#### DMCA

## Powerful Techniques for the Automatic Generation of Invariants (1996)

### Cached

### Download Links

- [www.informatik.uni-kiel.de]
- [ftp.imag.fr]
- DBLP

### Other Repositories/Bibliography

Venue: | In CAV |

Citations: | 96 - 9 self |

### Citations

2321 |
Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints
- Cousot, Cousot
- 1977
(Show Context)
Citation Context ...nces). Concerning Szymanski's mutual exclusion algorithm, we verified the parameterized as well as the unparameterized case. We intend to combine our techniques with others as abstract interpretation =-=[5]-=- to discover relationships between program variables that can be used to derive invariants and to investigate heuristics and strategies for the decomposition of large programs. AcknowledgementsWe than... |

737 |
Assigning meanings to programs.
- Floyd
- 1967
(Show Context)
Citation Context ... if Ps:(pc = d) is an invariant of S. Next, we briefly recall the basic idea for proving invariance properties of programs. This idea underlies many proof rules formulated in different settings (e.g. =-=[8, 1, 15]-=-). To do so, we recall the definition of some predicate transformers. Definition3. Given ae ` \Sigma \Theta \Sigma , the predicate transformers pre[ae]; gpre[ae]; and post[ae] are defined by pre[ae](P... |

694 |
An automata-theoretic approach to automatic program verification (preliminary report). In:
- Vardi, Wolper
- 1986
(Show Context)
Citation Context ...oblem of size-increase of the considered predicates which is the main drawback of the usual strengthening technique. The proposed techniques are illustrated by examples. 1 Introduction Model checking =-=[17, 4, 13, 20]-=- is by now a well-known method for proving properties of reactive programs. The main reason for its success is that it works fully automatically, i.e. without any intervention of the user. The price t... |

527 | Guarded commands, nondeterminacy and formal derivation of programs
- Dijkstra
- 1975
(Show Context)
Citation Context ...d by the propagation techniques presented in e.g. [15, 14]. -- Refined strengthening: One of the most used techniques for strengthening invariants is by calculating the weakest (liberal) precondition =-=[6]-=- w.r.t. the considered invariant and taking it as a conjunct. A drawback of this method is that it increases the complexity of the considered predicate, and hence, after few steps its application lead... |

461 |
Temporal Verification of Reactive Systems: Safety (Springer-Verlag,
- Manna, Pnueli
- 1995
(Show Context)
Citation Context ... hand side of its assignment are not changed by the transition itself, i.e. they have the same value before and after the transition. This is more general than the one called reaffirmed invariants in =-=[15, 14]-=-. -- Propagation of invariants: This technique allows to propagate an assertion that holds whenever control is at some fixed control location to other control locations. We consider two instances of t... |

332 | ªFormal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS,º - Owre, Rushby, et al. - 1995 |

330 |
Automatic verification of finite state concurrent systems using temporal logic specifications
- Clarke, Emerson, et al.
- 1986
(Show Context)
Citation Context ...oblem of size-increase of the considered predicates which is the main drawback of the usual strengthening technique. The proposed techniques are illustrated by examples. 1 Introduction Model checking =-=[17, 4, 13, 20]-=- is by now a well-known method for proving properties of reactive programs. The main reason for its success is that it works fully automatically, i.e. without any intervention of the user. The price t... |

288 |
Specification and verification of concurrent systems in cesar
- Queille, Sifakis
- 1982
(Show Context)
Citation Context ...oblem of size-increase of the considered predicates which is the main drawback of the usual strengthening technique. The proposed techniques are illustrated by examples. 1 Introduction Model checking =-=[17, 4, 13, 20]-=- is by now a well-known method for proving properties of reactive programs. The main reason for its success is that it works fully automatically, i.e. without any intervention of the user. The price t... |

263 | A New Solution of Dijkstra’s Concurrent Programming Problem.
- Lamport
- 1974
(Show Context)
Citation Context ...strategies are proved to be invariant by construction. The use of these techniques for various mutual exclusion algorithms shows that they are promising. For instance, in case of the Bakery algorithm =-=[12, 15]-=-, which is an infinite-state program, we generate an invariant that is sufficiently strong to prove the required property. It is also important to note that these techniques are local in the sense tha... |

260 | Checking that finite state concurrent programs satisfy their linear specification.
- Lichtenstein, Pnueli
- 1985
(Show Context)
Citation Context |

71 | Ten years of Hoare’s logic: A survey - part I,
- Apt
- 1981
(Show Context)
Citation Context ... if Ps:(pc = d) is an invariant of S. Next, we briefly recall the basic idea for proving invariance properties of programs. This idea underlies many proof rules formulated in different settings (e.g. =-=[8, 1, 15]-=-). To do so, we recall the definition of some predicate transformers. Definition3. Given ae ` \Sigma \Theta \Sigma , the predicate transformers pre[ae]; gpre[ae]; and post[ae] are defined by pre[ae](P... |

63 | STeP: The Stanford Temporal Prover.
- Manna, Anuchitanukul, et al.
- 1994
(Show Context)
Citation Context ... hand side of its assignment are not changed by the transition itself, i.e. they have the same value before and after the transition. This is more general than the one called reaffirmed invariants in =-=[15, 14]-=-. -- Propagation of invariants: This technique allows to propagate an assertion that holds whenever control is at some fixed control location to other control locations. We consider two instances of t... |

52 |
Automatic generation of invariants and intermediate assertions
- Bjrner, Browne, et al.
- 1997
(Show Context)
Citation Context ...ventieth leading to results reported in e.g. [11, 9, 3, 7] 3 . Here, we present results which are to our knowledge new or extensions of existing ones. Other interesting recent results are reported in =-=[2]-=-. These techniques represent an important component of a tool which is being developed to support the computer-aided verification of safety properties of 3 This list of references is far from being ex... |

47 |
A synthesizer of inductive assertions.
- German, Wegbreit
- 1975
(Show Context)
Citation Context ...quired to satisfy some condition. The problem of automatically constructing invariants from program description has been intensively investigated in the seventieth leading to results reported in e.g. =-=[11, 9, 3, 7]-=- 3 . Here, we present results which are to our knowledge new or extensions of existing ones. Other interesting recent results are reported in [2]. These techniques represent an important component of ... |

28 | Verifying Invariants Using Theorem Proving
- Graf, Säıdi
- 1997
(Show Context)
Citation Context ...ided verification of safety properties of 3 This list of references is far from being exhaustive. See [15] for other references. reactive programs. Here, we give a brief description of this tool (See =-=[10]-=- for a detailed discussion). It consists of the following components: -- Front-end: The front-end takes as input a description of a transition system written as a program in a simple programming langu... |

22 |
A Simple Solution to Lamport’s Concurrent Programming Problem with Linear Wait (ICS ’88
- Szymanski
- 1988
(Show Context)
Citation Context ...chniques have been successfully applied to many mutual exclusion algorithms, e.g. the Bakery mutual exclusion algorithm [12, 15] in three different versions and Szymanski's mutual exclusion algorithm =-=[18, 19]-=- both parameterized and for two processes. Definition10. Given a transition system S, a predicate P is called historyindependent assertion at d 2 DC, if post[t](true) ` [[P ]] holds for each t 2 L(d),... |

15 |
Finding invariant assertions for proving programs.
- Caplain
- 1975
(Show Context)
Citation Context ...quired to satisfy some condition. The problem of automatically constructing invariants from program description has been intensively investigated in the seventieth leading to results reported in e.g. =-=[11, 9, 3, 7]-=- 3 . Here, we present results which are to our knowledge new or extensions of existing ones. Other interesting recent results are reported in [2]. These techniques represent an important component of ... |

13 |
A heuristic approach to program verification
- Katz, Manna
- 1973
(Show Context)
Citation Context ...quired to satisfy some condition. The problem of automatically constructing invariants from program description has been intensively investigated in the seventieth leading to results reported in e.g. =-=[11, 9, 3, 7]-=- 3 . Here, we present results which are to our knowledge new or extensions of existing ones. Other interesting recent results are reported in [2]. These techniques represent an important component of ... |

11 |
The semiautomatic generation of inductive assertions for provin g program correctness
- Elspas
- 1974
(Show Context)
Citation Context |

1 |
Automatic verfication of a class of symmetric parallel programs
- Szymanski, Vidal
- 1994
(Show Context)
Citation Context ...chniques have been successfully applied to many mutual exclusion algorithms, e.g. the Bakery mutual exclusion algorithm [12, 15] in three different versions and Szymanski's mutual exclusion algorithm =-=[18, 19]-=- both parameterized and for two processes. Definition10. Given a transition system S, a predicate P is called historyindependent assertion at d 2 DC, if post[t](true) ` [[P ]] holds for each t 2 L(d),... |