Results 1  10
of
23
Software Model Checking
"... Software model checking is the algorithmic analysis of programs to prove properties of their executions. It traces its roots to logic and theorem proving, both to provide the conceptual framework in which to formalize the fundamental questions and to provide algorithmic procedures for the analysis o ..."
Abstract

Cited by 52 (0 self)
 Add to MetaCart
Software model checking is the algorithmic analysis of programs to prove properties of their executions. It traces its roots to logic and theorem proving, both to provide the conceptual framework in which to formalize the fundamental questions and to provide algorithmic procedures for the analysis of logical questions. The undecidability theorem [Turing 1936] ruled out the possibility of a sound and complete algorithmic solution for any sufficiently powerful programming model, and even under restrictions (such as finite state spaces), the correctness problem remained computationally intractable. However, just because a problem is hard does not mean it never appears in practice. Also, just because the general problem is undecidable does not imply that specific instances of the problem will also be hard. As the complexity of software systems grew, so did the need for some reasoning mechanism about correct behavior. (While we focus here on analyzing the behavior of a program relative to given correctness specifications, the development of specification mechanisms happened in parallel, and merits a different survey.) Initially, the focus of program verification research was on manual reasoning, and
InvGen: An efficient invariant generator
 In CAV
, 2009
"... Abstract. In this paper we present InvGen, an automatic linear arithmetic invariant generator for imperative programs. InvGen’s unique feature is in its use of dynamic analysis to make invariant generation order of magnitude more efficient. 1 ..."
Abstract

Cited by 31 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we present InvGen, an automatic linear arithmetic invariant generator for imperative programs. InvGen’s unique feature is in its use of dynamic analysis to make invariant generation order of magnitude more efficient. 1
Solving existentially quantified Horn clauses
 IN CAV
, 2013
"... Temporal verification of universal (i.e., valid for all computation paths) properties of various kinds of programs, e.g., procedural, multithreaded, or functional, can be reduced to finding solutions for equations in form of universally quantified Horn clauses extended with wellfoundedness condit ..."
Abstract

Cited by 22 (5 self)
 Add to MetaCart
(Show Context)
Temporal verification of universal (i.e., valid for all computation paths) properties of various kinds of programs, e.g., procedural, multithreaded, or functional, can be reduced to finding solutions for equations in form of universally quantified Horn clauses extended with wellfoundedness conditions. Dealing with existential properties (e.g., whether there exists a particular computation path), however, requires solving forallexists quantified Horn clauses, where the conclusion part of some clauses contains existentially quantified variables. For example, a deductive approach to CTL verification reduces to solving such clauses. In this paper we present a method for solving forallexists quantified Horn clauses extended with wellfoundedness conditions. Our method is based on a counterexampleguided abstraction refinement scheme to discover witnesses for existentially quantified variables. We also present an application of our solving method to automation of CTL verification of software, as well as its experimental evaluation.
A data driven approach for algebraic loop invariants
, 2012
"... We describe a GuessandCheck algorithm for computing algebraic equation invariants of the form ∧ifi(x1,..., xn) = 0, where each fi is a polynomial over the variables x1,..., xn of the program. The “guess” phase is data driven and derives a candidate invariant from data generated from concrete exe ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
We describe a GuessandCheck algorithm for computing algebraic equation invariants of the form ∧ifi(x1,..., xn) = 0, where each fi is a polynomial over the variables x1,..., xn of the program. The “guess” phase is data driven and derives a candidate invariant from data generated from concrete executions of the program. This candidate invariant is subsequently validated in a “check ” phase by an offtheshelf SMT solver. Iterating between the two phases leads to a sound algorithm. Moreover, we are able to prove a bound on the number of decision procedure queries which GuessandCheck requires to obtain a sound invariant. We show how GuessandCheck can be extended to generate arbitrary boolean combinations of linear equalities as invariants, which enables us to generate expressive invariants to be consumed by tools that cannot handle nonlinear arithmetic. We have evaluated our technique on a number of benchmark programs from recent papers on invariant generation. Our results are encouraging – we are able to efficiently compute algebraic invariants in all cases, with only a few tests.
Relational Abstractions For Continuous and Hybrid Systems
"... Abstract. There has been much recent progress on invariant generation techniques for continuous systems whose dynamics are described by Ordinary Differential Equations (ODE). In this paper, we present a simple abstraction scheme for hybrid systems that abstracts continuous dynamics by relating any s ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
Abstract. There has been much recent progress on invariant generation techniques for continuous systems whose dynamics are described by Ordinary Differential Equations (ODE). In this paper, we present a simple abstraction scheme for hybrid systems that abstracts continuous dynamics by relating any state of the system to a state that can potentially be reached at some future time instant. Such relations are then interpreted as discrete transitions that model the continuous evolution of states over time. We adapt templatebased invariant generation techniques for continuous dynamics to derive relational abstractions for continuous systems with linear as well as nonlinear dynamics. Once a relational abstraction hasbeen derived,theresultingsystemis apurelydiscrete, infinitestatesystem. Therefore, techniquessuchas kinductioncan be directly applied to this abstraction to prove properties, and bounded modelchecking techniques applied to find potential falsifications. We present the basic underpinnings of our approach and demonstrate its use on many benchmark systems to derive simple and usable abstractions. 1
On interprocedural analysis of programs with lists and data
 In PLDI
, 2011
"... We address the problem of automatic synthesis of assertions on sequential programs with singlylinked lists containing data over infinite domains such as integers or reals. Our approach is based on an accurate abstract interprocedural analysis. Program configurations are represented by graphs wher ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
We address the problem of automatic synthesis of assertions on sequential programs with singlylinked lists containing data over infinite domains such as integers or reals. Our approach is based on an accurate abstract interprocedural analysis. Program configurations are represented by graphs where nodes represent list segments without sharing. The data in these list segments are characterized by constraints in abstract domains. We consider a domain where constraints are in a universally quantified fragment of the firstorder logic over sequences, as well as a domain constraining the multisets of data in sequences. Our analysis computes the effect of each procedure in a local manner, by considering only the reachable part of the heap from its actual parameters. In order to avoid losses of information, we introduce a mechanism based on unfolding/folding operations allowing to strengthen the analysis in the domain of firstorder formulas by the analysis in the multisets domain. The same mechanism is used for strengthening the sound (but incomplete) entailment operator of the domain of firstorder formulas. We have implemented our techniques in a prototype tool and we have shown that our approach is powerful enough for automatic (1) generation of nontrivial procedure summaries, (2) pre/postcondition reasoning, and (3) procedure equivalence checking. 1.
Verification as Learning Geometric Concepts
"... Abstract. We formalize the problem of program verification as a learning problem, showing that invariants in program verification can be regarded as geometric concepts in machine learning. Safety properties define bad states: states a program should not reach. Program verification explains why a pro ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We formalize the problem of program verification as a learning problem, showing that invariants in program verification can be regarded as geometric concepts in machine learning. Safety properties define bad states: states a program should not reach. Program verification explains why a program’s set of reachable states is disjoint from the set of bad states. In Hoare Logic, these explanations are predicates that form inductive assertions. Using samples for reachable and bad states and by applying well known machine learning algorithms for classification, we are able to generate inductive assertions. By relaxing the search for an exact proof to classifiers, we obtain complexity theoretic improvements. Further, we extend the learning algorithm to obtain a sound procedure that can generate proofs containing invariants that are arbitrary boolean combinations of polynomial inequalities. We have evaluated our approach on a number of challenging benchmarks and the results are promising.
From Invariant Checking to Invariant Inference Using Randomized Search
"... Abstract. We describe a general framework c2i for generating an invariant inference procedure from an invariant checking procedure. Given a checker and a language of possible invariants, c2i generates an inference procedure that iteratively invokes two phases. The search phase uses randomized sear ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a general framework c2i for generating an invariant inference procedure from an invariant checking procedure. Given a checker and a language of possible invariants, c2i generates an inference procedure that iteratively invokes two phases. The search phase uses randomized search to discover candidate invariants and the validate phase uses the checker to either prove or refute that the candidate is an actual invariant. To demonstrate the applicability of c2i, we use it to generate inference procedures that prove safety properties of numerical programs, prove nontermination of numerical programs, prove functional specifications of array manipulating programs, prove safety properties of string manipulating programs, and prove functional specifications of heap manipulating programs that use linked list data structures. 1
ICE: A Robust Framework for Learning Invariants
"... Abstract. We introduce ICE, a robust learning paradigm for synthesizing invariants, that learns using examples, counterexamples, and implications, and show that it admits honest teachers and strongly convergent mechanisms for invariant synthesis. We observe that existing algorithms for blackbox a ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Abstract. We introduce ICE, a robust learning paradigm for synthesizing invariants, that learns using examples, counterexamples, and implications, and show that it admits honest teachers and strongly convergent mechanisms for invariant synthesis. We observe that existing algorithms for blackbox abstract interpretation can be interpreted as ICElearning algorithms. We develop new strongly convergent ICElearning algorithms for two domains, one for learning Boolean combinations of numerical invariants for scalar variables and one for quantified invariants for arrays and dynamic lists. We implement these ICElearning algorithms in a verification tool and show they are robust, practical, and efficient. 1