Results 1  10
of
15
Deciding bitvector arithmetic with abstraction
 IN PROC. TACAS 2007
, 2007
"... We present a new decision procedure for finiteprecision bitvector arithmetic with arbitrary bitvector operations. Our procedure alternates between generating under and overapproximations of the original bitvector formula. An underapproximation is obtained by a translation to propositional log ..."
Abstract

Cited by 43 (16 self)
 Add to MetaCart
We present a new decision procedure for finiteprecision bitvector arithmetic with arbitrary bitvector operations. Our procedure alternates between generating under and overapproximations of the original bitvector formula. An underapproximation is obtained by a translation to propositional logic in which some bitvector variables are encoded with fewer Boolean variables than their width. If the underapproximation is unsatisfiable, we use the unsatisfiable core to derive an overapproximation based on the subset of predicates that participated in the proof of unsatisfiability. If this overapproximation is satisfiable, the satisfying assignment guides the refinement of the previous underapproximation by increasing, for some bitvector variables, the number of Boolean variables that encode them. We present experimental results that suggest that this abstractionbased approach can be considerably more efficient than directly invoking the SAT solver on the original formula as well as other competing decision procedures.
Semantic subtyping with an SMT solver
, 2010
"... We study a firstorder functional language with the novel combination of the ideas of refinement type (the subset of a type to satisfy a Boolean expression) and typetest (a Boolean expression testing whether a value belongs to a type). Our core calculus can express a rich variety of typing idioms; ..."
Abstract

Cited by 17 (1 self)
 Add to MetaCart
We study a firstorder functional language with the novel combination of the ideas of refinement type (the subset of a type to satisfy a Boolean expression) and typetest (a Boolean expression testing whether a value belongs to a type). Our core calculus can express a rich variety of typing idioms; for example, intersection, union, negation, singleton, nullable, variant, and algebraic types are all derivable. We formulate a semantics in which expressions denote terms, and types are interpreted as firstorder logic formulas. Subtyping is defined as valid implication between the semantics of types. The formulas are interpreted in a specific model that we axiomatize using standard firstorder theories. On this basis, we present a novel typechecking algorithm able to eliminate many dynamic tests and to detect many errors statically. The key idea is to rely on an SMT solver to compute subtyping efficiently. Moreover, interpreting types as formulas allows us to call the SMT solver at runtime to compute instances of types.
MultiProver Verification of FloatingPoint Programs ⋆
"... Abstract. In the context of deductive program verification, supporting floatingpoint computations is tricky. We propose an expressive language to formally specify behavioral properties of such programs. We give a firstorder axiomatization of floatingpoint operations which allows to reduce verifica ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
Abstract. In the context of deductive program verification, supporting floatingpoint computations is tricky. We propose an expressive language to formally specify behavioral properties of such programs. We give a firstorder axiomatization of floatingpoint operations which allows to reduce verification to checking the validity of logic formulas, in a suitable form for a large class of provers including SMT solvers and interactive proof assistants. Experiments using the FramaC platform for static analysis of C code are presented. 1
Extending Sledgehammer with SMT Solvers
"... Abstract. Sledgehammer is a component of Isabelle/HOL that employs firstorder automatic theorem provers (ATPs) to discharge goals arising in interactive proofs. It heuristically selects relevant facts and, if an ATP is successful, produces a snippet that replays the proof in Isabelle. We extended Sl ..."
Abstract

Cited by 15 (6 self)
 Add to MetaCart
Abstract. Sledgehammer is a component of Isabelle/HOL that employs firstorder automatic theorem provers (ATPs) to discharge goals arising in interactive proofs. It heuristically selects relevant facts and, if an ATP is successful, produces a snippet that replays the proof in Isabelle. We extended Sledgehammer to invoke satisfiability modulo theories (SMT) solvers as well, exploiting its relevance filter and parallel architecture. Isabelle users are now pleasantly surprised by SMT proofs for problems beyond the ATPs ’ reach. Remarkably, the best SMT solver performs better than the best ATP on most of our benchmarks. 1
Lifting Propositional Interpolants to the WordLevel
 In FMCAD
, 2007
"... Abstract — Craig interpolants are often used to approximate inductive invariants of transition systems. Arithmetic relationships between numeric variables require wordlevel interpolants, which are derived from wordlevel proofs of unsatisfiability. While wordlevel theorem provers have made signifi ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Abstract — Craig interpolants are often used to approximate inductive invariants of transition systems. Arithmetic relationships between numeric variables require wordlevel interpolants, which are derived from wordlevel proofs of unsatisfiability. While wordlevel theorem provers have made significant progress in the past few years, competitive solvers for many logics are based on flattening the wordlevel structure to the bitlevel. We propose an algorithm that lifts a resolution proof obtained from a bitflattened formula up to the wordlevel, which enables the computation of wordlevel interpolants. Experimental results for equality logic suggest that the overhead of lifting the propositional proof is very low compared to the solving time of a stateoftheart solver. I.
A Graphbased Strategy for the Selection of Hypotheses ⋆
"... Abstract. In previous works on verifying C programs by deductive approaches based on SMT provers, we proposed the heuristic of separation analysis to handle the most difficult problems. Nevertheless, this heuristic is not sufficient when applied on industrial C programs: it remains some Verification ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
Abstract. In previous works on verifying C programs by deductive approaches based on SMT provers, we proposed the heuristic of separation analysis to handle the most difficult problems. Nevertheless, this heuristic is not sufficient when applied on industrial C programs: it remains some Verification Conditions (VCs) that cannot be decided by any SMT prover, mainly due to their size. This work presents a strategy to select relevant hypotheses in each VC. The relevance of an hypothesis is the combination of two separated dependency analysis obtained by some graph traversals. The approach is applied on a benchmark issued from an industrial program verification. 1
Temporal refinement using smt and model checking with an application to physicallayer protocols
 In Proceedings of Formal Methods and Models for Codesign (MEMOCODE’2007
, 2007
"... This paper demonstrates how to use a satisfiability modulo theories (SMT) solver together with a bounded model checker to prove temporal refinement conditions. The method is demonstrated by refining a specification of the 8N1 protocol, a widelyused protocol for serial data transmission. A nondeterm ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
This paper demonstrates how to use a satisfiability modulo theories (SMT) solver together with a bounded model checker to prove temporal refinement conditions. The method is demonstrated by refining a specification of the 8N1 protocol, a widelyused protocol for serial data transmission. A nondeterministic finitestate 8N1 specification is refined to an infinitestate implementation in which interleavings are constrained by realtime linear inequalities. The refinement proof is via automated induction proofs over infinitestate transitions systems using SMT and model checking, as implemented in SRI International’s Symbolic Analysis Laboratory (SAL). 1
Formal Verification at Higher Levels of Abstraction
"... Abstract — Most formal verification tools on the market convert a highlevel register transfer level (RTL) design into a bitlevel model. Algorithms that operate at the bitlevel are unable to exploit the structure provided by the higher abstraction levels, and thus, are less scalable. This tutorial ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract — Most formal verification tools on the market convert a highlevel register transfer level (RTL) design into a bitlevel model. Algorithms that operate at the bitlevel are unable to exploit the structure provided by the higher abstraction levels, and thus, are less scalable. This tutorial surveys recent advances in formal verification using highlevel models. We present wordlevel verification with predicate abstraction and satisfiability modulo theories (SMT) solvers. We then describe techniques for termlevel modeling and ways to combine wordlevel and termlevel approaches for scalable verification. I.
On Solving Boolean Combinations of UTVPI Constraints
, 2006
"... We consider the satisfiability problem for Boolean combinations of unit two variable per inequality (UTVPI) constraints. A UTVPI constraint is linear constraint containing at most two variables with nonzero coefficients, where furthermore those coefficients must be either −1 or 1. We prove that if ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We consider the satisfiability problem for Boolean combinations of unit two variable per inequality (UTVPI) constraints. A UTVPI constraint is linear constraint containing at most two variables with nonzero coefficients, where furthermore those coefficients must be either −1 or 1. We prove that if a satisfying solution exists, then there is a solution with each variable taking values in [−n · (bmax + 1), n · (bmax + 1)], where n is the number of variables, and bmax is the maximum over the absolute values of constants appearing in the constraints. This solution bound improves over previously obtained bounds by an exponential factor. Our result can be used in a finite instantiationbased approach to deciding satisfiability of UTVPI formulas. An experimental evaluation demonstrates the efficiency of such an approach. One of our key results is to show that an integer point inside a UTVPI polyhedron, if one exists, can be obtained by rounding a vertex. As a corollary of this result, we also obtain a polynomialtime algorithm for approximating optima of UTVPI integer programs to within an additive factor.
Reducing the Number of Annotations in a Verificationoriented Imperative Language
"... Abstract. Automated software verification is a very active field of research which has made enormous progress both in theoretical and practical aspects. Recently, an important amount of research effort has been put into applying these techniques on top of mainstream programming languages. These lang ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. Automated software verification is a very active field of research which has made enormous progress both in theoretical and practical aspects. Recently, an important amount of research effort has been put into applying these techniques on top of mainstream programming languages. These languages typically provide powerful features such as reflection, aliasing and polymorphism which are handy for practitioners but, in contrast, make verification a real challenge. In this work we present Pest, a simple experimental, whilestyle, multiprocedural, imperative programming language which was conceived with verifiability as one of its main goals. This language forces developers to concurrently think about both the statements needed to implement an algorithm and the assertions required to prove its correctness. In order to aid programmers, we propose several techniques to reduce the number and complexity of annotations required to successfully verify their programs. In particular, we show that highlevel iteration constructs may alleviate the need for providing complex loop annotations.