Skip to main content
SpringerLink
Log in
Book cover

International Static Analysis Symposium

SAS 1998: Static Analysis pp 351–380Cite as

Program Analysis as Model Checking of Abstract Interpretations

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1503))

Abstract

This paper presents a collection of techniques, a methodology, in which abstract interpretation, flow analysis, and model checking are employed in the representation, abstraction, and analysis of programs. The methodology shows the areas of intersection of the different techniques as well as the opportunites that exist when one technique is used in support of another. The methodology is presented as a three-step process: First, from a (small-step) operational semantics definition and a program, one constructs a program model, which is a state-transition system that encodes the program’s executions. Second, abstraction upon the program model is performed, reducing the detail of information in the model’s nodes and arcs. Finally, the program model is analyzed for properties of its states and paths.

Supported by NSF/DARPA CCR-9633388 and NASA NAG-2-1209.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. P. Aczel. Non-Well-Founded Sets, Lecture Notes 14, Center for Study of Language and Information, Stanford, CA, 1988.

    MATH  Google Scholar 

  2. S. Bensalem and A. Bouajjani and C. Loiseaux and J. Sifakis. Property preserving simulations. Computer Aided Verification: CAV’92. Lecture Notes in Computer Science 663, Springer, 1992, 260–273.

    Google Scholar 

  3. D. Berry. Generating Program Animators from Programming Language Semantics, Ph.D. Thesis, LFCS Report ECS-LFCS-91-148, University of Edinburgh, 1991.

    Google Scholar 

  4. O. Burkart and B. Steffen. Model Checking for Context-Free Processes. Proceedings of the International Conference on Concurrency Theory, Concur95, LNCS 630, 1992

    Google Scholar 

  5. S. C. Cheung and J. Kramer. An Integrated Method For Effective Behaviour Analysis of Distributed Systems. Proceedings of the 16th International Conference on Software Engineering, Sorrento, CA, USA, 1994, pp. 309–320.

    Google Scholar 

  6. S. C. Cheung and J. Kramer. Tractable Flow Analysis for Distributed Systems. IEEE Transactions on Software Engineering 20-9 (1994).

    Google Scholar 

  7. E. Clarke and E. Emerson and A. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems 8 (1986) 244–263.

    Article  MATH  Google Scholar 

  8. E.M. Clarke and O. Grumberg and D.E. Long. Verification tools for finite-state concurrent systems. In A Decade of Concurrency: Reflections and Perspectives, J.W. deBakker and W.-P. deRoever and G. Rozenberg”, editors, Springer LNCS 803, 1993, pp. 124–175.

    Google Scholar 

  9. R. Cleaveland and P. Iyer and D. Yankelevich. Optimality in abstractions of model checking. Proc. SAS’95: Proc. 2d. Static Analysis Symposium, Lecture Notes in Computer Science 983, Springer, 1995, 1995.

    Google Scholar 

  10. R. Cleaveland, M. Klein and B. Steffen. Faster Model Checking for the Modal μ Calculus. Proceedings of the International Workshop on Computer Aided Verification, CAV’92, LNCS 663, 1992

    Google Scholar 

  11. M. Codish and S. Debray and R. Giacobazzi. Compositional analysis of modular logic programs. Proc. 20th ACM Symp. on Principles of Programming Languages, 1993, pp. 451–464.

    Google Scholar 

  12. M. Codish and M. Falaschi and K. Marriott, Suspension analysis for concurrent logic programs. Proc. 8th Int’l. Conf. on Logic Programming, MIT Press, 1991, pp. 331–345.

    Google Scholar 

  13. G. Cousineau and M. Nivat. On rational expressions representing infinite rational trees. Proc. 8th Conf. Math. Foundations of Computer Science: MFCS’79, Lecture Notes in Computer Science 74, Springer, 1979, pp. 567–580.

    Google Scholar 

  14. P. Cousot, R. Cousot. Abstract interpretation: A unified Lattice Model for static Analysis of Programs by Construction or Approximation of Fixpoints. In Proceedings 4th ACM Symp. on Principles of Programming Languages, POPL’77, Los Angeles, California, January, 1977

    Google Scholar 

  15. P. Cousot and R. Cousot. Systematic design of program analysis frameworks. Proc. 6th ACM Symp. on Principles of Programming Languages, POPL’79, 1979, pages 269–282.

    Google Scholar 

  16. P. Cousot and R. Cousot. Inductive Definitions, Semantics, and Abstract Interpretation. Proc. 19th ACM Symp. on Principles of Programming Languages, POPL’92, 1992, pp. 83–94.

    Google Scholar 

  17. P. Cousot and R. Cousot. Abstract interpretation frameworks. Journal of Logic and Computation 2 (1992) 511–547.

    Article  MATH  MathSciNet  Google Scholar 

  18. D. Dams. Abstract interpretation and partition refinement for model checking. Ph.D. thesis, Technische Universiteit Eindhoven, The Netherlands, 1996.

    Google Scholar 

  19. M. Dwyer and L. Clark. Data Flow Analysis for Verifying Properties of Concurrent Programs. Proc. 2d ACM SIGSOFT Symposium on Foundations of Software Engineering, 1994, pp.62–75.

    Google Scholar 

  20. M. Dwyer and D. Schmidt, Limiting State Explosion with Filter-Based Refinement. Proc. International Workshop on Verification, Model Checking and Abstract Interpretation, Port Jefferson, Long Island, N.Y., http://www.cis.ksu.edu/~schmidt/papers/filter.ps.Z, 1997.

  21. M. Dwyer and C. Pasareanu. Filter-based Model Checking of Partial Systems. Proceedings of the 6th ACM SIGSOFT Symposium on the Foundations of Software Engineering, Orlando, FL, USA, 1998.

    Google Scholar 

  22. E. Emerson, J. Lei, Efficient model checking in fragments of the propositional mucalculus. In Proceedings LICS’86, 267–278, 1986

    Google Scholar 

  23. F. Giannotti and D. Latella, Gate splitting in LOTOS specifications using abstract interpretation. In Proc. TAPSOFT’93, M.-C. Gaudel and J.-P. Jouannaud, eds. LNCS 668, Springer, 1993, pp. 437–452.

    Google Scholar 

  24. Godefroid, P. and Wolper, P. Using Partial orders for the eficient verification of deadlock freedom and safety properties. Proc. of the Third Workshop on Computer Aided Verification, Springer-Verlag, LNCS 575, 1991, pp. 417–428.

    Google Scholar 

  25. M. Hecht, Flow Analysis of Computer Programs. Elsevier, 1977

    Google Scholar 

  26. N.D. Jones and C. Gomard and P. Sestoft, Partial Evaluation and Automatic Program Generation. Prentice Hall, 1993.

    Google Scholar 

  27. J. Kam and J. Ullman. Global data flow analysis and iterative algorithms. Journal of the ACM 23 (1976) 158–171.

    Article  MATH  MathSciNet  Google Scholar 

  28. G. A. Kildall. A unified approach to global program optimization. In Conf. Rec. 1st ACM Symposium on Principles of Programming Languages (POPL’73), pages 194–206. ACM, New York, 1973.

    Google Scholar 

  29. J. Knoop, B. Steffen and J. Vollmer Parallelism for Free: Bitvector Analysis-No State explosion! Proceedings of the International Workshop on Tools and Algorithms for the Construction and Analysis of Systems, TACAS’95, LNCS 1019, 1995

    Google Scholar 

  30. J. Knoop, O. Rüthing and B. Steffen. Lazy Code Motion. Proceedings of the ACM SIGPLAN’94 Conference on Programming Language Design and Implementation (PLDI’94), Olando, Florida, SIPLAN Notices 30, 6 (1994), 233–245.

    Google Scholar 

  31. D. Kozen, Results on the propositional mu-calculus. Theoretical Computer Science, 27 (1983) 333–354.

    Article  MATH  MathSciNet  Google Scholar 

  32. Y.S. Kwong, On reduction of asynchronous systems. Theoretical Computer Science 5 (1977) 25–50.

    Article  MathSciNet  Google Scholar 

  33. S.P. Masticola and B.G. Ryder. Static Infinite Wait Anomaly Detection in Polynomial Time. Proceedings of ACM International Conference on Parallel Processing, 1990.

    Google Scholar 

  34. S.P. Masticola and B.G. Ryder. A Model of Ada Programs for Static Deadlock Detection in Polynomial Time. Proceedings ACM Workshop on Parallel and Distributed Debugging, 1991.

    Google Scholar 

  35. R. Milner. Communication and Concurrency. Prentice Hall, 1989.

    Google Scholar 

  36. R. Milner and M. Tofte. Co-induction in relational semantics. Theoretical Computer Science, 17 (1992) 209–220.

    MathSciNet  Google Scholar 

  37. A. Mycroft and N.D. Jones. A relational framework for abstract interpretation. In Programs as Data Objects, Lecture Notes in Computer Science 217, Springer, 1985, pp. 156–171.

    Google Scholar 

  38. F. Nielson, A Denotational Framework for Data Flow Analysis. Acta Informatica 18 (1982) 265–287.

    Article  MATH  MathSciNet  Google Scholar 

  39. K.M. Olender and L.J. Osterweil. Cecil: A Sequencing Constraint Language for Automatic Static Analysis Generation. IEEE Transactions on Software Engineering 16-3 (1990) 268–280.

    Article  Google Scholar 

  40. K.M. Olender and L.J. Osterweil. Interprocedural Static Analysis of Sequencing Constraints. ACM Transactions on Software Engineering and Methodology 1-1 (1992) 21–52.

    Article  Google Scholar 

  41. Gordon D. Plotkin. A Structural Approach to Operational Semantics. Technical Report DAIMI FN-19, University of Aarhus, Denmark, 1981.

    Google Scholar 

  42. D.A. Schmidt, Abstract interpretation of small-step semantics. Proc. 5th LOMAPS Workshop on Analysis and Verification of Multiple-Agent Languages, M. Dam and F. Orava, eds. Springer, 1996.

    Google Scholar 

  43. D.A. Schmidt, Trace-based abstract interpretation of operational semantics. J. Lisp and Symbolic Computation, 10 (1998) 237–271.

    Google Scholar 

  44. D.A. Schmidt, Data-flow analysis is model checking of abstract interpretations. Proc. 25th ACM Symp. on Principles of Prog. Languages, POPL98, 1998.

    Google Scholar 

  45. F. daSilva. Correctness Proofs of Compilers and Debuggers: an Approach Based on Structural Operational Semantics. Ph.D. thesis, LFCS report ECS-LFCS-92-241, Edinburgh University, Scotland, 1992.

    Google Scholar 

  46. B. Steffen, T. Margaria, V. Braun: The Electronic Tool Integration platform: concepts and design, [51] 1(1), pp. 9–30.

    Google Scholar 

  47. B. Steffen. Data Flow Analysis as Model Checking. Proceedings of the International Concerence on Theoretical Aspects of Computer Software, TACS’91, LNCS 526, 1991

    Google Scholar 

  48. B. Steffen. Generating Data Flow Analysis Algorithms from Modal Specifications, International Journal on Science of Computer Programming, N. 21, 1993, pp. 115–139.

    Google Scholar 

  49. B. Steffen, Property-oriented expansion. Proc. Static Analysis Symposium: SAS’96, Lecture Notes in Computer Science 1145. Springer, 1996, pp. 22–41.

    Google Scholar 

  50. B. Steffen, Unifying Models. Proc. of the Annual Symposium on Theoretical Aspects of Computer Science, STACS’97, Lecture Notes in Computer Science 1200. Springer, 1997, pp. 1–20.

    Google Scholar 

  51. Special Section on Programming Language Tools, Int. Journal on Software Tools for Technology Transfer, Vol. 3, Springer Verlag, October 1998

    Google Scholar 

  52. A. Venet, Abstract interpretation of the pi-calculus. Proc. LOMAPS Workshop on Analysis and Verification of Multiple-Agent Languages, M. Dam and F. Orava, eds., LNCS 1192, Springer, 1996.

    Google Scholar 

  53. A. Venet, Automatic Determination of Communication Topologies in Mobile Systems. Proc. SAS’98, G. Levi, ed. Springer LNCS, 1998.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computing and Information Sciences, Kansas State University, Manhattan, Kansas, USA

    David Schmidt

  2. Lehrstuhl für Programmiersysteme, Universität Dortmund, GB IV, Baroper Str. 301, D-44221, Dortmund, Germany

    Bernhard Steffen

Authors
  1. David Schmidt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bernhard Steffen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università di Pisa, Corso Italia, 40, I-56125, Pisa, Italy

    Giorgio Levi

Rights and permissions

Reprints and permissions

Copyright information

© 1998 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Schmidt, D., Steffen, B. (1998). Program Analysis as Model Checking of Abstract Interpretations. In: Levi, G. (eds) Static Analysis. SAS 1998. Lecture Notes in Computer Science, vol 1503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49727-7_22

Download citation

  • DOI: https://doi.org/10.1007/3-540-49727-7_22

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-65014-0

  • Online ISBN: 978-3-540-49727-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation