Automatic predicate abstraction of C programs

Ball, Thomas; Majumdar, Rupak; Millstein, Todd; Rajamani, Sriram K.

doi:10.1145/381694.378846

Cited by 254 publications

(305 citation statements)

References 21 publications

Supporting

Mentioning

304

Contrasting

Unclassified

Order By: Relevance

“…SLAM: This category contains a set of 665 predicate abstraction queries generated from Windows device driver verification in SLAM [BMMR01]. In SLAM, predicate abstraction is used to abstract a Boolean program from a C program.…”

Section: Benchmarks and Their Sourcementioning

confidence: 99%

“…We are currently investigating exploiting incrementality when computing an abstraction over an monotonically growing set of predicates, which can be useful for creating Boolean programs [BMMR01] incrementally. Another area of future work is to extend a minterm c over P to a larger cube on-the-fly, before starting the search for a new minterm -this could impact the performance of queries (e.g.…”

Section: Conclusion and Further Workmentioning

confidence: 99%

“…In fact, our experiments reveal that (i) for small cube sizes, the computation times are extremely small, and that (ii) computing the full G P (ϕ) in successive steps slightly increasing the cube size can be done almost as efficiently as computing it directly, if each step is done incrementally from the previous one. Although several approaches have been developed in recent years to compute coarser approximations [GS97,BMMR01,DD01], the process of refining the approximations is not incremental, and can sometimes be the main bottleneck in the verification [BCDR04].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

SMT Techniques for Fast Predicate Abstraction

Lahiri

Nieuwenhuis

Oliveras

2006

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. Predicate abstraction is a technique for automatically extracting finite-state abstractions for systems with potentially infinite state space. The fundamental operation in predicate abstraction is to compute the best approximation of a Boolean formula ϕ over a set of predicates P . In this work, we demonstrate the use for this operation of a decision procedure based on the DPLL(T) framework for SAT Modulo Theories (SMT). The new algorithm is based on a careful generation of the set of all satisfying assignments over a set of predicates. It consistently outperforms previous methods by a factor of at least 20, on a diverse set of hardware and software verification benchmarks. We report detailed analysis of the results and the impact of a number of variations of the techniques. We also propose and evaluate a scheme for incremental refinement of approximations for predicate abstraction in the above framework.

show abstract

Section: Benchmarks and Their Sourcementioning

confidence: 99%

Section: Conclusion and Further Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SMT Techniques for Fast Predicate Abstraction

Lahiri

Nieuwenhuis

Oliveras

2006

Computer Aided Verification

View full text Add to dashboard Cite

show abstract

“…Several recent verification approaches [2,15], based on predicate abstraction [14], avoid imprecision (e.g., due to aliasing or infeasible paths) by iteratively refining the abstractions as necessary, but are fundamentally exponential algorithms. These techniques use symbolic and theorem-proving techniques (during verification) to identify a set P of "relevant" predicates, and then use the powerset lattice 2 P →{true,f alse} for abstraction, and then model check the resulting finite state system (and usually iterate with increasingly larger sets of predicates until a satisfactory result is obtained).…”

Section: Related Workmentioning

confidence: 99%

Typestate Verification: Abstraction Techniques and Complexity Results

Field¹,

Goyal²,

Ramalingam³

et al. 2003

Static Analysis

View full text Add to dashboard Cite

Abstract. We consider the problem of typestate verification for shallow programs; i.e., programs where pointers from program variables to heap-allocated objects are allowed, but where heap-allocated objects may not themselves contain pointers. We prove a number of results relating the complexity of verification to the nature of the finite state machine used to specify the property. Some properties are shown to be intractable, but others which appear to be quite similar admit polynomial-time verification algorithms. While there has been much progress on many aspects of automated program verification, we are not aware of any previous work relating the difficulty of typestate verification to properties of the finite state automaton. Our results serve to provide insight into the inherent complexity of important classes of verification problems. In addition, the program abstractions used for the polynomial-time verification algorithms may be of independent interest.

show abstract

“…The last decade has witnessed impressive progress in the ability of tools to verify properties of hardware and software systems (e.g., [9,16,24]). The success has to a large extent concerned safety properties, e.g., absence of run-time errors, deadlocks, race conditions, etc.…”

Section: Introductionmentioning

confidence: 99%

Proving Liveness by Backwards Reachability

Abdulla

Jönsson

Rezine

et al. 2006

CONCUR 2006 – Concurrency Theory

View full text Add to dashboard Cite

Abstract. We present a new method for proving liveness and termination properties for fair concurrent programs, which does not rely on finding a ranking function or on computing the transitive closure of the transition relation. The set of states from which termination or some liveness property is guaranteed is computed by a backwards reachability analysis. A central technique for handling concurrency is a check for certain commutativity properties. The method is not complete. However, it can be seen as a complement to other methods for proving termination, in that it transforms a termination problem into a simpler one with a larger set of terminated states. We show the usefulness of our method by applying it to existing programs from the literature. We have also implemented it in the framework of Regular Model Checking, and used it to automatically verify non-starvation for parameterized algorithms.

show abstract

Automatic predicate abstraction of C programs

Cited by 254 publications

References 21 publications

SMT Techniques for Fast Predicate Abstraction

SMT Techniques for Fast Predicate Abstraction

Typestate Verification: Abstraction Techniques and Complexity Results

Proving Liveness by Backwards Reachability

Contact Info

Product

Resources

About