Polymorphic predicate abstraction

Predicate abstraction is a technique for creating abstract models of software that are amenable to model checking algorithms. We show how polymorphism, a well-known concept in programming languages and program analysis, can be incorporated in a predicate abstraction algorithm for C programs. The use of polymorphism in predicates, via the introduction of symbolic names for values, allows us to model the effect of a procedure independent of its calling contexts. Therefore, we can safely and precisely abstract a procedure once and then reuse this abstraction across multiple calls and multiple applications containing the procedure. Polymorphism also enables us to handle programs that need to be analyzed in an open environment, for all possible callers. We have proved that our algorithm is sound and have implemented it in the C2BP tool as part of the SLAM software model checking toolkit.

[1]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[2]  Andreas Podelski,et al.  Boolean and Cartesian abstraction for model checking C programs , 2001, International Journal on Software Tools for Technology Transfer.

[3]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[4]  Matthew B. Dwyer,et al.  Tool-supported program abstraction for finite-state verification , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[5]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[6]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[7]  David L. Dill,et al.  Experience with Predicate Abstraction , 1999, CAV.

[8]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[9]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[10]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[11]  Sriram K. Rajamani,et al.  Bebop: A Symbolic Model Checker for Boolean Programs , 2000, SPIN.

[12]  LandiWilliam,et al.  A safe approximate algorithm for interprocedural aliasing , 1992 .

[13]  Robin Milner,et al.  Definition of standard ML , 1990 .

[14]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[15]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[16]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[17]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[18]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[19]  Gerard J. Holzmann,et al.  Logic Verification of ANSI-C Code with SPIN , 2000, SPIN.

[20]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[21]  Alexander Aiken,et al.  Polymorphic versus Monomorphic Flow-Insensitive Points-to Analysis for C , 2000, SAS.

[22]  Natarajan Shankar,et al.  Abstract and Model Check While You Prove , 1999, CAV.

[23]  Barbara G. Ryder,et al.  A safe approximate algorithm for interprocedural aliasing , 1992, PLDI '92.

[24]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[25]  S LamMonica,et al.  Efficient context-sensitive pointer analysis for C programs , 1995 .

[26]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[27]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[28]  Robin Milner,et al.  A Theory of Type Polymorphism in Programming , 1978, J. Comput. Syst. Sci..

[29]  John Penix,et al.  Using predicate abstraction to reduce object-oriented programs for model checking , 2000, FMSP '00.

[30]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[31]  Joseph M. Morris A General Axiom of Assignment , 1982 .

[32]  David Gries,et al.  The Science of Programming , 1981, Text and Monographs in Computer Science.

[33]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[34]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[35]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[36]  Manuvir Das,et al.  Unification-based pointer analysis with directional assignments , 2000, PLDI '00.

[37]  Sriram K. Rajamani,et al.  Generating Abstract Explanations of Spurious Counterexamples in C Programs , 2002 .

[38]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, POPL.

[39]  Luca Cardelli,et al.  On understanding types, data abstraction, and polymorphism , 1985, CSUR.