Abstract
We show how to attack the problem of model checking a C program with recursive procedures using an abstraction that we formally define as the composition of the Boolean and the Cartesian abstractions. It is implemented through a source-to-source transformation into a ‘Boolean’ C program; we give an algorithm to compute the transformation with a cost that is exponential in its theoretical worst-case complexity but feasible in practice.
Similar content being viewed by others
References
Ball, T., Majumdar, R., Millstein, T., Rajamani, S.K. (2001) Automatic predicate abstraction of C programs. In: PLDI 01: programming language design and implementation. ACM, New York
Ball, T., Rajamani, S.K. (2000) Bebop: a symbolic model checker for Boolean programs. In: SPIN 00: SPIN Workshop, Lecture Notes in Computer Science, vol. 1885. Springer, Berlin Heidelberg New York, pp. 113–130
Clarke, E.M., Emerson, E.A. (1981) Synthesis of synchronization skeletons for branching time temporal logic. In: Logic of programs, Lecture Notes in Computer Science, vol. 131. Springer, Berlin Heidelberg New York, pp. 52–71
Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H. (2000) Counterexample-guided abstraction refinement. In: CAV 00: Computer-aided verification, Lecture Notes in Computer Science, vol. 1885. Springer, Berlin Heidelberg New York,pp. 154–169
Clarke, E.M., Grumberg, O., Long, D. (1992) Model checking and abstraction. In: POPL 92: Principles of programming languages. ACM, New York, pp. 343–354
Cleaveland, R., Iyer, P., Yankelevich, D. (1995) Optimality in abstractions of model checking. In: SAS 95: Static analysis, Lecture Notes in Computer Science, vol. 983. Springer, Berlin Heidelberg New York, pp. 51–63
Corbett, J., Dwyer, M., Hatcliff, J., Pasareanu, C., Robby, Laubach, S., Zheng, H. (2000) Bandera: Extracting finite-state models from Java source code. In: ICSE 2000: International Conference on Software Engineering. ACM, New York,pp. 439–448
Cousot, P., Cousot, R. (1977) Abstract interpretation: a unified lattice model for the static analysis of programs by construction or approximation of fixpoints. In: POPL 77: Principles of programming languages. ACM, New York, pp. 238–252
Cousot, P., Cousot, R. (1995) Formal language, grammar and set-constraint-based program analysis by abstract interpretation. In: FPCA 95: Functional programming and computer architecture. ACM, New York, pp. 170–181
Dams, D., Grumberg, O., Gerth, R. (1994) Abstract interpretation of reactive systems: abstractions preserving ACTL*, ECTL*, and CTL*. In: PROCOMET 94: Programming concepts, methods, and calculi. Elsevier Science, Amsterdam, The Netherlands, pp. 561–581
Das, S., Dill, D.L., Park, S. (1999) Experience with predicate abstraction. In: CAV 00: Computer-aided verification, Lecture Notes in Computer Science, vol. 1633. Springer, Berlin Heidelberg New York, pp. 160–171
Giacobazzi, R., Ranzato, F., Scozzari, F. (2000) Making abstract interpretations complete. J ACM 47(2): 361–416
Graf, S., Saïdi, H. (1997) Construction of abstract state graphs with PVS. In: CAV 97: Computer aided verification, Lecture Notes in Computer Science, vol. 1254. Springer, Berlin Heidelberg New York, pp. 72–83
Huth, M., Jagadeesan, R., Schmidt, D.A. (2001) Modal transition systems: a foundation for three-valued program analysis. In: ESOP 01: European symposium on programming. Springer, Berlin Heidelberg New York (to appear)
Kurshan, R. (1994) Computer-aided verification of coordinating processes. Princeton University, Princeton, N.J., USA
Loiseaux, C., Graf, S., Sifakis, J., Bouajjani, A., Bensalem, S. (1995) Property preserving abstractions for the verification of concurrent systems. Formal Methods Syst Design 6(1): 11–44
Podelski, A. (2000) Model checking as constraint solving. In: SAS 00: Static analysis, Lecture Notes in Computer Science, vol. 1824. Springer, Berlin Heidelberg New York, pp. 221–237
Reps, T. (1998) Program analysis via graph reachability. Inf Software Technol 40(11-12): 701–726
Reps, T., Horwitz, S., Sagiv, M. (1995) Precise interprocedural dataflow analysis via graph reachability. In: POPL 95: Principles of programming languages. ACM, New York,pp. 49–61
Sagiv, M., Reps, T., Wilhelm, R. (1999) Parametric shape analysis via 3-valued logic. In: POPL 99: Principles of programming languages. ACM, New York, pp. 105–118
Saïdi, H. (2000) Model checking guided abstraction and analysis. In: Palsberg, J. (ed) SAS’00: Static analysis, Lecture Notes in Computer Science, vol. 1824. Springer, Berlin Heidelberg New York, pp. 377–396
Schmidt, D. (1998) Data flow analysis is model checking of abstract interpretation. In: POPL 98: Principlesof programming languages. ACM, New York, pp.38–48
Sharir, M., Pnueli, A. (1981) Two approaches to interprocedural data flow analysis. In: Program flow analysis: theory and applications. Prentice-Hall, Englewood Cliffs, N.J., USA,pp. 189–233
Steffen, B. (1991) Data flow analysis as model checking. In: TACS 91: Theoretical aspects of computer science, Lecture Notes in Computer Science, vol. 536. Springer, Berlin Heidelberg New York, pp. 346–365
Yavuz-Kahveci, T., Bultan, T. (2003) A symbolic manipulator for automated verification of reactive systems with heterogeneous data types. Int J Softw Tools Technol Tranfer 5(1): 15, 2003
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Ball, T., Podelski, A. & Rajamani, S. Boolean and Cartesian abstraction for model checking C programs. Int J Softw Tools Technol Transfer 5, 49–58 (2003). https://doi.org/10.1007/s10009-002-0095-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-002-0095-0