Interpolant-Based Transition Relation Approximation

Jhala, Ranjit; McMillan, Kenneth L.

doi:10.1007/11513988_6

Cited by 75 publications

(51 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The two algorithms use interpolation [32] and interpolation sequences [54] (as described in Section II-E) that, when combined with BMC, can provide complete model checking algorithms.…”

Section: E Interpolation and Model Checkingmentioning

confidence: 99%

See 1 more Smart Citation

Boolean Satisfiability Solvers and Their Applications in Model Checking

Vizel

Weißenbacher²,

Malik

2015

Proc. IEEE

View full text Add to dashboard Cite

| Boolean satisfiability (SAT)Vthe problem of determining whether there exists an assignment satisfying a given Boolean formulaVis a fundamental intractable problem in computer science. SAT has many applications in electronic design automation (EDA), notably in synthesis and verification. Consequently, SAT has received much attention from the EDA community, who developed algorithms that have had a significant impact on the performance of SAT solvers. EDA researchers introduced techniques such as conflict-driven clause learning, novel branching heuristics, and efficient unit propagation. These techniques form the basis of all modern SAT solvers. Using these ideas, contemporary SAT solvers can often handle practical instances with millions of variables and constraints. The continuing advances of SAT solvers are the driving force of modern model checking tools, which are used to check the correctness of hardware designs. Contemporary automated verification techniques such as bounded model checking, proof-based abstraction, interpolation-based model checking, and IC3 have in common that they are all based on SAT solvers and their extensions. In this paper, we trace the most important contributions made to modern SAT solvers by the EDA community, and discuss applications of SAT in hardware model checking.

show abstract

“…The two algorithms use interpolation [32] and interpolation sequences [54] (as described in Section II-E) that, when combined with BMC, can provide complete model checking algorithms.…”

Section: E Interpolation and Model Checkingmentioning

confidence: 99%

“…Properties of the interpolants (such as logical strength) generated by different algorithms have been studied extensively in [37], [54], [76], and [84]. The generation of interpolants from resolution proofs and clausal proofs in CNF has been addressed in [45] and [83], respectively.…”

Section: E Craig Interpolationmentioning

confidence: 99%

Boolean Satisfiability Solvers and Their Applications in Model Checking

Vizel

Weißenbacher²,

Malik

2015

Proc. IEEE

View full text Add to dashboard Cite

show abstract

“…Most applications of interpolants have so far been restricted to propositional logic, and the theories of equality with uninterpreted functions together with linear arithmetic [25,26,14,17,18]. This severely restricts the kind of programs and properties that have been studied in the software model checking literature, which have so far been restricted to niche control-dominated applications such as device drivers [2,15] and low level state machine properties such as correct usage of locks or files [15].…”

Section: Introductionmentioning

confidence: 99%

“…Counterexample-guided abstraction refinement (CEGAR) [5,2,15] with interpolation based abstraction refinement [14,17,26,18] has recently received a lot of attention as a robust technique for abstract static analysis of systems. In CEGAR, one attempts to prove a safety property starting with a crude abstraction on system states.…”

Section: Introductionmentioning

confidence: 99%

Interpolation for data structures

Kapur¹,

Majumdar

Zarba

2006

Proceedings of the 14th ACM SIGSOFT International Symposium on Foundations of Software Engineering

View full text Add to dashboard Cite

Interpolation based automatic abstraction is a powerful and robust technique for the automated analysis of hardware and software systems. Its use has however been limited to controldominated applications because of a lack of algorithms for computing interpolants for data structures used in software programs. We present efficient procedures to construct interpolants for the theories of arrays, sets, and multisets using the reduction approach for obtaining decision procedures for complex data structures. The approach taken is that of reducing the theories of such data structures to the theories of equality and linear arithmetic for which efficient interpolating decision procedures exist. This enables interpolation based techniques to be applied to proving properties of programs that manipulate these data structures.

show abstract

“…The Mondrian implementation was annotated with a set of assertions by the programmer. For the driver, we considered five safety properties identified in [11]. Both programs involve nontrivial bitwise operations.…”

Section: Introductionmentioning

confidence: 99%

Bit level types for high level reasoning

Jhala

Majumdar

2006

Proceedings of the 14th ACM SIGSOFT International Symposium on Foundations of Software Engineering

Self Cite

View full text Add to dashboard Cite

Bitwise operations are commonly used in low-level systems code to access multiple data fields that have been packed into a single word. Program analysis tools that reason about such programs must model the semantics of bitwise operations precisely in order to capture program control and data flow through these operations. We present a type system for subword data structures that explitictly tracks the flow of bit values in the program and identifies consecutive sections of bits as logical entities manipulated atomically by the programmer. Our type inference algorithm tags each integer value of the program with a bitvector type that identifies the data layout at the subword level. These types are used in a translation phase to remove bitwise operations from the program, thereby allowing verification engines to avoid the expensive low-level reasoning required for analyzing bitvector operations. We have used a software model checker to check properties of translated versions of a Linux device driver and a memory protection system. The resulting verification runs could prove many more properties than the naive model checker that did not reason about bitvectors, and could prove properties much faster than a model checker that did reason about bitvectors. We have also applied our bitvector type inference algorithm to generate program documentation for a virtual memory subsystem of an OS kernel. While we have applied the type system mainly for program understanding and verification, bitvector types also have applications to better variable ordering heuristics in boolean model checking and memory optimizations in compilers for embedded software.

show abstract

Interpolant-Based Transition Relation Approximation

Cited by 75 publications

References 16 publications

Boolean Satisfiability Solvers and Their Applications in Model Checking

Boolean Satisfiability Solvers and Their Applications in Model Checking

Interpolation for data structures

Bit level types for high level reasoning

Contact Info

Product

Resources

About