Results 1  10
of
149
Full functional verification of linked data structures
 In ACM Conf. Programming Language Design and Implementation (PLDI
, 2008
"... We present the first verification of full functional correctness for a range of linked data structure implementations, including mutable lists, trees, graphs, and hash tables. Specifically, we present the use of the Jahob verification system to verify formal specifications, written in classical high ..."
Abstract

Cited by 101 (19 self)
 Add to MetaCart
(Show Context)
We present the first verification of full functional correctness for a range of linked data structure implementations, including mutable lists, trees, graphs, and hash tables. Specifically, we present the use of the Jahob verification system to verify formal specifications, written in classical higherorder logic, that completely capture the desired behavior of the Java data structure implementations (with the exception of properties involving execution time and/or memory consumption). Given that the desired correctness properties include intractable constructs such as quantifiers, transitive closure, and lambda abstraction, it is a challenge to successfully prove the generated verification conditions. Our Jahob verification system uses integrated reasoning to split each verification condition into a conjunction of simpler subformulas, then apply a diverse collection of specialized decision procedures,
MONA Implementation Secrets
, 2000
"... The MONA tool provides an implementation of the decision procedures for the logics WS1S and WS2S. It has been used for numerous applications, and it is remarkably efficient in practice, even though it faces a theoretically nonelementary worstcase complexity. The implementation has matured over a p ..."
Abstract

Cited by 84 (6 self)
 Add to MetaCart
(Show Context)
The MONA tool provides an implementation of the decision procedures for the logics WS1S and WS2S. It has been used for numerous applications, and it is remarkably efficient in practice, even though it faces a theoretically nonelementary worstcase complexity. The implementation has matured over a period of six years. Compared to the first naive version, the present tool is faster by several orders of magnitude. This speedup is obtained from many different contributions working on all levels of the compilation and execution of formulas. We present a selection of implementation "secrets" that have been discovered and tested over the years, including formula reductions, DAGification, guided tree automata, threevalued logic, eager minimization, BDDbased automata representations, and cacheconscious data structures. We describe these techniques and quantify their respective effects by experimenting with separate versions of the MONA tool that in turn omit each of them.
Symbolic Model Checking the Knowledge of the Dining Cryptographers
, 2002
"... This paper describes how symbolic techniques (in particular, OBDD's) may be used to to implement an algorithm for model checking specifications in the logic of knowledge for a single agent operating with synchronous perfect recall in an environment of which it has incomplete knowledge. As an il ..."
Abstract

Cited by 64 (14 self)
 Add to MetaCart
This paper describes how symbolic techniques (in particular, OBDD's) may be used to to implement an algorithm for model checking specifications in the logic of knowledge for a single agent operating with synchronous perfect recall in an environment of which it has incomplete knowledge. As an illustration of the utility...
Automatic Verification of Pointer Programs using Monadic SecondOrder Logic
 In Proc. ACM PLDI, Las Vegas, NV
, 1997
"... We present a technique for automatic verification of pointer programs based on a decision procedure for the monadic secondorder logic on finite strings. We are concerned with a whilefragment of Pascal, which includes recursivelydefined pointer structures but excludes pointer arithmetic. We define ..."
Abstract

Cited by 63 (8 self)
 Add to MetaCart
We present a technique for automatic verification of pointer programs based on a decision procedure for the monadic secondorder logic on finite strings. We are concerned with a whilefragment of Pascal, which includes recursivelydefined pointer structures but excludes pointer arithmetic. We define a logic of stores with interesting basic predicates such as pointer equality, tests for nil pointers, and garbage cells, as well as reachability along pointers. We present a complete decision procedure for Hoare triples based on this logic over loopfree code. Combined with explicit loop invariants, the decision procedure allows us to answer surprisingly detailed questions about small but nontrivial programs. If a program fails to satisfy a certain property, then we can automatically supply an initial store that provides a counterexample. Our technique has been fully and e#ciently implemented for linear linked lists, and extends in principle to tree structures. The resulting system can be used to verify extensive properties of smaller pointer programs and could be particularly useful in a teaching environment. # detex paper.tex  wc  cutd' ' f2 = 4821 1 1
Symbolically computing mostprecise abstract operations for shape analysis
 IN 10TH TACAS
, 2004
"... Shape analysis concerns the problem of determining “shape invariants” for programs that perform destructive updating on dynamically allocated storage. This paper presents a new algorithm that takes as input an abstract value (a 3valued logical structure describing some set of concrete stores X) an ..."
Abstract

Cited by 58 (23 self)
 Add to MetaCart
(Show Context)
Shape analysis concerns the problem of determining “shape invariants” for programs that perform destructive updating on dynamically allocated storage. This paper presents a new algorithm that takes as input an abstract value (a 3valued logical structure describing some set of concrete stores X) and a precondition p, and computes the mostprecise abstract value for the stores in X that satisfy p. This algorithm solves several open problems in shape analysis: (i) computing the mostprecise abstract value of a set of concrete stores specified by a logical formula; (ii) computing best transformers for atomic program statements and conditions; (iii) computing best transformers for loopfree code fragments (i.e., blocks of atomic program statements and conditions); (iv) performing interprocedural shape analysis using procedure specifications and assumeguarantee reasoning; and (v) computing the mostprecise overapproximation of the meet of two abstract values. The algorithm employs a decision procedure for the logic used to express properties of data structures. A decidable logic for expressing such properties is described in a companion submission [6]. The algorithm can also be used with an undecidable logic and a theorem prover; termination can be assured by using standard techniques (e.g., having the theorem prover return a safe answer if a timeout threshold is exceeded) at the cost of losing the ability to guarantee that a mostprecise result is obtained. A prototype has been implemented in TVLA, using the SPASS theorem prover.
Mona Fido: The LogicAutomaton Connection in Practice
, 1998
"... We discuss in this paper how connections, discovered almost forty years ago, between logics and automata can be used in practice. For such logics expressing regular sets, we have developed tools that allow efficient symbolic reasoning not attainable by theorem proving or symbolic model checking. ..."
Abstract

Cited by 57 (10 self)
 Add to MetaCart
(Show Context)
We discuss in this paper how connections, discovered almost forty years ago, between logics and automata can be used in practice. For such logics expressing regular sets, we have developed tools that allow efficient symbolic reasoning not attainable by theorem proving or symbolic model checking. We explain how the logicautomaton connection is already exploited in a limited way for the case of Quantified Boolean Logic, where Binary Decision Diagrams act as automata. Next, we indicate how BDD data structures and algorithms can be extended to yield a practical decision procedure for a more general logic, namely WS1S, the Weak Secondorder theory of One Successor. Finally, we mention applications of the automatonlogic connection to software engineering and program verification. 1
Saturation Unbound
 Proc. TACAS
, 2003
"... In previous work, we proposed a "saturation" algorithm for symbolic statespace generation characterized by the use of multivalued decision diagrams, boolean Kronecker operators, event locality, and a special iteration strategy. This approach outperforms traditional BDDbased techniques by ..."
Abstract

Cited by 50 (21 self)
 Add to MetaCart
(Show Context)
In previous work, we proposed a "saturation" algorithm for symbolic statespace generation characterized by the use of multivalued decision diagrams, boolean Kronecker operators, event locality, and a special iteration strategy. This approach outperforms traditional BDDbased techniques by several orders of magnitude in both space and time but, like them, assumes a priori knowledge of each submodel's state space. We introduce a new algorithm that merges explicit local statespace discovery with symbolic global statespace generation. This relieves the modeler from worrying about the behavior of submodels in isolation.
Modular Data Structure Verification
 EECS DEPARTMENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY
, 2007
"... This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java ..."
Abstract

Cited by 43 (20 self)
 Add to MetaCart
This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java programs with dynamically allocated data structures. Developers write Jahob specifications in classical higherorder logic (HOL); Jahob reduces the verification problem to deciding the validity of HOL formulas. I present a new method for proving HOL formulas by combining automated reasoning techniques. My method consists of 1) splitting formulas into individual HOL conjuncts, 2) soundly approximating each HOL conjunct with a formula in a more tractable fragment and 3) proving the resulting approximation using a decision procedure or a theorem prover. I present three concrete logics; for each logic I show how to use it to approximate HOL formulas, and how to decide the validity of formulas in this logic. First, I present an approximation of HOL based on a translation to firstorder logic, which enables the use of existing resolutionbased theorem provers. Second, I present an approximation of HOL based on field constraint analysis, a new technique that enables
The Boundary between Decidability and Undecidability for TransitiveClosure Logics
 In Computer Science Logic (CSL
, 2004
"... To reason effectively about programs, it is important to have some version of a transitiveclosure operator so that we can describe such notions as the set of nodes reachable from a program's variables. On the other hand, with a few notable exceptions, adding transitive closure to even very tam ..."
Abstract

Cited by 38 (6 self)
 Add to MetaCart
(Show Context)
To reason effectively about programs, it is important to have some version of a transitiveclosure operator so that we can describe such notions as the set of nodes reachable from a program's variables. On the other hand, with a few notable exceptions, adding transitive closure to even very tame logics makes them undecidable. In this paper, we explore...
Bounded Model Construction for Monadic SecondOrder Logics
 In 12th International Conference on ComputerAided Verification (CAV’00), number 1855 in LNCS
, 2000
"... The monadic logics M2LStr and WS1S have been successfully used for verification, although they are nonelementary decidable. Motivated by ideas from bounded model checking, we investigate procedures for bounded model construction for these logics. The problem is, given a formula and a bound k, does ..."
Abstract

Cited by 37 (2 self)
 Add to MetaCart
The monadic logics M2LStr and WS1S have been successfully used for verification, although they are nonelementary decidable. Motivated by ideas from bounded model checking, we investigate procedures for bounded model construction for these logics. The problem is, given a formula and a bound k, does there exist a word model for of length k. We give a bounded model construction algorithm for M2LStr that runs in a time exponential in k. For WS1S, we prove a negative result: bounded model construction is as hard as validity checking, i.e., it is nonelementary. From this, negative results for other monadic logics, such as S1S, follow. We present too preliminary tests using a SATbased implementation of bounded model construction; for certain problem classes it can find counterexamples substantially faster than automatabased decision procedures.