Skip to main content
SpringerLink
Log in

Combining predicate and numeric abstraction for software model checking

  • VSTTE 2008
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

Predicate (PA) and numeric (NA) abstractions are the two principal techniques for software analysis. In this paper, we develop an approach to couple the two techniques tightly into a unified framework via a single abstract domain called NumPredDom. In particular, we develop and evaluate four data structures that implement NumPredDom but differ in their expressivity and internal representation and algorithms. All our data structures combine BDDs (for efficient propositional reasoning) with data structures for representing numerical constraints. Our technique is distinguished by its support for complex transfer functions that allow two-way interaction between predicate and numeric information during state transformation. We have implemented a general framework for reachability analysis of C programs on top of our four data structures. Our experiments on non-trivial examples show that our proposed combination of PA and NA is more powerful and more efficient than either technique alone.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Bahar R.I., Frohm E.A., Gaona C.M., Hachtel G.D., Macii E., Pardo A., Somenzi F.: Algebraic decision diagrams and their applications. Formal Methods Syst Des (FMSD) 10(2/3), 171–206 (1997)

    Article  Google Scholar 

  2. Ball, T., Podelski, A., Rajamani, S.K.: Boolean and Cartesian abstraction for model checking C programs. In: Margaria, T., Yi, W. (eds.) Proceedings of the 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS ’01), Genova, Italy. Lecture Notes in Computer Science, vol. 2031, pp. 268–283. Springer-Verlag, Berlin (2001)

  3. Ball, T., Rajamani, S.K.: Automatically validating temporal safety properties of interfaces. In: Dwyer, M.B. (ed.) Proceedings of the 8th International SPIN Workshop on Model Checking of Software (SPIN ’01), Toronto, Canada, 19–20 May 2001. Lecture Notes in Computer Science, vol. 2057, pp. 103–122. Springer, New York (2001)

  4. Beyer, D., Henzinger, T. A., Théoduloz, G.: Lazy shape analysis. In: Ball, T., Jones, R.B. (eds.) Proceedings of the 18th International Conference on Computer Aided Verification (CAV ’06), Seattle, WA, 17–20 August 2006. Lecture Notes in Computer Science, vol. 4144, pp. 532–546. Springer, New York (2006)

  5. Beyer, D., Henzinger, T.A., Theoduloz, G.: Configurable software verification: concretizing the convergence of model checking and program analysis. In: Damm, W., Hermanns, H. (eds.) Proceedings of the 19th International Conference on Computer Aided Verification (CAV ’07). Lecture Notes in Computer Science, vol. 4590, pp. 504–518. Springer, Berlin (2007)

  6. Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. In: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLDI ’03), San Diego, CA, 9–11 June 2003, pp. 196–207. Association for Computing Machinery, New York (2003)

  7. Bryant R.E.: Graph-Based Algorithms for Boolean Function Manipulation. IEEE Trans Comput (TC) 35(8), 677–691 (1986)

    Article  MATH  Google Scholar 

  8. Bultan T., Gerber R., League C.: Composite model-checking: verification with type-specific symbolic representations. ACM Trans Softw Eng Methodol (TOSEM) 9(1), 3–50 (2000)

    Article  Google Scholar 

  9. Cavada R., Cimatti A., Franzén A., Kalyanasundaram K., Roveri, M., Shyamasundar, R.K.: Computing predicate abstractions by integrating BDDs and SMT solvers. In: Proceedings of the 7th International Conference on Formal Methods in Computer-Aided Design (FMCAD ’07), pp. 69–76. (2007)

  10. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Proceedings of the 6th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Langauges (POPL ’79), pp. 269–282. Association for Computing Machinery, San Antonio (1979)

  11. Cousot P., Cousot R.: Abstract interpretation frameworks. J Logic Comput (JLC) 2(4), 511–547 (1992)

    Article  MATH  MathSciNet  Google Scholar 

  12. Fischer, J., Jhala, R., Majumdar, R.: Joining dataflow with predicates. In: Proceedings of the 13th ACM SIGSOFT Symposium on Foundations of Software Engineering (FSE ’05), Lisbon, Portugal, 5–9 September 2005, pp. 227–236. Association for Computing Machinery, New York (2005)

  13. Graf, S., Saïdi, H.: Construction of Abstract State Graphs with PVS. In: Grumberg, O. (ed.) Proceedings of the 9th International Conference on Computer Aided Verification (CAV ’97), Haifa, Israel, 22–25 June 1997. Lecture Notes in Computer Science, vol. 1254, pp. 72–83. Springer, New York (1997)

  14. Gulavani, B.S., Chakraborty, S., Nori, A.V., Rajamani, S.K.: Automatically Refining Abstract Interpretations. In: Ramakrishnan, C.R., Rehof, J. (eds.) Proceedings of the 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS ’08). Lecture Notes in Computer Science, vol. 4963, pp. 443–458, Springer, Budapest (2008)

  15. Gulwani, S., Tiwari, A.: Combining abstract interpreters. In: Proceedings of the ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation (PLDI ’06), Ottawa, Ontario, Canada, 11–14 June 2006, pp. 376–386. Association for Computing Machinery, New York (2006)

  16. Gurfinkel A., Chaki, S.: Combining predicate and numeric abstraction for software model checking. In: Proceedings of the 8th International Conference on Formal Methods in Computer-Aided Design (FMCAD ’08), pp. 127–135. IEEE Computer Society, Portland (2008)

  17. Gurfinkel, A., Chaki, S.: Combining predicate and numeric abstraction for software model checking (EXTENDED ABSTRACT). In: Rozier, K.Y. (ed.) Proceedings of the 6th NASA Langley Formal Methods Workshop (LFM ’08), pp. 47–49. Langley (2008)

  18. Jain, H., Ivancic, F., Gupta, A., Shlyakhter, I., Wang, C.: Using statically computed invariants inside the predicate abstraction and refinement loop. In: Ball, T., Jones, R.B. (eds.) Proceedings of the 18th International Conference on Computer Aided Verification (CAV ’06), Seattle, WA, 17–20 August 2006. Lecture Notes in Computer Science, vol. 4144, pp. 137–151. Springer, New York (2006)

  19. Lahiri, S., Nieuwenhuis, R., Oliveras, A.: SMT techniques for fast predicate abstraction. In: Proceedings of the 18th International Conference on Computer Aided Verification (CAV ’06). Lecture Notes in Computer Science, vol. 4144, pp. 424–437, Springer, Seattle (2006)

  20. Mauborgne, L., Rival, X.: Trace partitioning in abstract interpretation based static analyzers. In: Sagiv, S. (ed.) Proceedings of the 14th European Symposium on Programming (ESOP ’05). Lecture Notes in Computer Science, vol. 3444, pp. 5–20. Springer, Edinburgh (2005)

  21. McMillan, K.: Lazy abstraction with interpolants. In: Proceedings of the 18th International Conference on Computer Aided Verification (CAV ’06). Lecture Notes in Computer Science, vol. 4144, pp. 123–136. Springer, Seattle (2006)

  22. Møller, J.B., Lichtenberg, J., Andersen, H.R., Hulgaard, H.: Difference decision diagrams. In: Flum, J., Rodríguez-Artalejo, M. (eds.) Proceedings of Computer Science Logic 1999. Lecture Notes in Computer Science, vol. 1683, pp. 111–125. Springer, Madrid (1999)

  23. Zitser, M., Lippmann, R., Leek, T.: Testing static analysis tools using exploitable buffer overflows from open source code. In: Proceedings of the 12th ACM SIGSOFT Symposium on Foundations of Software Engineering (FSE ’04), Newport Beach, CA, October 31–November 5, 2004, pp. 97–106. Association for Computing Machinery, New York (2004)

Download references

Author information

Authors and Affiliations

  1. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA

    Arie Gurfinkel & Sagar Chaki

Authors
  1. Arie Gurfinkel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sagar Chaki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Arie Gurfinkel.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Gurfinkel, A., Chaki, S. Combining predicate and numeric abstraction for software model checking. Int J Softw Tools Technol Transfer 12, 409–427 (2010). https://doi.org/10.1007/s10009-010-0162-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-010-0162-x

Keywords

Search

Navigation