Results 1  10
of
61
Simplify: A theorem prover for program checking
 J. ACM
, 2003
"... This paper provides a detailed description of the automatic theorem prover Simplify, which is the proof engine of the Extended Static Checkers ESC/Java and ESC/Modula3. Simplify uses the NelsonOppen method to combine decision procedures for several important theories, and also employs a matcher to ..."
Abstract

Cited by 432 (2 self)
 Add to MetaCart
This paper provides a detailed description of the automatic theorem prover Simplify, which is the proof engine of the Extended Static Checkers ESC/Java and ESC/Modula3. Simplify uses the NelsonOppen method to combine decision procedures for several important theories, and also employs a matcher to reason about quantifiers. Instead of conventional matching in a term DAG, Simplify matches up to equivalence in an Egraph, which detects many relevant pattern instances that would be missed by the conventional approach. The paper describes two techniques, labels and counterexample contexts, for helping the user to determine the reason that a false conjecture is false. The paper includes detailed performance figures on conjectures derived from realistic programchecking problems.
A decision procedure for bitvectors and arrays
 IN COMPUTER AIDED VERIFICATION, NUMBER 4590 IN LNCS
, 2007
"... STP is a decision procedure for the satisfiability of quantifierfree formulas in the theory of bitvectors and arrays that has been optimized for large problems encountered in software analysis applications. The basic architecture of the procedure consists of wordlevel preprocessing algorithms fo ..."
Abstract

Cited by 191 (11 self)
 Add to MetaCart
STP is a decision procedure for the satisfiability of quantifierfree formulas in the theory of bitvectors and arrays that has been optimized for large problems encountered in software analysis applications. The basic architecture of the procedure consists of wordlevel preprocessing algorithms followed by translation to SAT. The primary bottlenecks in software verification and bug finding applications are large arrays and linear bitvector arithmetic. New algorithms based on the abstractionrefinement paradigm are presented for reasoning about large arrays. A solver for bitvector linear arithmetic is presented that eliminates variables and parts of variables to enable other transformations, and reduce the size of the problem that is eventually received by the SAT solver. These and other algorithms have been implemented in STP, which has been heavily tested over thousands of examples obtained from several realworld applications. Experimental results indicate that the above mix of algorithms along with the overall architecture is far more effective, for a variety of applications, than a direct translation of the original formula to SAT or other comparable decision procedures.
Lazy Satisfiability Modulo Theories
 JOURNAL ON SATISFIABILITY, BOOLEAN MODELING AND COMPUTATION 3 (2007) 141Â224
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 181 (47 self)
 Add to MetaCart
(Show Context)
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that
Deciding bitvector arithmetic with abstraction
 IN PROC. TACAS 2007
, 2007
"... We present a new decision procedure for finiteprecision bitvector arithmetic with arbitrary bitvector operations. Our procedure alternates between generating under and overapproximations of the original bitvector formula. An underapproximation is obtained by a translation to propositional log ..."
Abstract

Cited by 58 (24 self)
 Add to MetaCart
We present a new decision procedure for finiteprecision bitvector arithmetic with arbitrary bitvector operations. Our procedure alternates between generating under and overapproximations of the original bitvector formula. An underapproximation is obtained by a translation to propositional logic in which some bitvector variables are encoded with fewer Boolean variables than their width. If the underapproximation is unsatisfiable, we use the unsatisfiable core to derive an overapproximation based on the subset of predicates that participated in the proof of unsatisfiability. If this overapproximation is satisfiable, the satisfying assignment guides the refinement of the previous underapproximation by increasing, for some bitvector variables, the number of Boolean variables that encode them. We present experimental results that suggest that this abstractionbased approach can be considerably more efficient than directly invoking the SAT solver on the original formula as well as other competing decision procedures.
RTLDatapath Verification using Integer Linear Programming
 In Proceedings of the IEEE VLSI Design Conference
, 2002
"... Satisfiability of complex wordlevel formulas often arises as a problem in formal verification of hardware designs described at the register transfer level (RTL). Even though most designs are described in a hardware description language (HDL), like Verilog or VHDL, usually this problem is solved in ..."
Abstract

Cited by 51 (5 self)
 Add to MetaCart
(Show Context)
Satisfiability of complex wordlevel formulas often arises as a problem in formal verification of hardware designs described at the register transfer level (RTL). Even though most designs are described in a hardware description language (HDL), like Verilog or VHDL, usually this problem is solved in the Boolean domain, using Boolean solvers. These engines often show a poor performance for data path verification. Instead of solving the problem at the bitlevel, a method is proposed to transform conjunctions of bitvector equalities and inequalities into sets of integer linear arithmetic constraints. It is shown that it is possible to correctly model the modulo semantics of HDL operators as linear constraints. Integer linear constraint solvers are used as a decision procedure for bitvector arithmetic. In the implementation we focus on verification of arithmetic properties of VerilogHDL designs. Experimental results show considerable performance advantages over highend Boolean SAT solver approaches. The speedup on the benchmarks studied is several orders of magnitude.
A Survey of Automated Techniques for Formal Software Verification
 TRANSACTIONS ON CAD
, 2008
"... The software in an electronic system is often the greatest concern with respect to quality and design flaws. Formal verification tools can provide a guarantee that a design is free of specific flaws. We survey algorithms that perform automatic, static analysis of software to detect programming erro ..."
Abstract

Cited by 51 (5 self)
 Add to MetaCart
The software in an electronic system is often the greatest concern with respect to quality and design flaws. Formal verification tools can provide a guarantee that a design is free of specific flaws. We survey algorithms that perform automatic, static analysis of software to detect programming errors or prove their absence. The three techniques we consider are static analysis with abstract domains, model checking, and bounded model checking. We provide a short tutorial on the these techniques, highlighting their differences when applied to practical problems. We also survey the tools that are available implementing these techniques, and describe their merits and shortcomings.
Cogent: Accurate theorem proving for program verification
 Proceedings of CAV 2005, volume 3576 of Lecture Notes in Computer Science
, 2005
"... Abstract. Many symbolic software verification engines such as Slam and ESC/Java rely on automatic theorem provers. The existing theorem provers, such as Simplify, lack precise support for important programming language constructs such as pointers, structures and unions. This paper describes a theore ..."
Abstract

Cited by 41 (11 self)
 Add to MetaCart
(Show Context)
Abstract. Many symbolic software verification engines such as Slam and ESC/Java rely on automatic theorem provers. The existing theorem provers, such as Simplify, lack precise support for important programming language constructs such as pointers, structures and unions. This paper describes a theorem prover, Cogent, that accurately supports all ANSIC expressions. The prover’s implementation is based on a machinelevel interpretation of expressions into propositional logic, and supports finite machinelevel variables, bit operations, structures, unions, references, pointers and pointer arithmetic. When used by Slam during the model checking of over 300 benchmarks, Cogent’s improved accuracy reduced the number of Slam timeouts by half, increased the number of true errors found, and decreased the number of false errors. 1
AND DANICIC,S. Backward conditioning: a new program specialisation technique and its application to program comprehension
 In 9th IEEE International Workshop on Program Comprehesion (IWPC'01
, 2001
"... Like forward conditioning (used in conditioned slicing), backward conditioning consists of specialising a program with respectto a condition inserted into the program. ..."
Abstract

Cited by 24 (9 self)
 Add to MetaCart
(Show Context)
Like forward conditioning (used in conditioned slicing), backward conditioning consists of specialising a program with respectto a condition inserted into the program.
Checking Validity of QuantifierFree Formulas in Combinations of FirstOrder Theories
, 2003
"... ii ..."
A lazy and layered SMT(BV) solver for hard industrial verification problems
 In Computer Aided Verification (CAV), LNCS
, 2007
"... Abstract. Rarely verification problems originate from bitlevel descriptions. Yet, most of the verification technologies are based on bit blasting, i.e., reduction to boolean reasoning. In this paper we advocate reasoning at higher level of abstraction, within the theory of bit vectors (BV), where s ..."
Abstract

Cited by 21 (5 self)
 Add to MetaCart
(Show Context)
Abstract. Rarely verification problems originate from bitlevel descriptions. Yet, most of the verification technologies are based on bit blasting, i.e., reduction to boolean reasoning. In this paper we advocate reasoning at higher level of abstraction, within the theory of bit vectors (BV), where structural information (e.g. equalities, arithmetic functions) is not blasted into bits. Our approach relies on the lazy Satisfiability Modulo Theories (SMT) paradigm. We developed a satisfiability procedure for reasoning about bit vectors that carefully leverages on the power of boolean SAT solver to deal with components that are more naturally “boolean”, and activates bitvector reasoning whenever possible. The procedure has two distinguishing features. First, it relies on the online integration of a SAT solver with an incremental and backtrackable solver for BV that enables dynamical optimization of the reasoning about bit vectors; for instance, this is an improvement over static encoding methods which may generate smaller slices of bitvector variables. Second, the solver for BV is layered (i.e., it privileges cheaper forms of reasoning), and it is based on a flexible use of term rewriting techniques. We evaluate our approach on a set of realistic industrial benchmarks, and demonstrate substantial improvements with respect to stateoftheart boolean satisfiability solvers, as well as other decision procedures for SMT(BV). 1