Results 1  10
of
44
Z3: An efficient SMT solver
 In Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS
, 2008
"... ..."
Full functional verification of linked data structures
 In ACM Conf. Programming Language Design and Implementation (PLDI
, 2008
"... We present the first verification of full functional correctness for a range of linked data structure implementations, including mutable lists, trees, graphs, and hash tables. Specifically, we present the use of the Jahob verification system to verify formal specifications, written in classical high ..."
Abstract

Cited by 84 (17 self)
 Add to MetaCart
We present the first verification of full functional correctness for a range of linked data structure implementations, including mutable lists, trees, graphs, and hash tables. Specifically, we present the use of the Jahob verification system to verify formal specifications, written in classical higherorder logic, that completely capture the desired behavior of the Java data structure implementations (with the exception of properties involving execution time and/or memory consumption). Given that the desired correctness properties include intractable constructs such as quantifiers, transitive closure, and lambda abstraction, it is a challenge to successfully prove the generated verification conditions. Our Jahob verification system uses integrated reasoning to split each verification condition into a conjunction of simpler subformulas, then apply a diverse collection of specialized decision procedures,
Program analysis as constraint solving
 In PLDI
, 2008
"... A constraintbased approach to invariant generation in programs translates a program into constraints that are solved using offtheshelf constraint solvers to yield desired program invariants. In this paper we show how the constraintbased approach can be used to model a wide spectrum of program ana ..."
Abstract

Cited by 38 (12 self)
 Add to MetaCart
A constraintbased approach to invariant generation in programs translates a program into constraints that are solved using offtheshelf constraint solvers to yield desired program invariants. In this paper we show how the constraintbased approach can be used to model a wide spectrum of program analyses in an expressive domain containing disjunctions and conjunctions of linear inequalities. In particular, we show how to model the problem of contextsensitive interprocedural program verification. We also present the first constraintbased approach to weakest precondition and strongest postcondition inference. The constraints we generate are boolean combinations of quadratic inequalities over integer variables. We reduce these constraints to SAT formulae using bitvector modeling and use offtheshelf SAT solvers to solve them. Furthermore, we present interesting applications of the above analyses, namely bounds analysis and generation of mostgeneral counterexamples for both safety and termination properties. We also present encouraging preliminary experimental results demonstrating the feasibility of our technique on a variety of challenging examples.
Solving quantified verification conditions using satisfiability modulo theories
 In CADE
, 2007
"... Abstract. First order logic provides a convenient formalism for describing a wide variety of verification conditions. Two main approaches to checking such conditions are pure first order automated theorem proving (ATP) and automated theorem proving based on satisfiability modulo theories (SMT). Trad ..."
Abstract

Cited by 35 (2 self)
 Add to MetaCart
Abstract. First order logic provides a convenient formalism for describing a wide variety of verification conditions. Two main approaches to checking such conditions are pure first order automated theorem proving (ATP) and automated theorem proving based on satisfiability modulo theories (SMT). Traditional ATP systems are designed to handle quantifiers easily, but often have difficulty reasoning with respect to theories. SMT systems, on the other hand, have builtin support for many useful theories, but have a much more difficult time with quantifiers. One clue on how to get the best of both worlds can be found in the legacy system Simplify which combines builtin theory reasoning with quantifier instantiation heuristics. Inspired by Simplify and motivated by a desire to provide a competitive alternative to ATP systems, this paper describes a methodology for reasoning about quantifiers in SMT systems. We present the methodology in the context of the Abstract DPLL Modulo Theories framework. Besides adapting many of Simplify’s techniques, we also introduce a number of new heuristics. Most important is the notion of instantiation level which provides an effective mechanism for prioritizing and managing the large search space inherent in quantifier instantiation techniques. These techniques have been implemented in the SMT system CVC3. Experimental results show that our methodology enables CVC3 to solve a significant number of benchmarks that were not solvable with any previous approach. 1
Complete instantiation for quantified formulas in Satisfiabiliby Modulo Theories
"... Abstract. Quantifier reasoning in Satisfiability Modulo Theories (SMT) is a longstanding challenge. The practical method employed in modern SMT solvers is to instantiate quantified formulas based on heuristics, which is not refutationally complete even for pure firstorder logic. We present several ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
Abstract. Quantifier reasoning in Satisfiability Modulo Theories (SMT) is a longstanding challenge. The practical method employed in modern SMT solvers is to instantiate quantified formulas based on heuristics, which is not refutationally complete even for pure firstorder logic. We present several decidable fragments of first order logic modulo theories. We show how to construct models for satisfiable formulas in these fragments. For richer undecidable fragments, we discuss conditions under which our procedure is refutationally complete. We also describe useful heuristics based on model checking for prioritizing or avoiding instantiations. 1
Semantic subtyping with an SMT solver
, 2010
"... We study a firstorder functional language with the novel combination of the ideas of refinement type (the subset of a type to satisfy a Boolean expression) and typetest (a Boolean expression testing whether a value belongs to a type). Our core calculus can express a rich variety of typing idioms; ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
We study a firstorder functional language with the novel combination of the ideas of refinement type (the subset of a type to satisfy a Boolean expression) and typetest (a Boolean expression testing whether a value belongs to a type). Our core calculus can express a rich variety of typing idioms; for example, intersection, union, negation, singleton, nullable, variant, and algebraic types are all derivable. We formulate a semantics in which expressions denote terms, and types are interpreted as firstorder logic formulas. Subtyping is defined as valid implication between the semantics of types. The formulas are interpreted in a specific model that we axiomatize using standard firstorder theories. On this basis, we present a novel typechecking algorithm able to eliminate many dynamic tests and to detect many errors statically. The key idea is to rely on an SMT solver to compute subtyping efficiently. Moreover, interpreting types as formulas allows us to call the SMT solver at runtime to compute instances of types.
An integrated proof language for imperative programs
 In PLDI’09
"... We present an integrated proof language for guiding the actions of multiple reasoning systems as they work together to prove complex correctness properties of imperative programs. The language operates in the context of a program verification system that uses multiple reasoning systems to discharge ..."
Abstract

Cited by 20 (3 self)
 Add to MetaCart
We present an integrated proof language for guiding the actions of multiple reasoning systems as they work together to prove complex correctness properties of imperative programs. The language operates in the context of a program verification system that uses multiple reasoning systems to discharge generated proof obligations. It is designed to 1) enable developers to resolve key choice points in complex program correctness proofs, thereby enabling automated reasoning systems to successfully prove the desired correctness properties; 2) allow developers to identify key lemmas for the reasoning systems to prove, thereby guiding the reasoning systems to find an effective proof decomposition; 3) enable multiple reasoning systems to work together productively to prove a single correctness property by providing a mechanism that developers can use to divide the property into lemmas, each of which is suitable for
Boogie meets regions: A verification experience report
 Verified Software: Theories, Tools, Experiments, VSTTE 2008, volume 5295 of Lecture Notes in Computer Science
, 2008
"... We use region logic specifications to verify several programs exhbiting the classic hard problem for objectoriented systems: the framing of heap updates. We use BoogiePL and its associated SMT solver, Z3, to prove both implementations and client code. 1 ..."
Abstract

Cited by 18 (4 self)
 Add to MetaCart
We use region logic specifications to verify several programs exhbiting the classic hard problem for objectoriented systems: the framing of heap updates. We use BoogiePL and its associated SMT solver, Z3, to prove both implementations and client code. 1
Efficiently Solving Quantified BitVector Formulas
"... Abstract—In recent years, bitprecise reasoning has gained importance in hardware and software verification. Of renewed interest is the use of symbolic reasoning for synthesising loop invariants, ranking functions, or whole program fragments and hardware circuits. Solvers for the quantifierfree fra ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
Abstract—In recent years, bitprecise reasoning has gained importance in hardware and software verification. Of renewed interest is the use of symbolic reasoning for synthesising loop invariants, ranking functions, or whole program fragments and hardware circuits. Solvers for the quantifierfree fragment of bitvector logic exist and often rely on SAT solvers for efficiency. However, many techniques require quantifiers in bitvector formulas to avoid an exponential blowup during construction. Solvers for quantified formulas usually flatten the input to obtain a quantified Boolean formula, losing much of the wordlevel information in the formula. We present a new approach based on a set of effective wordlevel simplifications that are traditionally employed in automated theorem proving, heuristic quantifier instantiation methods used in SMT solvers, and model finding techniques based on skeletons/templates. Experimental results on two different types of benchmarks indicate that our method outperforms the traditional flattening approach by multiple orders of magnitude of runtime. I.
An SMT approach to bounded reachability analysis of model programs
 In FORTE
, 2008
"... Abstract. Model programs represent transition systems that are used to specify expected behavior of systems at a high level of abstraction. The main application area is applicationlevel network protocols or protocoldata types such as sets and maps, and comprehensions to express complex state upda ..."
Abstract

Cited by 14 (10 self)
 Add to MetaCart
Abstract. Model programs represent transition systems that are used to specify expected behavior of systems at a high level of abstraction. The main application area is applicationlevel network protocols or protocoldata types such as sets and maps, and comprehensions to express complex state updates. Such models are mainly used in modelbased testing as inputs for test case generation and as oracles during conformance testing. Correctness assumptions about the model itself are usually expressed through state invariants. An important problem is to validate the model prior to its use in the abovementioned contexts. We introduce a technique of using Satisfiability Modulo Theories or SMT to perform bounded reachability analysis of a fragment of model programs. We use the Z3 solver for our implementation and benchmarks, and we use AsmL as the modeling language. The translation from a model program into a verification condition of Z3 is incremental and involves selective quantifier instantiation of quantifiers that result from the comprehension expressions. 1