Results 1  10
of
73
Modeling and Verifying Systems using a Logic of Counter Arithmetic with Lambda Expressions and Uninterpreted Functions
, 2002
"... In this paper, we present the logic of Counter arithmetic with Lambda expressions and Uninterpreted functions (CLU). CLU generalizes the logic of equality with uninterpreted functions (EUF) with constrained lambda expressions, ordering, and successor and predecessor functions. In addition to mod ..."
Abstract

Cited by 142 (43 self)
 Add to MetaCart
In this paper, we present the logic of Counter arithmetic with Lambda expressions and Uninterpreted functions (CLU). CLU generalizes the logic of equality with uninterpreted functions (EUF) with constrained lambda expressions, ordering, and successor and predecessor functions. In addition to modeling pipelined processors that EUF has proved useful for, CLU can be used to model many infinitestate systems including those with infinite memories, finite and infinite queues including lossy channels, and networks of identical processes. Even with this richer expressive power, the validity of a CLU formula can be efficiently decided by translating it to a propositional formula, and then using Boolean methods to check validity. We give theoretical and empirical evidence for the efficiency of our decision procedure. We also describe verification techniques that we have used on a variety of systems, including an outoforder execution unit and the loadstore unit of an industrial microprocessor.
Automatic Verification of Parameterized Cache Coherence Protocols
, 2000
"... We propose a new method for the verification of parameterized cache coherence protocols. Cache coherence protocols are used to maintain data consistency in commercial multiprocessor systems equipped with local fast caches. In our approach we use arithmetic constraints to model possibly infinite sets ..."
Abstract

Cited by 72 (5 self)
 Add to MetaCart
We propose a new method for the verification of parameterized cache coherence protocols. Cache coherence protocols are used to maintain data consistency in commercial multiprocessor systems equipped with local fast caches. In our approach we use arithmetic constraints to model possibly infinite sets of global states of a multiprocessor system with many identical caches. In preliminary experiments using symbolic model checkers for infinitestate systems based on real arithmetics (HyTech [HHW97] and DMC [DP99]) we have automatically verified safety properties for parameterized versions of widely implemented writeinvalidate and writeupdate cache coherence policies like the Mesi, Berkeley, Illinois, Firey and Dragon protocols [Han93]. With this application, we show that symbolic model checking tools originally designed for hybrid and concurrent systems can be applied successfully to a new class of infinitestate systems of practical interest.
On Model Checking for NonDeterministic InfiniteState Systems
, 1998
"... We demonstrate that many known algorithms for model checking infinitestate systems can be derived uniformly from a reachability procedure that generates a "covering graph", a generalization of the KarpMiller graph for Petri Nets. Each node of the covering graph has an associated nonempty set of re ..."
Abstract

Cited by 56 (4 self)
 Add to MetaCart
We demonstrate that many known algorithms for model checking infinitestate systems can be derived uniformly from a reachability procedure that generates a "covering graph", a generalization of the KarpMiller graph for Petri Nets. Each node of the covering graph has an associated nonempty set of reachable states, which makes it possible to model check safety properties of the system on the covering graph. For systems with a wellquasiordered simulation relation, each infinite fair computation has a finite witness, which may be detected using the covering graph and combinatorial properties of the specific infinite state system. These results explain many known decidability results in a simple, uniform manner. This is a strong indication that the covering graph construction is appropriate for the analysis of infinite state systems. We also consider the new application domain of parameterized broadcast protocols, and indicate how to apply the construction in this domain. This application is illustrated on an invalidationbased cache coherency protocol, for which many safety properties can be proved fully automatically for an arbitrary number of processes. 1
Mona Fido: The LogicAutomaton Connection in Practice
, 1998
"... We discuss in this paper how connections, discovered almost forty years ago, between logics and automata can be used in practice. For such logics expressing regular sets, we have developed tools that allow efficient symbolic reasoning not attainable by theorem proving or symbolic model checking. ..."
Abstract

Cited by 53 (10 self)
 Add to MetaCart
We discuss in this paper how connections, discovered almost forty years ago, between logics and automata can be used in practice. For such logics expressing regular sets, we have developed tools that allow efficient symbolic reasoning not attainable by theorem proving or symbolic model checking. We explain how the logicautomaton connection is already exploited in a limited way for the case of Quantified Boolean Logic, where Binary Decision Diagrams act as automata. Next, we indicate how BDD data structures and algorithms can be extended to yield a practical decision procedure for a more general logic, namely WS1S, the Weak Secondorder theory of One Successor. Finally, we mention applications of the automatonlogic connection to software engineering and program verification. 1
Indexed Predicate Discovery for Unbounded System Verification
 IN CAV’04
, 2004
"... Predicate abstraction has been proved effective for verifying several infinitestate systems. In predicate abstraction, an abstract system is automatically constructed given a set of predicates. Predicate abstraction coupled with automatic predicate discovery provides for a completely automatic v ..."
Abstract

Cited by 46 (6 self)
 Add to MetaCart
Predicate abstraction has been proved effective for verifying several infinitestate systems. In predicate abstraction, an abstract system is automatically constructed given a set of predicates. Predicate abstraction coupled with automatic predicate discovery provides for a completely automatic verification scheme. For systems with unbounded integer state variables (e.g. software), counterexample guided predicate discovery has been successful in identifying the necessary predicates. For
Regular Model Checking Using Inference of Regular Languages
, 2004
"... Regular model checking is a method for verifying infinitestate systems based on coding their configurations as words over a finite alphabet, sets of configurations as finite automata, and transitions as finite transducers. We introduce a new general approach to regular model checking based on infer ..."
Abstract

Cited by 29 (2 self)
 Add to MetaCart
Regular model checking is a method for verifying infinitestate systems based on coding their configurations as words over a finite alphabet, sets of configurations as finite automata, and transitions as finite transducers. We introduce a new general approach to regular model checking based on inference of regular languages. The method builds upon the observation that for infinitestate systems whose behaviour can be modelled using lengthpreserving transducers, there is a finite computation for obtaining all reachable configurations up to a certain length n. These configurations are a (positive) sample of the reachable configurations of the given system, whereas all other words up to length n are a negative sample. Then, methods of inference of regular languages can be used to generalize the sample to the full reachability set (or an overapproximation of it). We have implemented our method in a prototype tool which shows that our approach is competitive on a number of concrete examples. Furthermore, in contrast to all other existing regular model checking methods, termination is guaranteed in general for all systems with regular sets of reachable configurations. The method can be applied in a similar way to dealing with reachability relations instead of reachability sets too.
Abstract Regular Tree Model Checking of Complex Dynamic Data Structures
 IN PROC. OF SAS’06, VOLUME 4134 OF LNCS
, 2006
"... We consider the verification of nonrecursive C programs manipulating dynamic linked data structures with possibly several next pointer selectors and with finite domain nonpointer data. We aim at checking basic memory consistency properties (no null pointer assignments, etc.) and shape invariants ..."
Abstract

Cited by 25 (6 self)
 Add to MetaCart
We consider the verification of nonrecursive C programs manipulating dynamic linked data structures with possibly several next pointer selectors and with finite domain nonpointer data. We aim at checking basic memory consistency properties (no null pointer assignments, etc.) and shape invariants whose violation can be expressed in an existential fragment of a first order logic over graphs. We formalise this fragment as a logic for specifying bad memory patterns whose formulae may be translated to testers written in C that can be attached to the program, thus reducing the verification problem considered to checking reachability of an error control line. We encode configurations of programs, which are essentially shape graphs, in an original way as extended tree automata and we represent program statements by tree transducers. Then, we use the abstract regular tree model checking framework for a fully automated verification. The method has been implemented and successfully applied on several case studies.
Composite Model Checking: Verification with TypeSpecific Symbolic Representations
 ACM Transactions on Software Engineering and Methodology
, 2000
"... In recent years, there has been a surge of progress in automated verification methods based on state exploration. In areas like hardware design, these technologies are rapidly augmenting key phases of testing and validation. To date, one of the most successful of these methods has been symbolic mode ..."
Abstract

Cited by 24 (7 self)
 Add to MetaCart
In recent years, there has been a surge of progress in automated verification methods based on state exploration. In areas like hardware design, these technologies are rapidly augmenting key phases of testing and validation. To date, one of the most successful of these methods has been symbolic model checking, in which large finitestate machines are encoded into compact data structures such as binary decision diagrams (BDDs)  and are then checked for safety and liveness properties. However, these techniques have not realized the same success on software systems. One limitation is their inability to deal with infinitestate programs  even those with a single unbounded integer. A second problem is that of finding efficient representations for various variable types. We recently proposed a model checker for integerbased systems that uses arithmetic constraints as the underlying state representation. While this approach easily verified some subtle, infinitestate concurrency problems...
Regular model checking without transducers
, 2006
"... Abstract. We give a simple and efficient method to prove safety properties for parameterized systems with linear topologies. A process in the system is a finitestate automaton, where the transitions are guarded by both local and global conditions. Processes may communicate via broadcast, rendezvou ..."
Abstract

Cited by 22 (12 self)
 Add to MetaCart
Abstract. We give a simple and efficient method to prove safety properties for parameterized systems with linear topologies. A process in the system is a finitestate automaton, where the transitions are guarded by both local and global conditions. Processes may communicate via broadcast, rendezvous and shared variables. The method derives an overapproximation of the induced transition system, which allows the use of a simple class of regular expressions as a symbolic representation. Compared to traditional regular model checking methods, the analysis does not require the manipulation of transducers, and hence its simplicity and efficiency. We have implemented a prototype which works well on several mutual exclusion algorithms and cache coherence protocols. 1
Iterating Transducers
, 2001
"... Regular languages have proved useful for the symbolic state exploration of infinite state systems. They can be used to represent infinite sets of system configurations; the transitional semantics of the system consequently can be modeled by finitestate transducers. A standard problem encountered ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
Regular languages have proved useful for the symbolic state exploration of infinite state systems. They can be used to represent infinite sets of system configurations; the transitional semantics of the system consequently can be modeled by finitestate transducers. A standard problem encountered when doing symbolic state exploration for infinite state systems is how to explore all states in a finite amount of time. When representing the onestep transition relation of a system by a finitestate transducer T , this problem boils down to finding an appropriate finitestate representation T for its transitive closure. In this