2017
DOI: 10.1007/978-3-319-63139-4_16
|View full text |Cite
|
Sign up to set email alerts
|

Scaling Bounded Model Checking by Transforming Programs with Arrays

Abstract: Bounded Model Checking is one the most successful techniques for finding bugs in program. However, for programs with loops iterating over largesized arrays, bounded model checkers often exceed the limit of resources available to them. We present a transformation that enables bounded model checkers to verify a certain class of array properties. Our technique transforms an array-manipulating program in ANSI-C to an array-free and loop-free program. The transformed program can efficiently be verified by an off-th… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
5
0

Year Published

2017
2017
2021
2021

Publication Types

Select...
5
1

Relationship

2
4

Authors

Journals

citations
Cited by 8 publications
(5 citation statements)
references
References 36 publications
0
5
0
Order By: Relevance
“…There are also techniques that abstract an array to a fixed number of elements, e.g. k-distinguished cell abstraction [32,33] and k-shrinkability [24,29]. Such abstractions usually reduce array modifying loops with unknown bounds to a known, small bound.…”
Section: Related Workmentioning
confidence: 99%
“…There are also techniques that abstract an array to a fixed number of elements, e.g. k-distinguished cell abstraction [32,33] and k-shrinkability [24,29]. Such abstractions usually reduce array modifying loops with unknown bounds to a known, small bound.…”
Section: Related Workmentioning
confidence: 99%
“…Our motivating examples are based on synthesizing invariants for arrays. However, there are methods for verifying array programs without using loop invariants: Abstraction of the array to a fixed number of elements is used to reduce array modifying loops with unknown bounds to loops with a known, small bound [16,22,25]. An imprecise approach involves abstracting the array so that all array elements appear in a single memory location [4].…”
Section: Related Workmentioning
confidence: 99%
“…A method that is properly subsumed by our method is [18]. This uses only one distinguished element called a witness element, and transforms a program to a loop free scalar program.…”
Section: Related Workmentioning
confidence: 99%
“…This is, in general, difficult because such programs have huge, at times infinite state space. So while static analysis techniques like array smashing and partitioning [4,5,11,14,16,17] fail due to abstractions that are too coarse, attempts with bounded model checkers or theorem provers that are equipped with array theories [3,8,9,15,18,22,23] tend to fail for lack of scalability or their inability to synthesize the right quantified invariants.…”
Section: Introductionmentioning
confidence: 99%