Junyan Qian,Baowen Xu

2006-01-01

WSEAS TRANSACTIONS ON COMPUTERS

Abstract:Model checking has been interest in applying model checking to software. However, the major problem of software model checking is the state space explosion problem. For model checking software, abstraction is a key issue. We present a methodology for automatically constructing an abstraction of C programs based on finite state machine. Firstly eliminate unneeded variables using program slicing technique and restrict C program to a simple intermediate form before constructing an abstract model of program. And then automatically extract a finite model from C source code using predicate abstraction and theorem proving. Finally, in order to reduce time complexities, we partition the set of candidate predicates into subsets, and construct abstract model independently.

Junyan Qian,Baowen Xu

2007-01-01

Abstract:we present a methodology for automatically verifying programs against safety specifications based on finite state machine. Firstly, computing the abstract transition between abstract states is done by calling a theorem prover, and then an initial abstract model automatically is extracted from concrete program using predicate abstraction. However, the process of abstraction can be exponential in the number of predicates used. Program slicing, predicate inference and partitioning the set of candidate predicates into subsets make abstract model construction effective. By counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Finally, our methods can be extended to verifying concurrency programs by parallel composition.

Li Li,Ming Gu,Xiaoyu Song,Jianmin Wang

DOI: https://doi.org/10.1109/TASE.2008.18

2008-01-01

Abstract:The paper presents a new approach to computing the abstract state and a maximum weight heuristic method for finding the shortest counter-example in verification of imperative programs. The strategy is incorporated in a verification system based on the counterexample-guided abstraction refinement method. The proposed method slashes both the size of the abstract state space and the number of invokes of a decision procedure. A number of benchmarks are employed to evaluate the effectiveness of the approach.

Li,XiaoYu Song,Ming Gu,XiangYu Luo

DOI: https://doi.org/10.1007/s11432-010-4150-2

2010-01-01

Abstract:The paper presents a new approach to computing the abstract state and a maximum weight heuristic method for finding the shortest counter-example in verification of imperative programs. The strategy is incorporated in a verification system based on the counterexample-guided abstraction refinement method. The proposed method slashes both the size of the abstract state space and the number of invokes of a decision procedure. A number of benchmarks are employed to evaluate the effectiveness of the approach.

Junyan Qian,Baowen Xu,Yingzhou Zhang

2007-01-01

Journal of Computational Information Systems

Abstract:Model checking is an automatic formal verification technique for a finite state system. Iterative abstraction refinement has emerged recently as the leading approach to software model checking. We present a methodology for automatically verifying programs against safety specifications based on finite state machine. As the first step, an initial abstract model is automatically extracted from source code using predicate abstraction and theorem proving. In order to reduce time complexities of this process, we partition the set of candidate predicates into subsets, and then construct abstract model independently.

Junyan Qian,Baowen Xu

DOI: https://doi.org/10.15388/informatica.2007.178

2007-01-01

Informatica

Abstract:Iterative abstraction refinement has emerged in the last few years as the leading approach to software model checking. We present an approach for automatically verifying C programs against safety specifications based on finite state machine. The approach eliminates unneeded variables using program slicing technique, and then automatically extracts an initial abstract model from C source code using predicate abstraction and theorem proving. In order to reduce time complexities, we partition the set of candidate predicates into subsets, and construct abstract model independently. On the basis of a counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Our methods can be extended to verifying concurrency C programs by parallel composition.

Kai Yang,Cong Tian,Nan Zhang,Zhenhua Duan,Hongwei Du

DOI: https://doi.org/10.1109/tr.2021.3118877

IF: 5.883

2021-12-01

IEEE Transactions on Reliability

Abstract:In this article, we present an approach based on counterexample-guided abstraction refinement to verifying full regular temporal properties of C programs by means of combining both static analysis and dynamic verification. To this end, a desired property is specified by a propositional projection temporal logic formula $p$, and the labeled normal form graph (LNFG) of $\lnot p$ is automatically produced. Furthermore, the control flow automaton of the C program is constructed, and an enriched abstract reachability tree is generated under the guidance of the LNFG. Throughout the construction of the eART, whenever a candidate counterexample $cp$ is found, a verification input w.r.t $cp$ is generated by the SMT solver Z3. Subsequently, the C program is converted into a modeling, simulation, and verification language (MSVL) program $m$, and $\lnot p$ is also transformed to an MSVL program $m^{\prime }$. As a result, $m\; \text{and} \;m^{\prime }$ is executed to check whether the counterexample is spurious. The $cp$ is returned if it is a real counterexample; otherwise, the eART is refined. This process is repeated until no counterexample is found, namely the property is valid, or the counterexample is a real one The proposed approach enables us to not only verify full regular properties of C programs, but also produce precise results, neither false negatives nor false positives. The approach has been implemented in a tool named SDMC. Experiments show that SDMC outperforms the relevant tools available.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Tuba Yavuz,Chelsea Metcalf

DOI: https://doi.org/10.48550/arXiv.1801.02457

2017-12-31

Abstract:In this paper we consider the problem of configuring partial predicate abstraction that combines two techniques that have been effective in analyzing infinite-state systems: predicate abstraction and fixpoint approximations. A fundamental problem in partial predicate abstraction is deciding the variables to be abstracted and the predicates to be used. In this paper, we consider systems modeled using linear integer arithmetic and investigate an alternative approach to counter-example guided abstraction refinement. We devise two heuristics that search for predicates that are likely to be precise. The first heuristic performs the search on the problem instance to be verified. The other heuristic leverages verification results on the smaller instances of the problem. We report experimental results for CTL model checking and discuss advantages and disadvantages of each approach.

Logic in Computer Science

Li Li,Xiaoyu Song,Ming Gu,Jianmin Wang

DOI: https://doi.org/10.1109/COMPSAC.2008.7

2008-01-01

Abstract:Program verification is an important task in software engineering. Abstraction plays a critical role in verifying infinite state systems by model checking. We present a novel method to automatically compute the abstract reachable state space of programs. An effective heuristic strategy is employed to find an abstract counter example, thus reducing the proof time for using theorem proving systems. In comparison with the previous work, the proposed approach demonstrates its effectiveness in predicate abstraction.

Zhenyu Chen,Conghua Zhou,Decheng Ding

DOI: https://doi.org/10.1109/HLDVT.2005.1568832

2005-01-01

Abstract:Model checking has emerged as a promising and powerful approach to analyze Petri nets automatically, but a main challenge is the state explosion problem. To obtain an efficient state space, we implement a series of formalisms based on Petri nets to achieve automatically predicate abstraction and refinement via new predicate discovery. However, the complicated predicates would slow down the abstraction refinement process. Novel Feature of our approach is minimizing the support of predicates, via diagnosing the failure reasons of transitions and projecting places on predicates to eliminate the dumb variables. In addition, a demonstrative example shows that our techniques could work efficiently on Petri nets.

Alessandro Cimatti,Alberto Griggio,Sergio Mover,Stefano Tonetta

DOI: https://doi.org/10.48550/arXiv.1310.6847

2013-10-25

Abstract:We present a novel approach for generalizing the IC3 algorithm for invariant checking from finite-state to infinite-state transition systems, expressed over some background theories. The procedure is based on a tight integration of IC3 with Implicit (predicate) Abstraction, a technique that expresses abstract tran- sitions without computing explicitly the abstract system and is incremental with respect to the addition of predicates. In this scenario, IC3 operates only at the Boolean level of the abstract state space, discovering inductive clauses over the abstraction predicates. Theory reasoning is confined within the underlying SMT solver, and applied transparently when performing satisfiability checks. When the current abstraction allows for a spurious counterexample, it is refined by discov- ering and adding a sufficient set of new predicates. Importantly, this can be done in a completely incremental manner, without discarding the clauses found in the previous search. The proposed approach has two key advantages. First, unlike current SMT gener- alizations of IC3, it allows to handle a wide range of background theories without relying on ad-hoc extensions, such as quantifier elimination or theory-specific clause generalization procedures, which might not always be available, and can moreover be inefficient. Second, compared to a direct exploration of the concrete transition system, the use of abstraction gives a significant performance improve- ment, as our experiments demonstrate.

Logic in Computer Science,Software Engineering

Zhou Conghua,Chen Zhenyu,Ju Shiguang

2008-01-01

Journal of Computer Research and Development

Abstract:For concurrent software systems, linear temporal logic SE-LTL is a specification language with high expressive power and the ability to reason about both states and events. Until now, the SE-LTL model checking algorithm is still explicit, and the state explosion is the primary verification difficulty. A bounded model checking procedure is introduced for SE-LTL which reduces model checking to propositional satisfiability. This new technique avoids the space blow up of BDDs, and sometimes speeds up the verification. For SE-LTL-X the procedure and stuttering equivalent technique is further integrated. The experiment result shows that the integration can reduce the verification time very much.

Niklas Een,Alan Mishchenko,Nina Amla

DOI: https://doi.org/10.48550/arXiv.1008.2021

2010-08-11

Logic in Computer Science

Abstract:This paper presents an efficient, combined formulation of two widely used abstraction methods for bit-level verification: counterexample-based abstraction (CBA) and proof-based abstraction (PBA). Unlike previous work, this new method is formulated as a single, incremental SAT-problem, interleaving CBA and PBA to develop the abstraction in a bottom-up fashion. It is argued that the new method is simpler conceptually and implementation-wise than previous approaches. As an added bonus, proof-logging is not required for the PBA part, which allows for a wider set of SAT-solvers to be used.

Min Zhou,Fei He,Ming Gu

DOI: https://doi.org/10.1109/TASE.2011.23

2011-01-01

Abstract:Propositional satisfiability problem (SAT) is a fundamental problem both in theory and practice. In the area of software engineering, people employ various techniques, such as model checking, theorem proving, automated testing and so on, to ensure the quality of software. Those techniques are usually based on SAT solvers. The efficiency is an important criterion for a good SAT solver. Besides, the ability of producing proofs is also considered to be quite useful because it provides a mechanism that the correctness of checking result is guaranteed. Moreover, proofs can be used when calculating interpolation. In this paper, we investigate a new resolution based algorithm for solving SAT problem. The algorithm combines resolution and search. It resolves certain clauses when necessary and at the same time tries to find a valuation under which the formula evaluates to true. Information found in the process of searching for such a valuation is used to guide the resolution. The algorithm stops whenever a satisfying valuation is found or empty clause is generated. So, it terminates quickly for both satisfiable and unsatisfiable clauses. Compared with other resolution based algorithms, the experiment result shows that the number of resolutions and number of generated clauses are much less than directional resolution. Another major advantage of our algorithm is, once terminates, a proof can be easily generated with very low time complexity.

Shujun Deng,Weimin Wu,Jinian Bian

DOI: https://doi.org/10.1007/978-3-540-72863-4_31

2007-01-01

Abstract:Bounded Model Checking (BMC) based on SAT is a complementary technique to BDD-based Symbolic Model Checking, and it is useful for finding counterexamples of minimum length. However, for model checking of large real world systems, BMC is still limited by the state explosion problem, thus abstraction is essential. In this paper, BMC is implemented on a higher abstraction level - Register Transfer Level (RTL) within an abstraction framework of symbolic trajectory evaluation and hybrid three-valued SAT solving. An efficient SAT solver for RTL circuits is presented, and it is modified into a three-valued solver for the cooperative BMC application. The experimental results comparing with the ordinary BMC without abstraction show the efficiency of our method.

Fei He,Xiaoyu Song,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1093/comjnl/bxm085

2007-01-01

The Computer Journal

Abstract:Model checking has been considered as a promising approach to establish the correctness of systems. Counterexample-guided abstraction refinement is a key strategy for model checking in verification of large-scale systems. State separation problem poses the main hurdle during the refinement. We present two fast heuristics to solve this problem. We prove the effectiveness of our heuristics by both theoretical analysis and experimental results. Experimental results show the promising performance of our approach.

Jianhui Chen,Fei He

DOI: https://doi.org/10.1145/3238147.3238218

2018-01-01

Abstract:Satisfiability modulo theories (SMT) solvers have been widely applied as the reasoning engine for diverse software analysis and verification technologies. The efficiency of the SMT solver has significant effects on the performance of these technologies. However, the current SMT solvers are designed for the general purpose of constraint solving. Many useful knowledge of programs cannot be utilized during the SMT solving. As a result, the SMT solver may spend a lot of effort to explore redundant search space. In this paper, we propose a novel approach for utilizing control-flow knowledge in SMT solving. With this technique, the search space can be considerably reduced and the efficiency of SMT solving is observably improved. We conducted extensive experiments on credible benchmarks, the results show orders of magnitude improvements of our approach.

CAO Jing,XU Bao-wen

DOI: https://doi.org/10.3969/j.issn.1002-137X.2009.01.066

2009-01-01

Computer Science

Abstract:Type analysis plays an important role in object-oriented program analysis.Accurate type analysis will improve the precision of other program analyses.However,due to the inherent high complexity of traditional type analysis,people generally make rapid but coarse analyses.This paper presented a new type analysis method of object-oriented program based on SAT solver,in which we show transfer relationship among variables by the proposition logic method,abstract programs into proposition formulas and adopt highly effective SAT solver so that we can obtain variable run-time types through decoding the results.This method is flow-sensitive with good flexibility,that is to say,it can not only make rapid but rough context-insensitive analysis,but also comparatively slow but highly accurate context-sensitive one.

Robin Coutelier,Laura Kovács,Michael Rawson,Jakob Rath

DOI: https://doi.org/10.1007/978-3-031-38499-8_11

2024-01-31

Abstract:Subsumption resolution is an expensive but highly effective simplifying inference for first-order saturation theorem provers. We present a new SAT-based reasoning technique for subsumption resolution, without requiring radical changes to the underlying saturation algorithm. We implemented our work in the theorem prover Vampire, and show that it is noticeably faster than the state of the art.

Logic in Computer Science

Xia Yin,Qingguo Xu,Kunliang Han

DOI: https://doi.org/10.1109/iThings/CPSCom.2011.21

IF: 5.711

2011-01-01

Internet of Things

Abstract:In this paper, we propose a mechanized framework for formal verification of real-time systems based on predicate abstraction in PVS (Prototype Verification System) based on timed automata model. This framework is composed by two parts: one for modeling the real-time system and its abstract system which is abstracted from concrete time system by predicate abstraction and over-approximation techniques, the other for proving the properties need to be verified with which we can consider that our framework is effective. A finite state property-preserving abstraction of the original system is established in this framework.