Automating modular program verification by refining specifications

Modular analyses of software systems rely on the specifications of the analyzed modules. In many analysis techniques (e.g. ESC/Java), the specifications have to be provided by users. This puts a considerable burden on users and thus limits the applicability of such techniques. To avoid this problem, some modular analysis techniques automatically extract module summaries that capture specific aspects of the modules' behaviors. However, such summaries are only useful in checking a restricted class of properties. We describe a static modular analysis that automatically extracts procedure specifications in order to check heap-manipulating programs against rich data structure properties. Extracted specifications are context-dependent; their precision depends on both the property being checked, and the calling context in which they are used. Starting from a rough over-approximation of the behavior of each call site, our analysis computes an abstraction of the procedure being analyzed and checks it against the property. Specifications are further refined, as needed, in response to spurious counterexamples. The analysis terminates when either the property has been validated (with respect to a finite domain), or a non-spurious counterexample has been found. Furthermore, we describe a lightweight static technique to extract specifications of heap-manipulating procedures. These specifications neither are context-dependent, nor require any domain finitizations. They summarize the general behavior of procedures in terms of their effect on program state. They bound the values of all variables and fields in the post-state of the procedure by relational expressions in terms of their values in the pre-state. The analysis maintains both upper and lower bounds so that in some cases an exact result can be obtained. (Copies available exclusively from MIT Libraries, Rm. 14-0551, Cambridge, MA 02139-4307. Ph. 617-253-5668; Fax 617-253-1690.)

[1]  Thomas W. Reps,et al.  Putting static analysis to work for verification: A case study , 2000, ISSTA '00.

[2]  Sharad Malik,et al.  Validating SAT solvers using an independent resolution-based checker: practical implementations and other applications , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[3]  Michael J. Maher,et al.  Constraint Logic Programming: A Survey , 1994, J. Log. Program..

[4]  Xinming Ou,et al.  Theorem Proving Using Lazy Proof Explication , 2003, CAV.

[5]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[6]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[7]  Flemming Nielson,et al.  Abstract interpretation: a semantics-based tool for program analysis , 1995, LICS 1995.

[8]  Alexander Aiken,et al.  Scalable error detection using boolean satisfiability , 2005, POPL '05.

[9]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[10]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[11]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[12]  Henrik Reif Andersen,et al.  Stepwise CTL Model Checking of State/Event Systems , 1999, CAV.

[13]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[14]  Nils Klarlund,et al.  MONA Implementation Secrets , 2000, Int. J. Found. Comput. Sci..

[15]  Jan Reineke,et al.  Shape Analysis of Sets , 2006, Trustworthy Software.

[16]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[17]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[18]  Emina Torlak,et al.  Kodkod: A Relational Model Finder , 2007, TACAS.

[19]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[20]  Martin C. Rinard,et al.  Purity and Side Effect Analysis for Java Programs , 2005, VMCAI.

[21]  Howard Barringer,et al.  CTL* Model Checking for SPIN , 1998 .

[22]  Cormac Flanagan Software Model Checking via Iterative Abstraction Refinement of Constraint Logic Queries , 2007 .

[23]  Felix Sheng-Ho Chang,et al.  Modular verification of code with SAT , 2006, ISSTA '06.

[24]  Viktor Kuncak,et al.  On Verifying Complex Properties using Symbolic Shape Analysis , 2006, ArXiv.

[25]  S. C. Kleene,et al.  Introduction to Metamathematics , 1952 .

[26]  Patrick Lam,et al.  The Hob system for verifying software design properties , 2007 .

[27]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[28]  Viktor Kuncak,et al.  Modular data structure verification , 2007 .

[29]  Michael I. Schwartzbach,et al.  The pointer assertion logic engine , 2000, PLDI '01.

[30]  George C. Necula,et al.  Temporal-Safety Proofs for Systems Code , 2002, CAV.

[31]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[32]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[33]  Daniel Jackson,et al.  Requirement progression in problem frames: deriving specifications from requirements , 2007, Requirements Engineering.

[34]  Mandana Vaziri-Farahani,et al.  Finding bugs in software with a constraint solver , 2004 .

[35]  Matthew B. Dwyer,et al.  Adapting side effects analysis for modular program model checking , 2003, ESEC/FSE-11.

[36]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to and side-effect analyses for Java , 2002, ISSTA '02.

[37]  Alberto L. Sangiovanni-Vincentelli,et al.  An Iterative Approach to Language Containment , 1993, CAV.

[38]  Manu Sridharan,et al.  A micromodularity mechanism , 2001, ESEC/FSE-9.

[39]  Niklas Sörensson,et al.  Translating Pseudo-Boolean Constraints into SAT , 2006, J. Satisf. Boolean Model. Comput..

[40]  Laurie J. Hendren,et al.  Is it a tree, a DAG, or a cyclic graph? A shape analysis for heap-directed pointers in C , 1996, POPL '96.

[41]  Wen-mei W. Hwu,et al.  Modular interprocedural pointer analysis using access paths: design, implementation, and evaluation , 2000, PLDI '00.

[42]  Atanas Rountev,et al.  Precise identification of side-effect-free methods in Java , 2004, 20th IEEE International Conference on Software Maintenance, 2004. Proceedings..

[43]  Jong-Deok Choi,et al.  Efficient flow-sensitive interprocedural computation of pointer-induced aliases and side effects , 1993, POPL '93.

[44]  Michael Hind,et al.  Which pointer analysis should I use? , 2000, ISSTA '00.

[45]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[46]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[47]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[48]  Martin C. Rinard,et al.  Pointer analysis for multithreaded programs , 1999, PLDI '99.

[49]  Thomas A. Henzinger,et al.  Lazy Shape Analysis , 2006, CAV.

[50]  Andreas Podelski,et al.  Boolean Heaps , 2005, SAS.

[51]  Daniel Jackson Automating first-order relational logic , 2000, SIGSOFT '00/FSE-8.

[52]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[53]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[54]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[55]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[56]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.