Automatic predicate abstraction of C programs

Model checking has been widely successful in validating and debugging desig ns in the hardware and protocol domains, However, state-space explosion lim its the applicability of model checking tools, so model checkers typically operate on abstractions of systems. Recently, there has been significant interest in applying model checking to software. For infinite-state systems like software, abstraction is even mo re critical. Techniques for abstracting software are a prerequisite to maki ng software model checking a reality. We present the first algorithm to automatically construct a predicate abstr action of programs written in an industrial programming language such as C, and its implementation in a tool - C2BP. The C2BP tool is part of the SLAM toolkit, which uses a combination of predicate abstraction, model checking , symbolic reasoning, and iterative refinement to statically check temporal safety properties of programs. Predicate abstraction of software has many applications, including detectin g program errors, synthesizing program invariants, and improving the precis ion of program analyses through predicate sensitivity. We discuss our exper ience applying the C2BP predicate abstraction tool to a variety of problems , ranging from checking that list-manipulating code preserves heap invarian ts to finding errors in Windows NT device drivers.