Skip to main content
SpringerLink
Log in

Refined Modularization for Bounded Model Checking Through Precondition Generation

  • Conference paper
  • First Online:
Formal Methods and Software Engineering (ICFEM 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13478))

Included in the following conference series:

  • 537 Accesses

Abstract

Modularization is a widespread approach to tackle software complexity, not only in development but also in verification. Most approaches are either based on manual specifications, which are labor-intensive for large-scale projects, or on program abstractions that have the potential to create false positives. In this paper, we propose an approach for modular bounded model checking extended by refined modularization based on program abstractions and learning of preconditions. Modules, which consist of subsets of a program’s functions, are extended by including increasingly larger calling contexts. Potentially under-approximated preconditions are generated by enumerating relevant information from bounded model checking generated counterexamples, including memory assignments. These preconditions are then extended through a tree-based learning approach that generalizes the generated data-points. Through substitution of function calls, preconditions are iteratively pushed through the program to eliminate potential false positives. We evaluate our approach on three real-world software projects demonstrating a significant increase in precision.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We assume memory accesses occur only to allocated memory.

  2. 2.

    Instructions to replicate the bmi160 results and experiment with QPR Verify and the precondition-learner in a prepared VM can be found under https://baldur.iti.kit.edu/qpr/QPR_Verify-2021-info.txt.

  3. 3.

    We slightly adapted the source code to overcome current technical limits of our tool, e.g. by removing irrelevant function pointers in structs.

  4. 4.

    Due to licensing, 2017b was the latest available version of Polyspace for evaluation.

References

  1. Astorga, A., Madhusudan, P., Saha, S., Wang, S., Xie, T.: Learning stateful preconditions modulo a test generator. In: Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 775–787. ACM (2019)

    Google Scholar 

  2. Bertrane, J., et al.: Static analysis and verification of aerospace software by abstract interpretation. In: AIAA Infotech@ Aerospace 2010, p. 3385 (2010)

    Google Scholar 

  3. Bosch. Bosch Sensortec Sensor Driver (2020)

    Google Scholar 

  4. Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Footprint analysis: a shape analysis that discovers preconditions. In: Nielson, H.R., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 402–418. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74061-2_25

    Chapter  Google Scholar 

  5. Cho, C. Y., D’Silva, V., Song, D.: Blitz: compositional bounded model checking for real-world programs. In: 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 136–146. IEEE (2013)

    Google Scholar 

  6. Cousot, P., Cousot, R.: Modular static program analysis. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, pp. 159–179. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45937-5_13

    Chapter  Google Scholar 

  7. Cousot, P., Cousot, R., Logozzo, F.: Contract precondition inference from intermittent assertions on collections. In: VMCAI, pp. 150–168 (2011)

    Google Scholar 

  8. Deutsch, A.: Static verification of dynamic properties. In: ACM SIGAda 2003 Conference (2003)

    Google Scholar 

  9. Garg, P., Löding, C., Madhusudan, P., Neider, D.: ICE: a robust framework for learning invariants. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 69–87. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9_5

    Chapter  Google Scholar 

  10. Gurfinkel, A., Kahsai, T., Navas, J.A.: SeaHorn: a framework for verifying C programs (competition contribution). In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 447–450. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46681-0_41

    Chapter  Google Scholar 

  11. Jang, J.S., Liccardo, D.: Automation of small UAVs using a low cost mems sensor and embedded computing platform. In: 2006 IEEE/AIAA 25TH Digital Avionics Systems Conference, pp. 1–9. IEEE (2006)

    Google Scholar 

  12. Kleine Büning, M., Sinz, C.: Automatic modularization of large programs for bounded model checking. In: Ait-Ameur, Y., Qin, S. (eds.) ICFEM 2019. LNCS, vol. 11852, pp. 186–202. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32409-4_12

    Chapter  Google Scholar 

  13. Kleine Büning, M., Sinz, C., Faragó, D.: QPR verify: a static analysis tool for embedded software based on bounded model checking. In: Christakis, M., Polikarpova, N., Duggirala, P.S., Schrammel, P. (eds.) NSV/VSTTE -2020. LNCS, vol. 12549, pp. 21–32. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-63618-0_2

    Chapter  Google Scholar 

  14. Kroening, D., Tautschnig, M.: CBMC – c bounded model checker. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 389–391. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_26

    Chapter  Google Scholar 

  15. Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: International Symposium on Code Generation and Optimization, 2004. CGO 2004, pp. 75–86. IEEE (2004)

    Google Scholar 

  16. Merz, F., Falke, S., Sinz, C.: Bounded model checking of C and C++ programs using a compiler IR. In: Joshi, R., Müller, P., Podelski, A. (eds.) VSTTE 2012. LNCS, vol. 7152, pp. 146–161. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27705-4_12

    Chapter  Google Scholar 

  17. Meyer, B.: Applying ‘design by contract’. Computer 25(10), 40–51 (1992)

    Article  Google Scholar 

  18. Micro NAV autopilot software. http://sourceforge.net/projects/micronav/. Accessed 14-oct-2021

  19. Morse, J., Ramalho, M., Cordeiro, L., Nicole, D., Fischer, B.: ESBMC 1.22. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 405–407. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_31

    Chapter  Google Scholar 

  20. Moy, Y.: Sufficient preconditions for modular assertion checking. In: Logozzo, F., Peled, D.A., Zuck, L.D. (eds.) VMCAI 2008. LNCS, vol. 4905, pp. 188–202. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78163-9_18

    Chapter  MATH  Google Scholar 

  21. Müller, P. (ed.): : Modular specification and verification of frame properties. In: Modular Specification and Verification of Object-Oriented Programs. LNCS, vol. 2262, pp. 143–194. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45651-1_5

  22. Padhi, S., Sharma, R., Millstein, T.: Data-driven precondition inference with learned features. ACM SIGPLAN Notices 51(6), 42–56 (2016)

    Article  Google Scholar 

  23. Podelski, A., Rybalchenko, A., Wies, T.: Heap assumptions on demand. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 314–327. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_31

    Chapter  Google Scholar 

  24. Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81–106 (1986). https://doi.org/10.1007/BF00116251

    Article  Google Scholar 

  25. Sankaranarayanan, S., Chaudhuri, S., Ivančić, F., Gupta, A.: Dynamic inference of likely data preconditions over predicates by tree learning. In: Proceedings of the 2008 International Symposium on Software Testing and Analysis, pp. 295–306. ACM (2008)

    Google Scholar 

  26. SQLite. http://sqlite.org. Accessed: 14 oct 2021

Download references

Author information

Authors and Affiliations

  1. Karlsruhe Institute of Technology (KIT), Karlsruhe, Germany

    Marko Kleine Büning, Johannes Meuer & Carsten Sinz

Authors
  1. Marko Kleine Büning
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Johannes Meuer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Carsten Sinz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marko Kleine Büning .

Editor information

Editors and Affiliations

  1. Complutense University of Madrid, Madrid, Spain

    Adrian Riesco

  2. East China University of Science and Technology, Shanghai, China

    Min Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kleine Büning, M., Meuer, J., Sinz, C. (2022). Refined Modularization for Bounded Model Checking Through Precondition Generation. In: Riesco, A., Zhang, M. (eds) Formal Methods and Software Engineering. ICFEM 2022. Lecture Notes in Computer Science, vol 13478. Springer, Cham. https://doi.org/10.1007/978-3-031-17244-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-17244-1_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-17243-4

  • Online ISBN: 978-3-031-17244-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation