Results 1  10
of
10
Invariant Inference for Static Checking: An Empirical Evaluation
 In Proceedings of the ACM SIGSOFT 10th International Symposium on the Foundations of Software Engineering (FSE 2002
, 2002
"... Static checking can verify the absence of errors in a program, but often requires written annotations or speci cations. As a result, static checking can be dicult to use eectively: it can be dicult to determine a speci cation and tedious to annotate programs. Automated tools that aid the annotatio ..."
Abstract

Cited by 58 (15 self)
 Add to MetaCart
Static checking can verify the absence of errors in a program, but often requires written annotations or speci cations. As a result, static checking can be dicult to use eectively: it can be dicult to determine a speci cation and tedious to annotate programs. Automated tools that aid the annotation process can decrease the cost of static checking and enable it to be more widely used.
Checking concise specifications for multithreaded software
 Journal of Object Technology
, 2004
"... Abstract. Ensuring the reliability of multithreaded software systems is difficult due to the potential for subtle interactions between threads. Unfortunately, checking tools for such systems do not scale to programs with a large number of threads and procedures. To improve this shortcoming, we prese ..."
Abstract

Cited by 39 (11 self)
 Add to MetaCart
Abstract. Ensuring the reliability of multithreaded software systems is difficult due to the potential for subtle interactions between threads. Unfortunately, checking tools for such systems do not scale to programs with a large number of threads and procedures. To improve this shortcoming, we present a verification technique that uses concise specifications to analyze large multithreaded programs modularly. We achieve threadmodular analysis by annotating each shared variable by an access predicate that summarizes the condition under which a thread may access that variable. We achieve proceduremodular analysis by annotating each procedure by its specification, which is related to its implementation by an abstraction relation that combines the notions of simulation and reduction. We have implemented our analysis in CalvinR, a static checker for multithreaded Java programs. To validate our methodology, we have used CalvinR to check a number of important properties for a file system. Our experience shows that requirements for complex multithreaded systems can be stated concisely and verified in our framework. Presented at the Workshop on Formal Techniques for Javalike Programs, 2003 1
The ICS Decision Procedures for Embedded Deduction
, 2004
"... Automated theorem proving... linear arithmetic, and lists. The ground (i.e., quantifierfree) fragment of many combinations is decidable when the fully quantified combination is not, and practical experience indicates that automation of the ground case is adequate for most applications. Practical ex ..."
Abstract

Cited by 32 (6 self)
 Add to MetaCart
Automated theorem proving... linear arithmetic, and lists. The ground (i.e., quantifierfree) fragment of many combinations is decidable when the fully quantified combination is not, and practical experience indicates that automation of the ground case is adequate for most applications. Practical experience also suggests several other desiderata for an effective deductive service. Some applications (e.g., construction of abstractions) invoke their deductive service a huge number of times in the course of a single calculation, so that performance of the service must be very good. Other applications such as proof search explore many variations on a formula (i.e., alternately asserting and denying various combinations of its premises), so the deductive service should not examine individual formulas in isolation, but should provide a rich application programming interface that supports incremental assertion, retraction, and querying of formulas. Other applications such as test case generation...
Predicate Abstraction with Minimum Predicates
 In Advanced Research Working Conference on Correct Hardware Design and Verification Methods (CHARME
, 2003
"... Predicate abstraction is a popular abstraction technique employed in formal software verification. A crucial requirement to make predicate abstraction effective is to use as few predicates as possible, since the abstraction process is in the worst case exponential (in both time and memory requiremen ..."
Abstract

Cited by 30 (8 self)
 Add to MetaCart
Predicate abstraction is a popular abstraction technique employed in formal software verification. A crucial requirement to make predicate abstraction effective is to use as few predicates as possible, since the abstraction process is in the worst case exponential (in both time and memory requirements) in the number of predicates involved. If a property can be proven to hold or not hold based on a given finite set of predicates P, the procedure we propose in this paper finds automatically a minimal subset of P that is sufficient for the proof. We explain how our technique can be used for more efficient verification of C programs. Our experiments show that predicate minimization can result in a significant reduction of both verification time and memory usage compared to earlier methods.
Efficient Verification of Sequential and Concurrent C Programs
, 2003
"... There has been considerable progress in the domain of software veri cation over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques like predicate abstraction. However, the state space explosion problem in model c ..."
Abstract

Cited by 27 (11 self)
 Add to MetaCart
There has been considerable progress in the domain of software veri cation over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques like predicate abstraction. However, the state space explosion problem in model checking remains the chief obstacle to the practical veri cation of realworld distributed systems. Even in the case of purely sequential programs, a crucial requirement to make predicate abstraction eective is to use as few predicates as possible. This is because, in the worst case, the state space of the abstraction generated (and consequently the time and memory complexity of the abstraction process) is exponential in the number of predicates involved. In addition, for concurrent programs, the number of reachable states could grow exponentially with the number of components.
Proof Generation in the Touchstone Theorem Prover
 In Proceedings of the International Conference on Automated Deduction
, 2000
"... . The ability of a theorem prover to generate explicit derivations for the theorems it proves has major benets for the testing and maintenance of the prover. It also eliminates the need to trust the correctness of the prover at the expense of trusting a much simpler proof checker. However, it is ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
. The ability of a theorem prover to generate explicit derivations for the theorems it proves has major benets for the testing and maintenance of the prover. It also eliminates the need to trust the correctness of the prover at the expense of trusting a much simpler proof checker. However, it is not always obvious how to generate explicit proofs in a theorem prover that uses decision procedures whose operation does not directly model the axiomatization of the underlying theories. In this paper we describe the modications that are necessary to support proof generation in a congruenceclosure decision procedure for equality and in a Simplexbased decision procedure for linear arithmetic. Both of these decision procedures have been integrated using a modied NelsonOppen cooperation mechanism in the Touchstone theorem prover, which we use to produce proofcarrying code. Our experience with designing and implementing Touchstone is that proof generation has a relatively low c...
Uniform Derivation of Decision Procedures by Superposition
, 2001
"... We show how a wellknown superpositionbased inference system for firstorder equational logic can be used almost directly as a decision procedure for various theories including lists, arrays, extensional arrays and combinations of them. We also give a superpositionbased decision procedure for hom ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
We show how a wellknown superpositionbased inference system for firstorder equational logic can be used almost directly as a decision procedure for various theories including lists, arrays, extensional arrays and combinations of them. We also give a superpositionbased decision procedure for homomorphism.
Existential heap abstraction entailment is undecidable
 In 10th Annual International Static Analysis Symposium (SAS 2003
, 2003
"... Abstract. In this paper we study constraints for specifying properties of data structures consisting of linked objects allocated in the heap. Motivated by heap summary graphs in role analysis and shape analysis we introduce the notion of regular graph constraints. A regular graph constraint is a gra ..."
Abstract

Cited by 14 (7 self)
 Add to MetaCart
Abstract. In this paper we study constraints for specifying properties of data structures consisting of linked objects allocated in the heap. Motivated by heap summary graphs in role analysis and shape analysis we introduce the notion of regular graph constraints. A regular graph constraint is a graph representing the heap summary; a heap satisfies a constraint if and only if the heap can be homomorphically mapped to the summary. Regular graph constraints form a very simple and natural fragment of the existential monadic secondorder logic over graphs. One of the key problems in a compositional static analysis is proving that procedure preconditions are satisfied at every call site. For role analysis, precondition checking requires determining the validity of implication, i.e., entailment of regular graph constraints. The central result of this paper is the undecidability of regular graph constraint entailment. The undecidability of the entailment problem is surprising because of the simplicity of regular graph constraints: in particular, the satisfiability of regular graph constraints is decidable. Our undecidability result implies that there is no complete algorithm for statically checking procedure preconditions or postconditions, simplifying static analysis results, or checking that given analysis results are correct. While incomplete conservative algorithms for regular graph constraint entailment checking are possible, we argue that heap specification languages should avoid secondorder existential quantification in favor of explicitly specifying a criterion for summarizing objects.
Efficient Algorithms for General Classes of Integer Range Constraints
"... In this paper, we study efficient algorithms for solving integer range constraints. In particular, we present a set of novel polynomial time algorithms for some general classes of integer range constraints. In addition, we show hardness and decidability results on satisfiability of various natural e ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In this paper, we study efficient algorithms for solving integer range constraints. In particular, we present a set of novel polynomial time algorithms for some general classes of integer range constraints. In addition, we show hardness and decidability results on satisfiability of various natural extensions of the basic constraint language. We believe these polynomial time algorithms are useful in practice for implementing scalable program analysis and verification tools.