Specialization with Constrained Generalization for Software Model Checking

We present a method for verifying properties of imperative programs by using techniques based on constraint logic programming (CLP). We consider a simple imperative language, called SIMP, extended with a nondeterministic choice operator and we address the problem of checking whether or not a safety property ϕ (that specifies that an unsafe configuration cannot be reached) holds for a SIMP program P. The operational semantics of the language SIMP is specified via an interpreter I written as a CLP program. The first phase of our verification method consists in specializing I with respect to P, thereby deriving a specialized interpreter I P . Then, we specialize I P with respect to the property ϕ and the input values of P, with the aim of deriving, if possible, a program whose least model is a finite set of constrained facts. To this purpose we introduce a novel generalization strategy which, during specialization, has the objecting of preserving the so called branching behaviour of the predicate definitions. We have fully automated our method and we have made its experimental evaluation on some examples taken from the literature. The evaluation shows that our method is competitive with respect to state-of-the-art software model checkers.

[1]  Jorge A. Navas,et al.  Symbolic Execution for Verification , 2011, ArXiv.

[2]  Felix Naumann,et al.  Data fusion , 2009, CSUR.

[3]  Peter Sestoft,et al.  Partial evaluation and automatic program generation , 1993, Prentice Hall international series in computer science.

[4]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[5]  Peter Claussen Theories of programming languages , 2000, SOEN.

[6]  Zohar Manna,et al.  Automatic Generation of Invariants and Assertions , 1995, CP.

[7]  Supratik Chakraborty,et al.  Automatically Refining Abstract Interpretations , 2008, TACAS.

[8]  Alberto Pettorossi,et al.  Istituto Di Analisi Dei Sistemi Ed Informatica Consiglio Nazionale Delle Ricerche , 2022 .

[9]  Alberto Pettorossi,et al.  Verifying CTL properties of infinite state systems by specializing constraint logic programs , 2001 .

[10]  Manuel V. Hermenegildo,et al.  Energy Consumption Analysis of Programs Based on XMOS ISA-Level Models , 2013, LOPSTR.

[11]  N. A C H U M D E R S H O W I T Z Termination of Rewriting' , 2022 .

[12]  Jorge A. Navas,et al.  TRACER: A Symbolic Execution Tool for Verification , 2012, CAV.

[13]  Francesca Rossi,et al.  Principles and Practice of Constraint Programming — CP '95 , 1995, Lecture Notes in Computer Science.

[14]  Scott F. Smith,et al.  Polyvariant Flow Analysis with Constrained Types , 2000, ESOP.

[15]  Alastair F. Donaldson,et al.  Software Model Checking , 2014, Computing Handbook, 3rd ed..

[16]  Ashutosh Gupta,et al.  HSF(C): A Software Verifier Based on Horn Clauses - (Competition Contribution) , 2012, TACAS.

[17]  Robert Glück,et al.  An Algorithm of Generalization in Positive Supercompilation , 1995, ILPS.

[18]  Ranjit Jhala,et al.  A Practical and Complete Approach to Predicate Refinement , 2006, TACAS.

[19]  Alberto Pettorossi,et al.  Automated strategies for specializing constraint logic programs , 2000, LOPSTR.

[20]  Maurice Bruynooghe,et al.  Under Consideration for Publication in Theory and Practice of Logic Programming Logic Program Specialisation through Partial Deduction: Control Issues , 2022 .

[21]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[22]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[23]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[24]  Joseph Y. Halpern A Computing Research Repository , 1998, D Lib Mag..

[25]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[26]  Danny De Schreye,et al.  Constrained Partial Deduction , 1997, WLP.

[27]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[28]  Sriram K. Rajamani,et al.  Boolean Programs: A Model and Process for Software Analysis , 2000 .

[29]  Zohar Manna,et al.  Automatic Generation of Invariants and Intermediate Assertions , 1997, Theor. Comput. Sci..

[30]  John P. Gallagher,et al.  Tutorial on specialisation of logic programs , 1993, PEPM '93.

[31]  Danny De Schreye,et al.  Controlling generalization and polyvariance in partial deduction of normal logic programs , 1998, TOPL.

[32]  Alberto Pettorossi,et al.  Generalization strategies for the verification of infinite state systems , 2011, Theory and Practice of Logic Programming.

[33]  John P. Gallagher,et al.  Analysis of Imperative Programs through Analysis of Constraint Logic Programs , 1998, SAS.

[34]  Nicolas Halbwachs,et al.  Verification of Real-Time Systems using Linear Relation Analysis , 1997, Formal Methods Syst. Des..

[35]  Natasha Sharygina,et al.  An abstraction refinement approach combining precise and approximated techniques , 2009, SAVCBS '09.

[36]  Andrew E. Santosa,et al.  An Interpolation Method for CLP Traversal , 2009, CP.

[37]  Andreas Podelski,et al.  ARMC: The Logical Choice for Software Model Checking with Abstraction Refinement , 2007, PADL.

[38]  Hassen Saïdi,et al.  Model Checking Guided Abstraction and Analysis , 2000, SAS.

[39]  Roberto Rossi,et al.  Synthesizing Filtering Algorithms for Global Chance-Constraints , 2009, CP.

[40]  Sandro Etalle,et al.  Transformations of CLP Modules , 1996, Theor. Comput. Sci..