Results 1  10
of
89
Indexed Predicate Discovery for Unbounded System Verification
 IN CAV’04
, 2004
"... Predicate abstraction has been proved effective for verifying several infinitestate systems. In predicate abstraction, an abstract system is automatically constructed given a set of predicates. Predicate abstraction coupled with automatic predicate discovery provides for a completely automatic v ..."
Abstract

Cited by 52 (7 self)
 Add to MetaCart
(Show Context)
Predicate abstraction has been proved effective for verifying several infinitestate systems. In predicate abstraction, an abstract system is automatically constructed given a set of predicates. Predicate abstraction coupled with automatic predicate discovery provides for a completely automatic verification scheme. For systems with unbounded integer state variables (e.g. software), counterexample guided predicate discovery has been successful in identifying the necessary predicates. For
Complete instantiation for quantified formulas in Satisfiabiliby Modulo Theories
"... Abstract. Quantifier reasoning in Satisfiability Modulo Theories (SMT) is a longstanding challenge. The practical method employed in modern SMT solvers is to instantiate quantified formulas based on heuristics, which is not refutationally complete even for pure firstorder logic. We present several ..."
Abstract

Cited by 48 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Quantifier reasoning in Satisfiability Modulo Theories (SMT) is a longstanding challenge. The practical method employed in modern SMT solvers is to instantiate quantified formulas based on heuristics, which is not refutationally complete even for pure firstorder logic. We present several decidable fragments of first order logic modulo theories. We show how to construct models for satisfiable formulas in these fragments. For richer undecidable fragments, we discuss conditions under which our procedure is refutationally complete. We also describe useful heuristics based on model checking for prioritizing or avoiding instantiations. 1
Certifying model checkers
 Proc of CAV ’01
, 2001
"... Abstract. Model Checking is an algorithmic technique to determine whether a temporal property holds of a program. For linear time properties, a model checker produces a counterexample computation if the check fails. This computation acts as a \certicate " of failure, as it can be checked easil ..."
Abstract

Cited by 45 (3 self)
 Add to MetaCart
Abstract. Model Checking is an algorithmic technique to determine whether a temporal property holds of a program. For linear time properties, a model checker produces a counterexample computation if the check fails. This computation acts as a \certicate " of failure, as it can be checked easily and independently of the model checker by simulating it on the program. On the other hand, no such certicate is produced if the check succeeds. In this paper, we show how this asymmetry can be eliminated with a certifying model checker. The key idea is that, with some extra bookkeeping, a model checker can produce a deductive proof on either success or failure. This proof acts as a certicate of the result, as it can be checked mechanically by simple, nonxpoint methods that are independent of the model checker. We develop a deductive proof system for verifying branching time properties expressed in the mucalculus, and show how to generate a proof in this system from a model checking run. Proofs for linear time properties form a special case. A model checker that generates proofs can be used for many interesting applications, such as better ways of exploring errors in a program, and a tight integration of model checking with automated theorem proving. 1
Parameterized verification of infinitestate processes with global conditions
 In Proc. 19Ø�Int. Conf. on Computer Aided Verification
"... Abstract. We present a simple and effective approximated backward reachability algorithm for parameterized systems with existentially and universally quantified global conditions. The individual processes operate on unbounded local variables ranging over the natural numbers. In addition, processes m ..."
Abstract

Cited by 41 (11 self)
 Add to MetaCart
(Show Context)
Abstract. We present a simple and effective approximated backward reachability algorithm for parameterized systems with existentially and universally quantified global conditions. The individual processes operate on unbounded local variables ranging over the natural numbers. In addition, processes may communicate via broadcast, rendezvous and shared variables. We apply the algorithm to verify mutual exclusion for complex protocols such as Lamport’s bakery algorithm both with and without atomicity conditions, a distributed version of the bakery algorithm, and RicartAgrawala’s distributed mutual exclusion algorithm. 1
Environment abstraction for parameterized verification
 In 7 th VMCAI, LNCS 3855
, 2006
"... Abstract. Many aspects of computer systems are naturally modeled as parameterized systems which renders their automatic verification difficult. In wellknown examples such as cache coherence protocols and mutual exclusion protocols, the unbounded parameter is the number of concurrent processes which ..."
Abstract

Cited by 39 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Many aspects of computer systems are naturally modeled as parameterized systems which renders their automatic verification difficult. In wellknown examples such as cache coherence protocols and mutual exclusion protocols, the unbounded parameter is the number of concurrent processes which run the same distributed algorithm. In this paper, we introduce environment abstraction as a tool for the verification of such concurrent parameterized systems. Environment abstraction enriches predicate abstraction by ideas from counter abstraction; it enables us to reduce concurrent parameterized systems with unbounded variables to precise abstract finite state transition systems which can be verified by a finite state model checker. We demonstrate the feasibility of our approach by verifying the safety and liveness properties of Lamport’s bakery algorithm and Szymanski’s mutual exclusion algorithm. To the best of our knowledge, this is the first time both safety and liveness properties of the bakery algorithm have been verified at this level of automation. 1
Predicate Abstraction with Indexed Predicates
, 2007
"... Predicate abstraction provides a powerful tool for verifying properties of infinitestate systems using a combination of a decision procedure for a subset of firstorder logic and symbolic methods originally developed for finitestate model checking. We consider models containing firstorder state v ..."
Abstract

Cited by 30 (0 self)
 Add to MetaCart
Predicate abstraction provides a powerful tool for verifying properties of infinitestate systems using a combination of a decision procedure for a subset of firstorder logic and symbolic methods originally developed for finitestate model checking. We consider models containing firstorder state variables, where the system state includes mutable functions and predicates. Such a model can describe systems containing arbitrarily large memories, buffers, and arrays of identical processes. We describe a form of predicate abstraction that constructs a formula over a set of universally quantified variables to describe invariant properties of the firstorder state variables. We provide a formal justification of the soundness of our approach and describe how it has been used to verify several hardware and software designs, including a directorybased cache coherence protocol.
Proving ptolemy right: The environment abstraction framework for model checking concurrent systems
 In TACAS
, 2008
"... Abstract. The parameterized verification of concurrent algorithms and protocols has been addressed by a variety of recent methods. Experience shows that there is a tradeoff between techniques which are widely applicable but depend on nontrivial human guidance, and fully automated approaches which a ..."
Abstract

Cited by 28 (3 self)
 Add to MetaCart
(Show Context)
Abstract. The parameterized verification of concurrent algorithms and protocols has been addressed by a variety of recent methods. Experience shows that there is a tradeoff between techniques which are widely applicable but depend on nontrivial human guidance, and fully automated approaches which are tailored for narrow classes of applications. In this spectrum, we propose a new framework based on environment abstraction which exhibits a large degree of automation and can be easily adjusted to different fields of application. Our approach is based on two insights: First, we argue that natural abstractions for concurrent software are derived from the “Ptolemaic ” perspective of a human engineer who focuses on a single reference process. For this class of abstractions, we demonstrate soundness of abstraction under very general assumptions. Second, most protocols in given a class of protocols – for instance, cache coherence protocols and mutual exclusion protocols – can be modeled by small sets of high level compound statements. These two insights allow to us efficiently build precise abstract models for given protocols which can then be model checked. We demonstrate the power of our method by applying it to various well known classes of protocols. 1
Liveness with Invisible Ranking
 SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER
, 2006
"... The method of Invisible Invariants was developed originally in order to verify safety properties of parameterized systems in a fully automatic manner. The method is based on (1) a project&generalize heuristic to generate auxiliary constructs for parameterized systems, and (2) a small model theor ..."
Abstract

Cited by 20 (7 self)
 Add to MetaCart
(Show Context)
The method of Invisible Invariants was developed originally in order to verify safety properties of parameterized systems in a fully automatic manner. The method is based on (1) a project&generalize heuristic to generate auxiliary constructs for parameterized systems, and (2) a small model theorem implying that it is sufficient to check the validity of logical assertions of certain syntactic form on small instantiations of a parameterized system. The approach can be generalized to any deductive proof rule that (1) requires auxiliary constructs that can be generated by project&generalize, and (2) the premises resulting when using the constructs are of the form covered by the small model theorem. The method of invisible ranking, presented here, generalizes the approach to liveness properties of parameterized systems. Starting with a proof rule and cases where the method can be applied almost “as is,” the paper progresses to develop deductive proof rules for liveness and extend the small model theorem to cover many intricate families of parameterized systems.
What else is decidable about integer arrays?
"... Abstract. We introduce a new decidable logic for reasoning about infinite arrays of integers. The logic is in the ∃ ∗ ∀ ∗ firstorder fragment and allows (1) Presburger constraints on existentially quantified variables, (2) difference constraints as well as periodicity constraints on universally ..."
Abstract

Cited by 19 (3 self)
 Add to MetaCart
Abstract. We introduce a new decidable logic for reasoning about infinite arrays of integers. The logic is in the ∃ ∗ ∀ ∗ firstorder fragment and allows (1) Presburger constraints on existentially quantified variables, (2) difference constraints as well as periodicity constraints on universally quantified indices, and (3) difference constraints on values. In particular, using our logic, one can express constraints on consecutive elements of arrays (e.g. ∀i. 0 ≤ i < n → a[i+1] = a[i]−1) as well as periodic facts (e.g. ∀i. i ≡2 0 → a[i] = 0). The decision procedure follows the automatatheoretic approach: we translate formulae into a special class of Büchi counter automata such that any model of a formula corresponds to an accepting run of the automaton, and vice versa. The emptiness problem for this class of counter automata is shown to be decidable, as a consequence of earlier results on counter automata with a flat control structure and transitions based on difference constraints. We show interesting program properties expressible in our logic, and give an example of invariant verification for programs that handle integer arrays. 1
Verification by network decomposition
 IN 15 TH CONCUR, LNCS 3170
, 2004
"... We describe a new method to verify networks of homogeneous processes which communicate by token passing. Given an arbitrary network graph and an indexed LT L \ X property, we show how to decompose the network graph into multiple constant size networks, thereby reducing one model checking call on a ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
(Show Context)
We describe a new method to verify networks of homogeneous processes which communicate by token passing. Given an arbitrary network graph and an indexed LT L \ X property, we show how to decompose the network graph into multiple constant size networks, thereby reducing one model checking call on a large network to several calls on small networks. We thus obtain cutoffs for arbitrary classes of networks, adding to previous work by Emerson and Namjoshi on the ring topology. Our results on LT L \ X are complemented by a negative result which precludes the existence of reductions for CT L \ X on general networks.