Results 1  10
of
62
SATABS: SATbased Predicate Abstraction for ANSIC
 In TACAS, volume 3440 of LNCS
, 2005
"... Abstract. This paper presents a model checking tool, SatAbs, that implements a predicate abstraction refinement loop. Existing software verification tools such as Slam, Blast, or Magic use decision procedures for abstraction and simulation that are limited to integers. SatAbs overcomes these limitat ..."
Abstract

Cited by 117 (21 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a model checking tool, SatAbs, that implements a predicate abstraction refinement loop. Existing software verification tools such as Slam, Blast, or Magic use decision procedures for abstraction and simulation that are limited to integers. SatAbs overcomes these limitations by using a SATsolver. This allows the model checker to handle the semantics of the ANSIC standard accurately. This includes a sound treatment of bitvector overflow, and of the ANSIC pointer arithmetic constructs. 1
An interpolating theorem prover
 In TACAS
, 2004
"... Abstract. We present a method of deriving Craig interpolants from proofs in the quantifierfree theory of linear inequality and uninterpreted function symbols, and an interpolating theorem prover based on this method. The prover has been used for predicate refinement in the Blast software model chec ..."
Abstract

Cited by 101 (11 self)
 Add to MetaCart
(Show Context)
Abstract. We present a method of deriving Craig interpolants from proofs in the quantifierfree theory of linear inequality and uninterpreted function symbols, and an interpolating theorem prover based on this method. The prover has been used for predicate refinement in the Blast software model checker, and can also be used directly for model checking infinitestate systems, using interpolationbased image approximation. 1
Transition predicate abstraction and fair termination
 POPL'05
, 2005
"... ..."
(Show Context)
Indexed Predicate Discovery for Unbounded System Verification
 IN CAV’04
, 2004
"... Predicate abstraction has been proved effective for verifying several infinitestate systems. In predicate abstraction, an abstract system is automatically constructed given a set of predicates. Predicate abstraction coupled with automatic predicate discovery provides for a completely automatic v ..."
Abstract

Cited by 50 (6 self)
 Add to MetaCart
(Show Context)
Predicate abstraction has been proved effective for verifying several infinitestate systems. In predicate abstraction, an abstract system is automatically constructed given a set of predicates. Predicate abstraction coupled with automatic predicate discovery provides for a completely automatic verification scheme. For systems with unbounded integer state variables (e.g. software), counterexample guided predicate discovery has been successful in identifying the necessary predicates. For
Interpolantbased transition relation approximation
 In CAV 05: ComputerAided Verification, LNCS 3576
, 2005
"... Abstract. In predicate abstraction, exact image computation is problematic, requiring in the worst case an exponential number of calls to a decision procedure. For this reason, software model checkers typically use a weak approximation of the image. This can result in a failure to prove a property, ..."
Abstract

Cited by 47 (4 self)
 Add to MetaCart
(Show Context)
Abstract. In predicate abstraction, exact image computation is problematic, requiring in the worst case an exponential number of calls to a decision procedure. For this reason, software model checkers typically use a weak approximation of the image. This can result in a failure to prove a property, even given an adequate set of predicates. We present an interpolantbased method for strengthening the abstract transition relation in case of such failures. This approach guarantees convergence given an adequate set of predicates, without requiring an exact image computation. We show empirically that the method converges more rapidly than an earlier method based on counterexample analysis. 1
Discovering properties about arrays in simple programs
 PLDI’2008
, 2008
"... Array bound checking and array dependency analysis (for parallelization) have been widely studied. However, there are much less results about analyzing properties of array contents. In this paper, we propose a way of using abstract interpretation for discovering properties about array contents in so ..."
Abstract

Cited by 47 (1 self)
 Add to MetaCart
(Show Context)
Array bound checking and array dependency analysis (for parallelization) have been widely studied. However, there are much less results about analyzing properties of array contents. In this paper, we propose a way of using abstract interpretation for discovering properties about array contents in some restricted cases: onedimensional arrays, traversed by simple “for ” loops. The basic idea, borrowed from [15], consists in partitioning arrays into symbolic intervals (e.g., [1, i−1], [i, i], [i + 1, n]), and in associating with each such interval I and each array A an abstract variable AI; the new idea is to consider relational abstract properties ψ(AI, BI,...) about these abstract variables, and to interpret such a property pointwise on the interval I: ∀ℓ ∈ I, ψ(A[ℓ], B[ℓ],...). The abstract semantics properties has been defined and implemented in a prototype tool. The method is able, for instance, to discover that the result of an insertion sort is a sorted array, or that, in an array traversal guarded by a “sentinel”, the index stays within the bounds.
Refining Approximations in Software Predicate Abstraction
 In: TACAS 04: Tools and Algorithms for Construction and Analysis of Systems, SpringerVerlag
, 2004
"... Predicate abstraction is an automatic technique that can be used to find abstract models of large or infinitestate systems. In tools like Slam, where predicate abstraction is applied to software model checking, a number of heuristic approximations must be used to improve the performance of comp ..."
Abstract

Cited by 45 (10 self)
 Add to MetaCart
(Show Context)
Predicate abstraction is an automatic technique that can be used to find abstract models of large or infinitestate systems. In tools like Slam, where predicate abstraction is applied to software model checking, a number of heuristic approximations must be used to improve the performance of computing an abstraction from a set of predicates.
The UCLID Decision Procedure
 In CAV’04
, 2004
"... UCLID is a tool for termlevel modeling and verification of infinitestate systems expressible in the logic of counter arithmetic with lambda expressions and uninterpreted functions (CLU). In this paper, we describe a key component of the tool, the decision procedure for CLU. ..."
Abstract

Cited by 42 (2 self)
 Add to MetaCart
(Show Context)
UCLID is a tool for termlevel modeling and verification of infinitestate systems expressible in the logic of counter arithmetic with lambda expressions and uninterpreted functions (CLU). In this paper, we describe a key component of the tool, the decision procedure for CLU.
Cogent: Accurate theorem proving for program verification
 Proceedings of CAV 2005, volume 3576 of Lecture Notes in Computer Science
, 2005
"... Abstract. Many symbolic software verification engines such as Slam and ESC/Java rely on automatic theorem provers. The existing theorem provers, such as Simplify, lack precise support for important programming language constructs such as pointers, structures and unions. This paper describes a theore ..."
Abstract

Cited by 41 (11 self)
 Add to MetaCart
(Show Context)
Abstract. Many symbolic software verification engines such as Slam and ESC/Java rely on automatic theorem provers. The existing theorem provers, such as Simplify, lack precise support for important programming language constructs such as pointers, structures and unions. This paper describes a theorem prover, Cogent, that accurately supports all ANSIC expressions. The prover’s implementation is based on a machinelevel interpretation of expressions into propositional logic, and supports finite machinelevel variables, bit operations, structures, unions, references, pointers and pointer arithmetic. When used by Slam during the model checking of over 300 benchmarks, Cogent’s improved accuracy reduced the number of Slam timeouts by half, increased the number of true errors found, and decreased the number of false errors. 1