Automatic generation of invariants and intermediate assertions

  • Nikolaj Bjørner
  • Anca Browne
  • Zohar Manna
Invited Lectures and Tutorials
Part of the Lecture Notes in Computer Science book series (LNCS, volume 976)


Verifying temporal specifications of reactive and concurrent systems commonly relies on generating auxiliary assertions and strengthening given properties of the system. Two dual approaches find solutions to these problems: the bottom-up method performs an abstract forward propagation of the system, generating auxiliary properties; the top-down method performs an abstract backward propagation to strengthen given properties. Exact application of these methods is complete but is usually infeasible for large-scale verification. An approximate analysis can often supply enough information to complete the verification.

The paper overviews some of the exact and approximate analysis methods to generate and strengthen assertions for the verification of invariance properties. By formulating and analyzing a generic safety verification rule we extend these methods to the verification of general temporal safety properties.


Monotone Operator Safety Property Tree Automaton Rule Safe General Safety 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [CC77]
    P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In 4th ACM Symp. Princ. of Prog. Lang., pages 238–252. ACM Press, 1977.Google Scholar
  2. [CGL92]
    E.M. Clarke, O. Grumberg, and D.E. Long. Model checking and abstraction. In 19th ACM Symp. Princ. of Prog. Lang., pages 343–354, 1992.Google Scholar
  3. [CH78]
    P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among the variables of a program. In 5th ACM Symp. Princ. of Prog. Lang., pages 84–97, Jan. 1978.Google Scholar
  4. [DGG94]
    D.R. Dams, O. Grumberg, and R. Gerth. Abstract interpretation of reactive systems: Abstractions preserving ∀CTL*, ∃ECTL*, CTL*. In IFIP Working Conference on Programming Concepts, Methods and Calculi (PROCOMET 94), pages 573–592, June 1994.Google Scholar
  5. [Gra91]
    P. Granger. Static analysis of linear congruence equalities among variables of a program. In TAPSOFT 91, Vol. 1: Colloq. on Trees in Algebra and Programming (CAAP '91), LNCS, pages 169–192. Springer-Verlag, April 1991.Google Scholar
  6. [GW75]
    S. M. German and B. Wegbreit. A Synthesizer of Inductive Assertions. IEEE transactions on Software Engineering, 1(1):68–75, March 1975.Google Scholar
  7. [Har84]
    D. Harel. Statecharts: A visual approach to complex systems. Technical Report CS84-05, Dept. of Applied Mathematics, Weizmann Institute of Science, 1984.Google Scholar
  8. [Hei92]
    N. Heintze. Set Based Program Analysis. PhD thesis, Carnegie Mellon University, 1992.Google Scholar
  9. [HH95]
    T.A. Henzinger and P.-H. Ho. Algorithmic analysis of nonlinear hybrid systems. In Proc. 7th Intl. Conference on Computer Aided Verification, LNCS, 1995.Google Scholar
  10. [HJ91]
    N. Heintze and J. Jaffar. A decision procedure for a class of Herbrand set constraints. Technical Report CMU-CS-91-110, Carnegie Mellon University, Feb. 1991. Abstract appears in Proceedings of the 5th Annual IEEE Symposium on Logic in Computer Science, 1990.Google Scholar
  11. [HRP94]
    N. Halbwachs, P. Raymond, and Y.-E. Proy. Verification of linear hybrid systems by means of convex approximations. In 1st Intl. Static Analysis Symp., vol. 864 of LNCS, pages 223–237. Springer-Verlag, Sept. 1994.Google Scholar
  12. [Kar76]
    M. Karr. Affine relationships among variables of a program. Acta Informatica, 6:133–151, 1976.CrossRefGoogle Scholar
  13. [KM76]
    S. Katz and Z. Manna. Logical analysis of programs. Communications of the ACM, 19(4):188–206, April 1976.CrossRefGoogle Scholar
  14. [Lau73]
    K. Lautenbach. Exacte Bedingungen der Lebendigkeit für eine Klasse von Petri-Netzen. St. Augustin, GMD Bonn, 82, 1973.Google Scholar
  15. [MAB+94]
    Z. Manna, A. Anuchitanukul, N. Bjørner, A. Browne, E. Chang, M. Colón, L. de Alfaro, H. Devarajan, H.B. Sipma, and T.E. Uribe. STeP: The Stan-ford temporal prover. Technical Report STAN-CS-TR-94-1518, Computer Science Department, Stanford University, July 1994.Google Scholar
  16. [MP95]
    Z. Manna and A. Pnueli. Temporal Verification of Reactive Systems: Safety. Springer-Verlag, New York, 1995.Google Scholar
  17. [Rei85]
    W. Reisig. Petri Nets: An Introduction, vol. 4 of EATCS Monographs on Theoretical Computer Science. Springer-Verlag, Berlin, 1985.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Nikolaj Bjørner
    • 1
  • Anca Browne
    • 1
  • Zohar Manna
    • 1
  1. 1.Computer Science DepartmentStanford UniversityStanford

Personalised recommendations