8,791 research outputs found
On Verifying Complex Properties using Symbolic Shape Analysis
One of the main challenges in the verification of software systems is the
analysis of unbounded data structures with dynamic memory allocation, such as
linked data structures and arrays. We describe Bohne, a new analysis for
verifying data structures. Bohne verifies data structure operations and shows
that 1) the operations preserve data structure invariants and 2) the operations
satisfy their specifications expressed in terms of changes to the set of
objects stored in the data structure. During the analysis, Bohne infers loop
invariants in the form of disjunctions of universally quantified Boolean
combinations of formulas. To synthesize loop invariants of this form, Bohne
uses a combination of decision procedures for Monadic Second-Order Logic over
trees, SMT-LIB decision procedures (currently CVC Lite), and an automated
reasoner within the Isabelle interactive theorem prover. This architecture
shows that synthesized loop invariants can serve as a useful communication
mechanism between different decision procedures. Using Bohne, we have verified
operations on data structures such as linked lists with iterators and back
pointers, trees with and without parent pointers, two-level skip lists, array
data structures, and sorted lists. We have deployed Bohne in the Hob and Jahob
data structure analysis systems, enabling us to combine Bohne with analyses of
data structure clients and apply it in the context of larger programs. This
report describes the Bohne algorithm as well as techniques that Bohne uses to
reduce the ammount of annotations and the running time of the analysis
Finite Model Finding for Parameterized Verification
In this paper we investigate to which extent a very simple and natural
"reachability as deducibility" approach, originated in the research in formal
methods in security, is applicable to the automated verification of large
classes of infinite state and parameterized systems. The approach is based on
modeling the reachability between (parameterized) states as deducibility
between suitable encodings of states by formulas of first-order predicate
logic. The verification of a safety property is reduced to a pure logical
problem of finding a countermodel for a first-order formula. The later task is
delegated then to the generic automated finite model building procedures. In
this paper we first establish the relative completeness of the finite
countermodel finding method (FCM) for a class of parameterized linear arrays of
finite automata. The method is shown to be at least as powerful as known
methods based on monotonic abstraction and symbolic backward reachability.
Further, we extend the relative completeness of the approach and show that it
can solve all safety verification problems which can be solved by the
traditional regular model checking.Comment: 17 pages, slightly different version of the paper is submitted to
TACAS 201
Interpolant-Based Transition Relation Approximation
In predicate abstraction, exact image computation is problematic, requiring
in the worst case an exponential number of calls to a decision procedure. For
this reason, software model checkers typically use a weak approximation of the
image. This can result in a failure to prove a property, even given an adequate
set of predicates. We present an interpolant-based method for strengthening the
abstract transition relation in case of such failures. This approach guarantees
convergence given an adequate set of predicates, without requiring an exact
image computation. We show empirically that the method converges more rapidly
than an earlier method based on counterexample analysis.Comment: Conference Version at CAV 2005. 17 Pages, 9 Figure
Software Model Checking via Large-Block Encoding
The construction and analysis of an abstract reachability tree (ART) are the
basis for a successful method for software verification. The ART represents
unwindings of the control-flow graph of the program. Traditionally, a
transition of the ART represents a single block of the program, and therefore,
we call this approach single-block encoding (SBE). SBE may result in a huge
number of program paths to be explored, which constitutes a fundamental source
of inefficiency. We propose a generalization of the approach, in which
transitions of the ART represent larger portions of the program; we call this
approach large-block encoding (LBE). LBE may reduce the number of paths to be
explored up to exponentially. Within this framework, we also investigate
symbolic representations: for representing abstract states, in addition to
conjunctions as used in SBE, we investigate the use of arbitrary Boolean
formulas; for computing abstract-successor states, in addition to Cartesian
predicate abstraction as used in SBE, we investigate the use of Boolean
predicate abstraction. The new encoding leverages the efficiency of
state-of-the-art SMT solvers, which can symbolically compute abstract
large-block successors. Our experiments on benchmark C programs show that the
large-block encoding outperforms the single-block encoding.Comment: 13 pages (11 without cover), 4 figures, 5 table
A Static Analyzer for Large Safety-Critical Software
We show that abstract interpretation-based static program analysis can be
made efficient and precise enough to formally verify a class of properties for
a family of large programs with few or no false alarms. This is achieved by
refinement of a general purpose static analyzer and later adaptation to
particular programs of the family by the end-user through parametrization. This
is applied to the proof of soundness of data manipulation operations at the
machine level for periodic synchronous safety critical embedded software. The
main novelties are the design principle of static analyzers by refinement and
adaptation through parametrization, the symbolic manipulation of expressions to
improve the precision of abstract transfer functions, the octagon, ellipsoid,
and decision tree abstract domains, all with sound handling of rounding errors
in floating point computations, widening strategies (with thresholds, delayed)
and the automatic determination of the parameters (parametrized packing)
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
- …