article

Automatic predicate abstraction of C programs

Authors:

Rupak Majumdar,

Todd Millstein,

Sriram K. RajamaniAuthors Info & Claims

ACM SIGPLAN Notices, Volume 36, Issue 5

Pages 203 - 213

https://doi.org/10.1145/381694.378846

Published: 01 May 2001 Publication History

Abstract

Model checking has been widely successful in validating and debugging designs in the hardware and protocol domains. However, state-space explosion limits the applicability of model checking tools, so model checkers typically operate on abstractions of systems.

Recently, there has been significant interest in applying model checking to software. For infinite-state systems like software, abstraction is even more critical. Techniques for abstracting software are a prerequisite to making software model checking a reality.

We present the first algorithm to automatically construct a predicate abstraction of programs written in an industrial programming language such as C, and its implementation in a tool — C2BP. The C2BP tool is part of the SLAM toolkit, which uses a combination of predicate abstraction, model checking, symbolic reasoning, and iterative refinement to statically check temporal safety properties of programs.

Predicate abstraction of software has many applications, including detecting program errors, synthesizing program invariants, and improving the precision of program analyses through predicate sensitivity. We discuss our experience applying the C2BP predicate abstraction tool to a variety of problems, ranging from checking that list-manipulating code preserves heap invariants to finding errors in Windows NT device drivers.

References

[1]

G. Ammons and J. R. Larus. Improving data- flow analysis with path profiles. In PLDI 98: Programming Language Design and Implementation, pages 72-84. ACM, 1998.]]

Digital Library

[2]

T. Ball, S. Chaki, and S. K. Rajamani. Parameterized verification of multithreaded software libraries. In TACAS 01: Tools and Algorithms for Construction and Analysis of Systems, LNCS 2031. Springer-Verlag, 2001.]]

Digital Library

[3]

T. Ball, T. Millstein, and S. K. Rajamani. Polymorphic predicate abstraction. Technical Report MSR Technical Report 2001-10, Microsoft Research, 2000.]]

[4]

T. Ball, A. Podelski, and S. K. Rajamani. Boolean and cartesian abstractions for model checking C programs. In TACAS 01: Tools and Algorithms for Construction and Analysis of Systems, LNCS 2031. Springer-Verlag, 2001.]]

Digital Library

[5]

T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for Boolean programs. In SPIN 00: SPIN Workshop, LNCS 1885, pages 113-130. Springer-Verlag, 2000.]]

Digital Library

[6]

T. Ball and S. K. Rajamani. Automatically validating temporal safety properties of interfaces. In SPIN 2001: SPIN Workshop, LNCS 2057, May 2001.]]

Digital Library

[7]

D. Blei and et al. Vampyre: A proof generating theorem prover - http://www.eecs.berkeley.edu/~rupak/vampyre.]]

[8]

R. Bodik and S. Anik. Path-sensitive value- flow analysis. In POPL 98: Principles of Programming Languages, pages 237-251. ACM, 1998.]]

Digital Library

[9]

R. Bryant. Graph-based algorithms for boolean function manipulation. IEEE Transactions on Computers, C-35(8):677- 691, 1986.]]

Digital Library

[10]

J. Corbett, M. Dwyer, J. Hatcliff, C. Pasareanu, Robby, S. Laubach, and H. Zheng. Bandera : Extracting finitestate models from Java source code. In ICSE 00: Software Engineering, 2000.]]

Digital Library

[11]

P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for the static analysis of programs by construction or approximation of fixpoints. In POPL 77: Principles of Programming Languages, pages 238-252. ACM, 1977.]]

Digital Library

[12]

M. Das. Unification-based pointer analysis with directional assignments. In PLDI 00: Programming Language Design and Implementation, pages 35-46. ACM, 2000.]]

Digital Library

[13]

S. Das, D. L. Dill, and S. Park. Experience with predicate abstraction. In CAV 00: Computer-Aided Verification, LNCS 1633, pages 160-171. Springer-Verlag, 1999.]]

Digital Library

[14]

R. DeLine and M. Fahndrich. Enforcing high-level protocols in low-level software. In PLDI 01: Programming Language Design and Implementation. ACM, 2001.]]

Digital Library

[15]

D. Detlefs, G. Nelson, and J. Saxe. Simplify theorem prover - http://research.compaq.com/src/esc/simplify.html.]]

[16]

E. Dijkstra. A Discipline of Programming. Prentice-Hall, 1976.]]

Digital Library

[17]

M. Dwyer, J. Hatcliff, R. Joehanes, S. Laubach, C. Pasareanu, Robby, W. Visser, and H. Zheng. Tool-supported program abstraction for finite-state verification. In ICSE 01: Software Engineering (to appear), 2001.]]

Digital Library

[18]

C. Flanagan, R. Joshi, and K. R. M. Leino. Annotation inference for modular checkers. Information Processing Letters (to appear), 2001.]]

Digital Library

[19]

S. Graf and H. Sadi. Construction of abstract state graphs with PVS. In CAV 97:Computer-aided Verification, LNCS 1254, pages 72-83. Springer-Verlag, 1997.]]

Digital Library

[20]

D. Gries. The Science of Programming. Springer-Verlag, 1981.]]

Digital Library

[21]

N. Heintze. Set-based analysis of ML programs. In LFP 94: LISP and Functional Programming, pages 306-317. ACM, 1994.]]

Digital Library

[22]

S. Ishtiaq and P. O'Hearn. BI as an assertion language for mutable data structures. In POPL 01: Principles of Programming Languages, pages 14-26. ACM, 2001.]]

Digital Library

[23]

L. Lamport. Proving the correctness of multiprocess programs. IEEE Transactions on Software Engineering, SE- 3(2):125-143, 1977.]]

Digital Library

[24]

W. Landi, B. G. Ryder, and S. Zhang. Interprocedural side effect analysis with pointer aliasing. In PLDI 93: Programming Language Design and Implementation, pages 56-67. ACM, 1993.]]

Digital Library

[25]

J. M. Morris. A general axiom of assignment. In Theoretical Foundations of Programming Methodology, Lecture Notes of an International Summer School, pages 25-34. D. Reidel Publishing Company, 1982.]]

[26]

G. Necula. Proof carrying code. In POPL 97: Principles of Programming Languages, pages 106-119. ACM, 1997.]]

Digital Library

[27]

G. Nelson. Techniques for program verification. Technical Report CSL81-10, Xerox Palo Alto Research Center, 1981.]]

[28]

T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural data ow analysis via graph reachability. In POPL 95: Principles of Programming Languages, pages 49-61. ACM, 1995.]]

Digital Library

[29]

J. C. Reynolds. Intuitionistic reasoning about shared mutable data structure. In Millenial Perspectives in Computer Science, pages 303-321. Palgrave, 2001.]]

[30]

M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. In POPL 99: Principles of Programming Languages, pages 105-118. ACM, 1999.]]

Digital Library

[31]

M. Sharir and A. Pnueli. Two approaches to interprocedural data dalow analysis. In Program Flow Analysis: Theory and Applications, pages 189-233. Prentice-Hall, 1981.]]

[32]

N. Suzuki and K. Ishihata. Implementation of an array bound checker. In POPL 77: Principles of Programming Languages, pages 132-143. ACM, 1977.]]

Digital Library

[33]

Z. Xu, B. P. Miller, and T. Reps. Safety checking of machine code. In PLDI 00: Programming Language Design and Implementation, pages 70-82. ACM, 2000.]]

Digital Library

Cited By

Jevitha KJayaraman BSethumadhavan M(2024)Runtime verification on abstract finite state modelsJournal of Systems and Software10.1016/j.jss.2024.112138216(112138)Online publication date: Oct-2024
https://doi.org/10.1016/j.jss.2024.112138
Lu HWang HGui JChen PHuang H(2022)A novel data-driven approach on inferring loop invariants for C programsJournal of Computer Languages10.1016/j.cola.2022.10113571(101135)Online publication date: Aug-2022
https://doi.org/10.1016/j.cola.2022.101135
Rungta N(2022)A Billion SMT Queries a Day (Invited Paper)Computer Aided Verification10.1007/978-3-031-13185-1_1(3-18)Online publication date: 7-Aug-2022
https://dl.acm.org/doi/10.1007/978-3-031-13185-1_1
Show More Cited By

Index Terms

Automatic predicate abstraction of C programs
1. Software and its engineering
2. Theory of computation
  1. Logic
    1. Verification by model checking

Recommendations

Automatic predicate abstraction of C programs
Supplemental issue

Model checking has been widely successful in validating and debugging designs in the hardware and protocol domains. However, state-space explosion limits the applicability of model checking tools, so model checkers typically operate on abstractions of ...
Automatic predicate abstraction of C programs
PLDI '01: Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation

Model checking has been widely successful in validating and debugging designs in the hardware and protocol domains. However, state-space explosion limits the applicability of model checking tools, so model checkers typically operate on abstractions of ...
Transition predicate abstraction and fair termination
POPL '05: Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Predicate abstraction is the basis of many program verification tools. Until now, the only known way to overcome the inherent limitation of predicate abstraction to safety properties was to manually annotate the finite-state abstraction of a program. We ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 36, Issue 5

May 2001

330 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/381694

Issue’s Table of Contents

PLDI '01: Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
June 2001
331 pages
ISBN:1581134142
DOI:10.1145/378795
Chairmen:
Michael Burke
IBM T.J. Watson Research Center
,
Mary Lou Soffa
Univ. of Pittsburgh

Copyright © 2001 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2001

Published in SIGPLAN Volume 36, Issue 5

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

661
Total Citations
View Citations
3,626
Total Downloads

Downloads (Last 12 months)90
Downloads (Last 6 weeks)3

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jevitha KJayaraman BSethumadhavan M(2024)Runtime verification on abstract finite state modelsJournal of Systems and Software10.1016/j.jss.2024.112138216(112138)Online publication date: Oct-2024
https://doi.org/10.1016/j.jss.2024.112138
Lu HWang HGui JChen PHuang H(2022)A novel data-driven approach on inferring loop invariants for C programsJournal of Computer Languages10.1016/j.cola.2022.10113571(101135)Online publication date: Aug-2022
https://doi.org/10.1016/j.cola.2022.101135
Rungta N(2022)A Billion SMT Queries a Day (Invited Paper)Computer Aided Verification10.1007/978-3-031-13185-1_1(3-18)Online publication date: 7-Aug-2022
https://dl.acm.org/doi/10.1007/978-3-031-13185-1_1
Lee NKim YKim MRyu DBaik J(2021)Directed Model Checking for Fast Abstract Reachability AnalysisIEEE Access10.1109/ACCESS.2021.31305699(158738-158750)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3130569
Alam MHalder R(2021)Formal Verification of Database Applications Using Predicate AbstractionSN Computer Science10.1007/s42979-020-00426-22:3Online publication date: 11-Mar-2021
https://dl.acm.org/doi/10.1007/s42979-020-00426-2
Nxumalo MTimm NGruner S(2021)Spotlight Abstraction in Model Checking Real-Time Task SchedulabilityModel Checking Software10.1007/978-3-030-84629-9_4(63-80)Online publication date: 3-Aug-2021
https://doi.org/10.1007/978-3-030-84629-9_4
Johnson AWahl T(2021)Delay-Bounded Scheduling Without Delay!Computer Aided Verification10.1007/978-3-030-81685-8_18(380-402)Online publication date: 15-Jul-2021
https://doi.org/10.1007/978-3-030-81685-8_18
Zhang HGupta AMalik S(2021)Syntax-Guided Synthesis for Lemma Generation in Hardware Model CheckingVerification, Model Checking, and Abstract Interpretation10.1007/978-3-030-67067-2_15(325-349)Online publication date: 12-Jan-2021
https://doi.org/10.1007/978-3-030-67067-2_15
Yu QHe FWang B(2020)Incremental predicate analysis for regression verificationProceedings of the ACM on Programming Languages10.1145/34282524:OOPSLA(1-25)Online publication date: 13-Nov-2020
https://doi.org/10.1145/3428252
Lu HGui JWang CHuang H(2020)A Novel Data-Driven Approach for Generating Verified Loop Invariants2020 International Symposium on Theoretical Aspects of Software Engineering (TASE)10.1109/TASE49443.2020.00011(9-16)Online publication date: Dec-2020
https://doi.org/10.1109/TASE49443.2020.00011
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents