The SeaHorn Verification Framework

Gurfinkel, Arie; Kahsai, Temesghen; Komuravelli, Anvesh; Navas, Jorge A.

doi:10.1007/978-3-319-21690-4_20

Cited by 241 publications

(172 citation statements)

References 50 publications

Supporting

Mentioning

170

Contrasting

Unclassified

Order By: Relevance

“…We set a 15GB memory limit and a 900s timeout for the analysis of each benchmark. We used SeaHorn [9] (v0.1.0), 2 an LLVM-based [21] framework for verification of safety properties of programs using Horn Clause solvers; Ultimate Automizer [10] (SV-COMP16), 3 an automata-based software model checker that is implemented in the Ultimate software analysis framework; CPAchecker (v1.4 with predicate abstraction), 4 a tool for configurable software verification that supports a wide range of techniques, including predicate abstraction, and shape and value anlysis; Impara (v0.2), 5 a tool that implements an algorithm that combines a symbolic form of partial-order reduction and lazy abstraction with interpolants for concurrent programs; Satabs (v3.2), 6 a verification tool based on predicate abstraction; and Threader (SV-COMP14), 7 a tool that uses compositional reasoning with regards to the thread structure of concurrent programs based on abstraction refinement. VVT (SV-COMP16), 8 a tool that can both verify programs using IC3 and predicate abstraction also can find bugs using bounded model checking.…”

Section: Methodsmentioning

confidence: 99%

Lazy Sequentialization for the Safety Verification of Unbounded Concurrent Programs

Nguyen

Fischer

Torre

et al. 2016

Automated Technology for Verification and Analysis

View full text Add to dashboard Cite

Abstract. Lazy sequentialization has emerged as one of the most promising approaches for concurrent program analysis but the only efficient implementation given so far works just for bounded programs. This restricts the approach to bugfinding purposes. In this paper, we describe and evaluate a new lazy sequentialization translation that does not unwind loops and thus allows to analyze unbounded computations, even with an unbounded number of context switches. In connection with an appropriate sequential backend verification tool it can thus also be used for the safety verification of concurrent programs, rather than just for bug-finding. The main technical novelty of our translation is the simulation of the thread resumption in a way that does not use gotos and thus does not require that each statement is executed at most once. We have implemented this translation in the UL-CSeq tool for C99 programs that use the pthreads API. We evaluate UL-CSeq on several benchmarks, using different sequential verification backends on the sequentialized program, and show that it is more effective than previous approaches in proving the correctness of the safe benchmarks, and still remains competitive with state-of-the-art approaches for finding bugs in the unsafe benchmarks.

show abstract

Section: Methodsmentioning

confidence: 99%

Lazy Sequentialization for the Safety Verification of Unbounded Concurrent Programs

Nguyen

Fischer

Torre

et al. 2016

Automated Technology for Verification and Analysis

View full text Add to dashboard Cite

show abstract

“…The work on JayHorn is primarily inspired by the success of SMACK [17] and SeaHorn [8] in the previous verification competitions.…”

Section: Related Workmentioning

confidence: 99%

“…Recent verification competitions have shown that this approach is feasible in practice. Tools like SMACK [17] or SeaHorn [8] which use LLVM as a front-end and off-the-shelf verification backends have been able to outperform established tools in many categories.…”

Section: Introductionmentioning

confidence: 99%

JayHorn: A Framework for Verifying Java programs

Kahsai

Rümmer

Sanchez

et al. 2016

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Abstract. Building a competitive program verifiers is becoming cheaper. On the front-end side, openly available compiler infrastructure and optimization frameworks take care of hairy problems such as alias analysis, and break down the subtleties of modern languages into a handful of simple instructions that need to be handled. On the back-end side, theorem provers start providing full-fledged model checking algorithms, such as PDR, that take care looping control-flow. In this spirit, we developed JayHorn, a verification framework for Java with the goal of having as few moving parts as possible. Most steps of the translation from Java into logic are implemented as bytecode transformations, with the implication that their soundness can be tested easily. From the transformed bytecode, we generate a set of constrained Horn clauses that are verified using state-of-the-art Horn solvers. We report on our implementation experience and evaluate JayHorn on benchmarks.

show abstract

“…Close to our work is the SeaHorn verification system [22]. While SeaHorn relies on Z3-PDR to handle inductive predicates on non-heap domains, it is unclear (to us) how SeaHorn supports induction reasoning for heap-based programs (which is one contribution of our present work).…”

Section: Related Workmentioning

confidence: 99%

“…In this work, we investigate the problem of verifying heap-manipulating programs in the framework of SMT. We reduce this problem to solving verification conditions representing precise program semantics [44,10,9,22].…”

Section: Introductionmentioning

confidence: 99%

Satisfiability Modulo Heap-Based Programs

Sun

Chin

2016

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. In this work, we present a semi-decision procedure for a fragment of separation logic with user-defined predicates and Presburger arithmetic. To check the satisfiability of a formula, our procedure iteratively unfolds the formula and examines the derived disjuncts. In each iteration, it searches for a proof of either satisfiability or unsatisfiability. Our procedure is further enhanced with automatically inferred invariants as well as detection of cyclic proof. We also identify a syntactically restricted fragment of the logic for which our procedure is terminating and thus complete. This decidable fragment is relatively expressive as it can capture a range of sophisticated data structures with non-trivial pure properties, such as size, sortedness and near-balanced. We have implemented the proposed solver and a new system for verifying heap-based programs. We have evaluated our system on benchmark programs from a software verification competition.

show abstract

The SeaHorn Verification Framework

Cited by 241 publications

References 50 publications

Lazy Sequentialization for the Safety Verification of Unbounded Concurrent Programs

Lazy Sequentialization for the Safety Verification of Unbounded Concurrent Programs

JayHorn: A Framework for Verifying Java programs

Satisfiability Modulo Heap-Based Programs

Contact Info

Product

Resources

About