The paper describes a research tool for studying the applicability of bounded model checking techniques to verifying asynchronous software. A simple programming language, PROMELAb, is introduced and an operational semantics for it is defined. The language is basically a subset of PROMELA, the input language of the SPIN model checker. The basic idea is to study techniques for improving the effic...

This paper presents a novel counter-example guided abstraction refinement algorithm for the automatic verification of concurrent programs. Our algorithm proceeds in different steps. It first constructs an abstraction of the original program by slicing away a given subset of variables. Then, it uses an external model checker as a backend tool to analyze the correctness of the abstract program. I...

Recent advances in program verification indicate that various verification problems can be reduced to semi-algebraic system (SAS for short) solving. An SAS consists of polynomial equations and polynomial inequalities. Algorithms for quantifier elimination of real closed fields are the general method for those problems. But the general method usually have low efficiency for specific problems. To...

A perspective on program verification is presented from the point of view of a university professor who has been active over a period of 35 years in the development of formal methods and their supporting tools. He has educated until now approx. 25 Ph.D. researchers in those fields and has written two handbooks in the field of program verification, one unifying known techniques for proving data ...

We discuss the method of Inductive Assertions introduced by Floyd and refined by Hoare, and others. We will study the following idealized problem: Given a program written in a simple imperative language without input/output commands or procedure calls, is it correct? It is possible to introduce input/output, procedure calls and many other features for the programming language, but we will restr...

It is well-known that the verification of partial correctness properties of imperative programs can be reduced to the satisfiability problem for constrained Horn clauses (CHCs). However, state-of-the-art solvers for constrained Horn clauses (or CHC solvers) based on predicate abstraction are sometimes unable to verify satisfiability because they look for models that are definable in a given cla...

Program Verification with Property Directed Reachability by Tobias Welp Doctor of Philosophy in Engineering–Electrical Engineering and Computer Sciences University of California, Berkeley Professor Andreas Kuehlmann, Chair As a consequence of the increasing use of software in safety-critical systems and the considerable risk associated with their failure, effective and efficient algorithms for ...

We consider the problem of verifying finite state properties of shallow programs; i.e., programs where pointers from program variables to heap-allocated objects are allowed, but where heap-allocated objects may not themselves contain pointers. We prove a number of results relating the complexity of such verification problems to the nature of the finite state machine used to specify the property...

A verifying compiler automatically verifies the correctness of a source program before compiling it. Founded on the definition of the source language and a set of rules (a methodology) for using the language, the program’s correctness criteria and correctness argument are provided in the program text by interface specifications and invariants. This paper describes the program-verifier component...

After some general remarks about program verification, we introduce separation logic, a novel extension of Hoare logic that can strengthen the applicability and scalability of program verification for imperative programs using shared mutable data structures or sharedmemory concurrency.