  ICS: Integrated Canonizer and Solver , 2001, CAV.

[94]  Kedar S. Namjoshi,et al.  Certifying Model Checkers , 2001, CAV.

[95]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[96]  Sarfraz Khurshid,et al.  Korat: automated testing based on Java predicates , 2002, ISSTA '02.

[97]  Jong-Deok Choi,et al.  Efficient and precise datarace detection for multithreaded object-oriented programs , 2002, PLDI '02.

[98]  Martin C. Rinard,et al.  ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks , 2022 .

[99]  Andreas Podelski,et al.  Boolean and Cartesian abstraction for model checking C programs , 2001, International Journal on Software Tools for Technology Transfer.

[100]  Lazy abstraction , 2002, POPL.

[101]  Setuid Demystified , 2002, USENIX Security Symposium.

[102]  George C. Necula,et al.  Temporal-Safety Proofs for Systems Code , 2002, CAV.

[103]  J. Saxe,et al.  Extended static checking for Java , 2002, PLDI '02.

[104]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[105]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software , 2002, The Essence of Computation.

[106]  Dawson R. Engler,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation Cmc: a Pragmatic Approach to Model Checking Real Code , 2022 .

[107]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[108]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[109]  D. Dill,et al.  Counter-Example Based Predicate Discovery in Predicate Abstraction , 2002, FMCAD.

[110]  Sanjit A. Seshia,et al.  A Modular Checker for Multithreaded Programs , 2002, CAV.

[111]  Flow-Sensitive Type Qualifiers , 2002, PLDI.

[112]  Giorgio Delzanno,et al.  Towards the Automated Verification of Multithreaded Java Programs , 2002, TACAS.

[113]  David A. Wagner,et al.  MOPS: an infrastructure for examining security properties of software , 2002, CCS '02.

[114]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[115]  Doron A. Peled,et al.  Temporal Debugging for Concurrent Systems , 2002, TACAS.

[116]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[117]  David L. Dill,et al.  CVC: A Cooperating Validity Checker , 2002, CAV.

[118]  Sriram K. Rajamani,et al.  Generating Abstract Explanations of Spurious Counterexamples in C Programs , 2002 .

[119]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[120]  Doron A. Peled,et al.  Model Checking and Testing Combined , 2003, ICALP.

[121]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[122]  Joël Ouaknine,et al.  Automated Compositional Abstraction Refinement for Concurrent C Programs: A Two-Level Approach , 2003, SoftMC@CAV.

[123]  Alex Groce,et al.  Predicate Abstraction with Minimum Predicates , 2003, CHARME.

[124]  David E. Culler,et al.  The nesC language: A holistic approach to networked embedded systems , 2003, PLDI.

[125]  Thomas A. Henzinger,et al.  Extreme Model Checking , 2003, Verification: Theory and Practice.

[126]  Michael J. Flynn,et al.  Program counter , 2003 .

[127]  Insup Lee,et al.  Data flow testing as model checking , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[128]  Thomas R. Gross,et al.  Static conflict analysis for multi-threaded object-oriented programs , 2003, PLDI '03.

[129]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[130]  Thomas A. Henzinger,et al.  Thread-Modular Abstraction Refinement , 2003, CAV.

[131]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[132]  Thomas A. Henzinger,et al.  Generating tests from counterexamples , 2004, Proceedings. 26th International Conference on Software Engineering.

[133]  Thomas A. Henzinger,et al.  The Blast Query Language for Software Verification , 2004, SAS.

[134]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, POPL.

[135]  David A. Wagner,et al.  Finding User/Kernel Pointer Bugs with Type Inference , 2004, USENIX Security Symposium.

[136]  Thomas W. Reps,et al.  Symbolic Implementation of the Best Transformer , 2004, VMCAI.

[137]  Thomas A. Henzinger,et al.  Race checking by context inference , 2004, PLDI '04.

[138]  Robert DeLine,et al.  Typestates for Objects , 2004, ECOOP.

[139]  Boris D. Lubachevsky,et al.  An approach to automating the verification of compact parallel coordination programs. I , 2018, Acta Informatica.