Results 1 
8 of
8
Powerful Techniques for the Automatic Generation of Invariants
 In CAV
, 1996
"... . When proving invariance properties of programs one is faced with two problems. The first problem is related to the necessity of proving tautologies of the considered assertion language, whereas the second manifests in the need of finding sufficiently strong invariants. This paper focuses on the se ..."
Abstract

Cited by 89 (9 self)
 Add to MetaCart
. When proving invariance properties of programs one is faced with two problems. The first problem is related to the necessity of proving tautologies of the considered assertion language, whereas the second manifests in the need of finding sufficiently strong invariants. This paper focuses on the second problem and describes techniques for the automatic generation of invariants. The first set of these techniques is applicable on sequential transition systems and allows to derive socalled local invariants, i.e. predicates which are invariant at some control location. The second is applicable on networks of transition systems and allows to combine local invariants of the sequential components to obtain local invariants of the global systems. Furthermore, a refined strengthening technique is presented that allows to avoid the problem of sizeincrease of the considered predicates which is the main drawback of the usual strengthening technique. The proposed techniques are illustrated by ex...
Safety checking of machine code
, 2000
"... We show how to determine statically whether it is safe for untrusted machine code to be loaded into a trusted host system. Our safetychecking technique operates directly on the untrusted machinecode program, requiring only that the initial inputs to the untrusted program be annotated with typestat ..."
Abstract

Cited by 54 (3 self)
 Add to MetaCart
We show how to determine statically whether it is safe for untrusted machine code to be loaded into a trusted host system. Our safetychecking technique operates directly on the untrusted machinecode program, requiring only that the initial inputs to the untrusted program be annotated with typestate information and linear constraints. This approach opens up the possibility of being able to certify code produced by any compiler from any source language, which gives the code producers more freedom in choosing the language in which they write their programs. It eliminates the dependence of safety on the correctness of the compiler because the final product of the compiler is checked. It leads to the decoupling of the safety policy from the language in which the untrusted code is written, and consequently, makes it possible for safety checking to be performed with respect to an extensible set of safety properties that are specified on the host side. We have implemented a prototype safety checker for SPARC machinelanguage programs, and applied the safety checker to several examples. The safety checker was able to either prove that an example met the necessary safety conditions, or identify the places where the safety conditions were violated. The checking times ranged from less than a second to 14 seconds on an UltraSPARC machine.
Proving Theorems about LISP Functions
, 1975
"... Program verification is the idea that properties of programs can be precisely stated and proved in the mathematical sense. In this paper, some simple heuristics combining evaluation and mathematical induction are described, which the authors have implemented in a program that automatically proves a ..."
Abstract

Cited by 50 (2 self)
 Add to MetaCart
Program verification is the idea that properties of programs can be precisely stated and proved in the mathematical sense. In this paper, some simple heuristics combining evaluation and mathematical induction are described, which the authors have implemented in a program that automatically proves a wide variety of theorems about recursive LISP functions. The method the program uses to generate induction formulas is described at length. The theorems proved by the program include that REVERSE is its own inverse and that a particular SORT program is correct. A list of theorems proved by the program is given. key words and phrases: LISP, automatic theoremproving, structural induction, program verification cr categories: 3.64, 4.22, 5.21 1 Introduction We are concerned with proving theorems in a firstorder theory of lists, akin to the elementary theory of numbers. We use a subset of LISP as our language because recursive list processing functions are easy to write in LISP and because ...
Invariant Discovery via Failed Proof Attempts
 In Proc. LOPSTR '98, LNCS 1559
, 1998
"... . We present a framework for automating the discovery of loop invariants based upon failed proof attempts. The discovery of suitable loop invariants represents a bottleneck for automatic verification of imperative programs. Using the proof planning framework we reconstruct standard heuristics fo ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
. We present a framework for automating the discovery of loop invariants based upon failed proof attempts. The discovery of suitable loop invariants represents a bottleneck for automatic verification of imperative programs. Using the proof planning framework we reconstruct standard heuristics for developing invariants. We relate these heuristics to the analysis of failed proof attempts allowing us to discover invariants through a process of refinement. 1 Introduction Loop invariants are a well understood technique for specifying the behaviour of programs involving loops. The discovery of suitable invariants, however, is a major bottleneck for automatic verification of imperative programs. Early research in this area [18, 24] exploited both theorem proving techniques as well as domain specific heuristics. However, the potential for interaction between these components was not fully exploited. The proof planning framework, in which we reconstruct the standard heuristics, couples ...
Modular and Incremental Analysis of Concurrent Software Systems
, 1999
"... Modularization and abstraction are the keys to practical verification and analysis of large and complex systems. We present in an incremental methodology for the automatic analysis and verification of concurrent software systems. Our methodology is based on the theory of abstract interpretation. We ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
Modularization and abstraction are the keys to practical verification and analysis of large and complex systems. We present in an incremental methodology for the automatic analysis and verification of concurrent software systems. Our methodology is based on the theory of abstract interpretation. We first propose a compositional data flow analysis algorithm that computes invariants of concurrent systems by composing invariants generated separately for each component. We present a novel compositional rule allowing us to obtain invariants of the whole system as conjunctions of local invariants of each component. We also show how the generated invariants are used to construct, almost for free, finite state abstractions of the original system that preserve safety properties. This reduces dramatically the cost of computing such abstractions as reported in previous work. We finally give a novel refinement algorithm that refines the constructed abstraction until the property of interest is pro...
Invariant Patterns for Program Reasoning
"... We address the problem of integrating standard techniques for automatic invariant generation within the context of program reasoning. We propose the use of invariant patterns which enable us to associate common patterns of program code and specifications with invariant schemas. This allows crucial d ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
We address the problem of integrating standard techniques for automatic invariant generation within the context of program reasoning. We propose the use of invariant patterns which enable us to associate common patterns of program code and specifications with invariant schemas. This allows crucial decisions relating to the development of invariants to be delayed until a proof is attempted. Moreover, it allows patterns within the program to be exploited in patching failed proof attempts.
Formally verifying data and control with weak reachability invariants
 FORMAL METHOD IN COMPUTERAIDED DESIGN
, 1998
"... Existing formal verification methods do not handle systems that combine state machines and data paths very well. Model checking deals with finitestate machines efficiently, but model checking full designs is infeasible because of the large amount of state in the data path. Theoremproving methods ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Existing formal verification methods do not handle systems that combine state machines and data paths very well. Model checking deals with finitestate machines efficiently, but model checking full designs is infeasible because of the large amount of state in the data path. Theoremproving methods may be effective for verifying data path operations, but verifying the control requires finding and proving inductive invariants that characterize the reachable states of the system. We present a new approach to verification of systems that combine control FSMs and data path operations. Invariants are specified only for a small set of control states, called clean states, where the invariants are especially simple. We avoid the need to specify the invariants for the unclean states by symbolically simulating over all paths to find the possible next clean states. The set of all paths from one clean state to the next is represented by a regular expression, which is extracted from the control FSMs. The number of paths is infinite only if the regular expression contains stars. The method uses a heuristic to generalize the symbolic state to cover all of the paths of the starred expression. We have implemented a prototype tool for guiding an existing symbolic simulator and verification tool and used it successfully to prove properties of the Instruction Fetch Unit of TORCH, a superscalar microprocessor designed at Stanford. With much less effort, we were able to find all the bugs in the unit that were found earlier by manually strengthening the invariants.
Automatic Verification of Parameterized Systems
 New York University
, 2005
"... To my parents and the memory of the late Dr. Robert Paige iv Acknowledgements The road leading to the Doctorâ€™s Degree of Philosophy in Computer Science has been a long and winding journey for me. It started with the encouragement of my parents who inseminated in me the love of science and intellectu ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
To my parents and the memory of the late Dr. Robert Paige iv Acknowledgements The road leading to the Doctorâ€™s Degree of Philosophy in Computer Science has been a long and winding journey for me. It started with the encouragement of my parents who inseminated in me the love of science and intellectual fulfillment. At times when I was in serious doubt about my academic choices and was near the point of giving up all my research it always came back to this very basic point. The reality of being a graduate student can be harsh at times, and the experience of being a parttime Ph.D. student and a fulltime working mother is a once in a lifetime adventure, and I am very glad that I had it. For that I owe abundance of thankyous to my husband Cris, whose insistence upon completing the course made me carry on, whose sharing of childcaring and house work gave me most precious time, and whose sense of humor and good spirit melt away my frustrations yet spared me no nonsense. Another per