Skip to main content
SpringerLink
Log in
Book cover

International Static Analysis Symposium

SAS 2017: Static Analysis pp 128–147Cite as

Loop Invariants from Counterexamples

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10422))

Abstract

We propose a new approach to software model checking where we integrate abstract interpretation and trace abstraction. We use abstract interpretation to derive loop invariants for the path program corresponding to a given spurious counterexample. A path program is the smallest subprogram that still contains a given path in the control flow graph. We use the principle of trace abstraction to construct an overall proof. The key observation of our approach is that proofs by abstract interpretation on individual program fragments can be composed directly if we use the framework of trace abstraction (in trace abstraction, composing proofs amounts to a set-theoretic operation, i.e., set union). We implemented our approach in the open-source software model checking framework Ultimate. Our evaluation shows that we can solve up to 40% more benchmarks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://ultimate.informatik.uni-freiburg.de.

  2. 2.

    https://ultimate.informatik.uni-freiburg.de/automizer.

  3. 3.

    https://github.com/sosy-lab/sv-benchmarks/releases/tag/svcomp17.

References

  1. Albarghouthi, A., Gurfinkel, A., Chechik, M.: Craig interpretation. In: Miné, A., Schmidt, D. (eds.) SAS 2012. LNCS, vol. 7460, pp. 300–316. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33125-1_21

    Chapter  Google Scholar 

  2. Albarghouthi, A., Li, Y., Gurfinkel, A., Chechik, M.: Ufo: a framework for abstraction- and interpolation-based software verification. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 672–678. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31424-7_48

    Chapter  Google Scholar 

  3. Ball, T., Rajamani, S.K.: The SLAM toolkit. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 260–264. Springer, Heidelberg (2001). doi:10.1007/3-540-44585-4_25

    Chapter  Google Scholar 

  4. Barrett, C., Conway, C.L., Deters, M., Hadarean, L., Jovanović, D., King, T., Reynolds, A., Tinelli, C.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22110-1_14

    Chapter  Google Scholar 

  5. Beyer, D.: Reliable and reproducible competition results with benchexec and witnesses (report on SV-COMP 2016). In: Chechik, M., Raskin, J.-F. (eds.) TACAS 2016. LNCS, vol. 9636, pp. 887–904. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49674-9_55

    Chapter  Google Scholar 

  6. Beyer, D., Henzinger, T.A., Jhala, R., Majumdar, R.: The software model checker BLAST. STTT 2007 9(5–6), 505–525 (2007)

    Google Scholar 

  7. Beyer, D., Henzinger, T.A., Majumdar, R., Rybalchenko, A.: Invariant synthesis for combined theories. In: Cook, B., Podelski, A. (eds.) VMCAI 2007. LNCS, vol. 4349, pp. 378–394. Springer, Heidelberg (2007). doi:10.1007/978-3-540-69738-1_27

    Chapter  Google Scholar 

  8. Beyer, D., Henzinger, T.A., Majumdar, R., Rybalchenko, A.: Path invariants. In: PLDI 2007, pp. 300–309 (2007)

    Google Scholar 

  9. Beyer, D., Keremoglu, M.E.: CPA checker: a tool for configurable software verification. In: CAV 2011, pp. 184–190 (2011)

    Google Scholar 

  10. Christ, J., Hoenicke, J., Nutz, A.: SMTInterpol: an interpolating SMT solver. In: Donaldson, A., Parker, D. (eds.) SPIN 2012. LNCS, vol. 7385, pp. 248–254. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31759-0_19

    Chapter  Google Scholar 

  11. Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: CAV 2000, pp. 154–169 (2000). http://dx.doi.org/10.1007/10722167_15

  12. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL 1977, pp. 238–252 (1977). http://doi.acm.org/10.1145/512950.512973

  13. Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL 1978, pp. 84–96 (1978). http://doi.acm.org/10.1145/512760.512770

  14. Dietsch, D.: Automated verification of system requirements and software specifications. Ph.D. thesis, University of Freiburg (2016)

    Google Scholar 

  15. Floyd, R.W.: Assigning meanings to programs. Math. Aspects Comput. Sci. 19(19–32), 1 (1967)

    MATH  Google Scholar 

  16. Granger, P.: Static analysis of linear congruence equalities among variables of a program. In: Abramsky, S., Maibaum, T.S.E. (eds.) TAPSOFT 1991. LNCS, vol. 493, pp. 169–192. Springer, Heidelberg (1991). doi:10.1007/3-540-53982-4_10

    Google Scholar 

  17. Heizmann, M., Christ, J., Dietsch, D., Ermis, E., Hoenicke, J., Lindenmann, M., Nutz, A., Schilling, C., Podelski, A.: Ultimate automizer with SMTInterpol. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013. LNCS, vol. 7795, pp. 641–643. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36742-7_53

    Chapter  Google Scholar 

  18. Heizmann, M., Hoenicke, J., Podelski, A.: Refinement of trace abstraction. In: Palsberg, J., Su, Z. (eds.) SAS 2009. LNCS, vol. 5673, pp. 69–85. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03237-0_7

    Chapter  Google Scholar 

  19. Heizmann, M., Hoenicke, J., Podelski, A.: Software model checking for people who love automata. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 36–52. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39799-8_2

    Chapter  Google Scholar 

  20. Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12(10), 576–580 (1969)

    Article  MATH  Google Scholar 

  21. Miné, A.: The octagon abstract domain. High. Order Symbolic Comput. 19(1), 31–100 (2006). http://dx.doi.org/10.1007/s10990-006-8609-1

    Article  MATH  Google Scholar 

  22. Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78800-3_24

    Chapter  Google Scholar 

  23. Sagiv, S., Reps, T.W., Wilhelm, R.: Parametric shape analysis via 3-valued logic. In: POPL 1999, pp. 105–118 (1999). http://doi.acm.org/10.1145/292540.292552

  24. Sankaranarayanan, S., Sipma, H.B., Manna, Z.: Scalable analysis of linear systems using mathematical programming. In: VMCAI 2006, pp. 25–41 (2005). http://dx.doi.org/10.1007/978-3-540-30579-8_2

Download references

Author information

Authors and Affiliations

  1. University of Freiburg, Freiburg im Breisgau, Germany

    Marius Greitschus, Daniel Dietsch & Andreas Podelski

Authors
  1. Marius Greitschus
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Dietsch
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Podelski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Marius Greitschus , Daniel Dietsch or Andreas Podelski .

Editor information

Editors and Affiliations

  1. Dipartimento di Matematica, University of Padova, Padua, Italy

    Francesco Ranzato

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Greitschus, M., Dietsch, D., Podelski, A. (2017). Loop Invariants from Counterexamples. In: Ranzato, F. (eds) Static Analysis. SAS 2017. Lecture Notes in Computer Science(), vol 10422. Springer, Cham. https://doi.org/10.1007/978-3-319-66706-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-66706-5_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-66705-8

  • Online ISBN: 978-3-319-66706-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation