Results 1  10
of
41
Abstractions from Proofs
, 2004
"... The success of model checking for large programs depends crucially on the ability to efficiently construct parsimonious abstractions. A predicate abstraction is parsimonious if at each control location, it specifies only relationships between current values of variables, and only those which are req ..."
Abstract

Cited by 214 (28 self)
 Add to MetaCart
The success of model checking for large programs depends crucially on the ability to efficiently construct parsimonious abstractions. A predicate abstraction is parsimonious if at each control location, it specifies only relationships between current values of variables, and only those which are required for proving correctness. Previous methods for automatically refining predicate abstractions until sufficient precision is obtained do not systematically construct parsimonious abstractions: predicates usually contain symbolic variables, and are added heuristically and often uniformly to many or all control locations at once. We use Craig interpolation to efficiently construct, from a given abstract error trace which cannot be concretized, a parsominous abstraction that removes the trace. At each location of the trace, we infer the relevant predicates as an interpolant between the two formulas that define the past and the future segment of the trace. Each interpolant is a relationship between current values of program variables, and is relevant only at that particular program location. It can be found by a linear scan of the proof of infeasibility of the trace. We develop
SLAM and static driver verifier: Technology transfer of formal methods inside Microsoft
 In: IFM. (2004
, 2004
"... Abstract. The SLAM project originated in Microsoft Research in early 2000. Its goal was to automatically check that a C program correctly uses the interface to an external library. The project used and extended ideas from symbolic model checking, program analysis and theorem proving in novel ways to ..."
Abstract

Cited by 69 (5 self)
 Add to MetaCart
Abstract. The SLAM project originated in Microsoft Research in early 2000. Its goal was to automatically check that a C program correctly uses the interface to an external library. The project used and extended ideas from symbolic model checking, program analysis and theorem proving in novel ways to address this problem. The SLAM analysis engine forms the core of a new tool called Static Driver Verifier (SDV) that systematically analyzes the source code of Windows device drivers against a set of rules that define what it means for a device driver to properly interact with the Windows operating system kernel. We believe that the history of the SLAM project and SDV is an informative tale of the technology transfer of formal methods and software tools. We discuss the context in which the SLAM project took place, the first two years of research on the SLAM project, the creation of the SDV tool and its transfer to the Windows development organization. In doing so, we call out many of the basic ingredients we believe to be essential to technology transfer: the choice of a critical problem domain; standing on the shoulders of those who have come before; the establishment of relationships with “champions ” in product groups; leveraging diversity in research and development experience and careful planning and honest assessment of progress towards goals. 1
A practical and complete approach to predicate refinement
 In Tools and Algorithms for the Construction and Analysis of Systems, LNCS 3920
, 2006
"... Abstract. Predicate abstraction is a method of synthesizing the strongest inductive invariant of a system expressible as a Boolean combination of a given set of atomic predicates. A predicate selection method can be said to be complete for a given theory if it is guaranteed to eventually find atomic ..."
Abstract

Cited by 57 (6 self)
 Add to MetaCart
Abstract. Predicate abstraction is a method of synthesizing the strongest inductive invariant of a system expressible as a Boolean combination of a given set of atomic predicates. A predicate selection method can be said to be complete for a given theory if it is guaranteed to eventually find atomic predicates sufficient to prove a given property, when such exist. Current heuristics are incomplete, and often diverge on simple examples. We present a practical method of predicate selection that is complete in the above sense. The method is based on interpolation and uses a “split prover”, somewhat in the style of structurebased provers used in artificial intelligence. We show that it allows the verification of a variety of simple programs that cannot be verified by existing software model checkers. 1
Cogent: Accurate theorem proving for program verification
 Proceedings of CAV 2005, volume 3576 of Lecture Notes in Computer Science
, 2005
"... Abstract. Many symbolic software verification engines such as Slam and ESC/Java rely on automatic theorem provers. The existing theorem provers, such as Simplify, lack precise support for important programming language constructs such as pointers, structures and unions. This paper describes a theore ..."
Abstract

Cited by 36 (11 self)
 Add to MetaCart
Abstract. Many symbolic software verification engines such as Slam and ESC/Java rely on automatic theorem provers. The existing theorem provers, such as Simplify, lack precise support for important programming language constructs such as pointers, structures and unions. This paper describes a theorem prover, Cogent, that accurately supports all ANSIC expressions. The prover’s implementation is based on a machinelevel interpretation of expressions into propositional logic, and supports finite machinelevel variables, bit operations, structures, unions, references, pointers and pointer arithmetic. When used by Slam during the model checking of over 300 benchmarks, Cogent’s improved accuracy reduced the number of Slam timeouts by half, increased the number of true errors found, and decreased the number of false errors. 1
Predicate Abstraction with Minimum Predicates
 In Advanced Research Working Conference on Correct Hardware Design and Verification Methods (CHARME
, 2003
"... Predicate abstraction is a popular abstraction technique employed in formal software verification. A crucial requirement to make predicate abstraction effective is to use as few predicates as possible, since the abstraction process is in the worst case exponential (in both time and memory requiremen ..."
Abstract

Cited by 32 (9 self)
 Add to MetaCart
Predicate abstraction is a popular abstraction technique employed in formal software verification. A crucial requirement to make predicate abstraction effective is to use as few predicates as possible, since the abstraction process is in the worst case exponential (in both time and memory requirements) in the number of predicates involved. If a property can be proven to hold or not hold based on a given finite set of predicates P, the procedure we propose in this paper finds automatically a minimal subset of P that is sufficient for the proof. We explain how our technique can be used for more efficient verification of C programs. Our experiments show that predicate minimization can result in a significant reduction of both verification time and memory usage compared to earlier methods.
Refining Approximations in Software Predicate Abstraction
 In: TACAS 04: Tools and Algorithms for Construction and Analysis of Systems, SpringerVerlag
, 2004
"... Predicate abstraction is an automatic technique that can be used to find abstract models of large or infinitestate systems. In tools like Slam, where predicate abstraction is applied to software model checking, a number of heuristic approximations must be used to improve the performance of comp ..."
Abstract

Cited by 31 (9 self)
 Add to MetaCart
Predicate abstraction is an automatic technique that can be used to find abstract models of large or infinitestate systems. In tools like Slam, where predicate abstraction is applied to software model checking, a number of heuristic approximations must be used to improve the performance of computing an abstraction from a set of predicates.
Efficient Verification of Sequential and Concurrent C Programs
, 2003
"... There has been considerable progress in the domain of software veri cation over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques like predicate abstraction. However, the state space explosion problem in model c ..."
Abstract

Cited by 26 (11 self)
 Add to MetaCart
There has been considerable progress in the domain of software veri cation over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques like predicate abstraction. However, the state space explosion problem in model checking remains the chief obstacle to the practical veri cation of realworld distributed systems. Even in the case of purely sequential programs, a crucial requirement to make predicate abstraction eective is to use as few predicates as possible. This is because, in the worst case, the state space of the abstraction generated (and consequently the time and memory complexity of the abstraction process) is exponential in the number of predicates involved. In addition, for concurrent programs, the number of reachable states could grow exponentially with the number of components.
Polymorphic predicate abstraction
 ACM Transactions on Programming Languages and Systems
, 2000
"... Predicate abstraction is a technique for creating abstract models of software that are amenable to model checking algorithms. We show how polymorphism, a wellknown concept in programming languages and program analysis, can be incorporated in a predicate abstraction algorithm for C programs. The use ..."
Abstract

Cited by 25 (7 self)
 Add to MetaCart
Predicate abstraction is a technique for creating abstract models of software that are amenable to model checking algorithms. We show how polymorphism, a wellknown concept in programming languages and program analysis, can be incorporated in a predicate abstraction algorithm for C programs. The use of polymorphism in predicates, via the introduction of symbolic names for values, allows us to model the effect of a procedure independent of its calling contexts. Therefore, we can safely and precisely abstract a procedure once and then reuse this abstraction across multiple calls and multiple applications containing the procedure. Polymorphism also enables us to handle programs that need to be analyzed in an open environment, for all possible callers. We have proved that our algorithm is sound and have implemented it in the C2BP tool as part of the SLAM software model checking toolkit.
A Survey of Automated Techniques for Formal Software Verification
 TRANSACTIONS ON CAD
, 2008
"... The software in an electronic system is often the greatest concern with respect to quality and design flaws. Formal verification tools can provide a guarantee that a design is free of specific flaws. We survey algorithms that perform automatic, static analysis of software to detect programming erro ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
The software in an electronic system is often the greatest concern with respect to quality and design flaws. Formal verification tools can provide a guarantee that a design is free of specific flaws. We survey algorithms that perform automatic, static analysis of software to detect programming errors or prove their absence. The three techniques we consider are static analysis with abstract domains, model checking, and bounded model checking. We provide a short tutorial on the these techniques, highlighting their differences when applied to practical problems. We also survey the tools that are available implementing these techniques, and describe their merits and shortcomings.
Counterexample guided abstraction refinement via program execution
 Formal Methods and Software Engineering: 6th International Conference on Formal Engineering Methods
, 2004
"... ..."