Abstract
Automated software verification and path-sensitive program analysis require the ability to distinguish executable program paths from those that are infeasible. To achieve this, program paths are encoded symbolically as a conjunction of constraints and submitted to an SMT solver; satisfiable path constraints are then analyzed further.
In this paper, we study type-related constraints that arise in path-sensitive analysis of object-oriented programs with forms of multiple inheritance. The dynamic type of a value is critical in determining program branching related to dynamic dispatch, type casting, and explicit type tests. We develop a custom decision procedure for queries in a theory of type-based partial orders and show that the procedure is sound and complete, has low complexity, and is amenable to integration into an SMT framework. We present an empirical evaluation that demonstrates the speed and robustness of our procedure relative to Z3.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Păsăreanu, C.S., Visser, W.: A survey of new trends in symbolic execution for software testing and analysis. STTT 11, 339–353 (2009)
Deng, X., Lee, J., Robby: Bogor/Kiasan: A k-bounded symbolic execution for checking strong heap properties of open systems. In: Proceedings of ASE, pp. 157–166 (2006)
Anand, S., Godefroid, P., Tillmann, N.: Demand-driven compositional symbolic execution. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 367–381. Springer, Heidelberg (2008)
Godefroid, P., de Halleux, J., Nori, A.V., Rajamani, S.K., Schulte, W., Tillmann, N., Levin, M.Y.: Automating software testing using program analysis. IEEE Software 25, 30–37 (2008)
Barrett, C., Tinelli, C.: CVC3. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 298–302. Springer, Heidelberg (2007)
de Moura, L., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)
Bjørner, N., Tillmann, N., Voronkov, A.: Path feasibility analysis for string-manipulating programs. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 307–321. Springer, Heidelberg (2009)
Yu, F., Bultan, T., Ibarra, O.H.: Symbolic string verification: Combining string analysis and size analysis. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 322–336. Springer, Heidelberg (2009)
Hooimeijer, P., Weimer, W.: A decision procedure for subset constraints over regular languages. In: Proceedings of PLDI, pp. 188–198 (2009)
Nieuwenhuis, R., Oliveras, A., Tinelli, C.: Solving SAT and SAT modulo theories: From an abstract Davis–Putnam–Logemann–Loveland procedure to DPLL(T). J. ACM 53, 937–977 (2006)
Korovin, K.: iProver – an instantiation-based theorem prover for first-order logic (system description). In: Armando, A., Baumgartner, P., Dowek, G. (eds.) IJCAR 2008. LNCS (LNAI), vol. 5195, pp. 292–298. Springer, Heidelberg (2008)
Baumgartner, P., Tinelli, C.: The model evolution calculus as a first-order DPLL method. Artif. Intell. 172, 591–632 (2008)
de Moura, L., Bjørner, N.: Deciding effectively propositional logic using DPLL and substitution sets. In: Armando, A., Baumgartner, P., Dowek, G. (eds.) IJCAR 2008. LNCS (LNAI), vol. 5195, pp. 410–425. Springer, Heidelberg (2008)
Barrett, C., Stump, A., Tinelli, C.: The SMT-LIB Standard: Version 2.0. Technical Report BarST-RR-10, Department of Computer Science, The University of Iowa (2010), http://www.SMT-LIB.org
Java: Package java.lang, JavaTMplatform standard ed. 6, http://java.sun.com/javase/6/docs/api/java/lang/package-summary.html
Zibin, Y., Gil, J.Y.: Efficient subtyping tests with PQ-encoding. In: Proceedings of OOPSLA, pp. 96–107 (2001)
Zibin, Y., Gil, J.Y.: Fast algorithm for creating space efficient dispatching tables with application to multi-dispatching. In: Proceedings of OOPSLA, pp. 142–160 (2002)
Baehni, S., Barreto, J., Eugster, P., Guerraoui, R.: Efficient distributed subtyping tests. In: Proceedings of DEBS, pp. 214–225 (2007)
Alavi, H.S., Gilbert, S., Guerraoui, R.: Extensible encoding of type hierarchies. In: Proceedings of POPL, pp. 349–358 (2008)
Sherman, E., Garvin, B.J., Dwyer, M.B.: A slice-based decision procedure for type-based partial orders. Technical Report TR-UNL-CSE-2010-0004, University of Nebraska–Lincoln, Lincoln, NE 68588-0115 (2010)
Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: Exe: Automatically generating inputs of death. ACM Trans. Inf. Syst. Secur. 12 (2008)
Cadar, C., Dunbar, D., Engler, D.R.: Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of z, pp. 209–224 (2008)
SIR: Software-artifact infrastructure repository, http://sir.unl.edu
Weka: Machine learning software, http://sourceforge.net/projects/weka
Soot: a java optimization framework, http://www.sable.mcgill.ca/soot/
Bjørner, N.: Personal Communication (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sherman, E., Garvin, B.J., Dwyer, M.B. (2010). A Slice-Based Decision Procedure for Type-Based Partial Orders. In: Giesl, J., Hähnle, R. (eds) Automated Reasoning. IJCAR 2010. Lecture Notes in Computer Science(), vol 6173. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14203-1_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-14203-1_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14202-4
Online ISBN: 978-3-642-14203-1
eBook Packages: Computer ScienceComputer Science (R0)