Abstraction Refinement of Linear Programs with Arrays

Armando, Alessandro; Benerecetti, Massimo; Mantovani, Jacopo

doi:10.1007/978-3-540-71209-1_29

Cited by 10 publications

(26 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Augmenting SMCs with looping counterexamples [12], [13], or concrete execution [14] enables efficient falsification rather than verification. Replacing boolean programs with linear programs enables some problems involving array traversal to be solved efficiently, but sacrifices completeness of the SMC's modelchecking phase [15]. Using a split prover [16] for refinement ensures eventual convergence if a proof of safety exists within difference logic, but does not guarantee that the proof is efficient, and can drastically increase the number of predicates used if a predicate with a large difference bound is needed.…”

Section: Discussionmentioning

confidence: 99%

Augmenting Counterexample-Guided Abstraction Refinement with Proof Templates

Hart

Gurfinkel

et al. 2008

2008 23rd IEEE/ACM International Conference on Automated Software Engineering

View full text Add to dashboard Cite

Abstract-Existing software model checkers based on predicate abstraction and refinement typically perform poorly at verifying the absence of buffer overflows, with analyses depending on the sizes of the arrays checked. We observe that many of these analyses can be made efficient by providing proof templates for common array traversal idioms idioms, which guide the model checker towards proofs that are independent of array size.We have integrated this technique into our software model checker, PTYASM, and have evaluated our approach on a set of testcases derived from the Verisec suite, demonstrating that our technique enables verification of the safety of array accesses independently of array size.

show abstract

Section: Discussionmentioning

confidence: 99%

Augmenting Counterexample-Guided Abstraction Refinement with Proof Templates

Hart

Gurfinkel

et al. 2008

2008 23rd IEEE/ACM International Conference on Automated Software Engineering

View full text Add to dashboard Cite

show abstract

“…The initial constraint store of the CPBPV verifier, assuming an input array of length 8, is the precondition 3 …”

Section: The Constraint-programming Framework At Workmentioning

confidence: 99%

“…Since l 0 ≤ u 0 , the execution enters the loop body, adds the constraint m 0 = (l 0 + u 0 )/2, which simplifies to m 0 = 3 (3.5 is rounded down to the integer 3, since / is the division on integers), and considers the conditional statement on lines 6-7. The execution of the statement is nondeterministic: Indeed, both t 0 [3] = v 0 and t 0 [3] = v 0 are consistent with the constraint store, and thus the two alternatives, which give rise to two execution paths, must be explored. Note that these two alternatives correspond to actual execution paths in which t [3] in the input is equal to, or different from, input v. The first alternative adds the constraint t 0 [3] = v 0 to the store and executes line 7, which adds the constraint result = m 0 .…”

Section: The Constraint-programming Framework At Workmentioning

confidence: 99%

“…The execution of the statement is nondeterministic: Indeed, both t 0 [3] = v 0 and t 0 [3] = v 0 are consistent with the constraint store, and thus the two alternatives, which give rise to two execution paths, must be explored. Note that these two alternatives correspond to actual execution paths in which t [3] in the input is equal to, or different from, input v. The first alternative adds the constraint t 0 [3] = v 0 to the store and executes line 7, which adds the constraint result = m 0 . CPBPV has thus obtained a complete execution path p whose final constraint store c p is:…”

Section: The Constraint-programming Framework At Workmentioning

confidence: 99%

“…First, contrary to earlier work using model checking or constraint programming [3,16,17], CPBPV does not use predicate abstraction or abstraction refinement techniques. As a consequence, it does not explore spurious execution paths, i.e., paths that do not correspond to actual executions over inputs satisfying the pre-condition.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

CPBPV: a constraint-programming framework for bounded program verification

2010

View full text Add to dashboard Cite

International audienceThis paper studies how to verify the conformity of a program with its specification and proposes a novel constraint-programming framework for bounded program verification (CPBPV). The CPBPV framework uses constraint stores to represent both the specification and the program and explores execution paths of bounded length nondeterministically. The CPBPV framework detects nonconformities and provides counter examples when a path of bounded length that refutes some properties exists. The input program is partially correct under the boundness restrictions, if each constraint store so produced implies the postcondition. CPBPV does not explore spurious execution paths, as it incrementally prunes execution paths early by detecting that the constraint store is not consistent. CPBPV uses the rich language of constraint programming to express the constraint store. Finally, CPBPV is parameterized with a list of solvers which are tried in sequence, starting with the least expensive and less general. Experimental results often produce orders of magnitude improvements over earlier approaches, running times being often independent of the size of the variable domains.Moreover, CPBPV was able to detect subtle errors in some programs for which other frameworks based on bounded model checking have failed

show abstract

CPBPV: A Constraint-Programming Framework for Bounded Program Verification

Collavizza

Rueher

Hentenryck

2008

Lecture Notes in Computer Science

View full text Add to dashboard Cite

This paper studies how to verify the conformity of a program with its specification and proposes a novel constraint-programming framework for bounded program verification (CPBPV). The CPBPV framework uses constraint stores to represent both the specification and the program and explores execution paths of bounded length nondeterministically. The CPBPV framework detects non-conformities and provides counter examples when a path of bounded length that refutes some properties exists. The input program is partially correct under the boundness restrictions, if each constraint store so produced implies the post-condition. CPBPV does not explore spurious execution paths, as it incrementally prunes execution paths early by detecting that the constraint store is not consistent. CPBPV uses the rich language of constraint programming to express the constraint store. Finally, CPBPV is parameterized with a list of solvers which are tried in sequence, starting with the least expensive and less general. Experimental results often produce orders of magnitude improvements over earlier approaches, running times being often independent of the size of the variable domains. Moreover, CPBPV was able to detect subtle errors in some programs for which other frameworks based on bounded model checking have failed.

show abstract

Abstraction Refinement of Linear Programs with Arrays

Cited by 10 publications

References 11 publications

Augmenting Counterexample-Guided Abstraction Refinement with Proof Templates

Augmenting Counterexample-Guided Abstraction Refinement with Proof Templates

CPBPV: a constraint-programming framework for bounded program verification

CPBPV: A Constraint-Programming Framework for Bounded Program Verification

Contact Info

Product

Resources

About