CPBVP: A Constraint-Programming Framework for Bounded Program Verification

arXiv:0807.2383v1 [cs.SE] 15 Jul 2008 CPBPV: A Constraint-Programming Framework For Bounded Program Verification H´el`ene Collavizza1, Michel Rueher1, Pascal Van Hentenryck2 1 Universit´e de Nice–Sophia Antipolis, France ({helen,rueher}@polytech.unice.fr) 2 Brown University, Box 1910, Providence, RI 02912 (pvh@cs.brown.edu) Abstract. This paper studies how to verify the conformity of a pro- gram with its specification and proposes a novel constraint-programming framework for bounded program verification (CPBPV). The CPBPV framework uses constraint stores to represent the specification and the program and explores execution paths nondeterministically. The input program is partially correct if each constraint store so produced implies the post-condition. CPBPV does not explore spurious execution paths as it incrementally prunes execution paths early by detecting that the constraint store is not consistent. CPBPV uses the rich language of con- straint programming to express the constraint store. Finally, CPBPV is parametrized with a list of solvers which are tried in sequence, start- ing with the least expensive and less general. Experimental results often produce orders of magnitude improvements over earlier approaches, run- ning times being often independent of the variable domains. Moreover, CPBPV was able to detect subtle errors in some programs while other frameworks based on model checking have failed. 1 Introduction This paper is concerned with software correctness, a critical issue in software en- gineering. It proposes a novel constraint-programming framework for bounded program verification (CPBPV), i.e., when the program inputs (e.g., the array lengths and the variable values) are bounded. The goal is to verify the conformity of a program with its specification, that is to demonstrate that the specification is a consequence of the program. The key idea of CPBPV is to use constraint stores to represent the specification and the program, and to non-deterministically explore execution paths over these constraint stores. This non-deterministic constraint-based symbolic execution incrementally refines the constraint store, which initially consists of the precondition. Non-determinism occurs when exe- cuting conditional or iterative instructions and the non-deterministic execution refines the constraint store by adding constraints coming from conditions and from assignments. The input program is partially correct if each constraint store produced by the symbolic execution implies the post-condition. It is important to emphasize that CPBPV considers programs with complete specifications and that verifying the conformity between a program and its specification requires to check (explicitly or implicitly) all executables paths. This is not the case in 2 H´el`ene Collavizza, Michel Rueher, Pascal Van Hentenryck model-checking tools designed to detect violations of some specific property, e.g., safety or liveness properties. The CPBPV framework has a number of fundamental benefits. First, con- trary to earlier work using constraint programming or SMT [2,11,12], CPBPV does not use predicate abstraction or explore spurious execution paths, i.e., paths that do not correspond to actual executions over inputs satisfying the pre-condition. CPBPV incrementally prunes execution paths early by detecting that the constraint store is not consistent. Second, CPBPV uses the rich language of constraint programming to express the constraint store, including arbitrary logical and threshold combination of constraints, the element constraint, and global/combinatorial constraints that express complex relationships on a set of variables. Finally, CPBPV is parametrized with a list of solvers which are tried in sequence, starting with the least expensive and less general. The CPBPV framework was evaluated experimentally on a series of bench- marks from program verification. Experimental results of our (slow) prototype often produce orders of magnitude improvements over earlier approaches, and indicate that the running times are often independent of the variable domains. Moreover, CPBPV was able to found subtle errors in some programs that some other verification frameworks based on model-checking could not detect. The rest of the paper is organized as follows. Section 2 illustrates how CPBPV handles constraints store on a motivating example. Section 3 formalizes the CPBPV framework for a small programming language and Section 4 discusses the implementation issues. Section 5 presents experimental results on a number of verification problems, comparing our approach with state of the art model- checking based verification frameworks. Section 6 discusses related work in test generation, bounded program verification and software model checking. Section 7 summarizes the contributions and presents future research directions. 2 The Constraint-Programming Framework at Work This section illustrates the CPBPV verifier on a motivating example, the binary search

…(Full text truncated)…

This content is AI-processed based on ArXiv data.