From Under-Approximations to Over-Approximations and Back

Current approaches to software model checking can be divided into over-approximation-driven (OD) and under-approximationdriven (UD). OD approaches maintain an abstraction of the transition relation of a program and use abstract reachability to build an inductive invariant (or find a counterexample). At the other extreme, UD approaches attempt to construct inductive invariants by generalizing from finite paths through the control-flow graph of the program. In this paper, we present Ufo, an algorithm that unifies OD and UD approaches in order to leverage both of their advantages. Ufo is parameterized by the degree to which overand under-approximations drive the analysis. At one extreme, Ufo is a novel interpolation-based (UD) algorithm that generates interpolants to label (refine) multiple program paths using a single SMT solver query. At the other extreme, Ufo uses an abstract domain to drive the analysis, while using interpolants to strengthen the abstraction. We have implemented Ufo in LLVM and applied it to programs from the Competition on Software Verification. Our experimental results demonstrate the utility of our algorithm and the benefits of combining UD and OD approaches.