A generalization of Dijkstra's calculus
ACM Transactions on Programming Languages and Systems (TOPLAS)
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
How to Compose Presburger-Accelerations: Applications to Broadcast Protocols
FST TCS '02 Proceedings of the 22nd Conference Kanpur on Foundations of Software Technology and Theoretical Computer Science
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
A buffer overflow benchmark for software model checkers
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Loop Summarization Using Abstract Transformers
ATVA '08 Proceedings of the 6th International Symposium on Automated Technology for Verification and Analysis
Symbolic program analysis using term rewriting and generalization
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Finding Loop Invariants for Programs over Arrays Using a Theorem Prover
FASE '09 Proceedings of the 12th International Conference on Fundamental Approaches to Software Engineering: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Verification and falsification of programs with loops using predicate abstraction
Formal Aspects of Computing
Communications of the ACM
Simplifying loop invariant generation using splitter predicates
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Bound analysis of imperative programs with the size-change abstraction
SAS'11 Proceedings of the 18th international conference on Static analysis
Lazy abstraction with interpolants
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Counterexamples with loops for predicate abstraction
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
A practical and complete approach to predicate refinement
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
ATVA'12 Proceedings of the 10th international conference on Automated Technology for Verification and Analysis
| Hi-index | 0.00 |
Many software model checkers only detect counterexamples with deep loops after exploring numerous spurious and increasingly longer counterexamples. We propose a technique that aims at eliminating this weakness by constructing auxiliary paths that represent the effect of a range of loop iterations. Unlike acceleration, which captures the exact effect of arbitrarily many loop iterations, these auxiliary paths may under-approximate the behaviour of the loops. In return, the approximation is sound with respect to the bit-vector semantics of programs. Our approach supports arbitrary conditions and assignments to arrays in the loop body, but may as a result introduce quantified conditionals. To reduce the resulting performance penalty, we present two quantifier elimination techniques specially geared towards our application. Loop under-approximation can be combined with a broad range of verification techniques. We paired our techniques with lazy abstraction and bounded model checking, and evaluated the resulting tool on a number of buffer overflow benchmarks, demonstrating its ability to efficiently detect deep counterexamples in C programs that manipulate arrays.