Path-Sensitive Program Veri cation in Polynomial Time
نویسندگان
چکیده
In this paper, we present a new algorithm for program veri cation that runs in polynomial time and space. We are interested in checking that a program satis es a given temporal safety property. Our insight is that by accurately modeling only those branches in a program for which the propertyrelated behaviour of the program di ers along the arms of the branch, we can design an algorithm that is accurate enough for veri cation without paying the exponential cost of full path-sensitive analysis. We have implemented this \abstract simulation" algorithm as part of an error detection tool called ESP. We present the results of applying ESP to the problem of verifying le I/O behaviour of gcc (140 KLOC). We are able to prove that all of the 646 calls to fprintf in gcc are guaranteed to print to valid, opened les at runtime. Our results show that abstract simulation scales to large programs and is accurate enough to verify meaningful properties.
منابع مشابه
It's About Time: Real-Time Logics Reviewed
We summarize and reorganize some of the last decade's research on real-time extensions of temporal logic. Our main focus is on tableau constructions for model checking linear temporal formulas with timing constraints. In particular, we nd that a great deal of real-time veri cation can be performed in polynomial space, but also that considerable care must be exercised in order to keep the real-t...
متن کاملVerify Properties of Mobile Code
Given a program and a speci cation, you may want to verify mechanically and e ciently that this program satis es the speci cation. Software veri cation techniques typically involve theorem proving. If a formal speci cation is easily available, consumption of computational resources is a major issue. Meanwhile, we shall not overlook the psychological factors. Often, you need extra expertise to v...
متن کاملFlow Analysis for Verifying Speci cations of Concurrent and Distributed Software
This paper presents FLAVERS, a nite state veri cation approach that analyzes whether concurrent or sequential programs satisfy user-de ned correctness properties. In contrast to other nite-state veri cation techniques, FLAVERS is based on algorithms with low-order polynomial bounds on the running time. FLAVERS achieves this e ciency at the cost of precision. Users, however, can improve the prec...
متن کاملExploiting Syntactic Structure for
Introduction Model Checking Techniques Hardware Veri cation Software Veri cation Overview of this work Model Checking for Temporal Logics Models of Systems Speci cations Model Checking Exploiting Structure in Software Veri cation The Structure of Programs Non deterministic While Programs Control Flow Graphs Semantics of Programs Modular Model Checking Partition Graphs Operations on Assumption F...
متن کاملImproved Algorithms for Computing the Cycle of Minimum Cost-to-Time Ratio in Directed Graphs
We study the problem of nding the cycle of minimum cost-to-time ratio in a directed graph with n nodes and m edges. This problem has a long history in combinatorial optimization and has recently seen interesting applications in the context of quantitative veri cation. We focus on strongly polynomial algorithms to cover the use-case where the weights are relatively large compared to the size of ...
متن کامل