article

Compositional verification of sequential programs with procedures

Authors:

Marieke Huisman,

Christoph SprengerAuthors Info & Claims

Information and Computation, Volume 206, Issue 7

Pages 840 - 868

https://doi.org/10.1016/j.ic.2008.03.003

Published: 01 July 2008 Publication History

Abstract

We present a method for algorithmic, compositional verification of control-flow-based safety properties of sequential programs with procedures. The application of the method involves three steps: (1) decomposing the desired global property into local properties of the components, (2) proving the correctness of the property decomposition by using a maximal model construction, and (3) verifying that the component implementations obey their local specifications. We consider safety properties of both the structure and the behaviour of program control flow. Our compositional verification method builds on a technique proposed by Grumberg and Long that uses maximal models to reduce compositional verification of finite-state parallel processes to standard model checking. We present a novel maximal model construction for the fragment of the modal @m-calculus with boxes and greatest fixed points only, and adapt it to control-flow graphs modelling components described in a sequential procedural language. We extend our verification method to programs with private procedures by defining an abstraction, presented as an inlining transformation. All algorithms have been implemented in a tool set automating all required verification steps. We validate our approach on an electronic purse case study.

References

[1]

Common Criteria. Available from: http://www.commoncriteriaportal.org.

[2]

Chugunov, G., Fredlund, L. and Gurov, D., Model checking of multi-applet JavaCard applications. In: Smart Card Research and Advanced Application Conference (CARDIS '02), USENIX Publications. pp. 87-95.

[3]

Esparza, J., Hansel, D., Rossmanith, P. and Schwoon, S., Efficient algorithms for model checking pushdown systems. In: LNCS, vol. 1855. Springer Verlag. pp. 232-247.

Digital Library

[4]

Besson, F., Jensen, T., Le Métayer, D. and Thorn, T., Model checking security properties of control flow graphs. Journal of Computer Security. v9 i3. 217-250.

[5]

Alur, R., Benedikt, M., Etessami, K., Godefroid, P., Reps, T. and Yannakakis, M., Analysis of recursive state machines. ACM TOPLAS. v27. 786-818.

[6]

Grumberg, O. and Long, D., Model checking and modular verification. ACM TOPLAS. v16 i3. 843-871.

[7]

Barthe, G., Gurov, D. and Huisman, M., Compositional verification of secure applet interactions. In: LNCS, vol. 2306. Springer Verlag. pp. 15-32.

Digital Library

[8]

Kozen, D., Results on the propositional μ-calculus. Theoretical Computer Science. v27. 333-354.

[9]

Bouajjani, A., Fernandez, J., Graf, S., Rodriguez, C. and Sifakis, J., Safety for branching time semantics. In: LNCS, vol. 501. Springer Verlag. pp. 76-92.

Digital Library

[10]

Burkart, O., Caucal, D., Moller, F. and Steffen, B., Verification on infinite structures. In: Bergstra, J., Ponse, A., Smolka, S. (Eds.), Handbook of Process Algebra, North Holland. pp. 545-623.

[11]

D. Gurov, M. Huisman, Reducing behavioural to structural properties of programs with procedures, Tech. Rep. TRITA-CSC-TCS 2007:3, KTH Royal Institute of Technology, Stockholm. 2007. Available from: http://www.csc.kth.se/~dilian/Papers/techrep-07-3.pdf.

[12]

R. Vallée-Rai, L. Hendren, V. Sundaresan, P. Lam, E. Gagnon, P. Co, Soot---a Java Optimization Framework, in: CASCON '99, 1999, pp. 125--135. Available from: http://www.sable.mcgill.ca/soot/.

[13]

Lal, A. and Reps, T.W., Improving pushdown system model checking. In: LNCS, vol. 4144. Springer Verlag. pp. 343-357.

[14]

Alur, R., Etessami, K. and Madhusudan, P., A temporal logic for nested calls and returns. In: LNCS, vol. 2998. Springer Verlag. pp. 467-481.

Digital Library

[15]

Alur, R., Arenas, M., Barcelo, P., Etessami, K., Immerman, N. and Libkin, L., First-order and temporal logics for nested words. In: Logic in Computer Science (LICS '07), IEEE Computer Society, Washington, DC, USA. pp. 151-160.

[16]

W.-P. de Roever, F. de Boer, U. Hannemann, J. Hooman, Y. Lakhnech, M. Poel, J. Zwiers, Concurrency Verification: Introduction to Compositional and Noncompositional Methods, No. 54 in Cambridge Tracts in Theoretical Computer Science, Cambridge University Press, 2001.

[17]

Laster, K. and Grumberg, O., Modular model checking of software. In: LNCS, vol. 1384. Springer Verlag. pp. 20-35.

[18]

Alur, R. and Grosu, R., Modular refinement of hierarchic reactive machines. ACM TOPLAS. v26. 339-360.

[19]

Ly, O., Compositional verification: Decidability issues using graph substitutions. In: LNCS, vol. 3153. Springer Verlag. pp. 537-549.

Digital Library

[20]

Andersen, H., Partial model checking (extended abstract). In: Logic in Computer Science (LICS '95), IEEE Computer Society Press. pp. 398-407.

[21]

Kupferman, O. and Vardi, M., An automata-theoretic approach to modular model checking. ACM TOPLAS. v22 i1. 87-128.

[22]

Boudol, G. and Larsen, K., Graphical versus logical specifications. Theoretical Computer Science. v106. 3-20.

[23]

Larsen, K., Modal specifications. In: LNCS, vol. 407. Springer Verlag. pp. 232-246.

Digital Library

[24]

Hennessy, M. and Milner, R., Algebraic laws for nondeterminism and concurrency. Journal of the ACM. v32. 137-161.

Digital Library

[25]

Dams, D. and Namjoshi, K., The existence of finite abstractions for branching time model checking. In: Nineteenth Annual IEEE Symposium on Logic in Computer Science (LICS '04), IEEE Computer Society Press. pp. 335-344.

[26]

Dams, D. and Namjoshi, K., Automata as abstractions. In: LNCS, vol. 3385. Springer Verlag. pp. 216-232.

Digital Library

[27]

Goldman, M. and Katz, S., MAVEN: Modular aspect verification. In: LNCS, vol. 4424. Springer Verlag. pp. 308-322.

Digital Library

[28]

Sprenger, C., Gurov, D. and Huisman, M., Compositional verification for secure loading of smart card applets. In: Formal Methods and Models for Co-Design (MEMOCODE '04), IEEE Computer Society. pp. 211-222.

[29]

Gurov, D. and Huisman, M., Interface abstraction for compositional verification. In: Software Engineering and Formal Methods (SEFM'05), IEEE Computer Society. pp. 414-423.

[30]

Huisman, M., Gurov, D., Sprenger, C. and Chugunov, G., Checking absence of illicit applet interactions: a case study. In: LNCS, vol. 2984. Springer Verlag. pp. 84-98.

Digital Library

[31]

H. Bekič, Definable operators in general algebras, and the theory of automata and flowcharts, Tech. Rep., IBM Laboratory, 1967.

[32]

Stirling, C., Modal and Temporal Logics of Processes. 2001. Springer Verlag.

[33]

Tarski, A., A lattice-theoretical fixpoint theorem and its applications. Pacific Journal of Mathematics. v5. 285-310.

[34]

Arnold, A. and Niwiński, D., . 2001. Studies in Logic and the Foundations of Mathematics, 2001.Elsevier Publishing.

[35]

I. Walukiewicz, Pushdown processes: games and model checking, in: Computer Aided Verification (CAV '96), LNCS, vol. 1102, 1996, pp. 62--75.

[36]

C. Sprenger, D. Gurov, M. Huisman, Simulation logic, applets and compositional verification, Tech. Rep. RR-4890, INRIA, 2003.

[37]

D. Gurov, M. Huisman, Abstraction over public interfaces, Tech. Rep. RR-5330, INRIA, 2004.

[38]

Cleaveland, R., Parrow, J. and Steffen, B., A semantics based verification tool for finite state systems. In: International Symposium on Protocol Specification, Testing and Verification, North-Holland Publishing Co., Amsterdam, The Netherlands. pp. 287-302.

[39]

D. Polanský, Verifying properties of infinite-state systems, Master's thesis, Masaryk University, Faculty of Informatics, Brno, 2000.

[40]

A. Bouajjani, J. Esparza, O. Maler, Reachability analysis of pushdown automata: Application to model-checking, in: International Conference on Concurrency Theory (CONCUR '97), vol. 1243 of LNCS, 1997, pp. 135--150.

[41]

E. Bretagne, A.E. Marouani, P. Girard, J.-L. Lanet, PACAP purse and loyalty specification, Tech. Rep. V 0.4, Gemplus, 2000.

[42]

Breunesse, C., Cataòo, N., Huisman, M. and Jacobs, B., Formal methods for smart cards: an experience report. Science of Computer Programming. v55 i1--3. 53-80.

[43]

Bieber, P., Cazin, J., Girard, P., Lanet, J.-L., Wiels, V. and Zanon, G., Checking secure interactions of smart card applets. Journal of Computer Security. v10 i4. 369-398.

[44]

Corbett, J., Dwyer, M., Hatcliff, J. and Robby, A language framework for expressing checkable properties of dynamic software. In: LNCS, vol. 1885. Springer Verlag. pp. 205-223.

Digital Library

[45]

Ramalingam, G., Context-sensitive synchronization-sensitive analysis is undecidable. ACM TOPLAS. v22 i2. 416-430.

[46]

Bouajjani, A., Esparza, J. and Touili, T., A generic approach to the static analysis of concurrent programs with procedures. SIGPLAN Notes. v38 i1. 62-73.

[47]

Bouajjani, A., Esparza, J., Schwoon, S. and Strejček, J., Reachability analysis of multithreaded software with asynchronous communication. In: LNCS, vol. 3821. Springer Verlag. pp. 348-359.

Digital Library

[48]

Qadeer, S. and Rehof, J., Context-bounded model checking of concurrent software. In: LNCS, vol. 3440. Springer Verlag. pp. 93-107.

[49]

Aktug, I. and Gurov, D., State space representation for verification of open systems. In: LNCS, vol. 4019. Springer Verlag. pp. 5-20.

Digital Library

Cited By

Westman JNyberg M(2018)Conditions of contracts for separating responsibilities in heterogeneous systemsFormal Methods in System Design10.1007/s10703-017-0294-752:2(147-192)Online publication date: 1-Apr-2018
https://dl.acm.org/doi/10.1007/s10703-017-0294-7
Soleimanifard SGurov D(2016)Algorithmic verification of procedural programs in the presence of code variabilityScience of Computer Programming10.1016/j.scico.2015.08.010127:C(76-102)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1016/j.scico.2015.08.010
Amighi AGomes PGurov DHuisman M(2016)Provably correct control flow graphs from Java bytecode programs with exceptionsInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-015-0375-018:6(653-684)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1007/s10009-015-0375-0
Show More Cited By

Index Terms

Compositional verification of sequential programs with procedures

Recommendations

Reducing behavioural to structural properties of programs with procedures

There is an intimate link between program structure and behaviour. Exploiting this link to phrase program correctness problems in terms of the structural properties of a program graph rather than in terms of its unfoldings is a useful strategy for ...
Multi-parameterised compositional verification of safety properties

We introduce a fully automatic technique for the parameterised verification of safety properties. The technique combines compositionality and completeness with support to multiple parameters and it is implemented in a tool. We start with an LTS-based (...
Efficient Verification of Sequential and Concurrent C Programs

There has been considerable progress in the domain of software verification over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques such as predicate abstraction. ...

Comments

Information & Contributors

Information

Published In

cover image Information and Computation

Information and Computation Volume 206, Issue 7

July, 2008

141 pages

ISSN:0890-5401

Issue’s Table of Contents

Copyright © Elsevier Inc. © 2008.

Publisher

Academic Press, Inc.

United States

Publication History

Published: 01 July 2008

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Westman JNyberg M(2018)Conditions of contracts for separating responsibilities in heterogeneous systemsFormal Methods in System Design10.1007/s10703-017-0294-752:2(147-192)Online publication date: 1-Apr-2018
https://dl.acm.org/doi/10.1007/s10703-017-0294-7
Soleimanifard SGurov D(2016)Algorithmic verification of procedural programs in the presence of code variabilityScience of Computer Programming10.1016/j.scico.2015.08.010127:C(76-102)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1016/j.scico.2015.08.010
Amighi AGomes PGurov DHuisman M(2016)Provably correct control flow graphs from Java bytecode programs with exceptionsInternational Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-015-0375-018:6(653-684)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1007/s10009-015-0375-0
Soleimanifard SGurov DHuisman M(2015)Procedure-modular specification and verification of temporal safety propertiesSoftware and Systems Modeling (SoSyM)10.1007/s10270-013-0321-014:1(83-100)Online publication date: 1-Feb-2015
https://dl.acm.org/doi/10.1007/s10270-013-0321-0
Gurov DHuisman M(2013)Reducing behavioural to structural properties of programs with proceduresTheoretical Computer Science10.5555/2846456.2846502480:C(69-103)Online publication date: 8-Apr-2013
https://dl.acm.org/doi/10.5555/2846456.2846502
Amighi Ade C. Gomes PGurov DHuisman M(2012)Sound control-flow graph extraction for java programs with exceptionsProceedings of the 10th international conference on Software Engineering and Formal Methods10.1007/978-3-642-33826-7_3(33-47)Online publication date: 1-Oct-2012
https://dl.acm.org/doi/10.1007/978-3-642-33826-7_3
Soleimanifard SGurov DHuisman M(2011)ProMoVerProceedings of the 9th international conference on Software engineering and formal methods10.5555/2075679.2075706(366-381)Online publication date: 14-Nov-2011
https://dl.acm.org/doi/10.5555/2075679.2075706
Fontaine AHym SSimplot-Ryl I(2011)On-device control flow verification for Java programsProceedings of the Third international conference on Engineering secure software and systems10.5555/1946341.1946347(43-57)Online publication date: 9-Feb-2011
https://dl.acm.org/doi/10.5555/1946341.1946347
Fontaine AHym SSimplot-Ryl I(2011)Verifiable control flow policies for java bytecodeProceedings of the 8th international conference on Formal Aspects of Security and Trust10.1007/978-3-642-29420-4_8(115-130)Online publication date: 12-Sep-2011
https://dl.acm.org/doi/10.1007/978-3-642-29420-4_8
Huisman MGurov D(2010)CVPPProceedings of the 2010 international conference on Formal verification of object-oriented software10.5555/1949303.1949311(107-121)Online publication date: 28-Jun-2010
https://dl.acm.org/doi/10.5555/1949303.1949311
Show More Cited By

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents