Results 1  10
of
30
Program Verification using Templates over Predicate Abstraction
"... We address the problem of automatically generating invariants with quantified and boolean structure for proving the validity of given assertions or generating preconditions under which the assertions are valid. We present three novel algorithms, having different strengths, that combine template and ..."
Abstract

Cited by 37 (4 self)
 Add to MetaCart
(Show Context)
We address the problem of automatically generating invariants with quantified and boolean structure for proving the validity of given assertions or generating preconditions under which the assertions are valid. We present three novel algorithms, having different strengths, that combine template and predicate abstraction based formalisms to discover required sophisticated program invariants using SMT solvers. Two of these algorithms use an iterative approach to compute fixedpoints (one computes a least fixedpoint and the other computes a greatest fixedpoint), while the third algorithm uses a constraint based approach to encode the fixedpoint. The key idea in all these algorithms is to reduce the problem of invariant discovery to that of finding optimal solutions for unknowns (over conjunctions of some predicates from a given set) in a template formula such that
Thread Quantification for Concurrent Shape Analysis
"... Abstract. We present new algorithms for automatically verifying properties of programs with an unbounded number of threads. Our algorithms are based on a new abstract domain whose elements represent threadquantified invariants: i.e., invariants satified by all threads. We exploit existing abstracti ..."
Abstract

Cited by 33 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We present new algorithms for automatically verifying properties of programs with an unbounded number of threads. Our algorithms are based on a new abstract domain whose elements represent threadquantified invariants: i.e., invariants satified by all threads. We exploit existing abstractions to represent the invariants. Thus, our technique lifts existing abstractions by wrapping universal quantification around elements of the base abstract domain. Such abstractions are effective because they are threadmodular: e.g., they can capture correlations between the local variables of the same thread as well as correlations between the local variables of a thread and global variables, but forget correlations between the states of distinct threads. (The exact nature of the abstraction, of course, depends on the base abstraction lifted in this style.) We present techniques for computing sound transformers for the new abstraction by using transformers of the base abstract domain. We illustrate our technique in this paper by instantiating it to the Boolean Heap abstraction, producing a Quantified Boolean Heap abstraction. We have implemented an instantiation of our technique with Canonical Abstraction as the base abstraction and used it to successfully verify linearizability of datastructures in the presence of an unbounded number of threads. 1
Modelchecking Parameterized Concurrent Programs using Linear Interfaces
"... Abstract. We consider the verification of parameterized Boolean programs— abstractions of sharedmemory concurrent programs with an unbounded number of threads. We propose that such programs can be modelchecked by iteratively considering the program under k roundrobin schedules, for increasing valu ..."
Abstract

Cited by 24 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We consider the verification of parameterized Boolean programs— abstractions of sharedmemory concurrent programs with an unbounded number of threads. We propose that such programs can be modelchecked by iteratively considering the program under k roundrobin schedules, for increasing values of k, using a novel compositional construct called linear interfaces that summarize the effect of a block of threads in a k round schedule. We also develop a gametheoretic sound technique to show that k rounds of schedule suffice to explore the entire searchspace, which allows us to prove a parameterized program entirely correct. We implement a symbolic modelchecker, and report on experiments verifying parameterized predicate abstractions of Linux device drivers interacting with a kernel to show the efficacy of our technique. 1
MCMT: A Model Checker Modulo Theories
 In Proc. of IJCAR 2010, LNCS
, 2010
"... Abstract. We describe mcmt, a fully declarative and deductive symbolic model checker for safety properties of infinite state systems whose state variables are arrays. Theories specify the properties of the indexes and the elements of the arrays. Sets of states and transitions of a system are descr ..."
Abstract

Cited by 20 (11 self)
 Add to MetaCart
(Show Context)
Abstract. We describe mcmt, a fully declarative and deductive symbolic model checker for safety properties of infinite state systems whose state variables are arrays. Theories specify the properties of the indexes and the elements of the arrays. Sets of states and transitions of a system are described by quantified firstorder formulae. The core of the system is a backward reachability procedure which symbolically computes preimages of the set of unsafe states and checks for safety and fixpoints by solving Satisfiability Modulo Theories (SMT) problems. Besides standard SMT techniques, efficient heuristics for quantifier instantiation, specifically tailored to model checking, are at the very heart of the system. mcmt has been successfully applied to the verification of imperative programs, parametrised, timed, and distributed systems. 1
Goaldirected Invariant Synthesis for Model Checking Modulo Theories
, 2009
"... Abstract. We are interested in automatically proving safety properties of infinite state systems. We present a technique for invariant synthesis which can be incorporated in backward reachability analysis. The main theoretical result ensures that (under suitable hypotheses) our method is guaranteed ..."
Abstract

Cited by 9 (9 self)
 Add to MetaCart
Abstract. We are interested in automatically proving safety properties of infinite state systems. We present a technique for invariant synthesis which can be incorporated in backward reachability analysis. The main theoretical result ensures that (under suitable hypotheses) our method is guaranteed to find an invariant if one exists. We also discuss heuristics that allow us to derive an implementation of the technique showing remarkable speedups on a significant set of safety problems in parametrised systems. c©SpringerVerlag 2009 1
Verifying array programs by transforming verification conditions
 Proc. VMCAI ’14, LNCS 8318
, 2014
"... Abstract. We present a method for verifying properties of imperative programs manipulating integer arrays. We assume that we are given a program and a property to be verified. The interpreter (that is, the operational semantics) of the program is specified as a set of Horn clauses with constraints ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We present a method for verifying properties of imperative programs manipulating integer arrays. We assume that we are given a program and a property to be verified. The interpreter (that is, the operational semantics) of the program is specified as a set of Horn clauses with constraints in the domain of integer arrays, also called constraint logic programs over integer arrays, denoted CLP(Array). Then, by specializing the interpreter with respect to the given program and property, we generate a set of verification conditions (expressed as a CLP(Array) program) whose satisfiability implies that the program verifies the given property. Our verification method is based on transformations that preserve the least model semantics of CLP(Array) programs, and hence the satisfiability of the verification conditions. In particular, we apply the usual rules for CLP transformation, such as unfolding, folding, and constraint replacement, tailored to the specific domain of integer arrays. We propose an automatic strategy that guides the application of those rules with the objective of deriving a new set of verification conditions which is either trivially satisfiable (because it contains no constrained facts) or is trivially unsatisfiable (because it contains the fact false). Our approach provides a very rich program verification framework where one can compose together several verification strategies, each of them being implemented by transformations of CLP(Array) programs. 1
Z.: Verification of parameterized concurrent programs by modular reasoning about data and control
 In: POPL’12
, 2012
"... In this paper, we consider the problem of verifying threadstate properties of multithreaded programs in which the number of active threads cannot be statically bounded. Our approach is based on decomposing the task into two modules, where one reasons about data and the other reasons about control. ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
In this paper, we consider the problem of verifying threadstate properties of multithreaded programs in which the number of active threads cannot be statically bounded. Our approach is based on decomposing the task into two modules, where one reasons about data and the other reasons about control. The data module computes threadstate invariants (e.g., linear constraints over global variables and local variables of one thread) using the thread interference information computed by the control module. The control module computes a representation of thread interference, as an incrementally constructed data flow graph, using the data invariants provided by the data module. These invariants are used to rule out patterns of thread interference that can not occur in a real program execution. The two modules are incorporated into a feedback loop, so that the abstractions of data and interference are iteratively coars
A shape analysis for optimizing parallel graph programs
, 2010
"... Computations on unstructured graphs are challenging to parallelize because dependences in the underlying algorithms are usually complex functions of runtime data values, thwarting static parallelization. One promising generalpurpose parallelization strategy for these algorithms is optimistic parall ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Computations on unstructured graphs are challenging to parallelize because dependences in the underlying algorithms are usually complex functions of runtime data values, thwarting static parallelization. One promising generalpurpose parallelization strategy for these algorithms is optimistic parallelization. This paper identifies the optimization of optimistically parallelized graph programs as a new application area, and develops the first shape analysis for addressing this problem. Our shape analysis identifies failsafe points in the program after which the execution is guaranteed not to abort and backup copies of modified data are not needed; additionally, the analysis can be used to eliminate redundant conflict checking. It uses two key ideas: a novel topdown heap abstraction that controls state space explosion, and a strategy for predicate discovery that exploits common patterns of data structure
Abstract transformers for thread correlation analysis
 IN: APLAS 2009
, 2009
"... We present a new technique for speeding up static analysis of (shared memory) concurrent programs. We focus on analyses that compute thread correlations: such analyses infer invariants that capture correlations between the local states of different threads (as well as the global state). Such invari ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
We present a new technique for speeding up static analysis of (shared memory) concurrent programs. We focus on analyses that compute thread correlations: such analyses infer invariants that capture correlations between the local states of different threads (as well as the global state). Such invariants are required for verifying many natural properties of concurrent programs. Tracking correlations between different thread states, however, is very expensive. A significant factor that makes such analysis expensive is the cost of applying abstract transformers. In this paper, we introduce a technique that exploits the notion of footprints and memoization to compute individual abstract transformers more efficiently. We have implemented this technique in our concurrent shape analysis framework. We have used this implementation to prove properties of finegrained concurrent programs with a shared, mutable, heap in the presence of an unbounded number of objects and threads. The properties we verified include memory safety, data structure invariants, partial correctness, and linearizability. Our empirical evaluation shows that our new technique reduces the analysis time significantly (e.g., by a factor of 35 in one case).
Universal guards, relativization of quantifiers, and failure models in model checking modulo theories
 JSAT
, 2012
"... Model Checking Modulo Theories is a recent approach for the automated verification of safety properties of a class of infinite state systems manipulating arrays, called arraybased systems. The idea is to repeatedly compute preimages of a set of (unsafe) states by using certain classes of firstorde ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
(Show Context)
Model Checking Modulo Theories is a recent approach for the automated verification of safety properties of a class of infinite state systems manipulating arrays, called arraybased systems. The idea is to repeatedly compute preimages of a set of (unsafe) states by using certain classes of firstorder formulae representing sets of states and transitions, and then reduce fixpoint checks to Satisfiability Modulo Theories problems. Unfortunately, if the guards contain universally quantified index variables, the backward procedure cannot be fully automated. In this paper, we overcome the problem by describing a syntactic transformation on arraybased systems, which can be seen as an instance of the wellknown operation of relativization of quantifiers in firstorder logic. Interestingly, when specifying and verifying distributed systems, the proposed syntactic transformation can be interpreted as the adoption of the crashfailure model, which is wellknown in the literature of faulttolerant systems. By eliminating universal quantifiers from guards, the transformation significantly extends the scope of applicability of the symbolic backward reachability procedure. To provide empirical evidence of this claim, we discuss our findings in applying the proposed technique to a significant casestudy in the verification of some classical algorithms for reliable broadcast.