Verifying safety properties using separation and heterogeneous abstractions

In this paper, we show how separation (decomposing a verification problem into a collection of verification subproblems) can be used to improve the efficiency and precision of verification of safety properties. We present a simple language for specifying separation strategies for decomposing a single verification problem into a set of subproblems. (The strategy specification is distinct from the safety property specification and is specified separately.) We present a general framework of heterogeneous abstraction that allows different parts of the heap to be abstracted using different degrees of precision at different points during the analysis. We show how the goals of separation (i.e., more efficient verification) can be realized by first using a separation strategy to transform (instrument) a verification problem instance (consisting of a safety property specification and an input program), and by then utilizing heterogeneous abstraction during the verification of the transformed verification problem.

[1]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[2]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[3]  Kenneth L. McMillan,et al.  Verification of Infinite State Systems by Compositional Model Checking , 1999, CHARME.

[4]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[5]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[6]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[7]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[8]  Noam Rinetzky,et al.  Interprocedural Shape Analysis for Recursive Programs , 2001, CC.

[9]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[10]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[11]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[12]  Deepak Goyal,et al.  Deriving specialized program analyses for certifying component-client conformance , 2002, PLDI '02.

[13]  K RajamaniSriram,et al.  The SLAM project , 2002 .

[14]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[15]  James C. Corbett,et al.  Expressing checkable properties of dynamic systems: the Bandera Specification Language , 2002, International Journal on Software Tools for Technology Transfer.

[16]  Dawson R. Engler,et al.  Using programmer-written compiler extensions to catch security holes , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[17]  Calvin Lin,et al.  Client-Driven Pointer Analysis , 2003, SAS.

[18]  Maydene Fisher,et al.  JDBC¿ API Tutorial and Reference , 2003 .

[19]  Eran Yahav,et al.  Establishing local temporal heap safety properties with applications to compile-time memory management , 2003, Sci. Comput. Program..

[20]  Eran Yahav,et al.  Typestate verification: Abstraction techniques and complexity results , 2005, Sci. Comput. Program..