Skip to main content
SpringerLink
Log in

Symbolic Execution with Abstract Subsumption Checking

  • Conference paper
Model Checking Software (SPIN 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3925))

Included in the following conference series:

Abstract

We address the problem of error detection for programs that take recursive data structures and arrays as input. Previously we proposed a combination of symbolic execution and model checking for the analysis of such programs: we put a bound on the size of the program inputs and/or the search depth of the model checker to limit the search state space. Here we look beyond bounded model checking and consider state matching techniques to limit the state space. We describe a method for examining whether a symbolic state that arises during symbolic execution is subsumed by another symbolic state. Since subsumption is in general not enough to ensure termination, as the number of symbolic states may be infinite, we also consider abstraction techniques for computing and storing abstract states during symbolic execution. Subsumption checking determines whether an abstract state is being revisited, in which case the model checker backtracks – this enables analysis of an under-approximation of the program behaviors. We illustrate the technique with abstractions for lists and arrays. The abstractions encode both the shape of the program heap and the constraints on numeric data. We have implemented the techniques in the Java PathFinder tool and we show their effectiveness on Java programs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Ball, T.: A theory of predicate-complete test coverage and generation. MSR-TR- 2004-28 (2004)

    Google Scholar 

  2. Ball, T., Kupferman, O., Yorsh, G.: Abstraction for falsification. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 67–81. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  3. Ball, T., Rajamani, S.K.: The SLAM toolkit. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, p. 260. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Chaki, S., Clarke, E., Groce, A., Jha, S., Veith, H.: Modular verification of software components in C. ACM Trans. Computer Systems 30(6), 388–402 (2004)

    Google Scholar 

  5. Dams, D., Namjoshi, K.S.: Shape analysis through predicate abstraction and model checking. In: Zuck, L.D., Attie, P.C., Cortesi, A., Mukhopadhyay, S. (eds.) VMCAI 2003. LNCS, vol. 2575, pp. 310–323. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  6. Flanagan, C., Qadeer, S.: Predicate abstraction for software verification. In: Proc. POPL (2002)

    Google Scholar 

  7. Ghiya, R., Hendren, L.J.: Is it a tree, a DAG, or a cyclic graph? a shape analysis for heap-directed pointers in c. In: Proc. of POPL, pp. 1–15 (1996)

    Google Scholar 

  8. Godefroid, P., Klarlund, N., Sen, K.: Dart: Directed automated random testing. In: Proc. PLDI (2005)

    Google Scholar 

  9. Gopan, D., DiMaio, F., Dor, N., Reps, T., Sagiv, M.: Numeric domains with summarized dimensions. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 512–529. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  10. Gopan, D., Reps, T., Sagiv, M.: Numeric analysis of arrays operations. In: Proc. 32nd POPL (2005)

    Google Scholar 

  11. Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Software verification with BLAST. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 235–239. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  12. Holzmann, G.J., Joshi, R.: Model-driven software verification. In: Graf, S., Mounier, L. (eds.) SPIN 2004. LNCS, vol. 2989, pp. 76–91. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  13. Java PathFinder, http://javapathfinder.sourceforge.net

  14. Khurshid, S., Pasareanu, C., Visser, W.: Generalized symbolic execution for model checking and testing. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Khurshid, S., Suen, Y.: Generalizing symbolic execution to library classes. In: Proc. 6th PASTE (2005)

    Google Scholar 

  16. King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  17. Kuncak, V., Rinard, M.: Existential heap abstraction entailment is undecidable. In: Proc. of SAS (2003)

    Google Scholar 

  18. Manevich, R., Yahav, E., Ramalingam, G., Sagiv, M.: Predicate abstraction and canonical abstraction for singly-linked lists. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 181–198. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  19. Pasareanu, C., Visser, W.: Verification of java programs using symbolic execution and invariant generation. In: Graf, S., Mounier, L. (eds.) SPIN 2004. LNCS, vol. 2989, pp. 164–181. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  20. Păsăreanu, C.S., Dwyer, M.B., Visser, W.: Finding feasible abstract counterexamples. STTT 5(1), 34–48 (2003)

    Article  Google Scholar 

  21. Păsăreanu, C.S., Pelánek, R., Visser, W.: Concrete model checking with abstract matching and refinement. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, Springer, Heidelberg (2005)

    Google Scholar 

  22. Pugh, W.: The Omega test: A fast and practical integer programming algorithm for dependence analysis. Commun. ACM 31(8) (August 1992)

    Google Scholar 

  23. Sagiv, S., Reps, T.W., Wilhelm, R.: Parametric shape analysis via 3-valued logic. TOPLAS (2002)

    Google Scholar 

  24. Sen, K., Marinov, D., Agha, G.: Cute: A concolic unit testing engine for c. In: Proc. 5th ACM Sigsoft ESEC/FSE (2005)

    Google Scholar 

  25. Visser, W., Havelund, K., Brat, G., Park, S.J., Lerda, F.: Model checking programs. Automated Software Engineering Journal 10(2) (April 2003)

    Google Scholar 

  26. Xie, T., Marinov, D., Schulte, W., Notkin, D.: Symstra: A framework for generating object-oriented unit tests using symbolic execution. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 365–381. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  27. Yavuz-Kahveci, T., Bultan, T.: Automated verification of concurrent linked lists with counters. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, p. 69. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computing, Georgia Institute of Technology, USA

    Saswat Anand

  2. NASA Ames Research Center, QSS and RIACS, Moffett Field, CA, 94035, USA

    Corina S. Păsăreanu & Willem Visser

Authors
  1. Saswat Anand
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Corina S. Păsăreanu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Willem Visser
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Software Systems, Tampere University of Technology, PO Box 553, FI-33101, Tampere, Finland

    Antti Valmari

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Anand, S., Păsăreanu, C.S., Visser, W. (2006). Symbolic Execution with Abstract Subsumption Checking. In: Valmari, A. (eds) Model Checking Software. SPIN 2006. Lecture Notes in Computer Science, vol 3925. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11691617_10

Download citation

  • DOI: https://doi.org/10.1007/11691617_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33102-5

  • Online ISBN: 978-3-540-33103-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation