Lazy abstraction

Henzinger, Thomas A.; Jhala, Ranjit; Majumdar, Rupak; Sutre, Grégoire

doi:10.1145/503272.503279

Cited by 821 publications

(751 citation statements)

References 27 publications

Supporting

Mentioning

748

Contrasting

Unclassified

Order By: Relevance

“…Several recent verification approaches [2,15], based on predicate abstraction [14], avoid imprecision (e.g., due to aliasing or infeasible paths) by iteratively refining the abstractions as necessary, but are fundamentally exponential algorithms. These techniques use symbolic and theorem-proving techniques (during verification) to identify a set P of "relevant" predicates, and then use the powerset lattice 2 P →{true,f alse} for abstraction, and then model check the resulting finite state system (and usually iterate with increasingly larger sets of predicates until a satisfactory result is obtained).…”

Section: Related Workmentioning

confidence: 99%

Typestate Verification: Abstraction Techniques and Complexity Results

Field¹,

Goyal²,

Ramalingam³

et al. 2003

Static Analysis

View full text Add to dashboard Cite

Abstract. We consider the problem of typestate verification for shallow programs; i.e., programs where pointers from program variables to heap-allocated objects are allowed, but where heap-allocated objects may not themselves contain pointers. We prove a number of results relating the complexity of verification to the nature of the finite state machine used to specify the property. Some properties are shown to be intractable, but others which appear to be quite similar admit polynomial-time verification algorithms. While there has been much progress on many aspects of automated program verification, we are not aware of any previous work relating the difficulty of typestate verification to properties of the finite state automaton. Our results serve to provide insight into the inherent complexity of important classes of verification problems. In addition, the program abstractions used for the polynomial-time verification algorithms may be of independent interest.

show abstract

Section: Related Workmentioning

confidence: 99%

Typestate Verification: Abstraction Techniques and Complexity Results

Field¹,

Goyal²,

Ramalingam³

et al. 2003

Static Analysis

View full text Add to dashboard Cite

show abstract

“…see [11]). These works search through an abstract model of the program to generate a counter-example trace and then show that the given counter-example trace is an infeasible path in the program's control flow graph.…”

Section: Fig 1 Sum Of Even Numbersmentioning

confidence: 96%

Analyzing Loop Paths for Execution Time Estimation

Roychoudhury

Mitra

Negi

2005

Distributed Computing and Internet Technology

View full text Add to dashboard Cite

Abstract. Statically estimating the worst case execution time of a program is important for real-time embedded software. This is difficult even in the programming language level due to the inherent difficulty in detecting infeasible paths in a program's control flow graph. In this paper, we study the problem of accurately bounding the execution time of a program loop. This involves infeasible path detection followed by timing analysis. We employ constraint propagation methods to detect infeasible paths spanning across loop iterations. Our timing analysis is exact modulo the infeasible path information provided. Moreover, the analysis is efficient since it relies on memoization techniques to avoid exhaustive enumeration of all paths through a loop. The precision of our timing analysis is demonstrated on different benchmark programs.

show abstract

“…CEGAR-based predicate-abstraction techniques are used in several C-program model-checking tools, such as SLAM [12], BLAST [13], ZING [27], and KISS [24]. However, as mentioned previously, SLAM cannot deal with concurrency, BLAST cannot handle recursion, and KISS cannot discover errors that appear after a number of interleavings between the parallel components greater than three.…”

Section: Related Workmentioning

confidence: 99%

“…This schema has been successfully applied to handle both pure non-concurrent (sequential) recursive programs in the tool SLAM [12], and concurrent non-recursive programs in the tools BLAST [13] and MAGIC [14].…”

Section: Introductionmentioning

confidence: 99%

Verifying Concurrent Message-Passing C Programs with Recursive Calls

Chaki

Clarke

Kidd

et al. 2006

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

Abstract. We consider the model-checking problem for C programs with (1) data ranging over very large domains, (2) (recursive) procedure calls, and (3) concurrent parallel components that communicate via synchronizing actions. We model such programs using communicating pushdown systems, and reduce the reachability problem for this model to deciding the emptiness of the intersection of two context-free languages L 1 and L 2 . We tackle this undecidable problem using a CounterExample Guided Abstraction Refinement (CEGAR) scheme. We implemented our technique in the model checker MAGIC and found a previously unknown bug in a version of a Windows NT Bluetooth driver.

show abstract

Lazy abstraction

Cited by 821 publications

References 27 publications

Typestate Verification: Abstraction Techniques and Complexity Results

Typestate Verification: Abstraction Techniques and Complexity Results

Analyzing Loop Paths for Execution Time Estimation

Verifying Concurrent Message-Passing C Programs with Recursive Calls

Contact Info

Product

Resources

About