Abstract
We show how to underapproximate the procedure summaries of recursive programs over the integers using off-the-shelf analyzers for non-recursive programs. The novelty of our approach is that the non-recursive program we compute may capture unboundedly many behaviors of the original recursive program for which stack usage cannot be bounded. Moreover, we identify a class of recursive programs on which our method terminates and returns the precise summary relations without underapproximation. Doing so, we generalize a similar result for non-recursive programs to the recursive case. Finally, we present experimental results of an implementation of our method applied on a number of examples.
Similar content being viewed by others
Notes
We adopt the convention that the empty sum evaluates to \({\mathbf {0}}\).
Observe that there are no global variables in the definition of integer program. Those can be encoded as input and output variables to each procedure.
Our simplified syntax does not seek to capture the generality of integer programs. Instead, our goal is to give a convenient notation for the programs given in this paper and only those.
assume \(\phi \) is executable if and only if the current values of the variables satisfy the Presburger formula \(\phi \).
havoc assigns non deterministically chosen integers to \(x_1,x_2,\ldots ,x_n\).
Recall that each \(w_i\) is a non-empty word.
Given two languages \(L_1 \subseteq \varSigma _1^*\) and \(L_2 \subseteq \varSigma _2^*\) their asynchronous product, denoted \(L_1 \parallel L_2\), is the language L over the alphabet \(\varSigma =\varSigma _1\cup \varSigma _2\) such that \(w\in L\) iff the projections of w to \(\varSigma _1\) and \(\varSigma _2\) belong to \(L_1\) and \(L_2\), respectively. Observe that the \(L_1\parallel L_2\) depends on \(L_1\), \(L_2\) and also their underlying alphabet \(\varSigma _1\) and \(\varSigma _2\).
References
Lalire, G., Argoud, M., Jeannet, B.: Interproc. http://pop-art.inrialpes.fr/people/bjeannet/bjeannet-forge/interproc/index.html
Atig, M.F., Ganty, P.: Approximating petri net reachability along context-free traces. In: FSTTCS’11, Volume 13 of LIPIcs, pp. 152–163. Schloss Dagstuhl, Wadern (2011)
Alur, R., Madhusudan, P.: Adding nesting structure to words. JACM 56(3), 16 (2009)
Hojjat, H., Konečný, F., Garnier, F., Iosif, R., Kuncak, V., Rümmer, P.: A verification toolkit for numerical transition systems—tool paper. In: FM 2012: Formal Methods, Volume 7436 of LNCS, pp. 247–251. Springer, Berlin, Heidelberg (2012)
Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Program Flow Analysis: Theory and Applications, Chapter 7, pp. 189–233. Prentice-Hall, Inc., Upper Saddle River (1981)
Esparza, J., Kiefer, S., Luttenberger, M.: Newtonian program analysis. JACM 57(6), 33:1–33:47 (2010)
Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: POPL’95, pp. 49–61. ACM, New York (1995)
Albarghouthi, A., Gurfinkel, A., Chechik, M.: Whale: an interpolation-based algorithm for inter-procedural verification. In: VMCAI’12, Volume 7148 of LNCS, pp. 39–55. Springer, Berlin (2012)
Godefroid, P., Nori, A.V., Rajamani, S.K., Tetali, S.: Compositional may-must program analysis: unleashing the power of alternation. In: POPL’10, pp. 43–56. ACM, New York (2010)
Cook, A.P.B., Rybalchenko, A.: Summarization for termination: no return!. Formal Methods Syst. Design 35, 369–387 (2009)
Kroening, D., Lewis, M., Weissenbacher, G.: Under-approximating loops in C programs for fast counterexample detection. In: CAV’13: Proc. 23rd Int. Conf. on Computer Aided Verification, LNCS, pp. 381–396. Springer, Berlin (2013)
Latteux, M.: Mots infinis et langages commutatifs. Informatique Théorique et Appl. 12(3), 185–192 (1978)
Luker, M.: Control sets on grammars using depth-first derivations. Math. Syst. Theory 13, 349–359 (1980)
Ginsburg, S.: The Mathematical Theory of Context-Free Languages. McGraw-Hill Inc, New York (1966)
Bozga, M., Iosif, R., Konečný, F.: Fast acceleration of ultimately periodic relations. In: CAV’10, Volume 6174 of LNCS, pp. 227–242. Springer, Berlin (2010)
Boigelot, B.: Symbolic Methods for Exploring Infinite State Spaces. PhD thesis, University of Liège (1998)
Finkel, A., Leroux, J.: How to compose presburger-accelerations: applications to broadcast protocols. In: FSTTCS’02, Volume 2556 of LNCS, pp. 145–156. Springer, Berlin (2002)
Luker, M.: A family of languages having only finite-index grammars. Inform. Control 39(1), 14–18 (1978)
Godoy, G., Tiwari, A.: Invariant checking for programs with procedure calls. In: SAS’09, Volume 5673 of LNCS, pp. 326–342. Springer, Berlin (2009)
Bardin, S., Finkel, A., Leroux, J., Petrucci, L.: Fast: fast acceleration of symbolic transition systems. In: CAV’03, Volume 2725 of LNCS, pp. 118–121. Springer, Berlin (2003)
Bozga, M., Iosif, R., Lakhnech, Y.: Flat parametric counter automata. Fundamenta Informaticae 91(2), 275–303 (2009)
Ganty, P., Majumdar, R., Monmege, B.: Bounded underapproximations. Formal Methods Syst. Design 40(2), 206–231 (2012)
Termination Competition 2011. http://termcomp.uibk.ac.at/termcomp/home.seam
Cowles, J.: Knuth’s generalization of mccarthy’s 91 function. In: Computer-Aided Reasoning: ACL2 Case Studies, pp. 283–299. Kluwer Academic Publishers, Berlin (2000)
Acknowledgments
Pierre Ganty is supported by the EU FP7 2007–2013 program under Agreement 610686 POLCA, by the Madrid Regional Government under CM Project S2013/ICE-2731 (N-Greens) and RISCO: RIgorous analysis of Sophisticated COncurrent and distributed systems, funded by the Spanish Ministry of Economy and Competitiveness No. TIN2015-71819-P (2016–2018).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ganty, P., Iosif, R. & Konečný, F. Underapproximation of procedure summaries for integer programs. Int J Softw Tools Technol Transfer 19, 565–584 (2017). https://doi.org/10.1007/s10009-016-0420-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-016-0420-7