Predicate abstraction with indexed predicates
ACM Transactions on Computational Logic (TOCL)
ACM Computing Surveys (CSUR)
Invisible invariants and abstract interpretation
SAS'11 Proceedings of the 18th international conference on Static analysis
SMT solvers for software security
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
| Hi-index | 0.00 |
Modeling and analysis of systems with large, infinite or parameterized state spaces has received much attention in the last decade. These systems include microprocessors with unbounded buffers and memories; parameterized cache-coherence and communication protocols with unbounded channels; and distributed algorithms for mutual exclusion. Most previous works have either used general purpose theorem provers with considerable manual guidance or techniques specific to a particular class of systems. In this work, we express unbounded systems in the Logic of Counter arithmetic with Lambda expressions and Uninterpreted functions (CLU), a quantifier-free fragment of first-order logic. We illustrate the strengths and limitations of the logic with respect to the expressiveness in modeling systems and efficient tools for reasoning in this logic. We exploit efficient Boolean translation of CLU formulas as a basis for constructing a decision procedure for CLU that exploits recent advances in Boolean Satisfiability (SAT) solving. We use a case study of complex out-of-order microprocessors to illustrate the effective use of decision procedures in reducing manual guidance in proving the verification conditions. To automate the construction of inductive invariants, we use predicate number of theorem prover calls, they often failed to scale to large problems. the exponentially large number of decision procedure calls. We leverage recent advances in Boolean methods to perform the task efficiently. We illustrate the effectiveness of the approach for distributed systems and benchmarks from the verification of device drivers in Microsoft Windows. For verifying unbounded systems, it is crucial to construct quantified inside the predicates. We formalize the extension and provide a weakest precondition transformer based mechanism for discovering indexed predicates automatically. This has facilitated automatic safety verification of a number of interesting systems including directory based cache coherence protocols and mutual exclusion algorithms.