Model checking has been widely successful in validating and debugging desig
ns in the hardware and protocol domains, However, state-space explosion lim
its the applicability of model checking tools, so model checkers typically
operate on abstractions of systems.
Recently, there has been significant interest in applying model checking to
software. For infinite-state systems like software, abstraction is even mo
re critical. Techniques for abstracting software are a prerequisite to maki
ng software model checking a reality.
We present the first algorithm to automatically construct a predicate abstr
action of programs written in an industrial programming language such as C,
and its implementation in a tool - C2BP. The C2BP tool is part of the SLAM
toolkit, which uses a combination of predicate abstraction, model checking
, symbolic reasoning, and iterative refinement to statically check temporal
safety properties of programs.
Predicate abstraction of software has many applications, including detectin
g program errors, synthesizing program invariants, and improving the precis
ion of program analyses through predicate sensitivity. We discuss our exper
ience applying the C2BP predicate abstraction tool to a variety of problems
, ranging from checking that list-manipulating code preserves heap invarian
ts to finding errors in Windows NT device drivers.