Predicate abstraction for software verification

FlanaganCormac,; QadeerShaz,

doi:10.1145/565816.503291

Cited by 127 publications

(176 citation statements)

References 20 publications

Supporting

Mentioning

175

Contrasting

Unclassified

Order By: Relevance

“…To do this, we can decompose k into two disjoint sub-sequences i and j such that k = i ∪ j according to some criteria: if the conjunction of Σ I (i) literals occurring in θ is maximal, we get a candidate invariant by returning the corresponding ∃ I -formula (9). This is quite feasible in many concrete cases.…”

Section: Heuristicsmentioning

confidence: 99%

“…Even worse, in some cases the analysis may not detect a fix-point, thereby causing non-termination. In order to avoid visiting irrelevant parts of the symbolic state space during backward reachability, techniques for analyzing pre-images and guessing invariants have been devised (see, e.g., [5,15,9,4,13] to name a few). The success of these techniques depend crucially on the heuristics used to guess the invariants.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Goal-Directed Invariant Synthesis for Model Checking Modulo Theories

Ghilardi

Ranise

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We are interested in automatically proving safety properties of infinite state systems. We present a technique for invariant synthesis which can be incorporated in backward reachability analysis. The main theoretical result ensures that (under suitable hypotheses) our method is guaranteed to find an invariant if one exists. We also discuss heuristics that allow us to derive an implementation of the technique showing remarkable speed-ups on a significant set of safety problems in parametrised systems.

show abstract

Section: Heuristicsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Goal-Directed Invariant Synthesis for Model Checking Modulo Theories

Ghilardi

Ranise

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…For example, Clarke et al [CKSY04], and Lahiri and Bryant [LBC03,LB04] perform predicate abstraction by Boolean quantifier elimination using SAT solvers for propositional and first-order logic respectively. The idea of using SMT solvers for predicate abstraction has also been explored repeatedly [DDP99,SS99,FQ02,BCLZ04], but differently from what we do here, in particular, concerning incrementality. The recent symbolic decision procedure approach of [LBC05] is a specialized method for predicate abstraction based on saturating a set of predicates; however, it imposes restrictions on the underlying theories, it requires an expensive transformation of the queries to a logically equivalent conjunctive normal form, and combination methods for non-convex theories would need to be devised for it.…”

Section: Introductionmentioning

confidence: 99%

SMT Techniques for Fast Predicate Abstraction

Lahiri

Nieuwenhuis

Oliveras

2006

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. Predicate abstraction is a technique for automatically extracting finite-state abstractions for systems with potentially infinite state space. The fundamental operation in predicate abstraction is to compute the best approximation of a Boolean formula ϕ over a set of predicates P . In this work, we demonstrate the use for this operation of a decision procedure based on the DPLL(T) framework for SAT Modulo Theories (SMT). The new algorithm is based on a careful generation of the set of all satisfying assignments over a set of predicates. It consistently outperforms previous methods by a factor of at least 20, on a diverse set of hardware and software verification benchmarks. We report detailed analysis of the results and the impact of a number of variations of the techniques. We also propose and evaluate a scheme for incremental refinement of approximations for predicate abstraction in the above framework.

show abstract

“…The practicality of these abstraction techniques has been demonstrated on several large examples. Flanagan and Qadeer [FQ02] have applied predicate abstraction to a large (44KLOC) file system program and automatically derived over 90% of the loop invariants. Predicate abstraction has also been used in the SLAM project [BMMR01] at Microsoft to find bugs in device driver routines.…”

Section: Discussionmentioning

confidence: 99%

Verification by Abstraction

Shankar

2003

Formal Methods at the Crossroads. From Panacea to Foundational Support

View full text Add to dashboard Cite

Abstract. Verification seeks to prove or refute putative properties of a given program. Deductive verification is carried out by constructing a proof that the program satisfies its specification, whereas model checking uses state exploration to find computations where the property fails. Model checking is largely automatic but is effective only for programs defined over small state spaces. Abstraction serves as a bridge between the more general deductive methods for program verification and the restricted but effective state exporation methods used in model checking. In verification by abstraction, deduction is used to construct a finitestate approximation of a program that preserves the property of interest. The resulting abstraction can be explored for offending computations through the use of model checking. We motivate the use of abstraction in verification and survey some of the recent advances.

show abstract

Predicate abstraction for software verification

Cited by 127 publications

References 20 publications

Goal-Directed Invariant Synthesis for Model Checking Modulo Theories

Goal-Directed Invariant Synthesis for Model Checking Modulo Theories

SMT Techniques for Fast Predicate Abstraction

Verification by Abstraction

Contact Info

Product

Resources

About