Results 1  10
of
59
Program Verification using Templates over Predicate Abstraction
"... We address the problem of automatically generating invariants with quantified and boolean structure for proving the validity of given assertions or generating preconditions under which the assertions are valid. We present three novel algorithms, having different strengths, that combine template and ..."
Abstract

Cited by 22 (4 self)
 Add to MetaCart
(Show Context)
We address the problem of automatically generating invariants with quantified and boolean structure for proving the validity of given assertions or generating preconditions under which the assertions are valid. We present three novel algorithms, having different strengths, that combine template and predicate abstraction based formalisms to discover required sophisticated program invariants using SMT solvers. Two of these algorithms use an iterative approach to compute fixedpoints (one computes a least fixedpoint and the other computes a greatest fixedpoint), while the third algorithm uses a constraint based approach to encode the fixedpoint. The key idea in all these algorithms is to reduce the problem of invariant discovery to that of finding optimal solutions for unknowns (over conjunctions of some predicates from a given set) in a template formula such that
A Quick Tour of the VeriFast Program Verifier
 In: APLAS. Ed. by
, 2010
"... Abstract. This paper describes the main features of VeriFast, a sound and modular program verifier for C and Java. VeriFast takes as input a number of source files annotated with method contracts written in separation logic, inductive data type and fixpoint definitions, lemma functions and proof s ..."
Abstract

Cited by 21 (4 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes the main features of VeriFast, a sound and modular program verifier for C and Java. VeriFast takes as input a number of source files annotated with method contracts written in separation logic, inductive data type and fixpoint definitions, lemma functions and proof steps. The verifier checks that (1) the program does not perform illegal operations such as dividing by zero or illegal memory accesses and (2) that the assumptions described in method contracts hold in each execution. Although VeriFast supports specifying and verifying deep data structure properties, it provides an interactive verification experience as verification times are consistently low and errors can be diagnosed using its symbolic debugger. VeriFast and a large number of example programs are available online at:
An evaluation of automata algorithms for string analysis
 In VMCAI’11, LNCS
, 2011
"... Abstract. There has been significant recent interest in automated reasoning techniques, in particular constraint solvers, for string variables. These techniques support a wide variety of clients, ranging from static analysis to automated testing. The majority of string constraint solvers rely on fin ..."
Abstract

Cited by 18 (7 self)
 Add to MetaCart
(Show Context)
Abstract. There has been significant recent interest in automated reasoning techniques, in particular constraint solvers, for string variables. These techniques support a wide variety of clients, ranging from static analysis to automated testing. The majority of string constraint solvers rely on finite automata to support regular expression constraints. For these approaches, performance depends critically on fast automata operations such as intersection, complementation, and determinization. Existing work in this area has not yet provided conclusive results as to which core algorithms and data structures work best in practice. In this paper, we study a comprehensive set of algorithms and data structures for performing fast automata operations. Our goal is to provide an applestoapples comparison between techniques that are used in current tools. To achieve this, we reimplemented a number of existing techniques. We use an established set of regular expressions benchmarks as an indicative workload. We also include several techniques that, to the best of our knowledge, have not yet been used for string constraint solving. Our results show that there is a substantial performance difference across techniques, which has implications for future tool design. 1
Local Verification of Global Invariants in Concurrent Programs
, 2010
"... We describe a practical method for reasoning about realistic concurrent programs. Our method allows global twostate invariants that restrict update of shared state. We provide simple, sufficient conditions for checking those global invariants modularly. The method has been implemented in VCC 3, an ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
We describe a practical method for reasoning about realistic concurrent programs. Our method allows global twostate invariants that restrict update of shared state. We provide simple, sufficient conditions for checking those global invariants modularly. The method has been implemented in VCC 3, an automatic, sound, modular verifier for concurrent C programs. VCC has been used to verify functional correctness of tens of thousands of lines of Microsoft’s HyperV virtualization platform 4 and of SYSGO’s embedded realtime operating system PikeOS.
A simple inductive synthesis methodology and its applications
, 2010
"... Given a highlevel specification and a lowlevel programming language, our goal is to automatically synthesize an efficient program that meets the specification. In this paper, we present a new algorithmic methodology for inductive synthesis that allows us to do this. We use Second Order logic as ou ..."
Abstract

Cited by 13 (10 self)
 Add to MetaCart
(Show Context)
Given a highlevel specification and a lowlevel programming language, our goal is to automatically synthesize an efficient program that meets the specification. In this paper, we present a new algorithmic methodology for inductive synthesis that allows us to do this. We use Second Order logic as our generic high level specification logic. For our lowlevel languages we choose small applicationspecific logics that can be immediately translated into code that runs in expected linear time in the worst case. We explain our methodology and provide examples of the synthesis of several graph classifiers, e.g, lineartime tests of whether the input graph is connected, acyclic, etc. In another set of applications we automatically derive many finite differencing expressions equivalent to ones that Paige built by hand in his thesis [Pai81]. Finally we describe directions for automatically combining such automatically generated building blocks to synthesize efficient code implementing more complicated specifications. The methods in this paper have been implemented in Python using the SMT solver Z3 [dMB].
Directed symbolic execution
, 2011
"... Abstract. In this paper, we study the problem of automatically finding program executions that reach a particular target line. This problem arises in many debugging scenarios; for example, a developer may want to confirm that a bug reported by a static analysis tool on a particular line is a true po ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
Abstract. In this paper, we study the problem of automatically finding program executions that reach a particular target line. This problem arises in many debugging scenarios; for example, a developer may want to confirm that a bug reported by a static analysis tool on a particular line is a true positive. We propose two new directed symbolic execution strategies that aim to solve this problem: shortestdistance symbolic execution (SDSE) uses a distance metric in an interprocedural control flow graph to guide symbolic execution toward a particular target; and callchainbackward symbolic execution (CCBSE) iteratively runs forward symbolic execution, starting in the function containing the target line, and then jumping backward up the call chain until it finds a feasible path from the start of the program. We also propose a hybrid strategy, MixCCBSE, which alternates CCBSE with another (forward) search strategy. We compare these three with several existing strategies from the literature on a suite of six GNU coreutils programs. We find that SDSE performs extremely well in many cases but may fail badly. CCBSE also performs quite well, but imposes additional overhead that sometimes makes it slower than SDSE. Considering all our benchmarks together, MixCCBSE performed best on average, combining to good effect the features of its constituent components. 1
Automating Induction with an SMT Solver
, 2011
"... Mechanical proof assistants have always had support for inductive proofs. Sometimes an alternative to proof assistants, satisfiability modulo theories (SMT) solvers bring the hope of a higher degree of automation. However, SMT solvers do not natively support induction, so inductive proofs require s ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
Mechanical proof assistants have always had support for inductive proofs. Sometimes an alternative to proof assistants, satisfiability modulo theories (SMT) solvers bring the hope of a higher degree of automation. However, SMT solvers do not natively support induction, so inductive proofs require some encoding into the SMT solver’s input. This paper shows a surprisingly simple tactic—a rewriting strategy and a heuristic for when to apply it—that has shown to be useful in verifying simple inductive theorems, like those that can occur during program verification. The paper describes the tactic and its implementation in a program verifier, and reports on the positive experience with using the tactic.
Automatic modular abstractions for template numerical constraints
 Logical Methods in Computer Science
, 2010
"... We propose a method for automatically generating abstract transformers for static analysis by abstract interpretation. The method focuses on linear constraints on programs operating on rational, real or floatingpoint variables and containing linear assignments and tests. Given the specification of a ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
We propose a method for automatically generating abstract transformers for static analysis by abstract interpretation. The method focuses on linear constraints on programs operating on rational, real or floatingpoint variables and containing linear assignments and tests. Given the specification of an abstract domain, and a program block, our method transformer. It is thus a form of program transformation. In addition to loopfree code, the same method also applies for obtaining least fixed points as functions of the precondition, which permits the analysis of loops and recursive functions. The motivation of our work is dataflow synchronous programming languages, used for building controlcommand embedded systems, but it also applies to imperative and functional programming. Our algorithms are based on quantifier elimination and symbolic manipulation techniques over linear arithmetic formulas. We also give less general results for nonlinear constraints and nonlinear program constructs. 1
Using the Spec# Language, Methodology, and Tools to Write BugFree Programs
, 2009
"... Spec# is a programming system for the development of correct programs. It consists of a programming language, a verification methodology, and tools. The Spec # language extends C# with contracts, which allow programmers to document their design decisions in the code. The verification methodology pro ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
Spec# is a programming system for the development of correct programs. It consists of a programming language, a verification methodology, and tools. The Spec # language extends C# with contracts, which allow programmers to document their design decisions in the code. The verification methodology provides rules and guidelines for how to use the Spec# features to express and check properties of interesting implementations. Finally, the tool support consists of a compiler that emits runtime checks for many contracts and a static program verifier that attempts to prove automatically that an implementation satisfies its specification. These lecture notes teach the use of the Spec# system, focusing on specification and static verification.
VeriFast: Imperative Programs as Proofs
"... Abstract. We propose an approach for the verification of imperative programs based on the toolsupported, interactive insertion of annotations into the source code. Annotations include routine preconditions and postconditions and loop invariants in a form of separation logic, as well as inductive da ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We propose an approach for the verification of imperative programs based on the toolsupported, interactive insertion of annotations into the source code. Annotations include routine preconditions and postconditions and loop invariants in a form of separation logic, as well as inductive datatype definitions and recursive function and predicate definitions to enable rich specifications. To enable verification of these rich specifications, annotations also include lemma routines, which are like ordinary routines of the programming language, except that it is checked that they do not have sideeffects and that they terminate. Recursive lemma routines serve as inductive proofs that their precondition implies their postcondition. Verification proceeds by symbolic execution, using a separation logicbased representation of memory, and using firstorder terms constrained by a firstorder theory as symbolic data values. Data value queries are delegated to an SMT solver; since memory framing issues are eliminated from these queries and only wellbehaved quantification is used, SMT solver queries perform much better than in verification condition based approaches. Annotation insertion is supported by an integrated development environment where the user may invoke the verification tool. If verification fails, the user can step through the symbolic execution trace and inspect the symbolic state at each step. Since verification typically takes less than a second, this enables an efficient iterative annotateandverify process. Furthermore, it is hoped that by offering proof technology in a form recognizable to programmers, the approach brings interactive program verification to a wider audience. 1