Results 1  10
of
164
Model Checking for Programming Languages using VeriSoft
 IN PROCEEDINGS OF THE 24TH ACM SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES
, 1997
"... Verification by statespace exploration, also often referred to as "model checking", is an effective method for analyzing the correctness of concurrent reactive systems (e.g., communication protocols). Unfortunately, existing modelchecking techniques are restricted to the verification of ..."
Abstract

Cited by 376 (12 self)
 Add to MetaCart
Verification by statespace exploration, also often referred to as "model checking", is an effective method for analyzing the correctness of concurrent reactive systems (e.g., communication protocols). Unfortunately, existing modelchecking techniques are restricted to the verification of properties of models, i.e., abstractions, of concurrent systems. In this paper, we discuss how model checking can be extended to deal directly with "actual" descriptions of concurrent systems, e.g., implementations of communication protocols written in programming languages such as C or C++. We then introduce a new search technique that is suitable for exploring the state spaces of such systems. This algorithm has been implemented in VeriSoft, a tool for systematically exploring the state spaces of systems composed of several concurrent processes executing arbitrary C code. As an example of application, we describe how VeriSoft successfully discovered an error in a 2500line C program controlling rob...
Verifying Programs with Unreliable Channels (Extended Abstract)
 Information and Computation
, 1992
"... The research on algorithmic verification methods for concurrent and parallel systems has mostly focussed on finitestate systems, with applications in e.g. communication protocols and hardware systems. For infinitestate systems, e.g. systems that operate on data from unbounded domains, algorithmic ..."
Abstract

Cited by 176 (36 self)
 Add to MetaCart
The research on algorithmic verification methods for concurrent and parallel systems has mostly focussed on finitestate systems, with applications in e.g. communication protocols and hardware systems. For infinitestate systems, e.g. systems that operate on data from unbounded domains, algorithmic verification is more difficult, since most verification problems are in general undecidable. In this paper, we consider the verification of a particular class of infinitestate systems, namely systems consisting of finitestate processes that communicate via unbounded lossy FIFO channels. This class is able to model e.g. link protocols such as the Alternating Bit Protocol and HDLC. The unboundedness of the channels makes these systems infinitestate. For this class of systems, we show that several interesting verification problems are decidable by giving algorithms for verifying the following classes of properties.
All from one, one for all: on model checking using representatives
 LNCS
, 1993
"... Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based ..."
Abstract

Cited by 155 (6 self)
 Add to MetaCart
Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based on infinite traces such that for each equivalence class, either all or none of the sequences satisfy the checked formula. We present an algorithm for constructing a state graph that contains at least one representative sequence for each equivalence class. This allows applying existing model checking algorithms to the reduced state graph rather than on the larger full state graph of the program. It also allows model checking under fairness assumptions, and exploits these assumptions to obtain smaller state graphs. A formula rewriting technique is presented to allow coarser equivalence relation among sequences, such that less representatives are needed. 1
Evaluating Deadlock Detection Methods for Concurrent Software
 IEEE Transactions on Software Engineering
, 1996
"... Static analysis of concurrent programs has been hindered by the well known state explosion problem. Although many different techniques have been proposed to combat this state explosion, there is little empirical data comparing the performance of the methods. This information is essential for assessi ..."
Abstract

Cited by 122 (6 self)
 Add to MetaCart
Static analysis of concurrent programs has been hindered by the well known state explosion problem. Although many different techniques have been proposed to combat this state explosion, there is little empirical data comparing the performance of the methods. This information is essential for assessing the practical value of a technique and for choosing the best method for a particular problem. In this paper, we carry out an evaluation of three techniques for combating the state explosion problem in deadlock detection: reachability search with a partial order state space reduction, symbolic model checking, and inequality necessary conditions. We justify the method used for the comparison, and carefully analyze several sources of potential bias. The results of our evaluation provide valuable data on the kinds of programs to which each technique might best be applied. Furthermore, we believe that the methodological issues we discuss are of general significance in comparison of analysis te...
Model Checking of Safety Properties
, 1999
"... Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simp ..."
Abstract

Cited by 105 (16 self)
 Add to MetaCart
Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simpler than verification of general properties. In this paper we consider model checking of safety properties. A computation that violates a general linear property reaches a bad cycle, which witnesses the violation of the property. Accordingly, current methods and tools for model checking of linear properties are based on a search for bad cycles. A symbolic implementation of such a search involves the calculation of a nested fixedpoint expression over the system's state space, and is often impossible. Every computation that violates a safety property has a finite prefix along which the property is violated. We use this fact in order to base model checking of safety properties on a search for ...
Slicing Software for Model Construction
 Higherorder and Symbolic Computation
, 1999
"... Applying finitestate verification techniques (e.g., model checking) to software requires that program source code be translated to a finitestate transition system that safely models program behavior. Automatically checking such a transition system for a correctness property is typically very cos ..."
Abstract

Cited by 89 (17 self)
 Add to MetaCart
Applying finitestate verification techniques (e.g., model checking) to software requires that program source code be translated to a finitestate transition system that safely models program behavior. Automatically checking such a transition system for a correctness property is typically very costly, thus it is necessary to reduce the size of the transition system as much as possible. In fact, it is often the case that much of a program's source code is irrelevant for verifying a given correctness property. In this paper, we apply program slicing techniques to remove automatically such irrelevant code and thus reduce the size of the corresponding transition system models. We give a simple extension of the classical slicing definition, and prove its safety with respect to model checking of linear temporal logic (LTL) formulae. We discuss how this slicing strategy fits into a general methodology for deriving effective software models using abstractionbased program specializati...
Symbolic Verification with Periodic Sets
, 1994
"... Symbolic approaches attack the state explosion problem by introducing implicit representations that allow the simultaneous manipulation of large sets of states. The most commonly used representation in this context is the Binary Decision Diagram (BDD). This paper takes the point of view that other s ..."
Abstract

Cited by 73 (6 self)
 Add to MetaCart
Symbolic approaches attack the state explosion problem by introducing implicit representations that allow the simultaneous manipulation of large sets of states. The most commonly used representation in this context is the Binary Decision Diagram (BDD). This paper takes the point of view that other structures than BDD's can be useful for representing sets of values, and that combining implicit and explicit representations can be fruitful. It introduces a representation of complex periodic sets of integer values, shows how this representation can be manipulated, and describes its application to the statespace exploration of protocols. Preliminary experimental results indicate that the method can dramatically reduce the resources required for statespace exploration.
Coverage Preserving Reduction Strategies for Reachability Analysis
"... We study the effect of three new reduction strategies for conventional reachability analysis, as used in automated protocol validation algorithms. The first two strategies are implementations of partial order semantics rules that attempt to minimize the number of execution sequences that need to be ..."
Abstract

Cited by 59 (8 self)
 Add to MetaCart
We study the effect of three new reduction strategies for conventional reachability analysis, as used in automated protocol validation algorithms. The first two strategies are implementations of partial order semantics rules that attempt to minimize the number of execution sequences that need to be explored for a full state space exploration. The third strategy is the implementation of a state compression scheme that attempts to minimize the amount of memory that is used to built a state space. The three strategies are shown to have a potential for substantially improving the performance of a conventional search. The paper discusses the optimal choices for reducing either run time or memory requirements by four to six times. The strategies can readily be combined with each other and with alternative state space reduction techniques such as supertrace or state space caching methods.
Parallelism for Free: Efficient and Optimal Bitvector Analyses for Parallel Programs
, 1994
"... In this paper we show how to construct optimal bitvector analysis algorithms for parallel programs with shared memory that are as efficient as their purely sequential counterparts, and which can easily be implemented. Whereas the complexity result is rather obvious, our optimality result is a conseq ..."
Abstract

Cited by 48 (3 self)
 Add to MetaCart
In this paper we show how to construct optimal bitvector analysis algorithms for parallel programs with shared memory that are as efficient as their purely sequential counterparts, and which can easily be implemented. Whereas the complexity result is rather obvious, our optimality result is a consequence of a new Kam/Ullmanstyle Coincidence Theorem. Thus, the important merits of sequential bitvector analyses survive the introduction of parallel statements. Keywords Parallelism, interleaving semantics, synchronization, program optimization, data flow analysis, bitvector problems, definitionuse chains, partial redundancy elimination, partial dead code elimination. Contents 1 Motivation 1 2 Sequential Programs 2 2.1 Representation : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 2.2 Data Flow Analysis : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 2.2.1 The MOPSolution of a DFA : : : : : : : : : : : : : : : : : : : : : : 2 2.2.2 The MFPSolution o...
An AutomataTheoretic Approach to Presburger Arithmetic Constraints (Extended Abstract)
 In Proc. Static Analysis Symposium, LNCS 983
, 1995
"... This paper introduces a finiteautomata based representation of Presburger arithmetic definable sets of integer vectors. The representation consists of concurrent automata operating on the binary encodings of the elements of the represented sets. This representation has several advantages. First, be ..."
Abstract

Cited by 48 (4 self)
 Add to MetaCart
This paper introduces a finiteautomata based representation of Presburger arithmetic definable sets of integer vectors. The representation consists of concurrent automata operating on the binary encodings of the elements of the represented sets. This representation has several advantages. First, being automatabased it is operational in nature and hence leads directly to algorithms, for instance all usual operations on sets of integer vectors translate naturally to operations on automata. Second, the use of concurrent automata makes it compact. Third, it is insensitive to the representation size of integers. Our representation can be used whenever arithmetic constraints are needed. To il...