Skip to main content
Springer Nature Link
Log in

Zap: Automated Theorem Proving for Software Analysis

  • Conference paper
Logic for Programming, Artificial Intelligence, and Reasoning (LPAR 2005)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3835))

Abstract

Automated theorem provers (ATPs) are a key component that many software verification and program analysis tools rely on. However, the basic interface provided by ATPs (validity/satisfiability checking of formulas) has changed little over the years. We believe that program analysis clients would benefit greatly if ATPs were to provide a richer set of operations. We describe our desiderata for such an interface to an ATP, the logics (theories) that an ATP for program analysis should support, and present how we have incorporated many of these ideas in Zap, an ATP built at Microsoft Research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Audemard, G., Bertoli, P., Cimatti, A., Korniłowicz, A., Sebastiani, R.: A SAT-based approach for solving formulas over Boolean and linear mathematical propositions. In: Voronkov, A. (ed.) CADE 2002. LNCS (LNAI), vol. 2392, pp. 195–210. Springer, Heidelberg (2002)

    Google Scholar 

  2. Andrews, T., Qadeer, S., Rajamani, S.K., Xie, Y.: Zing: Exploiting program structure for model checking concurrent software. In: Gardner, P., Yoshida, N. (eds.) CONCUR 2004. LNCS, vol. 3170, pp. 1–15. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  3. Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L., Hwang, L.J.: Symbolic model checking: 1020 states and beyond. Information and Computation 98(2), 142–170 (1992)

    Article  MATH  MathSciNet  Google Scholar 

  4. Barrett, C.W., Dill, D.L., Stump, A.: Checking satisfiability of first-order formulas by incremental translation to SAT. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 236–249. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  5. Bryant, R.E., Lahiri, S.K., Seshia, S.A.: Modeling and verifying systems using a logic of counter arithmetic with lambda expressions and uninterpreted functions. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 78–92. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  6. Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  7. Ball, T., Majumdar, R., Millstein, T., Rajamani, S.K.: Automatic predicate abstraction of C programs. In: PLDI 2001: Programming Language Design and Implementation, pp. 203–213. ACM, New York (2001)

    Chapter  Google Scholar 

  8. Ball, T., Rajamani, S.K.: Automatically validating temporal safety properties of interfaces. In: Dwyer, M.B. (ed.) SPIN 2001. LNCS, vol. 2057, pp. 103–122. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Bryant, R.E.: Graph-based algorithms for Boolean function manipulation. IEEE Transactions on Computers C-35(8), 677–691 (1986)

    Article  Google Scholar 

  10. Bachmair, L., Tiwari, A., Vigneron, L.: Abstract congruence closure. J. Autom. Reasoning 31(2), 129–168 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  11. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for the static analysis of programs by construction or approximation of fixpoints. In: POPL 1977: Principles of Programming Languages, pp. 238–252. ACM, New York (1977)

    Google Scholar 

  12. Cherkassky, B.V., Goldberg, A.V.: Negative-cycle detection algorithms. In: European Symposium on Algorithms, pp. 349–363 (1996)

    Google Scholar 

  13. Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  14. Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL 1978: Principles of Programming Languages, pp. 84–96. ACM, New York (1978)

    Google Scholar 

  15. Chang, B.-Y.E., Leino, K.R.M.: Abstract interpretation with alien expressions and heap structures. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 147–163. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  16. Clarke, L.A.: A system to generate test data and symbolically execute programs. IEEE Transactions on Software Engineering 2(3), 215–222 (1976)

    Article  Google Scholar 

  17. Detlefs, D.L., Nelson, G., Saxe, J.B.: Simplify: A theorem prover for program checking. Technical report, HPL-2003-148 (2003)

    Google Scholar 

  18. Flanagan, C., Joshi, R., Ou, X., Saxe, J.: Theorem proving using lazy proof explication. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 355–367. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  19. Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: PLDI 2002: Programming Language Design and Implementation, pp. 234–245. ACM, New York (2002)

    Chapter  Google Scholar 

  20. Ganzinger, H., Hagen, G., Nieuwenhuis, R., Oliveras, A., Tinelli, C.: DPLL(T): Fast decision procedures. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 175–188. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  21. Gordon, M.J.C., Melham, T.F.: Introduction to HOL: A Theorem Proving Environment for Higher-Order Logic. Cambridge University Press, Cambridge (1993)

    MATH  Google Scholar 

  22. Graf, S., Saidi, H.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997)

    Google Scholar 

  23. Gulwani, S., Tiwari, A., Necula, G.C.: Join algorithms for the theory of uninterpreted functions. In: Lodaya, K., Mahajan, M. (eds.) FSTTCS 2004. LNCS, vol. 3328, pp. 311–323. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  24. Henzinger, T.A., Jhala, R., Majumdar, R., McMillan, K.L.: Abstractions from proofs. In: POPL 2004: Principles of Programming Languages, pp. 232–244. ACM, New York (2004)

    Google Scholar 

  25. Immerman, N., Rabinovich, A., Reps, T., Sagiv, S., Yorsh, G.: The boundary between decidability and undecidability for transitive-closure logics. In: Marcinkowski, J., Tarlecki, A. (eds.) CSL 2004. LNCS, vol. 3210, pp. 160–174. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  26. Jaffar, J., Maher, M.J., Stuckey, P.J., Yap, H.C.: Beyond finite domains. In: Borning, A. (ed.) PPCP 1994. LNCS, vol. 874, pp. 86–94. Springer, Heidelberg (1994)

    Google Scholar 

  27. Kurshan, R.P.: Computer-aided Verification of Coordinating Processes. Princeton University Press, Princeton (1994)

    Google Scholar 

  28. Lagarias, J.C.: The computational complexity of simultaneous diophantine approximation problems. SIAM Journal of Computing 14(1), 196–209 (1985)

    Article  MATH  MathSciNet  Google Scholar 

  29. Lahiri, S.K., Bryant, R.E., Cook, B.: A symbolic approach to predicate abstraction. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 141–153. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  30. Lahiri, S.K., Ball, T., Cook, B.: Predicate abstraction via symbolic decision procedures. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 24–38. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  31. Lahiri, S.K., Musuvathi, M.: An efficient decision procedure for UTVPI constraints. In: Gramlich, B. (ed.) FroCos 2005. LNCS (LNAI), vol. 3717, pp. 168–183. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  32. Lahiri, S.K., Musuvathi, M.: An efficient Nelson-Oppen decision procedure for difference constraints over rationals. Technical Report MSR-TR-2005-61, Microsoft Research (2005)

    Google Scholar 

  33. Leino, K.R.M., Musuvathi, M., Ou, X.: A two-tier technique for supporting quantifiers in a lazily proof-explicating theorem prover. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 334–348. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  34. Lahiri, S.K., Seshia, S.A.: The UCLID decision procedure. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 475–478. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  35. Marquis, P.: Consequence-finding algorithms. In: Handbook of Defeasible Reasoning and Uncertainty Management Systems: Algorithms for Defeasible and Uncertain Reasoning, vol. 5, pp. 41–145. Kluwer Academic Publishers, Dordrecht (1999)

    Google Scholar 

  36. McMillan, K.L.: Interpolation and SAT-based model checking. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 1–13. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  37. McMillan, K.L.: An interpolating theorem prover. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 16–30. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  38. Moskewicz, M., Madigan, C., Zhao, Y., Zhang, L., Malik, S.: Chaff: Engineering an efficient SAT solver. In: DAC 2001: Design Automation Conference, pp. 530–535. ACM Press, New York (2001)

    Chapter  Google Scholar 

  39. Møller, A., Schwartzbach, M.I.: The pointer assertion logic engine. In: PLDI 2001: Programming Language Design and Implementation, pp. 221–231. ACM Press, New York (2001)

    Chapter  Google Scholar 

  40. Necula, G.C.: Proof carrying code. In: POPL 1997: Principles of Programming Languages, pp. 106–119. ACM, New York (1997)

    Google Scholar 

  41. Nelson, G., Oppen, D.C.: Simplification by cooperating decision procedures. ACM Transactions on Programming Languages and Systems (TOPLAS) 2(1), 245–257 (1979)

    Article  Google Scholar 

  42. Nelson, G., Oppen, D.C.: Simplification by cooperating decision procedures. ACM Transactions on Programming Languages and Systems 1(2), 245–257 (1979)

    Article  MATH  Google Scholar 

  43. Nelson, G., Oppen, D.C.: Fast decision procedures based on the congruence closure. Journal of the ACM 27(2), 356–364 (1980)

    Article  MATH  MathSciNet  Google Scholar 

  44. Oppen, D.C.: Complexity, convexity and combinations of theories. Theoretical Computer Science 12, 291–302 (1980)

    Article  MATH  MathSciNet  Google Scholar 

  45. Owre, S., Rushby, J.M., Shankar, N.: PVS: A prototype verification system. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, pp. 748–752. Springer, Heidelberg (1992)

    Google Scholar 

  46. Pratt, V.: Two easy theories whose combination is hard. Technical report, Massachusetts Institute of Technology, Cambridge, Mass (September 1977)

    Google Scholar 

  47. Riazanov, A., Voronkov, A.: Vampire 1.1 (system description). In: Goré, R.P., Leitsch, A., Nipkow, T. (eds.) IJCAR 2001. LNCS (LNAI), vol. 2083, pp. 376–380. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  48. Seshia, S.A., Bryant, R.E.: Deciding quantifier-free Presburger formulas using parameterized solution bounds. In: LICS 2004: Logic in Computer Science, July 2004, pp. 100–109. IEEE Computer Society Press, Los Alamitos (2004)

    Google Scholar 

  49. Shoham, S., Grumberg, O.: Monotonic abstraction-refinement for CTL. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 546–560. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  50. Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. In: POPL 1999: Principles of Programming Languages, pp. 105–118. ACM, New York (1999)

    Google Scholar 

  51. Tinelli, C., Harandi, M.T.: A new correctness proof of the Nelson–Oppen combination procedure. In: FroCos 1996: Frontiers of Combining Systems. Applied Logic, pp. 103–120. Kluwer Academic Publishers, Dordrecht (1996)

    Google Scholar 

  52. Tillmann, N., Schulte, W.: Parameterized unit tests. In: FSE 2005: Foundations of Software Engineering, pp. 253–262. ACM Press, New York (2005)

    Google Scholar 

  53. Yorsh, G., Musuvathi, M.: A combination method for generating interpolants. In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, pp. 353–368. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  54. Yorsh, G., Reps, T., Sagiv, M.: Symbolically computing most-precise abstract operations for shape analysis. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 530–545. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  55. Zhang, H., Zhang, J.: Generating models by SEM. In: McRobbie, M.A., Slaney, J.K. (eds.) CADE 1996. LNCS, vol. 1104, pp. 308–312. Springer, Heidelberg (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research,  

    Thomas Ball, Shuvendu K. Lahiri & Madanlal Musuvathi

Authors
  1. Thomas Ball
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shuvendu K. Lahiri
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Madanlal Musuvathi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Miami, USA

    Geoff Sutcliffe

  2. University of Manchester, UK

    Andrei Voronkov

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ball, T., Lahiri, S.K., Musuvathi, M. (2005). Zap: Automated Theorem Proving for Software Analysis. In: Sutcliffe, G., Voronkov, A. (eds) Logic for Programming, Artificial Intelligence, and Reasoning. LPAR 2005. Lecture Notes in Computer Science(), vol 3835. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11591191_2

Download citation

  • DOI: https://doi.org/10.1007/11591191_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30553-8

  • Online ISBN: 978-3-540-31650-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics