Abstract
Computer aided formal methods have been very successful for the verification or at least enhanced debugging of hardware. The cost of correction of a hardware bug is huge enough to justify high investments in alternatives to testing such as correctness verification. This is not the case for software for which bugs are a quite common situation which can be easily handled through online updates. However in the area of embedded software, errors are hardly tolerable. Such embedded software is often safety-critical, so that a software failure might create a safety hazard in the equipment and put human life in danger. Thus embedded software verification is a research area of growing importance. Present day software verification technology can certainly be useful but is yet too limited to cope with the formidable challenge of complete software verification. We highlight some of the problems to be solved and envision possible abstract interpretation based static analysis solutions.
This work was supported in part by the RTD project IST-1999-20527 Daedalus of the european IST FP5 programme.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
J. A. Abraham. The myth of fault tolerance in complex systems, keynote speech. In The Pacific Rim International Symposium on Dependable Computing, PRDC’99, Hong Kong, CN. IEEE Comp. Soc. Press, 16–17 Dec. 1999. http://www.cerc.utexas.edu/~jaa/talks/prdc-1999/.
S. Abramsky, D. M. Gabbay, and T. S. E. Maibaum, eds. Semantic Modelling, volume 4 of Handbook of Logic in Computer Science. Clarendon Press, 1995.
J.-R. Abrial. The B-Book. Cambridge U. Press, 1996.
R. Alur and D. L. Dill. A theory of timed automata. Theoret. Comput. Sci., 126(2):183–235, 1994.
T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for boolean programs. In K. Havelund, J. Penix, and W. Visser, eds., Proc. 7th SPIN Workshop, Stanford, CA, LNCS 1885, pages 113–130. Springer-Verlag, Aug. 30-Sep. 1, 2000.
I. Beer, S. Ben-David, C. Eisner, D. Geist, L. Gluhovsky, T. Heyman, A. Landver, P. Paanah, Y. Rodeh, G. Ronin, and Y. Wolfsthal. RuleBase: Model checking at IBM. In O. Grumberg, editor, Proc. 9th Int. Conf. CAV’97, Haifa, IL, LNCS 1254, pages 480–483. Springer-Verlag, 22-25 Jul. 1997.
A. M. Ben-Amram and N. D. Jones. Computational complexity via programming languages: constant factors do matter. Acta Informat., 37(2):83–120, 2000.
A. Benveniste, P. Le Guernic, and C. Jacquemot. Synchronous programming with events and relations: the Signal language and its semantics. Sci. Comput. Programming, 16(2):103–149, 1991.
A. Biere, A. Cimatti, E. M. Clarke, M. Fujita, and Y. Zhu. Symbolic model checking using SAT procedures instead of BDDs. In Proc. 36th Conf. DAC’99, New Orleans, LA, pages 317–320. ACM Press, 21-25 June 1999.
B. Boigelot and P. Godefroid. Symbolic verification of communication protocols with infinite state spaces using QDDs (extended abstract). In R. Alur and T.A. Henzinger, eds., Proc. 8th Int. Conf. CAV’96, New Brunswick, NJ, LNCS 1102, pages 1–12. Springer-Verlag, 31 Jul.-3 Aug. 1996.
F. Bourdoncle. Abstract debugging of higher-order imperative languages. In Proc. ACM SIGPLAN’ 93 Conf. PLDI. ACM SIGPLAN Not. 28(6), pages 46–55, Albuquerque, NM,23-25 June 1993. ACM Press.
J. R. Burch, E. M. Clarke, K. L. McMillan, D.L. Dill, and L.J. Hwang. Symbolic model checking: 1020 states and beyond. Inform. and Comput., 98(2):142–170, June 1992.
Cadencer® “formalcheck” model checking verification. http://www.cadence.com/datasheets/formalcheck.html.
P. Caspi, D. Pilaud, N. Halbwachs, and J. Plaice. Lustre: a declarative language for programming synchronous systems. In 14th POPL, Munchen, DE, 1987. ACM Press.
Y-A. Chen, E. M. Clarke, P. H. Ho, Y. Hoskote, T. Kam, M. Khaira, J. O’Leary, and X. Zhao. Verification of all circuits in a floating-point unit using word-level model checking. In M.S. Srivas and A. J. Camilleri, eds., Proc. 1st Int. Conf. on Formal Methods in Computer-Aided Design, FMCAD’96, number 1166 in LNCS, pages 19–33, Palo Alto, CA, 6-8 Nov. 1996. Springer-Verlag.
E. M. Clarke and E. A. Emerson. Synthesis of synchronization skeletons for branching time temporal logic. In IBM Workshop on Logics of Programs, Yorktown Heights, NY, US, LNCS 131. Springer-Verlag, May 1981.
E. M. Clarke, E. A. Emerson, S. Jha, and A. P. Sistla. Symmetry reductions in model checking. In A.J. Hu and M.Y. Vardi, eds., Proc. 10th Int. Conf. CAV’98, Vancouver, BC, CA,LNCS 1427, pages 147–158. Springer-Verlag, 28 June-2 Jul. 1998.
E. M. Clarke, O. Grumberg, S. Jha, Y. Lu, and. Veith. Counterexample-guided abstraction refinement. In E. A. Emerson and A. P. Sistla, eds., Proc. TWELFTHInt. Conf. CAV’00, Chicago, IL, LNCS 1855, pages 154–169. Springer-Verlag, 15-19 Jul. 2000.
E. M. Clarke, O. Grumberg, S. Jha, Y. Lu, and. Veith. Progress on the state explosion problem in model checking. In R. Wilhelm, editor, ≪ Informatics — 10 Years Back, 10 Years Ahead ≫, volume 2000 of LNCS, pages 176–194. Springer-Verlag, 2000.
E. M. Clarke, O. Grumberg, and D. A. Peled. Model Checking. MIT Press, 1999.
E. M. Clarke, S. Jha, Y. Lu, and D. Wang. Abstract BDDs: A technique for using abstraction in model checking. In L. Pierre and T. Kropf, eds., Correct Hardware Design and Verification Methods, Proc. 10th IFIP WG 10.5 Adv. Res. Work. Conf. CHARME’99, Bad Herrenalp, DE, LNCS 1703, pages 172–186. Springer-Verlag, 27-29 Sep. 1999.
R. Cleaveland, P. Iyer, and D. Yankelevitch. Optimality in abstractions of model checking. In A. Mycroft, editor, Proc. 2nd Int. Symp. SAS’ 95, Glasgow, UK, 25-27 Sep. 1995, LNCS 983, pages 51–63. Springer-Verlag, 1995.
P. Cousot. Méthodes itératives de construction et d’approximation de points fixes d’opérateurs monotones sur un treillis, analyse sémantique de programmes. Thése d’État és sciences mathématiques, Université scientifique et médicale de Grenoble, Grenoble, FR, 21 Mar. 1978.
P. Cousot. Semantic foundations of program analysis. In S.S. Muchnick and N.D. Jones, eds., Program Flow Analysis: Theory and Applications, chapter 10, pages 303–342. Prentice-Hall, 1981.
P. Cousot. Methods and logics for proving programs. In J. van Leeuwen, editor, Formal Models and Semantics, volume B of Handbook of Theoretical Computer Science, chapter 15, pages 843–993. Elsevier, 1990.
P. Cousot. Abstract interpretation based formal methods and future challenges, invited paper. In R. Wilhelm, editor, ≪ Informatics — 10 Years Back, 10 Years Ahead ≫, volume 2000 of LNCS, pages 138–156. Springer-Verlag, 2000.
P. Cousot. Partial completeness of abstract fixpoint checking, invited paper. In B.Y. Choueiry and T. Walsh, eds., Proc. 4th Int. Symp. SARA’2000, Horseshoe Bay, TX, LNAI 1864, pages 1–25. Springer-Verlag, 26-29 Jul. 2000.
P. Cousot. Compositional separate modular static analysis of programs by abstract interpretation. Proc. SSGRR 2001-Advances in Infrastructure for Electronic Business, Science, and Education on the Internet, 6-10 Aug. 2001.
P. Cousot and R. Cousot. Static determination of dynamic properties of programs. In Proc. 2nd Int. Symp. on Programming, pages 106–130. Dunod, 1976.
P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In 4th POPL, pages 238–252, Los Angeles, CA, 1977. ACM Press.
P. Cousot and R. Cousot. Static determination of dynamic properties of recursive procedures. In E.J. Neuhold, editor, IFIP Conf. on Formal Description of Programming Concepts, St-Andrews, N.B., CA, pages 237–277. North-Holland, 1977.
P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In 6th POPL, pages 269–282, San Antonio, TX, 1979. ACM Press.
P. Cousot and R. Cousot.’ `A la Floyd’ induction principles for proving inevitability properties of programs. In M. Nivat and J. Reynolds, eds., Algebraic Methods in Semantics, chapter 8, pages 277–312. Cambridge U. Press, 1985.
P. Cousot and R. Cousot. Comparison of the Galois connection and widening/ narrowing approaches to abstract interpretation. Actes JTASPEFL’ 91, Bordeaux, FR. BIGRE, 74:107–110, Oct. 1991.
P. Cousot and R. Cousot. Abstract interpretation and application to logic programs. J. Logic Programming, 13(2-3):103–179, 1992. (The editor of J. Logic Programming has mistakenly published the unreadable galley proof. For a correct version of this paper, see http://www.di.ens.fr/~cousot.)
P. Cousot and R. Cousot. Comparing the Galois connection and widening/ narrowing approaches to abstract interpretation, invited paper. In M. Bruynooghe and M. Wirsing, eds., Proc. 4th Int. Symp. PLILP’ 92, Leuven, BE, 26-28 Aug. 1992, LNCS 631, pages 269–295. Springer-Verlag, 1992.
P. Cousot and R. Cousot. Galois connection based abstract interpretations for strictness analysis, invited paper. In D. Bjørner, M. Broy, and I.V. Pottosin, eds., Proc. FMPA, Akademgorodok, Novosibirsk, RU, LNCS 735, pages 98–127. Springer-Verlag, 28 June-2 Jul. 1993.
P. Cousot and R. Cousot. Higher-order abstract interpretation (and application to comportment analysis generalizing strictness, termination, projection and PER analysis of functional languages), invited paper. In Proc. 1994 ICCL, pages 95–112, Toulouse, FR, 16-19 May 1994.
P. Cousot and R. Cousot. Abstract interpretation based program testing, invited paper. In Proc. SSGRR 2000 Computer & eBusiness International Conference, Compact disk paper 248 and electronic proceedings http://www.ssgrr.it/en/ssgrr2000/proceedings.htm, L’Aquila, IT, 31 Jul.-6 Aug. 2000.
P. Cousot and R. Cousot. Temporal abstract interpretation. In 27th POPL, pages 12–25, Boston, MA, Jan. 2000. ACM Press.
P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In 5th POPL, pages 84–97, Tucson, AZ, 1978. ACM Press.
N. Dor, M. Rodeh, and M. Sagiv. Cleanness checking of string manipulations in c programs via integer analysis. In P. Cousot, editor, Proc. 8th Int. Symp. SAS’ 01, Paris, FR, LNCS 2126, pages 194–212. Springer-Verlag,16-18 Jul. 2001.
N. Dor, M. Rodeh, and M. Sagiv. Checking cleanness in linked lists. In J. Palsberg, editor, Proc. 7th Int. Symp. SAS’ 2000, Santa Barbara, CA, LNCS 1824, pages 115–134. Springer-Verlag, 29 June-1 Jul. 2000.
J. Feret. Abstract interpretation-based static analysis of mobile ambients. In P. Cousot, editor, Proc. 8th Int. Symp. SAS’ 01, Paris, FR, LNCS 2126, pages 413–431. Springer-Verlag, 16-18 Jul. 2001.
J. Feret. Occurrence counting analysis for the ?-calculus. ENTCS, 39, 2001. http://www.elsevier.nl/locate/entcs/volume39.html.
J. Feret. Confidentiality analysis of mobile systems. In J. Palsberg, editor, Proc. 7th Int. Symp. SAS’ 2000, Santa Barbara, CA, LNCS 1824, pages 135–154. Springer-Verlag, 29 June-1 Jul. 2000.
P. Flajolet, B. Salvy, and P. Zimmermann. Automatic average-case analysis of algorithm. Theoret. Comput. Sci., 79(1):37–109, 1991.
R.W. Floyd. Assigning meaning to programs. In J.T. Schwartz, editor, Proc. Symposium in Applied Mathematics, volume 19, pages 19–32. AMS, 1967.
R. Giacobazzi and E. Quintarelli. Incompleteness, counterexamples and refinements in abstract model-checking. In P. Cousot, editor, Proc. 8th Int. Symp. SAS’ 01, Paris, FR, LNCS 2126, pages 356–373. Springer-Verlag, 16-18 Jul. 2001.
É. Goubault. Static analyses of the precision of floating-point operations. In P. Cousot, editor, Proc. 8th Int. Symp. SAS’ 01, Paris, FR, LNCS 2126, pages 234–259. Springer-Verlag, 16-18373 Jul. 2001.
N. Halbwachs. About synchronous programming and abstract interpretation. In B. Le Charlier, editor, Proc. 1st Int. Symp. SAS’ 94, Namur, BE, 20-22 Sep. 1994, LNCS 864, pages 179–192. Springer-Verlag, 1994.
N. Halbwachs, F. Lagnier, and C. Ratel. An experience in proving regular networks of processes by modular model checking. Acta Informat., 29(6/7):523–543, 1992.
C. Hankin and S. Hunt. Approximate fixed points in abstract interpretation. Sci. Comput. Programming, 22(3):283–306, 1994. Erratum: Sci. Comput. Programming 23(1): 103 (1994).
ø. Haugen. From MSC-2000 to UML2.0-the future of sequence diagrams. In R. Reed and J. Reed, eds., Proc. SDL 2001: Meeting UML, 10th Int. SDL Forum, Copenhagen, DK, 27-29 June 2001, LNCS 2078, pages 38–51. Springer-Verlag, 2001.
G.J. Holzmann. From code to models. In Proc. 2nd Int. Conf. ACSD’01, Newcastle upon Tyne, GB. IEEEpress, 25–29 June 2001.
G.J. Holzmann and M.H. Smith. Software model checking: Extracting verification models from source code. In Proc. Formal Methods in Software Engineering and Distributed Systems, PSTV/FORTE99, Beijng china, pages 481–497. Kluwer Acad. Pub., Oct. 1999.
M. Huth, R. Jagadeesan, and D.A. Schmidt. Modal transition systems: A foundation for three-valued program analysis. In D. Sands, editor, Proc. 10th ESOP’01, LNCS 2028, pages 155–169, Genova, IT, 2-6 Apr. 2001. Springer-Verlag.
Joint Technical Committee ISO/IEC JTC1, Information Technology. The ISO/IEC 9899:1990 standard for Programming Language C. 1 Dec. 1990.
Joint Technical Committee ISO/IEC JTC1, Information Technology. The ISO/IEC 9899:1999 standard for Programming Language C. 1 Dec. 1999.
Joint Technical Committee ISO/IEC JTC1, Information Technology. The Technical Corrigendum 1 (ISO/IEC 9899 TCOR1) to ISO/IEC 9899:1990 standard for Programming Language C. http://anubis.dkuug.dk/JTC1/SC22/WG14/www/docs/tc2.htm, 1995.
N.D. Jones. Program analysis for implicit computational complexity. In 0. Danvy and A. Filinski, eds., Proc. 2nd Symp. PADO’2001, ?Arhus, DK, 21-23 May 2001, LNCS 2053, page 1. Springer-Verlag, 2001.
Y. Kesten and A. Pnueli. Modularization and abstraction: The keys to formal verification. In L. Brim, J. Gruska, and J. Zlatuska, eds., 23rd Int. Symp. MFCS’ 98, LNCS 1450, pages 54–71. Springer-Verlag, 1998.
D. Kozen. Results on the propositional ?-calculus. Theoret. Comput. Sci., 27:333–354, 1983.
O. Kupferman and M. Y. Vardi. Vacuity detection in temporal model checking. In L. Pierre and T. Kropf, eds., Correct Hardware Design and Verification Methods, Proc. 10th IFIP WG 10.5 Adv. Res. Work. Conf. CHARME’99, Bad Herrenalp, DE, LNCS 1703, pages 82–96. Springer-Verlag,27-29 Sep. 1999.
P. Lacan, J. N. Monfort, L. V. Q. Ribal, A. Deutsch, and G. Gonthier. The software reliability verification process: The Ariane 5 example. In Proceedings DASIA 98-DAta Systems In Aerospace, Athens, GR. ESA Publications, SP-422, 25-28 May 1998.
W. Lee, A. Pardo, J.-Y. Jang, G. Hachtel, and F. Somenzi. Tearing based automatic abstraction for CTLmo del checking. In ICCAD 1996, San Jose, CA, pages 76–81. IEEE Comp. Soc. Press, Nov. 10-14 1996.
M. Leuschel. On the power of homeomorphic embedding for online termination. In G. Levi, editor, Proc. 5th Int. Symp. SAS’ 98, Pisa, IT, 14-16 Sep. 1998, LNCS 1503, pages 200–214. Springer-Verlag, 1998.
J. L. Lions (Chairman of the Board). Ariane 5 flight 501 failure, report by the inquiry board. http://www.esrin.esa.it/htdocs/tidc/Press/Press96/ariane5rep.html, see also http://vlsi.colorado.edu/~abel/pubs/anecdote.html\#ariane.
T. Margaria and W. Yi, eds. Branching vs. Linear Time: Final Showdown, Genova, IT, LNCS 2031. Springer-Verlag, 2-6Apr. 2001.
F. Martin, M. Alt, R. Wilhelm, and C. Ferdinand. Analysis of loops. In K. Koskimies, editor, Proc. 7th Int. Conf. CC’98, Lisbon, PT, LNCS 1383, pages 80–94. Springer-Verlag, 28 Mar.-4 Apr. 1998.
L. Mauborgne. Abstract interpretation using typed decision graphs. Sci. Comput. Programming, 31(1):91–112, May 1998.
A. Miné. A new numerical abstract domain based on difference-bound matrices. In 0. Danvy and A. Filinski, eds., Proc. 2nd Symp. PADO’2001, ?Arhus, DK, 21-23 May 2001, LNCS 2053, pages 155–172. Springer-Verlag, 2001.
S. E. Panitz and M. Schmidt-Schauß. TEA: Automatically proving termination of programs in a non-strict higher-order functional language. In P. Van Hentenryck, editor, Proc. 4th Int. Symp. SAS’ 97, Paris, FR, 8-10 Sep. 1997, LNCS 1302, pages 345–360. Springer-Verlag, 1997.
J.-P. Queille and J. Sifakis. Verification of concurrent systems in Cesar. In Proc. Int. Symp. on Programming, LNCS 137, pages 337–351. Springer-Verlag, 1982.
F. Ranzato. On the completeness of model checking. In D. Sands, editor, Proc. 10th ESOP’2001, Genova, IT, 2-6 Apr. 2001, LNCS 2028, pages 137–154. Springer-Verlag, 2001.
J. Rushby. Automated deduction and formal methods. In R. Alur and T.A. Henzinger, eds., Proc. 8th Int. Conf. CAV’96, number 1102 in LNCS, pages 169–183, New Brunswick, NJ, Jul. /Aug. 1996. Springer-Verlag.
B. G. Ryder, W. Landi, P. A. Stocks, S. Zhang, and R. Altucher. A schema for interprocedural side effect analysis with pointer aliasing. TOPLAS, 2001. To appear.
S. Saïdi. Model checking guided abstraction and analysis. In J. Palsberg, editor, Proc. 7th Int. Symp. SAS’ 2000, Santa Barbara, CA, LNCS 1824, pages 377–396. Springer-Verlag, 29 June-1 Jul. 2000.
D. A. Schmidt. Data-flow analysis is model checking of abstract interpretations. In 25th POPL, pages 38–48, San Diego, CA, 19-21Jan. 1998. ACM Press.
C. Speirs, Z. Somogyi, and H. Søndergaard. Termination analysis for Mercury. In P. Van Hentenryck, editor, Proc. 4th Int. Symp. SAS’ 97, Paris, FR, 8-10 Sep. 1997, LNCS 1302, pages 160–171. Springer-Verlag, 1997.
H. Theiling, C. Ferdinand, and R. Wilhelm. Fast and precise WCET prediction by separated cache and path analyses. Real-Time Syst., 18(2-3):157–179, 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cousot, P., Cousot, R. (2001). Verification of Embedded Software: Problems and Perspectives. In: Henzinger, T.A., Kirsch, C.M. (eds) Embedded Software. EMSOFT 2001. Lecture Notes in Computer Science, vol 2211. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45449-7_8
Download citation
DOI: https://doi.org/10.1007/3-540-45449-7_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42673-8
Online ISBN: 978-3-540-45449-6
eBook Packages: Springer Book Archive