The application of predicate abstraction to parameterized systems requires the use of quantified ... more The application of predicate abstraction to parameterized systems requires the use of quantified predicates. These predicates cannot be found automatically by existing techniques and are tedious for the user to provide. In this work we demonstrate a method of discovering most of these predicates automatically by analyzing spurious abstract counter-example traces. Since predicate discovery for unbounded state systems is an undecidable problem, it can fail on some problems. The method has been applied to a simplified version of the Ad hoc On-Demand Distance Vector Routing protocol where it successfully discovers all required predicates.
This reports some experiences with a recently-implemented prototype system for verification using... more This reports some experiences with a recently-implemented prototype system for verification using predicate abstraction, based on the method of Graf and Saïdi [9]. Systems are described using a language of iterated guarded commands, called Murø -- (since it is a simplified version of our Murø protocol description language). The system makes use of two libraries: SVC [1] (an efficient decision procedure for quantifier- free first-order logic) and the CMU BDD library. The use of these libraries increases the scope of problems that can be handled by predicate abstraction through increased efficiency, especially in SVC, which is typically called thousands of times. The verification system also provides limited support for quantifiers in formulas. The system has been applied successfully to two nontrivial examples: the Flash multiprocessor cache coherence protocol, and a concurrent garbage collection algorithm. Verification of the garbage collector algorithm required proving properties simple of graphs, which was also done using predicate abstraction.
Predicate abstraction is an automatic technique that can be used to find abstract models of large... more Predicate abstraction is an automatic technique that can be used to find abstract models of large or infinite-state systems. In tools like Slam, where predicate abstraction is applied to software model checking, a number of heuristic approximations must be used to improve the performance of computing an abstraction from a set of predicates. For this reason, Slam can sometimes reach a state in which it is not able to further refine the abstraction. In this paper we report on an application of Das & Dill’s algorithm for predicate abstraction refinement. Slam now uses this strategy lazily to recover precision in cases where the abstractions generated are too coarse. We describe how we have extended Das & Dill’s original algorithm for use in software model checking. Our extension supports procedures, threads, and potential pointer aliasing. We also present results from experiments with Slam on device driver sources from the Windows operating system.
The application of predicate abstraction to parameterized systems requires the use of quantified ... more The application of predicate abstraction to parameterized systems requires the use of quantified predicates. These predicates cannot be found automatically by existing techniques and are tedious for the user to provide. In this work we demonstrate a method of discovering most of these predicates automatically by analyzing spurious abstract counter-example traces. Since predicate discovery for unbounded state systems is an undecidable problem, it can fail on some problems. The method has been applied to a simplified version of the Ad hoc On-Demand Distance Vector Routing protocol where it successfully discovers all required predicates.
This reports some experiences with a recently-implemented prototype system for verification using... more This reports some experiences with a recently-implemented prototype system for verification using predicate abstraction, based on the method of Graf and Saïdi [9]. Systems are described using a language of iterated guarded commands, called Murø -- (since it is a simplified version of our Murø protocol description language). The system makes use of two libraries: SVC [1] (an efficient decision procedure for quantifier- free first-order logic) and the CMU BDD library. The use of these libraries increases the scope of problems that can be handled by predicate abstraction through increased efficiency, especially in SVC, which is typically called thousands of times. The verification system also provides limited support for quantifiers in formulas. The system has been applied successfully to two nontrivial examples: the Flash multiprocessor cache coherence protocol, and a concurrent garbage collection algorithm. Verification of the garbage collector algorithm required proving properties simple of graphs, which was also done using predicate abstraction.
Predicate abstraction is an automatic technique that can be used to find abstract models of large... more Predicate abstraction is an automatic technique that can be used to find abstract models of large or infinite-state systems. In tools like Slam, where predicate abstraction is applied to software model checking, a number of heuristic approximations must be used to improve the performance of computing an abstraction from a set of predicates. For this reason, Slam can sometimes reach a state in which it is not able to further refine the abstraction. In this paper we report on an application of Das & Dill’s algorithm for predicate abstraction refinement. Slam now uses this strategy lazily to recover precision in cases where the abstractions generated are too coarse. We describe how we have extended Das & Dill’s original algorithm for use in software model checking. Our extension supports procedures, threads, and potential pointer aliasing. We also present results from experiments with Slam on device driver sources from the Windows operating system.
Uploads
Papers by satyaki das