Results 1  10
of
44
Dynamically discovering likely program invariants to support program evolution
 IEEE Transactions on Software Engineering
, 2001
"... Explicitly stated program invariants can help programmers by identifying program properties that must be preserved when modifying code. In practice, however, these invariants are usually implicit. An alternative to expecting programmers to fully annotate code with invariants is to automatically i ..."
Abstract

Cited by 544 (66 self)
 Add to MetaCart
Explicitly stated program invariants can help programmers by identifying program properties that must be preserved when modifying code. In practice, however, these invariants are usually implicit. An alternative to expecting programmers to fully annotate code with invariants is to automatically infer invariants from the program itself. This research focuses on dynamic techniques for discovering invariants from execution traces. This paper reports two results. First, it describes techniques for dynamically discovering invariants, along with an instrumenter and an inference engine that embody these techniques. Second, it reports on the application of the engine to two sets of target programs. In programs from Gries’s work on program derivation, we rediscovered predefined invariants. In a C program lacking explicit invariants, we discovered invariants that assisted a software evolution task.
Computing abstractions of infinite state systems compositionally and automatically
 PROCEEDINGS OF CAV ’98
, 1998
"... We present a method for computing abstractions of infinite state systems compositionally and automatically. Given a concrete system S = S1 k \Delta \Delta \Delta k Sn of programs and given an abstraction function ff, using our method one can compute an abstract system S a = Sa 1 k \Delta \Delta \Del ..."
Abstract

Cited by 99 (6 self)
 Add to MetaCart
We present a method for computing abstractions of infinite state systems compositionally and automatically. Given a concrete system S = S1 k \Delta \Delta \Delta k Sn of programs and given an abstraction function ff, using our method one can compute an abstract system S a = Sa 1 k \Delta \Delta \Delta k S a n such that S simulates S a. A distinguishing feature of our method is that it does not produce a single abstract state graph but rather preserves the structure of the concrete system. This feature is a prerequisite to benefit from the techniques developed in the context of modelchecking for mitigating the state explosion. Moreover, our method has the advantage that the process of constructing the abstract system does not depend on whether the computation model is synchronous or asynchronous.
Symbolic model checking with rich assertional languages
 Theoretical Computer Science
, 1997
"... Abstract. The paper shows that, by an appropriate choice of a rich assertional language, it is possible to extend the utility of symbolic model checking beyond the realm of bddrepresented nitestate systems into the domain of in nitestate systems, leading to a powerful technique for uniform veri c ..."
Abstract

Cited by 91 (4 self)
 Add to MetaCart
Abstract. The paper shows that, by an appropriate choice of a rich assertional language, it is possible to extend the utility of symbolic model checking beyond the realm of bddrepresented nitestate systems into the domain of in nitestate systems, leading to a powerful technique for uniform veri cation of unbounded (parameterized) process networks. The main contributions of the paper are a formulation of a general framework for symbolic model checking of in nitestate systems, a demonstration that many individual examples of uniformly veri ed parameterized designs that appear in the literature are special cases of our general approach, verifying the correctness of the Futurebus+ design for all singlebus con gurations, extending the technique to tree architectures, and establishing that the presented method is a precise dual to the topdown invariant generation method used in deductive veri cation. 1
Powerful Techniques for the Automatic Generation of Invariants
 In CAV
, 1996
"... . When proving invariance properties of programs one is faced with two problems. The first problem is related to the necessity of proving tautologies of the considered assertion language, whereas the second manifests in the need of finding sufficiently strong invariants. This paper focuses on the se ..."
Abstract

Cited by 89 (9 self)
 Add to MetaCart
. When proving invariance properties of programs one is faced with two problems. The first problem is related to the necessity of proving tautologies of the considered assertion language, whereas the second manifests in the need of finding sufficiently strong invariants. This paper focuses on the second problem and describes techniques for the automatic generation of invariants. The first set of these techniques is applicable on sequential transition systems and allows to derive socalled local invariants, i.e. predicates which are invariant at some control location. The second is applicable on networks of transition systems and allows to combine local invariants of the sequential components to obtain local invariants of the global systems. Furthermore, a refined strengthening technique is presented that allows to avoid the problem of sizeincrease of the considered predicates which is the main drawback of the usual strengthening technique. The proposed techniques are illustrated by ex...
Visual Verification of Reactive Systems
, 1997
"... We describe diagrambased formal methods for verifying temporal properties of finite and infinitestate reactive systems. These methods, which share a common background and tools, differ in the way they use automatic procedures within an interactive setting based on deduction. They can be used to ..."
Abstract

Cited by 84 (6 self)
 Add to MetaCart
We describe diagrambased formal methods for verifying temporal properties of finite and infinitestate reactive systems. These methods, which share a common background and tools, differ in the way they use automatic procedures within an interactive setting based on deduction. They can be used to produce a static proof object, or to perform incremental analysis of systems and specifications.
Generating finitestate abstractions of reactive systems using decision procedures
 In: CAV 98: Conference on ComputerAided Verification. Volume 1427 of Lecture Notes in Computer Science., SpringerVerlag
, 1998
"... Abstract. We present an algorithm that uses decision procedures to generate finitestate abstractions of possibly infinitestate systems. The algorithm compositionally abstracts the transitions of the system, relative to a given, fixed set of assertions. Thus, the number of validity checks is propor ..."
Abstract

Cited by 67 (5 self)
 Add to MetaCart
Abstract. We present an algorithm that uses decision procedures to generate finitestate abstractions of possibly infinitestate systems. The algorithm compositionally abstracts the transitions of the system, relative to a given, fixed set of assertions. Thus, the number of validity checks is proportional to the size of the system description, rather than the size of the abstract statespace. The generated abstractions are weakly preserving for ∀CTL * temporal properties. We describe several applications of the algorithm, implemented using the decision procedures of the Stanford Temporal Prover (STeP). 1
Automatic Generation of Program Specifications
 In ISSTA 2002, Proceedings of the 2002 International Symposium on Software Testing and Analysis
, 2002
"... Producing specifications by dynamic (runtime) analysis of program executions is potentially unsound, because the analyzed executions may not fully characterize all possible executions of the program. In practice, how accurate are the results of a dynamic analysis? This paper describes the results of ..."
Abstract

Cited by 64 (15 self)
 Add to MetaCart
Producing specifications by dynamic (runtime) analysis of program executions is potentially unsound, because the analyzed executions may not fully characterize all possible executions of the program. In practice, how accurate are the results of a dynamic analysis? This paper describes the results of an investigation into this question, determining how much specifications generalized from program runs must be changed in order to be verified by a static checker.
Invariant Inference for Static Checking: An Empirical Evaluation
 In Proceedings of the ACM SIGSOFT 10th International Symposium on the Foundations of Software Engineering (FSE 2002
, 2002
"... Static checking can verify the absence of errors in a program, but often requires written annotations or speci cations. As a result, static checking can be dicult to use eectively: it can be dicult to determine a speci cation and tedious to annotate programs. Automated tools that aid the annotatio ..."
Abstract

Cited by 58 (15 self)
 Add to MetaCart
Static checking can verify the absence of errors in a program, but often requires written annotations or speci cations. As a result, static checking can be dicult to use eectively: it can be dicult to determine a speci cation and tedious to annotate programs. Automated tools that aid the annotation process can decrease the cost of static checking and enable it to be more widely used.
An Update on STeP: DeductiveAlgorithmic Verification of Reactive Systems
 IN 8TH CAV
, 1998
"... The Stanford Temporal Prover, STeP, is a tool for the computeraided formal verification of reactive systems, including realtime and hybrid systems, based on their temporal specification. STeP integrates methods for deductive and algorithmic verification, including model checking, theorem provin ..."
Abstract

Cited by 51 (10 self)
 Add to MetaCart
The Stanford Temporal Prover, STeP, is a tool for the computeraided formal verification of reactive systems, including realtime and hybrid systems, based on their temporal specification. STeP integrates methods for deductive and algorithmic verification, including model checking, theorem proving, automatic invariant generation, abstraction and modular reasoning. We describe the most recent version of STeP, Version 2.0.