Predicate abstraction and refinement for verifying multi-threaded programs

Gupta, Ashutosh; Popeea, Corneliu; Rybalchenko, Andrey

doi:10.1145/1925844.1926424

Cited by 46 publications

(74 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We envisage extending the analysis to multi-threaded C programs. One way of extending the analysis to multi-threaded programs is using the rely-guarantee technique which is proposed by Jones [1983], and explored in several works [Cook et al 2007;Gupta et al 2011;Albert et al 2017] for termination analysis. In our setting, the predicates for environment assumptions can be used in a similar way as invariants and summaries are used in the analysis of sequential programs.…”

Section: I S T X ;mentioning

confidence: 99%

Bit-Precise Procedure-Modular Termination Analysis

Chen

David

Kroening

et al. 2017

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

Non-termination is the root cause of a variety of program bugs, such as hanging programs and denial-ofservice vulnerabilities. This makes an automated analysis that can prove the absence of such bugs highly desirable. To scale termination checks to large systems, an interprocedural termination analysis seems essential. This is a largely unexplored area of research in termination analysis, where most effort has focussed on small but difficult single-procedure problems.We present a modular termination analysis for C programs using template-based interprocedural summarisation. Our analysis combines a context-sensitive, over-approximating forward analysis with the inference of under-approximating preconditions for termination. Bit-precise termination arguments are synthesised over lexicographic linear ranking function templates. Our experimental results show the advantage of interprocedural reasoning over monolithic analysis in terms of efficiency, while retaining comparable precision.

show abstract

Section: I S T X ;mentioning

confidence: 99%

Bit-Precise Procedure-Modular Termination Analysis

Chen

David

Kroening

et al. 2017

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

show abstract

“…-The concurrent version of CBMC [Alglave et al 2013]; -IMPARA [Wachter et al 2013], which combines a new, symbolic form of partial-order reduction with the Impact algorithm [McMillan 2006]; -ESBMC [Morse et al 2014], a context-bounded symbolic model checker for multithreaded C programs; -Lazy-CSeq [Inverso et al 2015], a tool that translates a multi-threaded C program into a sequential C program with a given bound on the schedule rounds; -The concurrent version of SatAbs [Clarke et al 2005]; -Threader [Popeea and Rybalchenko 2013], which implements thread-modular reasoning [Gupta et al 2011]. …”

Section: Verification Toolsmentioning

confidence: 99%

Effective Verification for Low-Level Software with Competing Interrupts

Liang

Melham

Kroening

et al. 2017

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

Interrupt-driven software is difficult to test and debug, especially when interrupts can be nested and subject to priorities. Interrupts can arrive at arbitrary times, leading to an exponential blow-up in the number of cases to consider. We present a new formal approach to verifying interrupt-driven software based on symbolic execution. The approach leverages recent advances in the encoding of the execution traces of interacting, concurrent threads. We assess the performance of our method on benchmarks drawn from embedded systems code and device drivers, and experimentally compare it to conventional approaches that use source-to-source transformations. Our results show that our method significantly outperforms these techniques. To the best of our knowledge, our work is the first to demonstrate effective verification of low-level embedded software with nested interrupts.

show abstract

“…The program is a challenge for many existing approaches. We ran experiments, for example, with the tool THREADER [16], which generates Owicki-Gries type proofs and rely-guarantee type proofs, and with the tool SLAB [11], which uses abstraction-refinement using Craig interpolation with slicing. In both tools, the space used for the proof grows exponentially in N .…”

Section: Increment Examplementioning

confidence: 99%

Inductive data flow graphs

Farzan

Kincaid

Podelski

2013

Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

View full text Add to dashboard Cite

The correctness of a sequential program can be shown by the annotation of its control flow graph with inductive assertions. We propose inductive data flow graphs, data flow graphs with incorporated inductive assertions, as the basis of an approach to verifying concurrent programs. An inductive data flow graph accounts for a set of dependencies between program actions in interleaved thread executions, and therefore stands as a representation for the set of concurrent program traces which give rise to these dependencies. The approach first constructs an inductive data flow graph and then checks whether all program traces are represented. The size of the inductive data flow graph is polynomial in the number of data dependencies (in a sense that can be made formal); it does not grow exponentially in the number of threads unless the data dependencies do. The approach shifts the burden of the exponential explosion towards the check whether all program traces are represented, i.e., to a combinatorial problem (over finite graphs).

show abstract

Predicate abstraction and refinement for verifying multi-threaded programs

Cited by 46 publications

References 24 publications

Bit-Precise Procedure-Modular Termination Analysis

Bit-Precise Procedure-Modular Termination Analysis

Effective Verification for Low-Level Software with Competing Interrupts

Inductive data flow graphs

Contact Info

Product

Resources

About