Back to the Future -- Revisiting Precise Program Verification using SMT Solvers

Back to the Future -- Revisiting Precise Program Verification using SMT Solvers (2008)

Cached

Download Links

by Shuvendu K. Lahiri , Shaz Qadeer

Venue:	POPL'08
Citations:	48 - 13 self

BibTeX

@MISC{Lahiri08backto,
    author = {Shuvendu K. Lahiri and Shaz Qadeer},
    title = { Back to the Future -- Revisiting Precise Program Verification using SMT Solvers},
    year = {2008}
}

Bookmark

OpenURL

Abstract

This paper takes a fresh look at the problem of precise verification of heap-manipulating programs using first-order Satisfiability-Modulo-Theories (SMT) solvers. We augment the specification logic of such solvers by introducing the Logic of Interpreted Sets and Bounded Quantification for specifying properties of heap-manipulating programs. Our logic is expressive, closed under weakest preconditions, and efficiently implementable on top of existing SMT solvers. We have created a prototype implementation of our logic over the solvers SIMPLIFY and Z3 and used our prototype to verify many programs. Our preliminary experience is encouraging; the completeness and the efficiency of the decision procedure is clearly evident in practice and has greatly improved the user experience of the verifier.

Citations

1310	A Discipline of Programming - Dijkstra - 1976
520	H.: Construction of abstract state graphs with PVS - Graf, Saïdi - 1997
482	Counterexample-Guided Abstraction Refinement for Symbolic Model Checking - Clarke, Grumberg, et al. - 2003
455	Extended static checking for Java - Flanagan, Leino, et al.
393	Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach - Kurshan - 1994
381	The Spec# programming system: An overview - Barnett, Leino, et al. - 2004
378	G.: Lazy abstraction - Henzinger, Jhala, et al. - 2002
355	DART: directed automated random testing - GODEFROID, KLARLUND, et al. - 2005
348	S.K.: Automatic predicate abstraction of C programs 36(5 - Ball, Majumdar, et al. - 2001
296	Simplify: a theorem prover for program checking - Detlefs, Nelson, et al.
239	Y.: The Classical Decision Problem - Börger, Grädel, et al. - 1996
163	Fast Decision Procedures Based on Congruence Closure - Nelson, Oppen - 1980
128	A Fast Linear-Arithmetic Solver for DPLL(T - Dutertre, Moura - 2006
128	The pointer assertion logic engine - Møller, Schwartzbach - 2001
108	A local shape analysis based on separation logic - Distefano, O’Hearn, et al. - 2006
106	M.: TVLA: A system for implementing static analyses - Lev-Ami, Sagiv - 2000
74	Boogiepl: a typed procedural language for checking object-oriented programs - DeLine, Leino - 2005
67	Data structure specifications via local equality axioms - McPeak, Necula - 2005
66	Shape analysis for composite data structures - Berdine, Calcagno, et al. - 2007
64	Weakest-precondition of unstructured programs - Barnett, Leino - 2005
56	A decidable fragment of separation logic - Berdine, Calcagno, et al. - 2004
48	Verifying reachability invariants of linked structures - Nelson - 1983
37	Verifying properties of well-founded linked lists - Lahiri, Qadeer - 2006
34	Simulating reachability using first–order logic with applications to verification of linked data structures - Lev-Ami, Immerman, et al. - 2005
29	A reachability predicate for analyzing low-level software - Chatterjee, Lahiri, et al.
14	A theory of singly-linked lists and its extensible decision procedure - Ranise, Zarba - 1974
12	An inference-rule-based decision procedure for verification of heap-manipulating programs with mutable data and cyclic data structures - Rakamarić, Bingham, et al. - 2007
6	Efficient Incremental E-matching for SMT Solvers - Moura, Bjorner - 2007
3	A decision procedure for well-founded reachability - Lahiri, Qadeer - 2006