T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for boolean programs. In Proceedings of the Seventh International SPIN Workshop (SPIN 2000), volume 1885, pages 113-130. Springer Verlag, 2000.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....approximate the set of reachable states by polyhedra. Recently, we have shown that e ectiveness of these techniques can be enhanced using predicate abstraction [4] a powerful technique for extracting nite state models from complex, potentially in nite state, discrete systems (see, for instance, [8, 11, 16]) This paper presents various optimizations to the abstraction and search strategy, discusses completeness of the technique, and presents experimental results. The input to our veri cation tool consists of the concrete system modeled by a hybrid automaton, the safety property to be veri ed, ....

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 2000 Workshop on Model Checking of Software, LNCS 1885. 2000.

.... lightweight formal techniques [4] that can be applied at different levels of abstraction, and during any stage of the development process. Model checkers have become popular debugging tools and have been used to reason about system requirements [5] software architectures [6] program behaviour [7 9], hardware and circuit designs [10] communication protocols [11] and even user interfaces [12] Because model checking can be used to analyse abstract behavioural models, it has a number of natural applications in requirements engineering. A model checker takes as input a model, M,ofa system, ....

Ball T, Rajamani S. Bebop: a symbolic model checker for Boolean programs. In: Proceedings of SPIN 2000 workshop on model checking of software, August--September 2000. Lecture Notes in Computer Science 1885. Springer, Berlin, 2000, pp 113-- 130

....approach, such as Vault [12] and Foster et al. [18] Or CCured [30] a hybrid static dynamic tool for detecting memory errors that uses a type inference algorithm to eliminate the need for many dynamic checks. Finally, the SLAM project combines aspects of both static analysis and model checking [1, 2]. Many veri cation tools statically extract an abstract model for a given system. Bandera [9] is a sophisticated model extractor for Java programs. It uses a given temporal property as a slicing criteria to extract relevant parts of the system. Also, Bandera accepts user provided annotations to ....

T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 2000.

....real time programs containing finite state variables against safety properties containing linear constraints over dense clocks and stack word counts. This tool will be a good complement to available tools for recursive finite state programs (for regular safety properties, e.g. termination) [7, 23]. On the other hand, the pattern technique is not intended to replace the traditional region based technique used in the existing tools analyzing realtime systems (such as UPPAAL [30] and its extensions [31] TREX [31] HyTECH [26] Kronos [11] In fact, the pattern technique is also a good ....

T. Ball and S. K. Rajamani, "Bebop: a symbolic model-checker for Boolean programs," Spin Workshop'00, LNCS 1885, pp. 113-130.

....the possibilities for automated model extraction from C programs. There are a number of related projects that have very similar goals. In the Slam project at Microsoft, for instance, Tom Ball and his colleagues are building the BeBop model checker for analyzing Boolean abstractions of C programs [1]. In the Bandera project at Kansas State University, Matt Dwyer and John Hatcliff target Java programs [2] as do NASA Ames researchers Klaus Havelund and Willem Visser in their Pathfinder project [3,9] The philosophy of automated model construction to provide model checking capabilities to ....

T. Ball, and S.K. Rajamani. "Bebop: A Symbolic Model Checker for Boolean Programs," Proc. SPIN 2000.

....interesting real world examples after appropriate abstractions, scalability remains a challenge. In the world of program analysis, predicate abstraction has emerged to be a powerful and popular technique for extracting finite state models from complex, potentially infinite state, discrete systems [11, 26, 31, 38, 49]. A verifier based on this scheme requires three inputs, the (concrete) system to be analyzed, the property to be verified, and a finite set of boolean predicates over system variables to be used for abstraction. An abstract state is a valid combination of truth values to the boolean predicates, ....

....predicates, and on the ability of the verifier to compute abstract transitions e#ciently. Nevertheless, it has led to opportunities to bridge the gap between code and models and to combine automated search with user s intuition about interesting predicates. Tools such as Bandera [25] SLAM [11], and Feaver [45] have successfully applied predicate abstraction for analysis of C or Java programs. Inspired by these two trends, we develop algorithms for invariant verification of hybrid systems using discrete approximations based on predicate abstractions. Consider a hybrid automaton with n ....

[Article contains additional citation context not shown here]

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 2000.

....from Theorem 5, that the system, a discrete timed automaton augmented with two monotonic (and hence reversal bounded) counters t 1 and t 2 , is a mixed linear counter system. 6.2. Timed pushdown systems There has been much interesting work on various veri cation problems for pushdown systems [4, 5, 6, 9, 10, 11, 13, 14]. Studying pushdown systems is important, since they are directly related to recursive programs and processes. In this subsection, we will study pushdown systems with discrete clocks and reversal bounded counters. Safety veri cation for these systems is discussed in [10] Here, we investigate the ....

T. Ball and S. K. Rajamani, \Bebop: a symbolic model-checker for Boolean programs, " in SPIN Model Checking and Software Veri cation, Proc. 7th Int. SPIN Workshop, eds. K. Havelund, J. Penix and W. Visser (Springer, Berlin, 2000) pp. 113-130.

....automated scheme and on the ability of the verifier to compute abstract transitions efficiently. Nevertheless, it has led to opportunities to bridge the gap between code and models and to combine automated search with user s intuition about interesting predicates. Tools such as Bandera [67] SLAM [68], and Feaver [69] have successfully applied predicate abstraction for analysis of C or Java programs. Inspired by this trend, we develop algorithms for invariant verification of hybrid systems using discrete approximations based on predicate abstractions. Consider a hybrid automaton with ....

T. Ball and S. Rajamani, "Bebop: A symbolic model checker for Boolean programs," in Lecture Notes in Computer Science, SPIN Model Checking and Software Verification. Heidelberg, Germany: Springer-Verlag, 2000, vol. 1885, pp. 113--130.

....academia, that are analyzing source code by model checking. Many of these source code model checkers are based on a translation from source code to the input notation of a model checker: Bandera [CDH 00] Java PathFinder 1 [HP98] JCAT [DIS99] are Java model checkers, and, AX [Hol00] and SLAM [BR00] are C model checkers. A drawback of the translation approach is that certain language constructs are difficult to translate and hence two of these tools, JCAT (dSPIN [IS99] and AX have extended their back end model checker (SPIN in both cases [Hol97a] to improve efficiency. We adopted a ....

Thomas Ball and Sriram K. Rajamani. Bebop: A symbolic model checker for boolean programs. In Proc. of the 7th International SPIN Workshop, volume 1885 of LNCS, pages 113--130. Springer-Verlag, September 2000.

.... techniques for hybrid systems can be enhanced using predicate abstraction [4] Predicate abstraction is a powerful and popular technique for extracting nitestate models from complex, potentially in nite state, discrete systems (see, for instance, 14, 22] and tools such as Bandera [13] SLAM [9], and Feaver [18] have successfully used it for analysis of C or Java programs. The input to our veri cation tool consists of the concrete system modeled by a hybrid automaton, the safety property to be veri ed, and a nite set of boolean predicates over system variables to be used for ....

....in the abstract state space. Counter example guided re nement of abstractions has been used in multiple contexts before, for instance, to identify the relevant timing constraints in veri cation of timed automata [7] to identify the relevant boolean predicates in veri cation of C programs [9], and to identify the relevant variables in symbolic model checking [11] In this paper, we present the basic techniques for analyzing counter examples, techniques for discovering new predicates that will rule out spurious counter examples, optimizations of these techniques, implementation of ....

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 2000 Workshop on Model Checking of Software, LNCS 1885, pages 113{

....Bandera is that the ESP language was designed to permit model checking. In contrast, Bandera targets Java that has a number of language features that are difficult to translate efficiently into models. So far, Bandera has been used to verify properties in only simple programs. The SLAM project [1, 2] extracts a predicate abstraction to check assertions in sequential programs written in C. A predicate abstraction is a model with only boolean variables that correspond to conditions in the original program. The assertion is checked in the predicate abstraction using a model checker. Since the ....

T. Ball and S. K. Rajamani. Bebop: A Symbolic Model Checker for Boolean Programs. In International Spin Workshop, 2000.

....scheme, and on the ability of the verifier to compute abstract transitions eiticiently. Nevertheless, it has led to opportunities to bridge the gap between code and models and to combine automated search with user s intuition about interesting predicates. Tools such as Ban dera [67] SLAM [68], and Feaver [69] have successfully applied predicate abstraction for analysis of C or Java pro grams. Inspired by this trend, we develop algorithms for invariant verification of hybrid systems using discrete approximations based on predicate abstractions. Consider a hybrid automaton with n ....

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 2000.

....strictly implement these specifications. Moreover the standards are continuously revised [58] An example of change in [60] is An array subscript is out of range, even if an object is apparently accessible with the given subscript (as in the lvalue expression a[1] 7] given the declaration int a[4][5]) 6.3.6) Obviously the (probably erroneous) be# havior of programs may be completely modified by such an update of their semantics Programming environments also include many large libraries which semantics is often only very informally specified. Consequently the semantics of a programming ....

....the finiteness hypothesis on data structures is not enough to ensure the finiteness of the program semantics. An example is the restriction of program variables to booleans in which case it is possible to simulate a Turing machine in Pascal [25] but not in C thus enabling finite model checking [5]. Control analysis may also require a precise data flow analysis e.g. to trace pointers to functions or handlers (see Sec. 3.5) Even with simple control structures, control abstractions (which consist in isolating a control flow skeleton which is void of any knowledge about data [56] in ....

T. Ball and S.K. Rajamani. Bebop: A symbolic model checker for boolean pro# grams. In K. Havelund, J. Penix, and W. Visser, eds., Proc. 7 SPIN Workshop, Stanford, CA, LNCS 1885, pages 113--130. Springer-Verlag, Aug. 30 -- Sep. 1, 2000.

....predicates, and on the ability of the verifier to compute abstract transitions efficiently. Nevertheless, it has led to opportunities to bridge the gap between code and models and to combine automated search with user s intuition about interesting predicates. Tools such as Bandera [9] SLAM [6], and Feaver [18] have successfully applied predicate abstraction for analysis of C or Java programs. Inspired by these two trends, we develop algorithms for invariant verification of hybrid systems using discrete approximations based on predicate abstractions. Consider a hybrid automaton with n ....

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 2000 Workshop on Model Checking of Software, LNCS 1885. 2000.

....model. Bandera [35] allows automatic extraction of finite state models from Java programs. It uses techniques like program slicing [101, 92] and data abstraction to allow more tractable models to be extracted. However, it was used to verify properties in a fairly simple program. The SLAM project [10, 11] extracts a predicate abstraction to check assertions in sequential programs written in C. A predicate abstraction is a model with only boolean variables that correspond to conditions in the original program. The assertion is checked in the predicate abstraction using a model checker. Since the ....

T. Ball and S. K. Rajamani. Bebop: A Symbolic Model Checker for Boolean Programs. In Proceedings of the International Spin Workshop, Stanford University, August 2000. 142

....success crucially depends on the ability to identify the interesting predicates, either manually or by some automated scheme, and on the ability of the verifier to compute abstract transitions efficiently. Nevertheless, it has led to opportunities to bridge the gap between code dera [22] SLAM [11], and Feaver [47] have successfully grams. Inspired by these two trends, we develop algorithms for invariant verification of hybrid systems using discrete approximations based on predicate abstractions. Consider a hybrid automaton with n continuous variables and a set L of locations. Then the ....

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 2000.

.... location (which stores global information about the program) and stack content (which keeps the track of activation records, i.e. previously called procedures and their local variables) Previous research has established applications of pushdown systems for the analysis of Boolean Programs [1, 8] and certain data now analysis problems [7] The model checking problem has been considered for various logics, and quite efEcient algorithms have emerged for linear time logics [2, 6, 9] In this paper we revisit the model checking problem for LTL and pushdown systems. Generally speaking, the ....

T. Ball and S.K. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 00: SPIN Workshop, volume 1885 of LNCS, pages 113-130. Springer, 2000.

....real time programs containing finite state variables against safety properties containing linear constraints over dense clocks and stack word counts. This tool will be a good complement to available tools for recursive finite state programs (for regular safety properties, e.g. termination) [22, 7]. On the other hand, for the existing tools analyzing real time systems (such as UPPAAL [30] and its extensions [31] TREX [31] HyTECH [26] Kronos [11] the traditional region based technique used in the tools may be enhanced with the pattern technique. Doing this makes it possible for the ....

T. Ball and S. K. Rajamani, "Bebop: a symbolic model-checker for Boolean programs," Spin Workshop'00, LNCS 1885, pp. 113-130.

....objects, inheritance, dynamic method dispatch, multi threadingand exceptions. Moreover our refinement rules allow one to reason compositionally about multithreaded object oriented systems in a trace based setting. The CCM model and accompanying refinement rules have been inspired by the work of [3, 2, 5]. These approaches are not object oriented and hence do not cover the array of object oriented programming concepts featured in CCMs. For future work, we plan to complete the implementation of the code generator and optimizer for more advanced features of CCM and assess performance of our system ....

....in CCMs. For future work, we plan to complete the implementation of the code generator and optimizer for more advanced features of CCM and assess performance of our system and the generated code via further experimentation. We are also in the process of developing a model checker in the style of [4, 5] that supports both enumerative and symbolic invariant and refinement checking of CCM models and that uses static analysis techniques similar to [8] ....

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In Proceedings of 7th International SPIN Workshop on Model Checking of Software (SPIN

....directly on Java byte code [2] They have also produced a simple predicate abstraction tool and a distributed version of the model checking engine. In collaboration with researchers at NASA Ames, JPF has been incorporated as a back end checker for Bandera. 18 The Microsoft Research SLAM Project [1] focuses on checking sequential C code using well engineered predicate abstraction and abstraction refinement tools. Operating system device drivers are emphasized as an application domain. Gerard Holzmann s Feaver tool extracts Promela programs from annotated C programs for checking with SPIN ....

T. Ball and S. Rajamani. Bebop: a symbolic model-checker for boolean programs. In K. Havelund, editor, Proceedings of Seventh International SPIN Workshop, LNCS 1885, Springer-Verlag, 2000.

No context found.

Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for Boolean programs. In: SPIN 00: SPIN Workshop. LNCS 1885. Springer-Verlag (2000) 113--130

No context found.

T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for Boolean programs. In SPIN 00: SPIN Workshop, LNCS 1885, pages 113--130. Springer-Verlag, 2000.

No context found.

T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for Boolean programs. In SPIN 00: SPIN Workshop, LNCS 1885, pages 113--130. Springer-Verlag, 2000.

No context found.

T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for Boolean programs. In SPIN 00: SPIN Workshop, LNCS 1885, pages 113--130. Springer-Verlag, 2000.

....p implies that (x y) is true at p in P . For each statement s of P , C2bp automatically constructs the corresponding boolean transfer functions that conservatively represent the effect of s on the predicates in E. The resulting boolean program can be analyzed precisely using a tool called Bebop [5] that performs interprocedural dataflow analysis [31, 28] using binary decision diagrams. We present the details of the C2bp algorithm, as well as results from applying C2bp to a variety of problems and programs: ffl We have applied C2bp and Bebop to pointermanipulating programs to identify ....

....space of the boolean program: in this case, it is impossible to reach the program point after the assume if the variable fcurr= NULLg is true. In this way, we faithfully model the guard of the original while loop. 2. 2 Bebop The boolean program output by C2bp is input to the Bebop model checker [5], which computes the set of reachable states for each statement of a boolean program using an interprocedural dataflow analysis algorithm in the spirit of Sharir Pnueli and Reps Horwitz Sagiv [31, 28] A state of a boolean program at a statement s is simply a valuation to the boolean variables ....

[Article contains additional citation context not shown here]

T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for Boolean programs. In SPIN 00: SPIN Workshop, LNCS 1885, pages 113--130. Springer-Verlag, 2000.

No context found.

T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for boolean programs. In Proceedings of the Seventh International SPIN Workshop (SPIN 2000), volume 1885, pages 113-130. Springer Verlag, 2000.

No context found.

Thomas Ball and Sriram Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN '00: Model Checking of Software, 2000.

No context found.

T. Ball and S. K. Rajamani, "Bebop: A symbolic model checker for Boolean programs," in SPIN 00, ser. LNCS 1885. Springer, 2000, pp. 113--130.

No context found.

T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for Boolean programs. In SPIN 00: SPIN Workshop, pages 113--130. 2000.

No context found.

Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for Boolean programs. In: SPIN 00: SPIN Workshop. LNCS 1885, Springer-Verlag (2000) 113--130

No context found.

T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for boolean programs. In Proceedings of the 7th International SPIN Workshop on SPIN Model Checking and Software Verification, pages 113--130. Springer-Verlag, 2000.

No context found.

Thomas Ball, Sriram K. Rajamani. Bebop: A Symbolic Model Checker for Boolean Programs. Software Productivity Tools, Microsoft Research, 2000.

No context found.

T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 00: SPIN Workshop, LNCS 1885, pages 113-130, 2000.

No context found.

T. Ball and S.K. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 00: SPIN Workshop, volume 1885 of LNCS, pages 113--130. Springer, 2000.

No context found.

T. Ball and S.K. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 00: SPIN Workshop, volume 1885 of LNCS, pages 113-- 130. Springer, 2000.

No context found.

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN' 00: Model Checking of Software, 2000.

No context found.

T. Ball and S. Rajamani. Bebop: A symbolic Model Checker for Boolean Programs. In Proc. 7th International SPIN Workshop, volume 1885 of LNCS, Stanford University, California, USA, August 2000. Springer-Verlag.

No context found.

Thomas Ball and Sriram K. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 2000, pages 113--130, 2000.

No context found.

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 2000 Workshop on Model Checking of Software, LNCS 1885, pages 113-130. Springer, 2000.

No context found.

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In 7th SPIN Workshop, LNCS 1885, 113--130, 2000. Springer.

No context found.

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN'2000, volume 1885 of LNCS, pages 113-130, 2000.

No context found.

T. Ball and S. Rajamani. Bebop: a symbolic model-checker for boolean programs. SPIN 2000, LNCS 1885, pages 113--130. Springer-Verlag, 2000.

No context found.

T. BALL AND S. K. RAJAMANI, Bebop: A symbolic model checker for boolean programs, in Proc. 7th International Workshop on SPIN Software Model Checking, SPIN '00, vol. 1885 of LNCS, Springer-Verlag, August/September 2000.

No context found.

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. SPIN Workshop on Model Checking of Software, LNCS 1885, pages 113-130, 2000.

No context found.

Thomas Ball, Sriram K. Rajamani. Bebop: A Symbolic Model Checker for Boolean Programs. Software Productivity Tools, Microsoft Research, 2000.

No context found.

T. Ball and S.K. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN 00: SPIN Workshop, volume 1885 of LNCS, pages 113--130. Springer, 2000.

No context found.

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN' 00: Model Checking of Software, 2000.

No context found.

T. Ball and S. Rajamani. Bebop: a symbolic modelchecker for boolean programs. In K. Havelund, editor, Proceedings of Seventh International SPIN Workshop, volume 1885 of Lecture Notes in Computer Science, pages 113--130. Springer-Verlag, 2000.

No context found.

T. Ball and S. Rajamani. Bebop: A symbolic model checker for boolean programs. In #### #### ######## ## ##### ######## ## ########, LNCS 1885. 2000.

No context found.

Thomas Ball and Sriram K. Rajamani. Bebop: A symbolic model checker for boolean programs. In SPIN, pages 113--130, 2000.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC