VCC: Contract-based modular verification of concurrent C

Dahlweid, Markus; Moskal, Michał; Santen, Thomas; Tobies, Stephan; Schulte, Wolfram

doi:10.1109/icse-companion.2009.5071046

Cited by 58 publications

(27 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some other tools are inspired by Hoare's reasoning style [3,14,18]. They are based on the reasoning-by-contract principle: pre-and postconditions and loop invariants have to be specified by the user, which is a tedious task in general.…”

Section: Resultsmentioning

confidence: 99%

Necessary and Sufficient Preconditions via Eager Abstraction

Seghir

Schrammel

2014

Programming Languages and Systems

View full text Add to dashboard Cite

Abstract. The precondition for safe execution of a procedure is useful for understanding, verifying and debugging programs. We have previously presented a cegar-based approach for inferring necessary and sufficient preconditions based on the iterative abstraction-refinement of the set of safe and unsafe states until they become disjoint. A drawback of that approach is that safe and unsafe traces are explored separately and each time they are built entirely before being checked for consistency. In this paper, we present an eager approach that explores shared prefixes between safe and unsafe traces conjointly. As a result, individual state sets, by construction, fulfil the property of separation between safe and unsafe states without requiring any refinement. Experiments using our implementation of this technique in the precondition generator P-Gen show a significant improvement compared to our previous cegar-based method. In some cases the running time drops from several minutes to several seconds.

show abstract

Section: Resultsmentioning

confidence: 99%

Necessary and Sufficient Preconditions via Eager Abstraction

Seghir

Schrammel

2014

Programming Languages and Systems

View full text Add to dashboard Cite

show abstract

“…The source language, C or Ada, is not important, although the choice between signed versus unsigned types in the source makes a difference: in Ada their semantics are significantly different. The Boogie [2] verifier and its front-ends VCC [13] and Dafny [19] also use the built-in bit vector support of Z3, to model machine words. We are not aware of any work, in this context, about the problem of mixing bit vectors with high-level specifications.…”

Section: Discussionmentioning

confidence: 99%

“…The Ada code of Peek is very close to the original C code of Figure 9. We only add two loop invariants (lines [12][13][14][15][16][17][18] that are directly derived from the post-conditions. These invariants are the expected ones in presence of such a loop.…”

Section: Specification and Verification Of Pokebit64mentioning

confidence: 99%

Specification and Proof of High-Level Functional Properties of Bit-Level Programs

Fumex

Dross

Gerlach

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In a computer program, basic functionalities may be implemented using bit-wise operations. To formally specify the expected behavior of such a lowlevel program, it is desirable that the specification should be at a more abstract level. Formally proving that low-level code conforms to a higher-level specification is challenging, because of the gap between the different levels of abstraction. We address this challenge by designing a rich formal theory of fixed-sized bit vectors, which on the one hand allows a user to write abstract specifications close to the human-or mathematical-level of thinking, while on the other hand permits a close connection to decision procedures and tools for bit vectors, as they exist in the context of the Satisfiability Modulo Theory framework. This approach is implemented in the Why3 environment for deductive program verification, and also in its front-end environment SPARK for the development of safety-critical Ada programs. We report on several case studies used to validate our approach.

show abstract

“…Today, many systems use a flavor of first-order logic [3,5,6,11,17,36]. Beside equality, a handful of built-in theories are typically considered.…”

Section: Specificationsmentioning

confidence: 99%