Automatic predicate abstraction of C programs

Ball, Thomas; Majumdar, Rupak; Millstein, Todd; Rajamani, Sriram K.

doi:10.1145/378795.378846

Cited by 457 publications

(249 citation statements)

References 21 publications

Supporting

Mentioning

248

Contrasting

Order By: Relevance

“…Abstraction is one of the principal techniques for reducing the complexity of a verification problem [7,17,18,40]. Abstraction techniques reduce the state space by mapping the set of actual system states to an abstract set of states that preserve the behavior of the actual system.…”

Section: Abstractionmentioning

confidence: 99%

“…However, the computational cost of the predicate abstraction procedure may be too high, making generation of a full set of predicates for a large system infeasible. In practice, the number of computed predicates is bounded [7,11], and model checking is guaranteed to deliver sound results within this bound. The bound limit is increased when errors (if any) are found within the bound and fixed.…”

Section: Abstractionmentioning

confidence: 99%

“…Validation and Refinement 1.Check that CE is a real behavior of C i . This step is done in a manner similar to the counterexample validation techniques employed in software model checkers based on CEGAR[7,11,36].…”

mentioning

confidence: 99%

See 2 more Smart Citations

Verification of evolving software via component substitutability analysis

Chaki

Clarke

Sharygina

et al. 2008

Form Methods Syst Des

View full text Add to dashboard Cite

Section: Abstractionmentioning

confidence: 99%

Section: Abstractionmentioning

confidence: 99%

See 1 more Smart Citation

Verification of evolving software via component substitutability analysis

Chaki

Clarke

Sharygina

et al. 2008

Form Methods Syst Des

View full text Add to dashboard Cite

“…Our technique is especially designed for software employing complex heap-allocated data structures and provides full counterexample paths for each bug found. While generating counterexamples is often impossible for static analysis techniques due to precision loss in join and widening operations [GR06], traditional software model checking [Hol03] requires the manual construction of models or the use of techniques such as predicate abstraction [BMMR01] which do not work well in the presence of heap-allocated data structures. Hence, symbolic execution [Kin76] is our method of choice over static analysis and model checking for the Linux VFS case study presented in this article.…”

Section: Introductionmentioning

confidence: 99%

Verifying compiled file system code

Mühlberg

Lüttgen

2012

Form. Asp. Comput.

View full text Add to dashboard Cite

This article presents a case study on retrospective verification of the Linux Virtual File System (VFS), which is aimed at checking violations of API usage rules and memory properties. Since VFS maintains dynamic data structures and is written in a mixture of C and inlined assembly, modern software model checkers cannot be applied. Our case study centres around our novel automated software verification tool, the SOCA Verifier, which symbolically executes and analyses compiled code. We describe how this verifier deals with complex features such as memory access, pointer aliasing and computed jumps in the VFS implementation, while reducing manual modelling to a minimum. Our results show that the SOCA Verifier is capable of analysing the complex Linux VFS implementation reliably and efficiently, thereby going beyond traditional testing tools and into niches that current software model checkers do not reach. This testifies to the SOCA Verifier's suitability as an effective and efficient bug-finding tool during the development of operating system components.

show abstract

“…For example, variable hiding or pointwise abstraction in which, first, the value of some variables of the specification is considered as unknown, subsequently, extra non-determinism is added to the system when there are predicates over the abstracted variables. Another automated abstraction technique is the so-called predicate abstraction [1] in which only the value of some conditions is retained and propagated over the dependent predicates of the specification. Program slicing [21] is a technique that tries to eliminate all parts of the specification that are not relevant for the current verification.…”

mentioning

confidence: 99%

An abstract interpretation toolkit for μCRL

Espada

Pol

2006

Form Method Syst Des

View full text Add to dashboard Cite

This paper describes a toolkit that assists in the task of generating abstract approximations of process algebraic specifications written in the language µCRL. Abstractions are represented by Modal Labelled Transition Systems, which are mixed transition systems with may and must modalities. The approach permits to infer the satisfaction or refutation of safety and liveness properties expressed in the (action-based) µ-calculus. The tool supports the abstraction of states and action labels, which allows to deal with infinitely branching systems.Keywords Model checking . Process algebra . muCRL . Abstract interpretation 1 Introduction

show abstract

Automatic predicate abstraction of C programs

Cited by 457 publications

References 21 publications

Verification of evolving software via component substitutability analysis

Verification of evolving software via component substitutability analysis

Verifying compiled file system code

An abstract interpretation toolkit for μCRL

Contact Info

Product

Resources

About