## Predicate Abstraction with Minimum Predicates (2003)

### Cached

### Download Links

- [www-2.cs.cmu.edu]
- [www-2.cs.cmu.edu]
- [www-2.cs.cmu.edu]
- [www.cs.cmu.edu]
- [www.cs.cmu.edu]
- [www.cs.cmu.edu]
- [www.cs.cmu.edu]
- DBLP

### Other Repositories/Bibliography

Venue: | In Advanced Research Working Conference on Correct Hardware Design and Verification Methods (CHARME |

Citations: | 30 - 8 self |

### BibTeX

@INPROCEEDINGS{Chaki03predicateabstraction,

author = {Sagar Chaki and Edmund Clarke and Alex Groce and Ofer Strichman},

title = {Predicate Abstraction with Minimum Predicates},

booktitle = {In Advanced Research Working Conference on Correct Hardware Design and Verification Methods (CHARME},

year = {2003},

publisher = {Springer}

}

### Years of Citing Articles

### OpenURL

### Abstract

Predicate abstraction is a popular abstraction technique employed in formal software verification. A crucial requirement to make predicate abstraction effective is to use as few predicates as possible, since the abstraction process is in the worst case exponential (in both time and memory requirements) in the number of predicates involved. If a property can be proven to hold or not hold based on a given finite set of predicates P, the procedure we propose in this paper finds automatically a minimal subset of P that is sufficient for the proof. We explain how our technique can be used for more efficient verification of C programs. Our experiments show that predicate minimization can result in a significant reduction of both verification time and memory usage compared to earlier methods.

### Citations

2424 | Model Checking
- Clarke, Grumberg, et al.
- 2000
(Show Context)
Citation Context ... [2]. They follow a CounterExample Guided Abstraction Renement (CEGAR) loop, which we now describe. Let be the property that we wish to verify over the program . We denote by MC a model checking [5, 10] algorithm that takes both A(;P) and as inputs and outputs true if A(;P) j= and a counterexample otherwise. We assume is a safety property, so that is asnite acyclic trace of A(;P). Since... |

603 | Construction of abstract state graphs with PVS
- Graf, Saidi
- 1997
(Show Context)
Citation Context ...s. Our experiments show that predicate minimization can result in a signicant reduction of both verication time and memory usage compared to earlier methods 1 . 1 Introduction Predicate abstraction [1=-=6-=-] is a commonly used abstraction technique in formal verication of software. Like other abstractions, when successful it can be used to prove the correctness (or incorrectness) of a property with only... |

445 | Lazy abstraction
- Henzinger, Jhala, et al.
- 2002
(Show Context)
Citation Context ...reachable states of the system. This facilitates the verication of systems larger than would otherwise be possible. Predicate abstraction has been used widely [12] both for hardware [8] and software [=-=2, -=-13] verication. In this article we focus on its application to the verication of C programs. Verication of programs typically concentrates on the controlsow of the program (e.g. checking if a particul... |

416 | Computer-aided verification of coordinating processes: the automata-theoretic approach - Kurshan - 1994 |

385 | Automatically validating temporal safety properties of interfaces
- Ball, Rajamani
- 2001
(Show Context)
Citation Context ...reachable states of the system. This facilitates the verication of systems larger than would otherwise be possible. Predicate abstraction has been used widely [12] both for hardware [8] and software [=-=2, -=-13] verication. In this article we focus on its application to the verication of C programs. Verication of programs typically concentrates on the controlsow of the program (e.g. checking if a particul... |

206 | Modular verification of software components in C
- Chaki, Clarke, et al.
- 2004
(Show Context)
Citation Context ...ng minimal hitting sets and logic minimization. The PBS step, however, has not been a bottleneck in any of our experiments. 4 Experiments and Conclusions We implemented our technique inside the MAGIC =-=[4]-=- tool. MAGIC was designed to check weak simulation of properties of labeled transition systems (LTSs) derived from C programs. We experimented with MAGIC with and without predicate optimization. We al... |

191 |
Synthesis of synchronization skeletons for branching time temporal logic
- Clarke, Emerson
- 1981
(Show Context)
Citation Context ... [2]. They follow a CounterExample Guided Abstraction Renement (CEGAR) loop, which we now describe. Let be the property that we wish to verify over the program . We denote by MC a model checking [5, 10] algorithm that takes both A(;P) and as inputs and outputs true if A(;P) j= and a counterexample otherwise. We assume is a safety property, so that is asnite acyclic trace of A(;P). Since... |

131 | Experience with predicate abstraction
- Das, Dill, et al.
- 1999
(Show Context)
Citation Context ...with only partial information about the reachable states of the system. This facilitates the verication of systems larger than would otherwise be possible. Predicate abstraction has been used widely [=-=-=-12] both for hardware [8] and software [2, 13] verication. In this article we focus on its application to the verication of C programs. Verication of programs typically concentrates on the controlsow ... |

106 |
Techniques for program verification
- Nelson
- 1981
(Show Context)
Citation Context ... this problem is known to be undecidable. However for our purposes it is sufficient that the theorem prover be sound and always terminate. Several publicly available theorem provers (such as Simplify =-=[11]-=-) have this characteristic. Given arbitrary formulas ψ1 and ψ2, we say that the formulas are admissible if the theorem prover returns false or unknown on ¬(ψ1 ∧ ψ2). We denote this by Adm(ψ1, ψ2). Oth... |

81 | PBS: A backtracksearch pseudo-Boolean solver and optimizer
- Aloul, Ramani, et al.
- 2002
(Show Context)
Citation Context ...his assignment represents the minimal number of predicates that are sucient for eliminating T . Since includes disjunctions, it cannot be solved directly with a 0-1 ILP solver. We therefore use PBS [1], a solver for Pseudo Boolean Formulas. A pseudo-Boolean formula is of the form P n i=1 c i b i ./ k, where b i is a Boolean variable and c i is a rational constant for 1 i n. k is a rational co... |

38 |
Generating Abstract Explanations of Spurious Counterexamples in C Programs
- Ball, Rajamani
- 2002
(Show Context)
Citation Context ...gorithm, described in Figure 3, takes and a counterexample as inputs and returns true ifs() is a valid trace of . This is a backward traversal based algorithm. There is an equivalent algorithm [3] that is forward traversal based and uses strongest postconditions instead of weakest preconditions. 2.4 Checking trace elimination Given a spurious counterexample = h(s 1 ; V 1 ); : : : ; (s n ; Vn... |

29 | Shape Analysis through Predicate Abstraction and Model Checking
- Dams, Namjoshi
(Show Context)
Citation Context ...orcefully or not, the resulting model is guaranteed to be a sound abstraction of . We have found this approach to be very eective in practice. A similar algorithm was proposed by Dams and Namjoshi [1=-=1]-=-. Example 2. Consider the CFA described in Example 1. Suppose P contains the only branch (L2) in our example program. Then PredInfer begins with P L2 = f(x == y)g. From this it obtains P L1 = fWP((x =... |

21 | Computer-aided veri of coordinating processes: the automata-theoretic approach - Kurshan - 1994 |

20 |
Counterexample-guided abstraction re
- Clarke, Grumberg, et al.
(Show Context)
Citation Context ...e renement corresponds to gradually returning to the original denition of these variables. Several alternative abstraction/renement techniques were oered since then by, for example, Clarke et al. [9]. More recently the CEGAR framework has also been successfully adapted for verifying software [3, 13]. The problem ofsnding small sets of predicates is also being investigated in the context of hardwa... |

19 | On proving safety properties by integrating static analysis, theorem proving and abstraction
- Rusu, Singerman
- 1998
(Show Context)
Citation Context ... refinement corresponds to gradually returning to the original definition of these variables. More recently the CEGAR framework has also been successfully adapted for verifying infinite state systems =-=[12]-=-, and in particular software [3, 9]. The problem of finding small sets of predicates (yet not minimal) is also being investigated in the context of hardware designs in [5]. The rest of this article is... |

13 | 2003): SAT Based Predicate Abstraction for Hardware Verification
- Clarke, Talupur, et al.
(Show Context)
Citation Context ...mation about the reachable states of the system. This facilitates the verication of systems larger than would otherwise be possible. Predicate abstraction has been used widely [12] both for hardware [8] and software [2, 13] verication. In this article we focus on its application to the verication of C programs. Verication of programs typically concentrates on the controlsow of the program (e.g. c... |

10 |
Techniques for Program Veri
- Nelson
- 1981
(Show Context)
Citation Context ...ral this problem is known to be undecidable. However for our purposes it is sucient that the theorem prover be sound and always terminate. Several publicly available theorem provers (such as Simplify =-=[15]-=-) have this characteristic. Given arbitrary formulass1 ands2 , we say that the formulas are admissible if the theorem prover returns false or unknown on :(s1 ^s2 ). We denote this by Adm(s1 ;s2 ). Oth... |

6 |
Modular Veri of Software Components in C
- Chaki, Clarke, et al.
- 2003
(Show Context)
Citation Context ...ng minimal hitting sets and logic minimization. The PBS step, however, has not been a bottleneck in any of our experiments. 4 Experiments and Conclusions We implemented our technique inside the MAGIC =-=[4]-=- tool. MAGIC was designed to check weak simulation of properties of labeled transition systems (LTSs) derived from C programs. We experimented with MAGIC with and without predicate optimization. We al... |

4 | 2003, ‘Making predicate abstraction efficient: eliminating redundant predicates
- Clarke, Grumberg, et al.
- 2003
(Show Context)
Citation Context ...nformation about the reachable states of the system. This facilitates the verification of systems larger than would otherwise be possible. Predicate abstraction has been used widely both for hardware =-=[5]-=- and software [2, 9] verification. In this article we focus on its application to the verification of C programs. Verification of programs typically concentrates on the control flow of the program (e.... |

2 |
Making predicate abstraction ecient: eliminating redundant predicates
- Clarke, Grumberg, et al.
- 2003
(Show Context)
Citation Context ...y the CEGAR framework has also been successfully adapted for verifying software [3, 13]. The problem ofsnding small sets of predicates is also being investigated in the context of hardware designs in =-=[6]-=-. The rest of this article is structured as follows. In the next section we discuss in more detail the CEGAR loop for predicate abstraction and how it is used for verifying C programs. In section 3 we... |

2 |
SAT based abstraction - re using ILP and machine learning techniques. volume 2404
- Clarke, Gupta, et al.
- 2002
(Show Context)
Citation Context ...-and-Eliminate, described in Figure 5, is based on an abstraction renement loop that keeps the set of predicates minimal throughout the process. It is modeled after the Sample-and-Separate algorithm [=-=7-=-], where it is used in a CEGAR framework for hardware verication. At each step itsnds a counterexample if one 2 Note that in practice this step can be carried out in an on-the- y manner without constr... |

1 |
based abstraction - refinement using ILP and machine learning techniques
- SAT
- 2002
(Show Context)
Citation Context ...and-Eliminate, described in Figure 5, is based on an abstraction refinement loop that keeps the set of predicates minimal throughout the process. It is modeled after the Sample-and-Separate algorithm =-=[6]-=-, where it is 1 Note that in practice this step can be carried out in an on-the-fly manner without constructing the full A(Π, P).sInput: Spurious trace τ s.t. γ(τ) = 〈s1, . . . , sn〉 and a set of pred... |