Specialization with Constrained Generalization for Software Model Checking [chapter]

Emanuele De Angelis, Fabio Fioravanti, Alberto Pettorossi, Maurizio Proietti
2013 Lecture Notes in Computer Science  
We present a method for verifying properties of imperative programs by using techniques based on constraint logic programming (CLP). We consider a simple imperative language, called SIMP, extended with a nondeterministic choice operator and we address the problem of checking whether or not a safety property ϕ (that specifies that an unsafe configuration cannot be reached) holds for a SIMP program P . The operational semantics of the language SIMP is specified via an interpreter I written as a
more » ... P program. The first phase of our verification method consists in specializing I with respect to P , thereby deriving a specialized interpreter IP . Then, we specialize IP with respect to the property ϕ and the input values of P , with the aim of deriving, if possible, a program whose least model is a finite set of constrained facts. To this purpose we introduce a novel generalization strategy which, during specialization, has the objecting of preserving the so called branching behaviour of the predicate definitions. We have fully automated our method and we have made its experimental evaluation on some examples taken from the literature. The evaluation shows that our method is competitive with respect to state-of-the-art software model checkers. Table 1 . Time (in seconds) taken for performing model checking. '∞' means 'no answer within 20 minutes', and '⊥' means 'termination with error'.
doi:10.1007/978-3-642-38197-3_5 fatcat:47cxzdfthzhvdmn3h5fpazvjge