Results 1  10
of
43
Indexed Predicate Discovery for Unbounded System Verification
 IN CAV’04
, 2004
"... Predicate abstraction has been proved effective for verifying several infinitestate systems. In predicate abstraction, an abstract system is automatically constructed given a set of predicates. Predicate abstraction coupled with automatic predicate discovery provides for a completely automatic v ..."
Abstract

Cited by 46 (6 self)
 Add to MetaCart
Predicate abstraction has been proved effective for verifying several infinitestate systems. In predicate abstraction, an abstract system is automatically constructed given a set of predicates. Predicate abstraction coupled with automatic predicate discovery provides for a completely automatic verification scheme. For systems with unbounded integer state variables (e.g. software), counterexample guided predicate discovery has been successful in identifying the necessary predicates. For
Constructing Quantified Invariants via Predicate Abstraction
 CONFERENCE ON VERIFICATION, MODEL CHECKING AND ABSTRACT INTERPRETATION (VMCAI ’04), LNCS 2937
, 2004
"... Predicate abstraction provides a powerful tool for verifying properties of infinitestate systems using a combination of a decision procedure for a subset of firstorder logic and symbolic methods originally developed for finitestate model checking. We consider models where the system state conta ..."
Abstract

Cited by 33 (7 self)
 Add to MetaCart
Predicate abstraction provides a powerful tool for verifying properties of infinitestate systems using a combination of a decision procedure for a subset of firstorder logic and symbolic methods originally developed for finitestate model checking. We consider models where the system state contains mutable function and predicate state variables. Such a model can describe systems containing arbitrarily large memories, buffers, and arrays of identical processes. We describe a form of predicate abstraction that constructs a formula over a set of universally quantified variables to describe invariant properties of the function state variables. We provide a formal justification of the soundness of our approach and describe how it has been used to verify several hardware and software designs, including a directorybased cache coherence protocol with unbounded FIFO channels.
Abstraction Refinement via Inductive Learning
 IN PROC. OF CAV’05, VOLUME 3576 OF LNCS
, 2005
"... This paper concerns how to automatically create abstractions for program analysis. We show that ..."
Abstract

Cited by 32 (8 self)
 Add to MetaCart
This paper concerns how to automatically create abstractions for program analysis. We show that
Refining Approximations in Software Predicate Abstraction
 In: TACAS 04: Tools and Algorithms for Construction and Analysis of Systems, SpringerVerlag
, 2004
"... Predicate abstraction is an automatic technique that can be used to find abstract models of large or infinitestate systems. In tools like Slam, where predicate abstraction is applied to software model checking, a number of heuristic approximations must be used to improve the performance of comp ..."
Abstract

Cited by 31 (9 self)
 Add to MetaCart
Predicate abstraction is an automatic technique that can be used to find abstract models of large or infinitestate systems. In tools like Slam, where predicate abstraction is applied to software model checking, a number of heuristic approximations must be used to improve the performance of computing an abstraction from a set of predicates.
A logic and decision procedure for predicate abstraction of heapmanipulating programs
 UBC Dept. Comp. Sci
, 2005
"... Abstract. An important and ubiquitous class of programs are heapmanipulating programs (HMP), which manipulate unbounded linked data structures by following pointers and updating links. Predicate abstraction hasprovedtobeaninvaluable technique in the field of software model checking; this technique ..."
Abstract

Cited by 21 (4 self)
 Add to MetaCart
Abstract. An important and ubiquitous class of programs are heapmanipulating programs (HMP), which manipulate unbounded linked data structures by following pointers and updating links. Predicate abstraction hasprovedtobeaninvaluable technique in the field of software model checking; this technique relies on an efficient decision procedure for the underlying logic. The expression and proof of many interesting HMP safety properties require transitive closure predicates; such predicates express that some node can be reached from another node by following a sequence of (zero or more) links in the data structure. Unfortunately, adding support for transitive closure often yields undecidability, so one must be careful in defining such a logic. Our primary contributions are the definition of a simple transitive closure logic for use in predicate abstraction of HMPs, and a decision procedure for this logic. Through several experimental examples, we demonstrate that our logic is expressive enough to prove interesting properties with predicate abstraction, and that our decision procedure provides us with both a time and space advantage over previous approaches. 1
Automatized Verification of Ad Hoc Routing Protocols
 In: Proc. 24th IFIP WG 6.1 International Conference on Formal Techniques for Networked and Distributed Systems
, 2004
"... Abstract. Numerous specialized ad hoc routing protocols are currently proposed for use, or being implemented. Few of them have been subjected to formal verification. This paper evaluates two model checking tools, SPIN and UPPAAL, using the verification of the Lightweight Underlay Network Ad hoc Rout ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
Abstract. Numerous specialized ad hoc routing protocols are currently proposed for use, or being implemented. Few of them have been subjected to formal verification. This paper evaluates two model checking tools, SPIN and UPPAAL, using the verification of the Lightweight Underlay Network Ad hoc Routing protocol (LUNAR) as a case study. Insights are reported in terms of identifying important modeling considerations and the types of ad hoc protocol properties that can realistically be verified.
Programming a symbolic model checker in a fully expansive theorem prover
 Proceedings of the 16th International Conference on Theorem Proving in Higher Order Logics, volume 2758 of Lecture Notes in Computer Science
, 2003
"... Abstract. Model checking and theorem proving are two complementary approaches to formal verification. In this paper we show how binary decision diagram (BDD) based symbolic model checking algorithms may be embedded in a theorem prover to take advantage of the comparatively secure environment without ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
Abstract. Model checking and theorem proving are two complementary approaches to formal verification. In this paper we show how binary decision diagram (BDD) based symbolic model checking algorithms may be embedded in a theorem prover to take advantage of the comparatively secure environment without incurring an unacceptable performance penalty. 1
Justifying equality
 In PDPAR’04
, 2004
"... We consider the problem of finding irredundant bases for inconsistent sets of equalities and disequalities. These are subsets of inconsistent sets which do not contain any literals which do not contribute to the unsatisfiability in an essential way, and can therefore be discarded. The approach we ar ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
We consider the problem of finding irredundant bases for inconsistent sets of equalities and disequalities. These are subsets of inconsistent sets which do not contain any literals which do not contribute to the unsatisfiability in an essential way, and can therefore be discarded. The approach we are pursuing here is to decorate derivations with proofs and to extract irredundant sets of assumptions from these proofs. This requires specialized operators on proofs, but the basic inference systems are otherwise left unchanged. In congruence closure, but our constructions can also be applied to other inference systems such as Gaussian elimination. 1
Deriving object typestates in the presence of interobject references
 in OOPSLA ’05: Proceedings of the 20th annual ACM SIGPLAN conference on Object oriented programming, systems, languages, and applications
, 2005
"... We are interested in static analysis of Java classes with the goal of discovering the preconditions under which a certain program point within a method may be reached, taking into account the effects of previous method calls on an object of that class. The information pertinent to this computation i ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
We are interested in static analysis of Java classes with the goal of discovering the preconditions under which a certain program point within a method may be reached, taking into account the effects of previous method calls on an object of that class. The information pertinent to this computation is represented as the object’s typestate, which is a finite set of relevant predicates that abstract the object’s actual state. The execution of a method depends on an object’s current typestate as well as other input parameters; the object may transition to a different typestate during the method’s execution. It is common for objects to contain references to other objects. In such cases, an object’s behavior may depend on, in addition to its own state, the state of objects it has a reference to. The main contribution of this paper is to discover relevant object typestates, as well as transitions between typestates, in the presence of interobject references. Our analysis first performs a combined predicate discovery and predicate abstraction to derive “boolean ” versions of Java classes given as input. It then uses abstract interpretation to compute the typestate transitions caused by method calls. A novel aspect of this work is that a set of Java classes is analyzed in isolation, without any client program being provided. To do this, the analysis simulates all possible client’s actions via a synthetic heap, all of whose interesting configurations are explored by our analysis. The information we compute can be put to use in several ways. It can be used in checking whether a given client code erroneously uses a set of Java classes in a way that can throw an exception. It can also be used in creating test drivers for Java classes in order to exercise all relevant code paths in the corresponding methods.