Results 1  10
of
31
The Pointer Assertion Logic Engine
 Proc. ACM PLDI
, 2001
"... We present a new framework for verifying partial specifications of programs in order to catch type and memory errors and check data structure invariants. Our technique can verify a large class of data structures, namely all those that can be expressed as graph types. Earlier versions were restricted ..."
Abstract

Cited by 156 (3 self)
 Add to MetaCart
We present a new framework for verifying partial specifications of programs in order to catch type and memory errors and check data structure invariants. Our technique can verify a large class of data structures, namely all those that can be expressed as graph types. Earlier versions were restricted to simple special cases such as lists or trees. Even so, our current implementation is as fast as the previous specialized tools. Programs are annotated with partial specifications expressed in Pointer Assertion Logic, a new notation for expressing properties of the program store. We work in the logical tradition by encoding the programs and partial specifications as formulas in monadic secondorder logic. Validity of these formulas is checked by the MONA tool, which also can provide explicit counterexamples to invalid formulas. To make verification decidable, the technique requires explicit loop and function call invariants. In return, the technique is highly modular: every statement of a given program is analyzed only once. The main target applications are safetycritical datatype algorithms, where the cost of annotating a program with invariants is justified by the value of being able to automatically verify complex properties of the program.
Model Checking in CLP
, 1999
"... We show that Constraint Logic Programming (CLP) can serve as a conceptual basis and as a practical implementation platform for the model checking of infinitestate systems. Our contributions are: (1) a semanticspreserving translation of concurrent systems into CLP programs, (2) a method for verifyi ..."
Abstract

Cited by 103 (28 self)
 Add to MetaCart
We show that Constraint Logic Programming (CLP) can serve as a conceptual basis and as a practical implementation platform for the model checking of infinitestate systems. Our contributions are: (1) a semanticspreserving translation of concurrent systems into CLP programs, (2) a method for verifying safety and liveness properties on the CLP programs produced by the translation. We have implemented the method in a CLP system and verified wellknown examples of infinitestate programs over integers, using here linear constraints as opposed to Presburger arithmetic as in previous solutions.
Automatic Verification of Parameterized Cache Coherence Protocols
, 2000
"... We propose a new method for the verification of parameterized cache coherence protocols. Cache coherence protocols are used to maintain data consistency in commercial multiprocessor systems equipped with local fast caches. In our approach we use arithmetic constraints to model possibly infinite sets ..."
Abstract

Cited by 89 (6 self)
 Add to MetaCart
We propose a new method for the verification of parameterized cache coherence protocols. Cache coherence protocols are used to maintain data consistency in commercial multiprocessor systems equipped with local fast caches. In our approach we use arithmetic constraints to model possibly infinite sets of global states of a multiprocessor system with many identical caches. In preliminary experiments using symbolic model checkers for infinitestate systems based on real arithmetics (HyTech [HHW97] and DMC [DP99]) we have automatically verified safety properties for parameterized versions of widely implemented writeinvalidate and writeupdate cache coherence policies like the Mesi, Berkeley, Illinois, Firey and Dragon protocols [Han93]. With this application, we show that symbolic model checking tools originally designed for hybrid and concurrent systems can be applied successfully to a new class of infinitestate systems of practical interest.
MONA Implementation Secrets
, 2000
"... The MONA tool provides an implementation of the decision procedures for the logics WS1S and WS2S. It has been used for numerous applications, and it is remarkably efficient in practice, even though it faces a theoretically nonelementary worstcase complexity. The implementation has matured over a p ..."
Abstract

Cited by 84 (6 self)
 Add to MetaCart
(Show Context)
The MONA tool provides an implementation of the decision procedures for the logics WS1S and WS2S. It has been used for numerous applications, and it is remarkably efficient in practice, even though it faces a theoretically nonelementary worstcase complexity. The implementation has matured over a period of six years. Compared to the first naive version, the present tool is faster by several orders of magnitude. This speedup is obtained from many different contributions working on all levels of the compilation and execution of formulas. We present a selection of implementation "secrets" that have been discovered and tested over the years, including formula reductions, DAGification, guided tree automata, threevalued logic, eager minimization, BDDbased automata representations, and cacheconscious data structures. We describe these techniques and quantify their respective effects by experimenting with separate versions of the MONA tool that in turn omit each of them.
An effective decision procedure for linear arithmetic with integer and real variables
 ACM Transactions on Computational Logic (TOCL
, 2005
"... This article considers finiteautomatabased algorithms for handling linear arithmetic with both real and integer variables. Previous work has shown that this theory can be dealt with by using finite automata on infinite words, but this involves some difficult and delicate to implement algorithms. T ..."
Abstract

Cited by 31 (8 self)
 Add to MetaCart
(Show Context)
This article considers finiteautomatabased algorithms for handling linear arithmetic with both real and integer variables. Previous work has shown that this theory can be dealt with by using finite automata on infinite words, but this involves some difficult and delicate to implement algorithms. The contribution of this article is to show, using topological arguments, that only a restricted class of automata on infinite words are necessary for handling real and integer linear arithmetic. This allows the use of substantially simpler algorithms, which have been successfully implemented.
Deciding Presburger Arithmetic by Model Checking and Comparisons with Other Methods
 In Proceedings of FMCAD 02
, 2002
"... We present a new way of using Binary Decision Diagrams in automata based algorithms for solving the satisfiability problem of quantifierfree Presburger arithmetic. Unlike in previous approaches [5, 2, 19], we translate the satisfiability problem into a model checking problem and use the existing ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
We present a new way of using Binary Decision Diagrams in automata based algorithms for solving the satisfiability problem of quantifierfree Presburger arithmetic. Unlike in previous approaches [5, 2, 19], we translate the satisfiability problem into a model checking problem and use the existing BDDbased model checker SMV [13] as our primary engine.
Efficient symbolic representations for arithmetic constraints in verification
"... In this paper we discuss efficient symbolic representations for infinitestate systems specified using linear arithmetic constraints. We give algorithms for constructing finite automata which represent integer sets that satisfy linear constraints. These automata can represent either signed or unsign ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
In this paper we discuss efficient symbolic representations for infinitestate systems specified using linear arithmetic constraints. We give algorithms for constructing finite automata which represent integer sets that satisfy linear constraints. These automata can represent either signed or unsigned integers and have a lower number of states compared to other similar approaches. We present efficient storage techniques for the transition function of the automata and extend the construction algorithms to formulas on both boolean and integer variables. We also derive conditions which guarantee that the precondition computations used in symbolic verification algorithms do not cause an exponential increase in the automata size. We experimentally compare different symbolic representations by using them to verify nontrivial concurrent systems. Experimental results show that the symbolic representations based on our construction algorithms outperform the polyhedral representation used in Omega Library, and the automata representation used in LASH.
On the Automata Size for Presburger Arithmetic
 In Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science (LICS 2004
, 2004
"... Automata provide an effective mechanization of decision procedures for Presburger arithmetic. However, only crude lower and upper bounds are known on the sizes of the automata produced by this approach. In this paper, we prove that the number of states of the minimal deterministic automaton for a Pr ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
(Show Context)
Automata provide an effective mechanization of decision procedures for Presburger arithmetic. However, only crude lower and upper bounds are known on the sizes of the automata produced by this approach. In this paper, we prove that the number of states of the minimal deterministic automaton for a Presburger arithmetic formula is triple exponentially bounded in the length of the formula. This upper bound is established by comparing the automata for Presburger arithmetic formulas with the formulas produced by a quantifier elimination method. We also show that this triple exponential bound is tight (even for nondeterministic automata). Moreover, we provide optimal automata constructions for linear equations and inequations.