Abstract. Software verication is recognized as an important and dif-cult problem. We present a novel framework, based on symbolic execution, for the automated verication of software. The framework uses annotations in the form of method specications and loop invariants. We present a novel iterative technique that uses invariant strengthening and approximation for discovering these loop invariants automatically. The technique handles dierent types of data (e.g. boolean and numeric constraints, dynamically allocated structures and arrays) and it allows for checking universally quantied formulas. Our framework is built on top of the Java PathFinder model checking toolset and it was used for the verication of several non-trivial Java programs. 1
|
1345
|
The Temporal Logic of Reactive and Concurrent Systems: Specification
– Manna, Pnueli
- 1992
|
|
952
|
An Axiomatic Basis for Computer Programming
– Hoare
- 1969
|
|
407
|
Construction of abstract state graphs with PVS
– Graf, Saïdi
- 1997
|
|
402
|
Assigning meanings to programs
– FLOYD
- 1967
|
|
358
|
N.: Automatic discovery of linear restraints among variables of a program
– Cousot, Halbwachs
- 1978
|
|
352
|
The omega test: a fast and practical integer programming algorithm for dependence analysis
– Pugh
- 1991
|
|
250
|
Extended static checking
– Detlefs, Leino, et al.
- 1998
|
|
249
|
Solving shape-analysis problems in languages with destructive updating
– Sagiv, Reps, et al.
- 1998
|
|
246
|
Model checking programs
– Visser, Havelund, et al.
- 2003
|
|
228
|
Automatic predicate abstraction of C programs
– Ball, Majumdar, et al.
- 2001
|
|
215
|
Model checking for programming languages using VeriSoft
– Godefroid
- 1997
|
|
162
|
Symbolic execution and program testing
– King
- 1976
|
|
97
|
Affine Relationships Among Variables of a Program
– Karr
- 1976
|
|
93
|
Powerful techniques for the automatic generation of invariants
– BENSALEM, LAKHNECH, et al.
- 1996
|
|
84
|
Quickly detecting relevant program invariants
– Ernst, Czeisler, et al.
- 2000
|
|
77
|
Experiments in theorem proving and model checking for protocol verification
– Havelund, Shankar
- 1996
|
|
76
|
Generalized symbolic execution for model checking and testing
– Khurshid, Pasareanu, et al.
|
|
38
|
The synthesis of loop predicates
– Wegbreit
- 1974
|
|
29
|
The Spin Model Checker, Primer and Reference
– Holzmann
- 2004
|
|
28
|
invariant generation using non-linear constraint solving
– COLÓN, SANKARANARAYANAN, et al.
- 2003
|
|
28
|
The pointer assertion logic engine
– Moeller, Schwartzbach
- 2001
|
|
27
|
Checking cleanness in linked lists
– Dor, Rodeh, et al.
- 2000
|
|
27
|
Verifying invariants using theorem proving
– Graf, Saidi
- 1996
|
|
26
|
Bandera: Extracting models from Java source code
– Corbett, Dwyer, et al.
- 2000
|
|
21
|
Verifying temporal properties of reactive systems: A step tutorial
– Bjorner, Browne, et al.
- 1999
|
|
17
|
A technique for invariant generation
– TIWARI, RUESS, et al.
|
|
17
|
Verifying Systems with In but Regular State Space
– Boigelot, Wolper
- 1998
|
|
15
|
An introduction to proving the correctness of programs
– Hantler, King
- 1976
|
|
7
|
Relative completeness of abstraction re for software model checking
– Ball, Podelski, et al.
- 2002
|
|
4
|
Predicate abstraction for software veri
– Flanagan, Qadeer
- 2002
|
|
2
|
On abstraction in software veri
– Cousot, Cousot
- 2002
|
|
2
|
Automated veri of concurrent linked lists with counters
– Yavuz-Kahveci, Bultan
- 2002
|
|
1
|
narrow and relax
– Widen
|
