research-article

Back to the future: revisiting precise program verification using SMT solvers

Authors:

Shuvendu Lahiri,

Shaz QadeerAuthors Info & Claims

ACM SIGPLAN Notices, Volume 43, Issue 1

Pages 171 - 182

https://doi.org/10.1145/1328897.1328461

Published: 07 January 2008 Publication History

Abstract

This paper takes a fresh look at the problem of precise verification of heap-manipulating programs using first-order Satisfiability-Modulo-Theories (SMT) solvers. We augment the specification logic of such solvers by introducing the Logic of Interpreted Sets and Bounded Quantification for specifying properties of heap-manipulating programs. Our logic is expressive, closed under weakest preconditions, and efficiently implementable on top of existing SMT solvers. We have created a prototype implementation of our logic over the solvers Simplify and Z3 and used our prototype to verify many programs. Our preliminary experience is encouraging; the completeness and the efficiency of the decisionprocedure is clearly evident in practice and has greatly improved the user experience of the verifier.

References

[1]

I. Balaban, A. Pnueli, and L.D. Zuck. Shape analysis by predicate abstraction. In Verification, Model checking, and Abstract Interpretation (VMCAI '05), LNCS 3385, pages 164--180, 2005.

Digital Library

[2]

T. Ball, R. Majumdar, T. Millstein, and S.K. Rajamani. Automatic predicate abstraction of C programs. In Programming Language Design and Implementation (PLDI '01), pages 203--213, 2001.

Digital Library

[3]

M. Barnett and K.R.M. Leino. Weakest-precondition of unstructured programs. In Program Analysis For Software Tools and Engineering (PASTE'05), pages 82--87, 2005.

Digital Library

[4]

M. Barnett, K.R.M. Leino, and W. Schulte. The Spec# programming system: An overview. In Construction and Analysis of Safe, Secure and Interoperable Smart Devices, LNCS 3362, pages 49--69, 2005.

Digital Library

[5]

J. Berdine, C. Calcagno, B. Cook, D. Distefano, P. O'Hearn, T. Wies, and H. Yang. Shape analysis for composite data structures. In Computer Aided Verification (CAV '07), LNCS 4590, pages 178--192, 2007.

Digital Library

[6]

J. Berdine, C. Calcagno, and P.W. O'Hearn. A decidable fragment of separation logic. In FSTTCS '04: Foundations of Software Technology and Theoretical Computer Science, LNCS 3328, pages 97--109, 2004.

Digital Library

[7]

E. Börger, E. Grädel, and Y. Gurevich. The Classical Decision Problem. Springer-Verlag, 1997.

[8]

S. Chatterjee, S.K. Lahiri, S. Qadeer, and Z. Rakamarić. A reachability predicate for analyzing low-level software. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS '07), LNCS 4424, pages 19--33, 2007.

Digital Library

[9]

E.M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. In Computer Aided Verification (CAV '00), LNCS 1855, pages 154--169, 2000.

Digital Library

[10]

L. de Moura and N. Bjorner. Efficient Incremental E-matching for SMT Solvers. In Conference on Automated Deduction (CADE '07), LNCS 4603, pages 183--198, 2007.

Digital Library

[11]

R. DeLine and K.R.M. Leino. BoogiePL: A typed procedural language for checking object-oriented programs. Technical Report MSR-TR-2005-70, Microsoft Research, 2005.

[12]

D. Detlefs, G. Nelson, and J.B. Saxe. Simplify: a theorem prover for program checking. J. ACM, 52(3):365--473, 2005.

Digital Library

[13]

E.W. Dijkstra. A Discipline of Programming. Prentice-Hall, 1976.

Digital Library

[14]

D. Distefano, P.W. O'Hearn, and H. Yang. A local shape analysis based on separation logic. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS '06), LNCS 3920, pages 287--302, 2006.

Digital Library

[15]

B. Dutertre and L.M. de Moura. A Fast Linear-Arithmetic Solver for DPLL(T). In Computer Aided Verification (CAV '06), LNCS 4144, pages 81--94, 2006.

Digital Library

[16]

C. Flanagan, K.R.M. Leino, M. Lillibridge, G. Nelson, J.B. Saxe, and R. Stata. Extended static checking for Java. In Programming Language Design and Implementation (PLDI'02), pages 234--245, 2002.

Digital Library

[17]

P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In Programming Language Design and Implementation (PLDI '05), pages 213--223. ACM, 2005.

Digital Library

[18]

S. Graf and H. Saïdi. Construction of abstract state graphs with PVS. In Computer-Aided Verification (CAV '97), LNCS 1254, pages 72--83, June 1997.

Digital Library

[19]

T.A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In Principles of Programming Languages (POPL '02), pages 58--70, 2002.

Digital Library

[20]

V. Kuncak and M.C. Rinard. Decision procedures for set-valued fields. Electr. Notes Theor. Comput. Sci., 131:51--62, 2005.

Digital Library

[21]

R.P. Kurshan. Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach. Princeton University Press, 1995.

Digital Library

[22]

S.K. Lahiri and S. Qadeer. Verifying properties of well-founded linked lists. In Principles of Programming Languages (POPL '06), pages 115--126, 2006.

Digital Library

[23]

S.K. Lahiri and S. Qadeer. Back to the Future: Revisiting Precise Program Verification using SMT Solvers. Technical Report MSR-TR-2007-88, Microsoft Research, 2007.

[24]

S.K. Lahiri and S. Qadeer. A decision procedure for well-founded reachability. Technical Report MSR-TR-2007-43, Microsoft Research, 2007.

[25]

T. Lev-Ami, N. Immerman, T.W. Reps, S. Sagiv, S. Srivastava, and G. Yorsh. Simulating reachability using first-order logic with applications to verification of linked data structures. In Conference on Automated Deduction (CADE '05), LNCS 3632, pages 99--115, 2005.

Digital Library

[26]

T. Lev-Ami and S. Sagiv. TVLA: A system for implementing static analyses. In Static Analysis Symposium (SAS '00), LNCS 1824, pages 280--301, 2000.

Digital Library

[27]

S. McPeak and G.C. Necula. Data structure specifications via local equality axioms. In Computer-Aided Verification (CAV '05), LNCS 3576, pages 476--490, 2005.

Digital Library

[28]

Anders Møller and Michael I. Schwartzbach. The pointer assertion logic engine. In Programming Language Design and Implementation (PLDI '01), pages 221--231, 2001.

Digital Library

[29]

Muh. Available at http://muh.sourceforge.net/.

[30]

G. Nelson and D.C. Oppen. Simplification by cooperating decision procedures. ACM Transactions on Programming Languages and Systems (TOPLAS), 2(1):245--257, 1979.

Digital Library

[31]

Greg Nelson. Verifying reachability invariants of linked structures. In Principles of Programming Languages (POPL '83), pages 38--47, 1983.

Digital Library

[32]

Z. Rakamarić, J. Bingham, and A.J. Hu. An inference-rule-based decision procedure for verification of heap-manipulating programs with mutable data and cyclic data structures. In Verification, Model Checking, and Abstract Interpretation (VMCAI '06), LNCS 4349, pages 106--121, 2007.

Digital Library

[33]

S. Ranise and C.G. Zarba. A theory of singly-linked lists and its extensible decision procedure. In Software Engineering and Formal Methods (SEFM '06), pages 206--215, 2006.

Digital Library

[34]

J.C. Reynolds. Separation logic: A logic for shared mutable data structures. In Logic in Computer Science (LICS '02), pages 55--74, 2002.

Digital Library

[35]

Satisfiability Modulo Theories Library (SMT-LIB). Available at http://goedel.cs.uiowa.edu/smtlib/.

[36]

G. Yorsh, A.M. Rabinovich, M. Sagiv, A. Meyer, and A. Bouajjani. A logic of reachable patterns in linked data--structures. In Foundations of Software Science and Computation Structures (FoSSaCS '06), LNCS 3921, pages 94--110, 2006.

Digital Library

Cited By

Murali ARivera CMadhusudan P(2024)Predictable Verification using Intrinsic DefinitionsProceedings of the ACM on Programming Languages10.1145/36564508:PLDI(1804-1829)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656450
Chen LWang CChen CHuang CChen XZhang M(2024)TapChecker: A Lightweight SMT-Based Conflict Analysis for Trigger-Action ProgrammingIEEE Internet of Things Journal10.1109/JIOT.2024.337455611:12(21411-21426)Online publication date: 15-Jun-2024
https://doi.org/10.1109/JIOT.2024.3374556
Cantone DDe Domenico AMaugeri P(2024)The Decision Problem for Undirected Graphs with Reachability and AcyclicityTwenty Years of Theoretical and Practical Synergies10.1007/978-3-031-64309-5_34(431-446)Online publication date: 2-Jul-2024
https://doi.org/10.1007/978-3-031-64309-5_34
Show More Cited By

Index Terms

Recommendations

Back to the future: revisiting precise program verification using SMT solvers
POPL '08: Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

This paper takes a fresh look at the problem of precise verification of heap-manipulating programs using first-order Satisfiability-Modulo-Theories (SMT) solvers. We augment the specification logic of such solvers by introducing the Logic of Interpreted ...
Efficient Verification of Sequential and Concurrent C Programs

There has been considerable progress in the domain of software verification over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques such as predicate abstraction. ...
Decidable logics combining heap structures and data
POPL '11

We define a new logic, STRAND, that allows reasoning with heap-manipulating programs using deductive verification and SMT solvers. STRAND logic ("STRucture ANd Data" logic) formulas express constraints involving heap structures and the data they contain;...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 43, Issue 1

POPL '08

January 2008

420 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/1328897

Issue’s Table of Contents

POPL '08: Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
January 2008
448 pages
ISBN:9781595936899
DOI:10.1145/1328438
General Chair:
George Necula
University of California, Berkeley
,
Program Chair:
Philip Wadler
University of Edinburgh

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 January 2008

Published in SIGPLAN Volume 43, Issue 1

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

141
Total Citations
View Citations
958
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)4

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Murali ARivera CMadhusudan P(2024)Predictable Verification using Intrinsic DefinitionsProceedings of the ACM on Programming Languages10.1145/36564508:PLDI(1804-1829)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656450
Chen LWang CChen CHuang CChen XZhang M(2024)TapChecker: A Lightweight SMT-Based Conflict Analysis for Trigger-Action ProgrammingIEEE Internet of Things Journal10.1109/JIOT.2024.337455611:12(21411-21426)Online publication date: 15-Jun-2024
https://doi.org/10.1109/JIOT.2024.3374556
Cantone DDe Domenico AMaugeri P(2024)The Decision Problem for Undirected Graphs with Reachability and AcyclicityTwenty Years of Theoretical and Practical Synergies10.1007/978-3-031-64309-5_34(431-446)Online publication date: 2-Jul-2024
https://doi.org/10.1007/978-3-031-64309-5_34
Bonacina MWinkler S(2020)SGGS Decision ProceduresAutomated Reasoning10.1007/978-3-030-51074-9_20(356-374)Online publication date: 1-Jul-2020
https://dl.acm.org/doi/10.1007/978-3-030-51074-9_20
Krishna SSummers AWies T(2020)Local Reasoning for Global Graph PropertiesProgramming Languages and Systems10.1007/978-3-030-44914-8_12(308-335)Online publication date: 27-Apr-2020
https://dl.acm.org/doi/10.1007/978-3-030-44914-8_12
Katelaan JJovanović DWeissenbacher G(2018)A Separation Logic with Data: Small Models and AutomationAutomated Reasoning10.1007/978-3-319-94205-6_30(455-471)Online publication date: 30-Jun-2018
https://doi.org/10.1007/978-3-319-94205-6_30
Papadakis MBernstein GSharma RAiken AHanrahan P(2017)Seam: provably safe local edits on graphsProceedings of the ACM on Programming Languages10.1145/31339021:OOPSLA(1-29)Online publication date: 12-Oct-2017
https://dl.acm.org/doi/10.1145/3133902
Bansal KReynolds AKing TBarrett CWies T(2015)Deciding Local Theory Extensions via E-matchingComputer Aided Verification10.1007/978-3-319-21668-3_6(87-105)Online publication date: 14-Jul-2015
https://doi.org/10.1007/978-3-319-21668-3_6
Bannay FLagasquie-Schiex MRaynaut WSaint-Dizier P(2014)Using a SMT Solver for Risk AnalysisProceedings of the 2014 IEEE 26th International Conference on Tools with Artificial Intelligence10.1109/ICTAI.2014.133(867-874)Online publication date: 10-Nov-2014
https://dl.acm.org/doi/10.1109/ICTAI.2014.133
Wang WBarrett CWies T(2014)Cascade 2.0Proceedings of the 15th International Conference on Verification, Model Checking, and Abstract Interpretation - Volume 831810.1007/978-3-642-54013-4_9(142-160)Online publication date: 19-Jan-2014
https://dl.acm.org/doi/10.1007/978-3-642-54013-4_9
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents