thesis.bib

@book{norris,
    place={Cambridge},
    series={Cambridge Series in Statistical and Probabilistic Mathematics},
    title={Markov Chains},
    DOI={10.1017/CBO9780511810633},
    publisher={Cambridge University Press},
    author={Norris, James R.},
    year={1997},
    collection={Cambridge Series in Statistical and Probabilistic Mathematics}
}

@book{Baier2008,
	author = {Baier, Christel and Katoen, Joost-Pieter},
	title = {Principles of Model Checking},
	year = {2008},
	isbn = {978-0-262-02649-9},
	publisher = {The MIT Press},
}

@InProceedings{SVC19,
    author = {Dirk Beyer},
    title = {Automatic Verification of {C} and Java Programs: {SV-COMP} 2019},
    booktitle = {Proc.\ TACAS, part 3},
    series = {LNCS~11429},
    publisher = {Springer},
    pages = {133-155},
    year = {2019},
    doi = {10.1007/978-3-030-17502-3\_9},
    pdf = {https://doi.org/10.1007/978-3-030-17502-3\_9},
    url = {https://sv-comp.sosy-lab.org/2019/} 
}

@ARTICLE{CC14,
    author={Yan {Cai} and W. K. {Chan}},
    journal={IEEE Transactions on Software Engineering},
    title={Magiclock: Scalable Detection of Potential Deadlocks in Large-Scale Multithreaded Programs},
    year={2014},
    volume={40},
    number={3},
    pages={266-281},
    keywords={concurrency control;multi-threading;operating systems (computers);system recovery;Magiclock;potential deadlocks scalable detection;large-scale multithreaded programs;potential deadlock localization;lock order graph;scalability;System recovery;Message systems;Classification algorithms;Instruction sets;Image edge detection;Monitoring;Multicore processing;Deadlock detection;multithreaded programs;concurrency;lock order graph;scalability},
    doi={10.1109/TSE.2014.2301725},
    ISSN={0098-5589},
    month={3}
}

@article{agarwal2010detection,
  title={Detection of Deadlock Potentials in Multithreaded Programs},
  author={Agarwal, Rahul and Bensalem, Saddek and Farchi, Eitan and Havelund, Klaus and Nir-Buchbinder, Yarden and Stoller, Scott D and Ur, Shmuel and Wang, Liqiang},
  journal={IBM Journal of Research and Development},
  volume={54},
  number={5},
  pages={3--1},
  year={2010},
  publisher={IBM},
  doi="10.1147/JRD.2010.2060276"
}

@article{bensalem2005scalable,
  title={Scalable dynamic deadlock analysis of multi-threaded programs},
  author={Bensalem, Saddek and Havelund, Klaus},
  journal={Parallel and Distributed Systems: Testing and Debugging},
  volume={2005},
  year={2005},
  url={https://www.researchgate.net/profile/Klaus_Havelund/publication/221471856_Dynamic_Deadlock_Analysis_of_Multi-threaded_Programs/links/02bfe51368e93ccaa4000000.pdf}
}

@Article{Chaki2005,
author="Chaki, Sagar
and Clarke, Edmund
and Ouaknine, Jo{\"e}l
and Sharygina, Natasha
and Sinha, Nishant",
title="Concurrent software verification with states, events, and deadlocks",
journal="Formal Aspects of Computing",
year="2005",
month={12},
day="01",
volume="17",
number="4",
pages="461--483",
abstract="We present a framework for model checking concurrent software systems which incorporates both states and events. Contrary to other state/event approaches, our work also integrates two powerful verification techniques, counterexample-guided abstraction refinement and compositional reasoning. Our specification language is a state/event extension of linear temporal logic, and allows us to express many properties of software in a concise and intuitive manner. We show how standard automata-theoretic LTL model checking algorithms can be ported to our framework at no extra cost, enabling us to directly benefit from the large body of research on efficient LTL verification.",
issn="1433-299X",
doi="10.1007/s00165-005-0071-z",
_url="https://doi.org/10.1007/s00165-005-0071-z"
}

@article{Demartini99,
author = {Demartini, Claudio and Iosif, Radu and Sisto, Riccardo},
title = {A deadlock detection tool for concurrent Java programs},
journal = {Software: Practice and Experience},
volume = {29},
number = {7},
pages = {577-603},
keywords = {concurrent programming, deadlock, formal analysis, Java, PROMELA, SPIN},
doi = {10.1002/(SICI)1097-024X(199906)29:7<577::AID-SPE246>3.0.CO;2-V},
_url = {https://onlinelibrary.wiley.com/doi/abs/10.1002/%28SICI%291097-024X%28199906%2929%3A7%3C577%3A%3AAID-SPE246%3E3.0.CO%3B2-V},
_eprint = {https://onlinelibrary.wiley.com/doi/pdf/10.1002/%28SICI%291097-024X%28199906%2929%3A7%3C577%3A%3AAID-SPE246%3E3.0.CO%3B2-V},
year = {1999}
}

@inproceedings{Ng2016,
 author = {Ng, Nicholas and Yoshida, Nobuko},
 title = {{Static Deadlock Detection for Concurrent Go by Global Session Graph Synthesis}},
 booktitle = {Proceedings of the 25th International Conference on Compiler Construction},
 series = {CC 2016},
 year = {2016},
 isbn = {978-1-4503-4241-4},
 location = {Barcelona, Spain},
 pages = {174--184},
 numpages = {11},
 _url = {http://doi.acm.org/10.1145/2892208.2892232},
 doi = {10.1145/2892208.2892232},
 acmid = {2892232},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {Communication safety, Concurrent Go, Deadlock freedom, Session types, Static Analysis, Synthesis, Type safety},
} 

@Article{Giesl2017,
	author="Giesl, J{\"u}rgen and Aschermann, Cornelius and Brockschmidt, Marc
		and Emmes, Fabian and Frohn, Florian and Fuhs, Carsten and Hensel, Jera
		and Otto, Carsten and Pl{\"u}cker, Martin and Schneider-Kamp, Peter and
		Str{\"o}der, Thomas and Swiderski, Stephanie and Thiemann, Ren{\'e}",
	title="Analyzing Program Termination and Complexity Automatically with AProVE",
	journal="Journal of Automated Reasoning",
	year="2017",
	month="1",
	day="01",
	volume="58",
	number="1",
	pages="3--31",
	abstract="In this system description, we present the tool AProVE for automatic termination and complexity proofs of Java, C, Haskell, Prolog, and rewrite systems. In addition to classical term rewrite systems (TRSs), AProVE also supports rewrite systems containing built-in integers (int-TRSs). To analyze programs in high-level languages, AProVE automatically converts them to (int-)TRSs. Then, a wide range of techniques is employed to prove termination and to infer complexity bounds for the resulting rewrite systems. The generated proofs can be exported to check their correctness using automatic certifiers. To use AProVE in software construction, we present a corresponding plug-in for the popular Eclipse software development environment.",
	issn="1573-0670",
	doi="10.1007/s10817-016-9388-y",
	_url="https://doi.org/10.1007/s10817-016-9388-y"
}

@inproceedings{Chen2018,
	author = {Chen, Yu-Fang and Heizmann, Matthias and Leng\'{a}l, Ond\v{r}ej and Li, Yong and Tsai, Ming-Hsien and Turrini, Andrea and Zhang, Lijun},
	title = {Advanced Automata-based Algorithms for Program Termination Checking},
	booktitle = {Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation},
	series = {PLDI 2018},
	year = {2018},
	isbn = {978-1-4503-5698-5},
	location = {Philadelphia, PA, USA},
	pages = {135--150},
	numpages = {16},
	_url = {http://doi.acm.org/10.1145/3192366.3192405},
	doi = {10.1145/3192366.3192405},
	acmid = {3192405},
	publisher = {ACM},
	address = {New York, NY, USA},
	keywords = {B\"{u}chi Automata Complementation and Language Difference, Program Termination},
}

 
@inproceedings{Alglave2013,
    author="Alglave, Jade and Kroening, Daniel and Nimal, Vincent and Tautschnig, Michael",
    _editor="Felleisen, Matthias and Gardner, Philippa",
    title="{Software Verification for Weak Memory via Program Transformation}",
    bookTitle="ESOP",
    year="2013",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="512--532",
    _isbn="978-3-642-37036-6",
    doi="10.1007/978-3-642-37036-6_28",
    _url="http://dx.doi.org/10.1007/978-3-642-37036-6_28",
    _read=1,
    _tags="memory model",
    _related_raw="[3,7] write atomicity relaxation, 6 RMO, 2 TSO sound and complete procedure, [4,5] axiomatic model and stability",
    _related="Alglave2010_fences memory model description",
    _summary="Transformation for adding memory models (parametrized from TSO to POWER) to goto-programs together with optimization of the number of delays."
}

@InProceedings{Alglave2013po,
author="Alglave, Jade
and Kroening, Daniel
and Tautschnig, Michael",
editor="Sharygina, Natasha
and Veith, Helmut",
title="Partial Orders for Efficient Bounded Model Checking of Concurrent Software",
booktitle="Computer Aided Verification",
year="2013",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="141--157",
abstract="The number of interleavings of a concurrent program makes automatic analysis of such software very hard. Modern multiprocessors' execution models make this problem even harder. Modelling program executions with partial orders rather than interleavings addresses both issues: we obtain an efficient encoding into integer difference logic for bounded model checking that enables first-time formal verification of deployed concurrent systems code. We implemented the encoding in the CBMC tool and present experiments over a wide range of memory models, including SC, Intel x86 and IBM Power. Our experiments include core parts of PostgreSQL, the Linux kernel and the Apache HTTP server.",
isbn="978-3-642-39799-8",
doi="10.1007/978-3-642-39799-8_9"
}


@Inbook{Alglave2010_fences,
    author="Alglave, Jade and Maranget, Luc and Sarkar, Susmit and Sewell, Peter",
    editor="Touili, Tayssir and Cook, Byron and Jackson, Paul",
    title="Fences in Weak Memory Models",
    bookTitle="Computer Aided Verification",
    year="2010",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="258--272",
    _isbn="978-3-642-14295-6",
    doi="10.1007/978-3-642-14295-6_25",
    _url="http://dx.doi.org/10.1007/978-3-642-14295-6_25",
    _read=1,
    _tags="memory model",
    _related_raw="[3] shared memory intro, [4] POWER, [10], [11] verifying memory coherence, [19] Java memory model + thin air, [23], [25] operational model, [26] axiomatic model",
    _summary="Axiomatic description of memory models and recovering of stronger
        model from weaker using fences."
}

@inproceedings{wmdecidability,
	author = {Atig, Mohamed Faouzi and Bouajjani, Ahmed and Burckhardt, Sebastian and Musuvathi, Madanlal},
	title = {{On the Verification Problem for Weak Memory Models}},
	booktitle = {POPL},
	year = {2010},
	_isbn = {978-1-60558-479-9},
	location = {Madrid, Spain},
	pages = {7--18},
	numpages = {12},
	_url = {http://doi.acm.org/10.1145/1706299.1706303},
	doi = {10.1145/1706299.1706303},
	acmid = {1706303},
	publisher = {ACM},
	address = {New York, NY, USA},
	keywords = {infinite state systems, lossy channel systems, program verification, relaxed memory models},
	_tags="memory model",
	_read=1,
    _summary="Complexity and decidability analisys for memory models, showing
        TSO/PSO is non-elementary and RMO is undecidable, rather theoretical"
}

@inproceedings{Bouajjani2015,
    author="Bouajjani, Ahmed and Calin, Georgel and Derevenetc, Egor and Meyer, Roland",
    _editor="Egyed, Alexander and Schaefer, Ina",
    title="{Lazy TSO Reachability}",
    bookTitle="FASE",
    year="2015",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="267--282",
    _isbn="978-3-662-46675-9",
    doi="10.1007/978-3-662-46675-9_18",
    _url="http://dx.doi.org/10.1007/978-3-662-46675-9_18",
    _related = "wmdecidability, Bouajjani2013 10 robustness",
    _read=1,
    _summary="TSO semi-decision procedure, lazyly extends runs with TSO
        semantics (starting from SC), complete only for acyclic programs. Uses
        robustness checker to detect which runs should be relaxed. On automata,
        not on programs."
}

@InProceedings{Bouajjani2013,
    author="Bouajjani, Ahmed and Derevenetc, Egor and Meyer, Roland",
    _editor="Felleisen, Matthias and Gardner, Philippa",
    title="{Checking and Enforcing Robustness against TSO}",
    bookTitle="ESOP",
    year="2013",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="533--553",
    _isbn="978-3-642-37036-6",
    doi="10.1007/978-3-642-37036-6_29",
    _url="http://dx.doi.org/10.1007/978-3-642-37036-6_29",
    _read=1,
    _summary="A reduction from TSO robustness/stability (all TSO traces
        correspond to some SC trace), to multiple SC reachability queries in
        instrumented program (which has limited buffering in one thered). The
        reduction requires O(n^2) queries and requires that all pairs of loads
        and stores for given thread are enumerated.",
    _related_raw = "[3] DRF programs",
}

@inproceedings{Burckhardt2008,
    author="Burckhardt, Sebastian and Musuvathi, Madanlal",
    _editor="Gupta, Aarti and Malik, Sharad",
    title="Effective Program Verification for Relaxed Memory Models",
    bookTitle="CAV",
    year="2008",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="107--120",
    _isbn="978-3-540-70545-1",
    doi="10.1007/978-3-540-70545-1_12",
    _url="http://dx.doi.org/10.1007/978-3-540-70545-1_12",
    _todo="0.5",
    _read="0.2",
    _related_raw = "[18] SC, [24] TSO",
    _summary = "detection of SC violations using a monitor with generalized
        vector clock, tool Sober"
}

@inproceedings{Burnim2011,
    author="Burnim, Jabob and Sen, Koushik and Stergiou, Christos",
    _editor="Abdulla, Parosh Aziz and Leino, K. Rustan M.",
    title="{Sound and Complete Monitoring of Sequential Consistency for Relaxed Memory Models}",
    bookTitle="TACAS",
    year="2011",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="11--25",
    _isbn="978-3-642-19835-9",
    doi="10.1007/978-3-642-19835-9_3",
    _url="http://dx.doi.org/10.1007/978-3-642-19835-9_3",
    _read="0.2",
    _todo=1,
    _summary="monitors for detecting violations of SC under TSO or PSO, using
        operational semantics of TSO/PSO"
}

@inproceedings{Alglave2011,
    author="Alglave, Jade and Maranget, Luc",
    _editor="Gopalakrishnan, Ganesh and Qadeer, Shaz",
    title="{Stability in Weak Memory Models}",
    bookTitle="CAV",
    year="2011",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="50--66",
    _isbn="978-3-642-22110-1",
    doi="10.1007/978-3-642-22110-1_6",
    _url="http://dx.doi.org/10.1007/978-3-642-22110-1_6",
    _related_raw="[3] DRF guarantee",
    _summary = "notion of stability of executions from one memory model to a
        weaker one, tool offence for inserting synchronization to x86 and POWER
        assembly to ensure stability",
    _read=1,
}

@ARTICLE{Holzmann1997,
    author={Gerard J. Holzmann},
    journal={IEEE Transactions on Software Engineering},
    title={{The model checker SPIN}},
    year={1997},
    volume={23},
    number={5},
    pages={279-295},
    keywords={distributed processing;formal specification;formal
        verification;SPIN model checker;design error detection;detailed
            code;distributed software system models;efficient verification
            system;high-level distributed algorithm descriptions;telephone
            exchange control;verifier design;verifier structure;Algorithm design
            and analysis;Application software;Concurrent computing;Control
            system synthesis;Design methodology;Distributed algorithms;Error
            correction codes;Message passing;Software systems;Telephony},
    doi={10.1109/32.588521},
    ISSN={0098-5589},
    month=5,
}

@inproceedings{cppmemmod,
    author = {Batty, Mark and Owens, Scott and Sarkar, Susmit and Sewell, Peter and Weber, Tjark},
    title = {Mathematizing C++ Concurrency},
    booktitle = {Principles of Programming Languages},
    series = {POPL '11},
    year = {2011},
    _isbn = {978-1-4503-0490-0},
    location = {Austin, Texas, USA},
    pages = {55--66},
    numpages = {12},
    _url = {http://doi.acm.org/10.1145/1926385.1926394},
    doi = {10.1145/1926385.1926394},
    acmid = {1926394},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {relaxed memory models, semantics},
    _read=1,
    _summary="Axiomatic description of C++ memory model, with some divergencies from the standard draft N3092 (final is ??).",
}

@article{x86tso,
    author = {Sewell, Peter and Sarkar, Susmit and Owens, Scott and Nardelli, Francesco Zappa and Myreen, Magnus O.},
    title = {{X86-TSO: A Rigorous and Usable Programmer's Model for x86 Multiprocessors}},
    journal = {Communications of the ACM},
    issue_date = {July 2010},
    volume = {53},
    number = {7},
    month = jul,
    year = {2010},
    issn = {0001-0782},
    pages = {89--97},
    numpages = {9},
    _url = {http://doi.acm.org/10.1145/1785414.1785443},
    doi = {10.1145/1785414.1785443},
    acmid = {1785443},
    publisher = {ACM},
    address = {New York, NY, USA},
    _read=1,
    _summary="Description of the x86 memory model, formalized in HOL4 and as an
        abstract machine. Also discusses problems with informal specification.",
    _related_raw="[9] Causal memory, [33] program transformations in java vs. memory model"
}

@article{hw_view_for_sw_hackers,
    title={Memory barriers: a hardware view for software hackers},
    author={Paul E McKenney},
    journal={Linux Technology Center, IBM Beaverton},
    year={2010},
}

@inproceedings{PichonPharabod2016,
    author = {Pichon-Pharabod, Jean and Sewell, Peter},
    title = {A Concurrency Semantics for Relaxed Atomics That Permits Optimisation and Avoids Thin-air Executions},
    booktitle = {Principles of Programming Languages},
    series = {POPL '16},
    year = {2016},
    _isbn = {978-1-4503-3549-2},
    location = {St. Petersburg, FL, USA},
    pages = {622--633},
    numpages = {12},
    _url = {http://doi.acm.org/10.1145/2837614.2837616},
    doi = {10.1145/2837614.2837616},
    acmid = {2837616},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {C/C++, Concurrency, Relaxed memory models},
    _read = 1,
    _summary = "An alternative way of defining semantics for non-atomic and
        relaxed atomic operations, aiming to both avoid thin air reads and
        enable optimization. Targets C++. The semantics is based on event
        structures and analyze all runs at the same time, considering possible
        optimizations.",
    _related = "event_structures, Sevcik2008 java memory model problems"
} 

@Inbook{event_structures,
    author="Nielsen, Mogens and Plotkin, Gordon and Winskel, Glynn",
    editor="Kahn, Gilles",
    title="Petri nets, event structures and domains",
    bookTitle="Semantics of Concurrent Computation",
    year="1979",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="266--284",
    _isbn="978-3-540-35163-4",
    doi="10.1007/BFb0022474",
    _url="http://dx.doi.org/10.1007/BFb0022474",
    _read = 0
}

@Inbook{Sevcik2008,
    author="{\v{S}}ev{\v{c}}{\'i}k, Jaroslav and Aspinall, David",
    editor="Vitek, Jan",
    title="On Validity of Program Transformations in the Java Memory Model",
    bookTitle="European Conference on Object-Oriented Programming",
    year="2008",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="27--51",
    _isbn="978-3-540-70592-5",
    doi="10.1007/978-3-540-70592-5_3",
    _url="http://dx.doi.org/10.1007/978-3-540-70592-5_3",
    _read="0.2",
    _related_raw = "[11][18] Java Memory Model, [20] JMM is fatally flawed,
    [16][1][9][23] SC guarantees for DRF programs"
}

@book{javamm_Gosling2005,
     author = {Gosling, James and Joy, Bill and Steele, Guy and Bracha, Gilad},
     title = {The Java(TM) Language Specification (3rd Edition)},
     year = {2005},
     _isbn = {0321246780},
     publisher = {Addison-Wesley Professional},
}

@inproceedings{javamm_popl_Manson2005,
    author = {Manson, Jeremy and Pugh, William and Adve, Sarita V.},
    title = {The Java Memory Model},
    booktitle = {Principles of Programming Languages},
    series = {POPL '05},
    year = {2005},
    _isbn = {1-58113-830-X},
    location = {Long Beach, California, USA},
    pages = {378--391},
    numpages = {14},
    _url = {http://doi.acm.org/10.1145/1040305.1040336},
    doi = {10.1145/1040305.1040336},
    acmid = {1040336},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {Java, concurrency, memory model, multithreading},
} 


@article{post1946variant,
    title={A variant of a recursively unsolvable problem},
    author={Post, Emil L},
    journal={Bulletin of the American Mathematical Society},
    volume={52},
    number={4},
    pages={264--268},
    year={1946}
}

@article{abdulla1996verifying,
    title={Verifying programs with unreliable channels},
    author={Abdulla, Parosh Aziz and Jonsson, Bengt},
    journal={Information and Computation},
    volume={127},
    number={2},
    pages={91--101},
    year={1996},
    publisher={Elsevier}
}

@article{abdulla1996undecidable,
    title={Undecidable verification problems for programs with unreliable
    channels},
    author={Abdulla, Parosh Aziz and Jonsson, Bengt},
    journal={Information and Computation},
    volume={130},
    number={1},
    pages={71--90},
    year={1996},
    publisher={Elsevier},
    _read="0.1",
    _summary = "can be combined with [wmdecidability] to prove that LTL and CTL
        model checking is undecidable for TSO"
}

@Inbook{Atig2012,
    author="Atig, Mohamed Faouzi and Bouajjani, Ahmed and Burckhardt, Sebastian and Musuvathi, Madanlal",
    editor="Seidl, Helmut",
    title="What's Decidable about Weak Memory Models?",
    bookTitle="European Symposium on Programming",
    year="2012",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="26--46",
    _isbn="978-3-642-28869-2",
    doi="10.1007/978-3-642-28869-2_2",
    _url="http://dx.doi.org/10.1007/978-3-642-28869-2_2"
}

@Inbook{Abdulla2012,
    author="Abdulla, Parosh Aziz and Atig, Mohamed Faouzi and Chen, Yu-Fang and Leonardsson, Carl and Rezine, Ahmed",
    editor="Flanagan, Cormac and K{\"o}nig, Barbara",
    title="Counter-Example Guided Fence Insertion under TSO",
    bookTitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2012",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="204--219",
    _isbn="978-3-642-28756-5",
    doi="10.1007/978-3-642-28756-5_15",
    _url="http://dx.doi.org/10.1007/978-3-642-28756-5_15"
}

@inproceedings{Linden2010,
    author="Linden, Alexander and Wolper, Pierre",
    _editor="van de Pol, Jaco and Weber, Michael",
    title="{An Automata-Based Symbolic Approach for Verifying Programs on Relaxed Memory Models}",
    bookTitle="SPIN",
    year="2010",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="212--226",
    _isbn="978-3-642-16164-3",
    doi="10.1007/978-3-642-16164-3_16",
    _url="http://dx.doi.org/10.1007/978-3-642-16164-3_16"
}

@inproceedings{Atig2011,
    author="Atig, Mohamed Faouzi and Bouajjani, Ahmed and Parlato, Gennaro",
    _editor="Gopalakrishnan, Ganesh and Qadeer, Shaz",
    title="Getting Rid of Store-Buffers in TSO Analysis",
    bookTitle="CAV",
    year="2011",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="99--115",
    _isbn="978-3-642-22110-1",
    doi="10.1007/978-3-642-22110-1_9",
    _url="http://dx.doi.org/10.1007/978-3-642-22110-1_9"
}

@inproceedings{Park1995,
    author = {Park, Seungjoon and Dill, David L.},
    title = {{An Executable Specification, Analyzer and Verifier for RMO (Relaxed Memory Order)}},
    booktitle = {SPAA},
    year = {1995},
    _isbn = {0-89791-717-0},
    location = {Santa Barbara, California, USA},
    pages = {34--41},
    numpages = {8},
    _url = {http://doi.acm.org/10.1145/215399.215413},
    doi = {10.1145/215399.215413},
    acmid = {215413},
    publisher = {ACM},
    address = {New York, NY, USA},
    _read = 1,
    _summary = "SPARC, encoding to murphi, simple synchronization primitives
        only, explores all allowed reordering of instructions"
}

@inproceedings{Abdulla2017,
    author="Abdulla, Parosh Aziz and Atig, Mohamed Faouzi and Bouajjani, Ahmed and Ngo, Tuan Phong",
    _editor="Legay, Axel and Margaria, Tiziana",
    title="Context-Bounded Analysis for POWER",
    bookTitle="TACAS",
    year="2017",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="56--74",
    _isbn="978-3-662-54580-5",
    doi="10.1007/978-3-662-54580-5_4",
    _url="https://doi.org/10.1007/978-3-662-54580-5_4",
    _read="0.5",
    _summary = "Context bounded analysis for the POWER architecture, by
        transformation of program. CBMC is used as a backend. It shows that context
        bounded analysis for POWER is decidable. Tool `power2sc`, compared with
        goto-instrument and niddhug. Evaluation on C programs."
}

@article{Abdulla2017tso,
    title={Stateless model checking for TSO and PSO},
    author={Abdulla, Parosh Aziz and Aronis, Stavros and Atig, Mohamed Faouzi and Jonsson, Bengt and Leonardsson, Carl and Sagonas, Konstantinos},
    journal={Acta Informatica},
    volume={54},
    number={8},
    pages={789--818},
    year={2017},
    publisher={Springer},
    doi={10.1007/s00236-016-0275-0}
}

@inproceedings{Turon2014,
    author = {Turon, Aaron and Vafeiadis, Viktor and Dreyer, Derek},
    title = {{GPS: Navigating Weak Memory with Ghosts, Protocols, and Separation}},
    booktitle = {OOPSLA},
    year = {2014},
    _isbn = {978-1-4503-2585-1},
    location = {Portland, Oregon, USA},
    pages = {691--707},
    numpages = {17},
    _url = {http://doi.acm.org/10.1145/2660193.2660243},
    doi = {10.1145/2660193.2660243},
    acmid = {2660243},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {c/c++, concurrency, program logic, separation logic, weak memory models},
    _read = "0.3",
    _summary = "Introduces a separation logic GPS which allows proving properties
        about programs using the (fragment of) C11 memory model. The memory models
        is restricted to non-atomic, acquire-release, and sequentially consistent
        accesses -- i.e. it lacks support for relaxed and consume-release accesses."
}

@inproceedings{Dan2013,
    author="Dan, Andrei Marian and Meshman, Yuri and Vechev, Martin and Yahav, Eran",
    _editor="Logozzo, Francesco and F{\"a}hndrich, Manuel",
    title="{Predicate Abstraction for Relaxed Memory Models}",
    bookTitle="SAS",
    year="2013",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="84--104",
    abstract="We present a novel approach for predicate abstraction of programs
        running on relaxed memory models. Our approach consists of two steps.",
    _isbn="978-3-642-38856-9",
    doi="10.1007/978-3-642-38856-9_7",
    _url="https://doi.org/10.1007/978-3-642-38856-9_7",
    _read = "0.5",
    _summary = "Presents an approach for verification of (potentially
        infinite state space) programs under TSO and PSO using predicate
        abstraction. The paper first shows that it is not possible to use
        traditional predicate abstraction  to produce boolean program and then
        verify this boolean program using weak memory semantics. Instead, the
        authors propose a schema which first verifies the program under SC and
        then extrapolates predicates from SC run to verify a transformed version of
        the original program which has store buffers explicitly encoded. The
        store buffers are bounded in this transformation. Authors also provide
        implementation in the \textsc{cupex} and evaluation on 7 programs which
        shows advantages of their predicate extrapolation method."
}

@inproceedings{Yang2004,
    author="Yang, Yue and Gopalakrishnan, Ganesh and Lindstrom, Gary",
    _editor="Davies, Jim and Schulte, Wolfram and Barnett, Mike",
    title="{Memory-Model-Sensitive Data Race Analysis}",
    bookTitle="ICFEM",
    year="2004",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="30--45",
    abstract="We present a ``memory-model-sensitive'' approach to validating
        correctness properties for multithreaded programs. Our key insight is
        that by specifying both the inter-thread memory consistency model and
        the intra-thread program semantics as constraints, a program
        verification task can be reduced to an equivalent constraint solving
        problem, thus allowing an exhaustive examination of all thread
        interleavings precisely allowed by a given memory model. To demonstrate,
        this paper formalizes race conditions according to the new Java memory
        model, for a simplified but non-trivial source language. We then
        describe the implementation of a memory-model-sensitive race detector
        using constraint logic programming (CLP). In comparison with
        conventional program analysis, our approach does not offer the same kind
        of performance and scalability due to the complexity involved in exact
        formal reasoning. However, we show that a formal semantics can serve
        more than documentation purposes --- it can be applied as a sound basis
        for rigorous property checking, upon which more scalable methods can be
        derived.",
    _isbn="978-3-540-30482-1",
    doi="10.1007/978-3-540-30482-1_11",
    _url="https://doi.org/10.1007/978-3-540-30482-1_11",
    _read=1,
    _summary = "Presents formal semantics for a simple programming language
        including its precise memory semantics.
        The motivation is to provide verification procedure for detecting data
        races under the Java Memory Model (JMM).
        The formalization uses SC as it is sufficient for detection of data
        races under JMM (JMM defines data race freedom in terms on SC runs).
        The entire program, memory constraits, and specification is encoded as
        constraint solving problem, which can be solved by constraint solver,
        e.g. Prolog with finite domain data as used in the presented tool
        *DefectFindrer*."
}

@inproceedings{Huynh2006,
    author="Huynh, Thuan Quang and Roychoudhury, Abhik",
    _editor="Misra, Jayadev and Nipkow, Tobias and Sekerinski, Emil",
    title="{A Memory Model Sensitive Checker for C{\#}}",
    bookTitle="FM",
    year="2006",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="476--491",
    abstract="Modern concurrent programming languages like Java and C{\#} have a
        programming language level memory model; it captures the set of all
        allowed behaviors of programs on any implementation platform --- uni- or
        multi-processor. Such a memory model is typically weaker than Sequential
        Consistency and allows reordering of operations within a program thread.
        Therefore, programs verified correct by assuming Sequential Consistency
        (that is, each thread proceeds in program order) may not behave
        correctly on certain platforms! The solution to this problem is to
        develop program checkers which are memory model sensitive. In this
        paper, we develop such an invariant checker for the programming language
        C{\#}. Our checker identifies program states which are reached only
        because the C{\#} memory model is more relaxed than Sequential
        Consistency. Furthermore, our checker identifies (a) operation
        reorderings which cause such undesirable states to be reached, and (b)
        simple program modifications --- by inserting memory barrier operations
        --- which prevent such undesirable reorderings.",
    _isbn="978-3-540-37216-5",
    doi="10.1007/11813040_32",
    _url="https://doi.org/10.1007/11813040_32",
    _summary="Presents explicit state model checker for C# programs (supporting
        subset of C#/.NET bytecode) which uses the .NET memory model.  The
        verifier first verifies program under SC and then it explores additional
        runs allowed under .NET memory model.  It can also insert barriers into
        the program to avoid relaxed runs which violate given property (that is,
        not all relaxed runs are disabled by barriers but only those
        that actually lead to property violation).  The implementation
        of the exploration algorithm uses list of delayed instructions to
        implement instruction reordering.  While the authors mention that the
        number of reordered instructions is not bounded, they do not discuss how
        this approach works for programs with cycles.",
    _read=1
}

@article{Arvind2006,
    author = {Arvind, Arvind and Maessen, Jan-Willem},
    title = {Memory Model = Instruction Reordering + Store Atomicity},
    journal = {ACM SIGARCH Computer Architecture News},
    issue_date = {May 2006},
    volume = {34},
    number = {2},
    month = may,
    year = {2006},
    issn = {0163-5964},
    pages = {29--40},
    numpages = {12},
    _url = {http://doi.acm.org/10.1145/1150019.1136489},
    doi = {10.1145/1150019.1136489},
    acmid = {1136489},
    publisher = {ACM},
    address = {New York, NY, USA},
    _read = 1,
}

@book{SPARC94,
 author = {SPARC International, Inc.},
 title = {The SPARC Architecture Manual},
 editor = {David L. Weaver and Tom Germond},
 subtitle = {Version 9},
 year = {1994},
 isbn = {0-13-825001-4},
 publisher = {PTR Prentice Hall},
 address = {Englewood Cliffs, New Jersey, USA},
 url={http://sparc.org/wp-content/uploads/2014/01/SPARCV9.pdf.gz}
}

@inproceedings{Zhang2015,
    author = {Zhang, Naling and Kusano, Markus and Wang, Chao},
    title = {{Dynamic Partial Order Reduction for Relaxed Memory Models}},
    booktitle = {PLDI},
    year = {2015},
    _isbn = {978-1-4503-3468-6},
    location = {Portland, OR, USA},
    pages = {250--259},
    numpages = {10},
    _url = {http://doi.acm.org/10.1145/2737924.2737956},
    doi = {10.1145/2737924.2737956},
    acmid = {2737956},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {DPOR, PSO, Stateless model checking, TSO, partial order reduction, relaxed memory model, runtime verification},
} 


@inproceedings{Norris2013,
    author = {Norris, Brian and Demsky, Brian},
    title = {{CDSchecker: Checking Concurrent Data Structures Written with C/C++ Atomics}},
    booktitle = {OOPSLA},
    year = {2013},
    _isbn = {978-1-4503-2374-1},
    location = {Indianapolis, Indiana, USA},
    pages = {131--150},
    numpages = {20},
    _url = {http://doi.acm.org/10.1145/2509136.2509514},
    doi = {10.1145/2509136.2509514},
    acmid = {2509514},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {model checking, relaxed memory model},
}

@inproceedings{Sarkar2011,
    author = {Sarkar, Susmit and Sewell, Peter and Alglave, Jade and Maranget,
    Luc and Williams, Derek},
    title = {{Understanding POWER Multiprocessors}},
    booktitle = {PLDI},
    year = {2011},
    _isbn = {978-1-4503-0663-8},
    location = {San Jose, California, USA},
    pages = {175--186},
    numpages = {12},
    _url = {http://doi.acm.org/10.1145/1993498.1993520},
    doi = {10.1145/1993498.1993520},
    acmid = {1993520},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {relaxed memory models, semantics},
}

@inproceedings{Derevenetc2014,
    author="Derevenetc, Egor and Meyer, Roland",
    _editor="Esparza, Javier and Fraigniaud, Pierre and Husfeldt, Thore and Koutsoupias, Elias",
    title="{Robustness against Power is PSpace-complete}",
    bookTitle="ICAPL",
    year="2014",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="158--170",
    abstract="Power is a RISC architecture developed by IBM, Freescale, and several other companies and implemented in a series of POWER processors. The architecture features a relaxed memory model providing very weak guarantees with respect to the ordering and atomicity of memory accesses.",
    _isbn="978-3-662-43951-7",
    doi="10.1007/978-3-662-43951-7_14",
    _url="https://doi.org/10.1007/978-3-662-43951-7_14"
}

@Inbook{Aspinall2007,
    author="Aspinall, David and {\v{S}}ev{\v{c}}{\'i}k, Jaroslav",
    editor="Schneider, Klaus and Brandt, Jens",
    title="Formalising Java's Data Race Free Guarantee",
    bookTitle="Theorem Proving in Higher Order Logics",
    year="2007",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="22--37",
    _isbn="978-3-540-74591-4",
    doi="10.1007/978-3-540-74591-4_4",
    _url="https://doi.org/10.1007/978-3-540-74591-4_4"
}

@InProceedings{MadorHaim2012,
    author="Mador-Haim, Sela and Maranget, Luc and Sarkar, Susmit and Memarian, Kayvan and Alglave, Jade and Owens, Scott and Alur, Rajeev and Martin, Milo M. K.  and Sewell, Peter and Williams, Derek",
    _editor="Madhusudan, P.  and Seshia, Sanjit A.",
    title="{An Axiomatic Memory Model for POWER Multiprocessors}",
    bookTitle="CAV",
    year="2012",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="495--512",
    _isbn="978-3-642-31424-7",
    doi="10.1007/978-3-642-31424-7_36",
    _url="https://doi.org/10.1007/978-3-642-31424-7_36"
}

@inproceedings{Sarkar2012,
    author = {Sarkar, Susmit and Memarian, Kayvan and Owens, Scott and Batty, Mark and Sewell, Peter and Maranget, Luc and Alglave, Jade and Williams, Derek},
    title = {Synchronising C/C++ and POWER},
    booktitle = {Programming Language Design and Implementation},
    series = {PLDI '12},
    year = {2012},
    _isbn = {978-1-4503-1205-9},
    location = {Beijing, China},
    pages = {311--322},
    numpages = {12},
    _url = {http://doi.acm.org/10.1145/2254064.2254102},
    doi = {10.1145/2254064.2254102},
    acmid = {2254102},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {relaxed memory models, semantics},
}

@inproceedings{Flur2016,
    author = {Flur, Shaked and Gray, Kathryn E. and Pulte, Christopher and Sarkar, Susmit and Sezgin, Ali and Maranget, Luc and Deacon, Will and Sewell, Peter},
    title = {{Modelling the ARMv8 Architecture, Operationally: Concurrency and ISA}},
    booktitle = {POPL},
    year = {2016},
    _isbn = {978-1-4503-3549-2},
    location = {St. Petersburg, FL, USA},
    pages = {608--621},
    numpages = {14},
    _url = {http://doi.acm.org/10.1145/2837614.2837615},
    doi = {10.1145/2837614.2837615},
    acmid = {2837615},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {ISA, Relaxed Memory Models, semantics},
}

@article{Alglave2014,
    author = {Alglave, Jade and Maranget, Luc and Tautschnig, Michael},
    title = {{Herding Cats: Modelling, Simulation, Testing, and Data Mining for Weak Memory}},
    journal = {ACM Transactions on Programming Languages and Systems},
    issue_date = {July 2014},
    volume = {36},
    number = {2},
    month = jul,
    year = {2014},
    issn = {0164-0925},
    pages = {7:1--7:74},
    articleno = {7},
    numpages = {74},
    _url = {http://doi.acm.org/10.1145/2627752},
    doi = {10.1145/2627752},
    acmid = {2627752},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {Concurrency, software verification, weak memory models},
}

@article{Lamport1979,
    author = {Lamport, Leslie},
    title = {{How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs}},
    journal = {IEEE Transactions on Computers},
    issue_date = {September 1979},
    volume = {28},
    number = {9},
    month = sep,
    year = {1979},
    issn = {0018-9340},
    pages = {690--691},
    numpages = {2},
    _url = {http://dx.doi.org/10.1109/TC.1979.1675439},
    doi = {10.1109/TC.1979.1675439},
    acmid = {1311750},
    publisher = {IEEE Computer Society},
    address = {Washington, DC, USA},
    keywords = {Computer design, concurrent computing, hardware correctness, multiprocessing, parallel processing, parallel processing, Computer design, concurrent computing, hardware correctness, multiprocessing},
}

@Inbook{Cenciarelli2007,
    author="Cenciarelli, Pietro and Knapp, Alexander and Sibilio, Eleonora",
    editor="De Nicola, Rocco",
    title="The Java Memory Model: Operationally, Denotationally, Axiomatically",
    bookTitle="European Symposium on Programming",
    year="2007",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="331--346",
    abstract="A semantics to a small fragment of Java capturing the new memory model (JMM) described in the Language Specification is given by combining operational, denotational and axiomatic techniques in a novel semantic framework. The operational steps (specified in the form of SOS) construct denotational models (configuration structures) and are constrained by the axioms of a configuration theory. The semantics is proven correct with respect to the Language Specification and shown to capture many common examples in the JMM literature.",
    _isbn="978-3-540-71316-6",
    doi="10.1007/978-3-540-71316-6_23",
    _url="https://doi.org/10.1007/978-3-540-71316-6_23"
}

@inproceedings{Torlak2010,
    author = {Torlak, Emina and Vaziri, Mandana and Dolby, Julian},
    title = {MemSAT: Checking Axiomatic Specifications of Memory Models},
    booktitle = {Programming Language Design and Implementation},
    series = {PLDI '10},
    year = {2010},
    _isbn = {978-1-4503-0019-3},
    location = {Toronto, Ontario, Canada},
    pages = {341--350},
    numpages = {10},
    _url = {http://doi.acm.org/10.1145/1806596.1806635},
    doi = {10.1145/1806596.1806635},
    acmid = {1806635},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {axiomatic specifications, bounded model checking, memory models, sat},
}

@inproceedings{Vafeiadis2013,
    author = {Vafeiadis, Viktor and Narayan, Chinmay},
    title = {{Relaxed Separation Logic: A Program Logic for C11 Concurrency}},
    booktitle = {OOPSLA},
    year = {2013},
    _isbn = {978-1-4503-2374-1},
    location = {Indianapolis, Indiana, USA},
    pages = {867--884},
    numpages = {18},
    _url = {http://doi.acm.org/10.1145/2509136.2509532},
    doi = {10.1145/2509136.2509532},
    acmid = {2509532},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {c/c++, concurrency, proof system, separation logic, weak memory models},
}
@techreport{isocpp11draft,
    title={Standard for Programming Language C++. Working Draft N3337},
    author={{ISO C++ Standards Committee}},
    year={2012},
    institution={ISO IEC JTC1/SC22/WG21},
    url = {http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2012/n3337.pdf},
    shorthand = {ISO12}
}

@techreport{isoc11draft,
    title={ISO/IEC 9899:201x Committee Draft N1570},
    author={{ISO C Standards Committee}},
    url = {http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf},
    year={2011},
    shorthand={ISO11}
}

@online{N3092,
    title = {C++ International Standard -- N3092},
    author={{ISO C++ Standards Committee}},
    year = {2010},
    institution={ISO IEC JTC1/SC22/WG21},
    urldate = {2020-05-02},
    url = {http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2010/n3092.pdf},
    shorthand = {ISO10},
}

@Inbook{Ströder2014,
    author="Str{\"o}der, Thomas and Giesl, J{\"u}rgen and Brockschmidt, Marc and Frohn, Florian and Fuhs, Carsten and Hensel, Jera and Schneider-Kamp, Peter",
    editor="Demri, St{\'e}phane and Kapur, Deepak and Weidenbach, Christoph",
    title="Proving Termination and Memory Safety for Programs with Pointer Arithmetic",
    bookTitle="International Joint Conference on Automated Reasoning",
    year="2014",
    publisher="Springer International Publishing",
    address="Cham",
    pages="208--223",
    _isbn="978-3-319-08587-6",
    doi="10.1007/978-3-319-08587-6_15",
    _url="http://dx.doi.org/10.1007/978-3-319-08587-6_15",
    _read=1,
    _tools="AProVE",
    _related_raw="9, 22 separation logic, 4 5 AProVE, 24 ARMC, 1 COSTA, 7 Cyclist, 29 FuncTion, 25 Julia, 12 KITTeL, 28 LoopFrog, 16 TAN, 14 TRex, 6 T2, 15 Ultimate",
    _summary = "termination analysis by encoding single nonrecursive LLVM function into integer transition system, uses separation logic"
}

@Article{Ströder2017,
    author="Str{\"o}der, Thomas
    and Giesl, J{\"u}rgen
    and Brockschmidt, Marc
    and Frohn, Florian
    and Fuhs, Carsten
    and Hensel, Jera
    and Schneider-Kamp, Peter
    and Aschermann, Cornelius",
    title="Automatically Proving Termination and Memory Safety for Programs with Pointer Arithmetic",
    journal="Journal of Automated Reasoning",
    year="2017",
    volume="58",
    number="1",
    pages="33--65",
    abstract="While automated verification of imperative programs has been studied intensively, proving termination of programs with explicit pointer arithmetic fully automatically was still an open problem. To close this gap, we introduce a novel abstract domain that can track allocated memory in detail. We use it to automatically construct a symbolic execution graph that over-approximates all possible runs of a program and that can be used to prove memory safety. This graph is then transformed into an integer transition system, whose termination can be proved by standard techniques. We implemented this approach in the automated termination prover AProVE and demonstrate its capability of analyzing C programs with pointer arithmetic that existing tools cannot handle.",
    issn="1573-0670",
    doi="10.1007/s10817-016-9389-x",
    _url="http://dx.doi.org/10.1007/s10817-016-9389-x",
    _related = "Ströder2014 [extends]"
}


@inproceedings{Flanagan2005dpor,
    author = {Flanagan, Cormac and Godefroid, Patrice},
    title = {{Dynamic Partial-order Reduction for Model Checking Software}},
    booktitle = {POPL},
    year = {2005},
    _isbn = {1-58113-830-X},
    location = {Long Beach, California, USA},
    pages = {110--121},
    numpages = {12},
    _url = {http://doi.acm.org/10.1145/1040305.1040315},
    doi = {10.1145/1040305.1040315},
    acmid = {1040315},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {partial-order reduction, software model checking},
    _read=1,
    _summary = "dynamic computation of partial order"
}

@inproceedings{Godefroid1997,
    author = {Godefroid, Patrice},
    title = {{Model Checking for Programming Languages Using VeriSoft}},
    booktitle = {POPL},
    year = {1997},
    _isbn = {0-89791-853-3},
    location = {Paris, France},
    pages = {174--186},
    numpages = {13},
    _url = {http://doi.acm.org/10.1145/263699.263717},
    doi = {10.1145/263699.263717},
    acmid = {263717},
    publisher = {ACM},
    address = {New York, NY, USA},
}

@inproceedings{Abdulla2014,
    author = {Abdulla, Parosh and Aronis, Stavros and Jonsson, Bengt and Sagonas, Konstantinos},
    title = {{Optimal Dynamic Partial Order Reduction}},
    _booktitle = {Principles of Programming Languages},
    _series = {POPL '14},
    booktitle = {POPL},
    year = {2014},
    _isbn = {978-1-4503-2544-8},
    location = {San Diego, California, USA},
    pages = {373--384},
    numpages = {12},
    _url = {http://doi.acm.org/10.1145/2535838.2535845},
    doi = {10.1145/2535838.2535845},
    acmid = {2535845},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {concurrency, dynamic partial oder reduction, software model checking, source sets, systematic testing, wakeup trees},
}

@inproceedings{Cadar2008,
    author = {Cadar, Cristian and Dunbar, Daniel and Engler, Dawson},
    title = {KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs},
    booktitle = {USENIX Conference on Operating Systems Design and Implementation},
    series = {OSDI'08},
    year = {2008},
    location = {San Diego, California},
    pages = {209--224},
    numpages = {16},
    url = {http://dl.acm.org/citation.cfm?id=1855741.1855756},
    acmid = {1855756},
    publisher = {USENIX Association},
    address = {Berkeley, CA, USA},
}

@Inbook{Rakamaric2014,
    author="Rakamarić, Zvonimir and Emmi, Michael",
    editor="Biere, Armin and Bloem, Roderick",
    title="SMACK: Decoupling Source Language Details from Verifier Implementations",
    bookTitle="Computer Aided Verification",
    year="2014",
    publisher="Springer International Publishing",
    address="Cham",
    pages="106--113",
    _isbn="978-3-319-08867-9",
    doi="10.1007/978-3-319-08867-9_7",
    _url="https://doi.org/10.1007/978-3-319-08867-9_7"
}

@Inbook{Sinz2012,
    author="Sinz, Carsten and Merz, Florian and Falke, Stephan",
    editor="Flanagan, Cormac and K{\"o}nig, Barbara",
    title="LLBMC: A Bounded Model Checker for LLVM's Intermediate Representation",
    bookTitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2012",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="542--544",
    _isbn="978-3-642-28756-5",
    doi="10.1007/978-3-642-28756-5_44",
    _url="https://doi.org/10.1007/978-3-642-28756-5_44"
}

@online{llvm:langref,
    author = {{LLVM Project}},
    title  = {LLVM Language Reference Manual},
    url    = {http://llvm.org/docs/LangRef.html},
    urldate = {2020-05-02},
    year = {2020},
    shorthand = {LLVM20}
}

@InProceedings{Murphi,
    author = {Dill, David L.},
    title = {{The Murphi Verification System}},
    booktitle = {CAV},
    _series = {CAV '96},
    year = {1996},
    _isbn = {3-540-61474-5},
    pages = {390--393},
    numpages = {4},
    url = {http://dl.acm.org/citation.cfm?id=647765.735832},
    acmid = {735832},
    publisher = {Springer-Verlag},
    address = {London, UK, UK},
}

@Inbook{Gunther2016,
    author="G{\"u}nther, Henning and Laarman, Alfons and Weissenbacher, Georg",
    editor="Chechik, Marsha and Raskin, Jean-Fran{\c{c}}ois",
    title="Vienna Verification Tool: IC3 for Parallel Software",
    bookTitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2016",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="954--957",
    abstract="Recently proposed extensions of the IC3 model checking algorithm offer a powerful new way to symbolically verify software. The Vienna Verification Tool (VVT) implements these techniques with the aim to tackle the problem of parallel software verification. Its SMT-based abstraction mechanisms allow VVT to deal with infinite state systems. In addition, VVT utilizes a coarse-grained large-block encoding and a variant of Lipton's reduction to reduce the number of interleavings. This paper introduces VVT, its underlying architecture and use.",
    _isbn="978-3-662-49674-9",
    doi="10.1007/978-3-662-49674-9_69",
    _url="https://doi.org/10.1007/978-3-662-49674-9_69"
}

@Inbook{Cassez2017,
    author="Cassez, Franck and Sloane, Anthony M.  and Roberts, Matthew and
        Pigram, Matthew and Suvanpong, Pongsak and de Aledo, Pablo Gonzalez",
    editor="Legay, Axel and Margaria, Tiziana",
    title="Skink: Static Analysis of Programs in LLVM Intermediate Representation",
    bookTitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2017",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="380--384",
    abstract="Skink is a static analysis tool that analyses the LLVM intermediate representation (LLVM-IR) of a program source code. The analysis consists of checking whether there is a feasible execution that can reach a designated error block in the LLVM-IR. The result of a program analysis is ``correct'' if the error block is not reachable, ``incorrect'' if the error block is reachable, or ``inconclusive'' if the status of the program could not be determined. In this paper, we introduce Skink 2.0 to analyse single and multi-threaded C programs.",
    _isbn="978-3-662-54580-5",
    doi="10.1007/978-3-662-54580-5_27",
    _url="https://doi.org/10.1007/978-3-662-54580-5_27"
}

@inproceedings{Kroening2014,
    author="Kroening, Daniel and Tautschnig, Michael",
    _editor="{\'A}brah{\'a}m, Erika and Havelund, Klaus",
    title="{CBMC -- C Bounded Model Checker}",
    bookTitle="TACAS",
    year="2014",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="389--391",
    abstract="CBMC implements bit-precise bounded model checking for C programs and has been developed and maintained for more than ten years. CBMC verifies the absence of violated assertions under a given loop unwinding bound. Other properties, such as SV-COMP's ERROR labels or memory safety properties are reduced to assertions via automated instrumentation. Only recently support for efficiently checking concurrent programs, including support for weak memory models, has been added. Thus, CBMC is now capable of finding counterexamples in all of SV-COMP's categories. As back end, the competition submission of CBMC uses MiniSat 2.2.0.",
    _isbn="978-3-642-54862-8",
    doi="10.1007/978-3-642-54862-8_26",
    _url="https://doi.org/10.1007/978-3-642-54862-8_26"
}

@inproceedings{Clarke2004,
    author="Clarke, Edmund and Kroening, Daniel and Lerda, Flavio",
    _editor="Jensen, Kurt and Podelski, Andreas",
    title="{A Tool for Checking ANSI-C Programs}",
    bookTitle="TACAS",
    year="2004",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="168--176",
    abstract="We present a tool for the formal verification of ANSI-C programs using Bounded Model Checking (BMC). The emphasis is on usability: the tool supports almost all ANSI-C language features, including pointer constructs, dynamic memory allocation, recursion, and the float and double data types. From the perspective of the user, the verification is highly automated: the only input required is the BMC bound. The tool is integrated into a graphical user interface. This is essential for presenting long counterexample traces: the tool allows stepping through the trace in the same way a debugger allows stepping through a program.",
    _isbn="978-3-540-24730-2",
    doi="10.1007/978-3-540-24730-2_15",
    _url="https://doi.org/10.1007/978-3-540-24730-2_15"
}

@book{Clarke1999,
    title={Model checking},
    author={Clarke, Edmund M and Grumberg, Orna and Peled, Doron},
    year={1999},
    isbn = {0-262-03270-8},
    publisher = {MIT Press},
    address = {Cambridge, MA, USA},
}

@article{Sistla1985,
    author = {Sistla, Aravinda P. and Clarke, Edmund M.},
    title = {The Complexity of Propositional Linear Temporal Logics},
    journal = {Journal of the ACM},
    issue_date = {July 1985},
    volume = {32},
    number = {3},
    month = jul,
    year = {1985},
    issn = {0004-5411},
    pages = {733--749},
    numpages = {17},
    _url = {http://doi.acm.org/10.1145/3828.3837},
    doi = {10.1145/3828.3837},
    acmid = {3837},
    publisher = {ACM},
    address = {New York, NY, USA},
} 

@article{Ou2017,
 author = {Ou, Peizhao and Demsky, Brian},
 title = {{Checking Concurrent Data Structures Under the C/C++11 Memory Model}},
 journal = {SIGPLAN},
 issue_date = {August 2017},
 volume = {52},
 number = {8},
 month = jan,
 year = {2017},
 issn = {0362-1340},
 pages = {45--59},
 numpages = {15},
 _url = {http://doi.acm.org/10.1145/3155284.3018749},
 doi = {10.1145/3155284.3018749},
 acmid = {3018749},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {c/c++11, concurrent data structure, concurrent data structure correctness, concurrent data structure specifications, relaxed memory models},
}

@article{Kokologiannakis2017,
 author = {Kokologiannakis, Michalis and Lahav, Ori and Sagonas, Konstantinos and Vafeiadis, Viktor},
 title = {{Effective Stateless Model Checking for C/C++ Concurrency}},
 journal = {Proceedings of the ACM on Programming Languages},
 issue_date = {January 2018},
 volume = {2},
 _number = {POPL},
 month = dec,
 year = {2017},
 issn = {2475-1421},
 pages = {17:1--17:32},
 articleno = {17},
 numpages = {32},
 _url = {http://doi.acm.org/10.1145/3158105},
 doi = {10.1145/3158105},
 acmid = {3158105},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {C/C++11, RC11, software model checking, weak memory models},
}

@article{Pulte2017,
    author = {Pulte, Christopher and Flur, Shaked and Deacon, Will and French, Jon and Sarkar, Susmit and Sewell, Peter},
    title = {{Simplifying ARM Concurrency: Multicopy-atomic Axiomatic and Operational Models for ARMv8}},
    journal = {Proceedings of the ACM on Programming Languages},
    issue_date = {January 2018},
    volume = {2},
    _number = {POPL},
    month = dec,
    year = {2017},
    issn = {2475-1421},
    pages = {19:1--19:29},
    articleno = {19},
    numpages = {29},
    _url = {http://doi.acm.org/10.1145/3158107},
    doi = {10.1145/3158107},
    acmid = {3158107},
    publisher = {ACM},
    address = {New York, NY, USA},
    keywords = {Axiomatic, Operational, Relaxed Memory Models, Semantics},
}

@article{Chalupa2017,
author = {Chalupa, Marek and Chatterjee, Krishnendu and Pavlogiannis, Andreas and Sinha, Nishant and Vaidya, Kapil},
title = {Data-Centric Dynamic Partial Order Reduction},
year = {2017},
issue_date = {January 2018},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {2},
number = {POPL},
_url = {https://doi.org/10.1145/3158119},
doi = {10.1145/3158119},
journal = {Proc. ACM Program. Lang.},
month = dec,
articleno = {Article 31},
numpages = {30},
keywords = {Partial-order Reduction, Stateless model-checking, Concurrency}
}

@article{Huang2015,
    author = {Huang, Jeff},
    title = {Stateless Model Checking Concurrent Programs with Maximal Causality Reduction},
    year = {2015},
    issue_date = {August 2015},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {50},
    number = {6},
    issn = {0362-1340},
    _url = {https://doi.org/10.1145/2813885.2737975},
    doi = {10.1145/2813885.2737975},
    journal = {SIGPLAN Not.},
    month = jun,
    pages = {165–174},
    numpages = {10},
    keywords = {maximal causality reduction, stateless model checking}
}

@article{Lahav2017,
    author = {Lahav, Ori and Vafeiadis, Viktor and Kang, Jeehoon and Hur, Chung-Kil and Dreyer, Derek},
    title = {Repairing Sequential Consistency in C/C++11},
    year = {2017},
    issue_date = {September 2017},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {52},
    number = {6},
    issn = {0362-1340},
    _url = {https://doi.org/10.1145/3140587.3062352},
    doi = {10.1145/3140587.3062352},
    journal = {SIGPLAN Not.},
    month = jun,
    pages = {618–632},
    numpages = {15},
    keywords = {Weak memory models, sequential consistency, C++11, declarative semantics}
}

@article{Demsky2015,
    author = {Demsky, Brian and Lam, Patrick},
    title = {SATCheck: SAT-Directed Stateless Model Checking for SC and TSO},
    year = {2015},
    issue_date = {December 2015},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {50},
    number = {10},
    issn = {0362-1340},
    _url = {https://doi.org/10.1145/2858965.2814297},
    doi = {10.1145/2858965.2814297},
    journal = {SIGPLAN Not.},
    month = oct,
    pages = {20–36},
    numpages = {17},
    keywords = {model checking, Relaxed memory model}
}

@InProceedings{Abdulla2016,
    author="Abdulla, Parosh Aziz
    and Atig, Mohamed Faouzi
    and Jonsson, Bengt
    and Leonardsson, Carl",
    editor="Chaudhuri, Swarat
    and Farzan, Azadeh",
    title="Stateless Model Checking for POWER",
    booktitle="Computer Aided Verification",
    year="2016",
    publisher="Springer International Publishing",
    address="Cham",
    pages="134--156",
    abstract="We present the first framework for efficient application of stateless model checking (SMC) to programs running under the relaxed memory model of POWER. The framework combines several contributions. The first contribution is that we develop a scheme for systematically deriving operational execution models from existing axiomatic ones. The scheme is such that the derived execution models are well suited for efficient SMC. We apply our scheme to the axiomatic model of POWER from [8]. Our main contribution is a technique for efficient SMC, called Relaxed Stateless Model Checking (RSMC), which systematically explores the possible inequivalent executions of a program. RSMC is suitable for execution models obtained using our scheme. We prove that RSMC is sound and optimal for the POWER memory model, in the sense that each complete program behavior is explored exactly once. We show the feasibility of our technique by providing an implementation for programs written in C/pthreads.",
    isbn="978-3-319-41540-6",
    doi="10.1007/978-3-319-41540-6_8"
}

@article{Shasha1988,
    author = {Shasha, Dennis and Snir, Marc},
    title = {Efficient and Correct Execution of Parallel Programs That Share Memory},
    year = {1988},
    issue_date = {April 1988},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {10},
    number = {2},
    issn = {0164-0925},
    _url = {https://doi.org/10.1145/42190.42277},
    doi = {10.1145/42190.42277},
    journal = {ACM Trans. Program. Lang. Syst.},
    month = apr,
    pages = {282–312},
    numpages = {31}
}

@article{mckenney2010,
  title={Memory barriers: a hardware view for software hackers},
  author={McKenney, Paul E},
  journal={Linux Technology Center, IBM Beaverton},
  year={2010},
  url={http://www.rdrop.com/users/paulmck/scalability/paper/whymb.2010.06.14a.pdf}
}

@inproceedings{Pulte2019,
    author = {Pulte, Christopher and Pichon-Pharabod, Jean and Kang, Jeehoon and Lee, Sung-Hwan and Hur, Chung-Kil},
    title = {Promising-ARM/RISC-V: A Simpler and Faster Operational Concurrency Model},
    year = {2019},
    isbn = {9781450367127},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    _url = {https://doi.org/10.1145/3314221.3314624},
    doi = {10.1145/3314221.3314624},
    booktitle = {Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation},
    pages = {1–15},
    numpages = {15},
    keywords = {RISC-V, ARM, Relaxed Memory Models, Operational Semantics},
    location = {Phoenix, AZ, USA},
    series = {PLDI 2019}
}

@book{ARMv8,
    author = "{ARM}",
    year = {2018},
    title = {ARM Architecture Reference Manual},
    chapter = {D2. The AArch64 Application Level Memory Model}
}

@inproceedings{Gray2015,
    author = {Gray, Kathryn E. and Kerneis, Gabriel and Mulligan, Dominic and Pulte, Christopher and Sarkar, Susmit and Sewell, Peter},
    title = {An Integrated Concurrency and Core-ISA Architectural Envelope Definition, and Test Oracle, for IBM POWER Multiprocessors},
    year = {2015},
    isbn = {9781450340342},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    _url = {https://doi.org/10.1145/2830772.2830775},
    doi = {10.1145/2830772.2830775},
    booktitle = {Proceedings of the 48th International Symposium on Microarchitecture},
    pages = {635–646},
    numpages = {12},
    location = {Waikiki, Hawaii},
    series = {MICRO-48}
}

@article{Flur2017,
    author = {Flur, Shaked and Sarkar, Susmit and Pulte, Christopher and Nienhuis, Kyndylan and Maranget, Luc and Gray, Kathryn E. and Sezgin, Ali and Batty, Mark and Sewell, Peter},
    title = {Mixed-Size Concurrency: ARM, POWER, C/C++11, and SC},
    year = {2017},
    issue_date = {May 2017},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {52},
    number = {1},
    issn = {0362-1340},
    _url = {https://doi.org/10.1145/3093333.3009839},
    doi = {10.1145/3093333.3009839},
    journal = {SIGPLAN Not.},
    month = jan,
    pages = {429–442},
    numpages = {14},
    keywords = {ISA, mixed-size, Relaxed Memory Models, semantics}
}

@article{Lipton1975,
    author = {Lipton, Richard J.},
    title = {Reduction: A Method of Proving Properties of Parallel Programs},
    year = {1975},
    issue_date = {December 1975},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {18},
    number = {12},
    issn = {0001-0782},
    _url = {https://doi.org/10.1145/361227.361234},
    doi = {10.1145/361227.361234},
    journal = {Commun. ACM},
    month = dec,
    pages = {717–721},
    numpages = {5},
    keywords = {indivisible, parallel program, deadlock free, reduction, semaphore, interruptible, process, verification method, computation sequence}
}

@inbook{BBR2012,
    address = {Berlin, Heidelberg},
    author = {Jiří Barnat and Luboš Brim and Petr Ročkai},
    booktitle = {NASA Formal Methods: 4th International Symposium, NFM 2012, Norfolk, VA, USA, April 3-5, 2012. Proceedings},
    doi = {10.1007/978-3-642-28891-3_25},
    editor = {Goodloe, Alwyn E.
    and Person, Suzette},
    isbn = {978-3-642-28891-3},
    pages = {252--266},
    publisher = {Springer Berlin Heidelberg},
    title = {Towards LTL Model Checking of Unmodified Thread-Based C {\&} C++ Programs},
    _url = {http://dx.doi.org/10.1007/978-3-642-28891-3_25},
    year = {2012}
}


@InProceedings{RBB13,
  author = "Petr Ročkai and Jiří Barnat and Luboš Brim",
  title = "{Improved State Space Reductions for LTL Model Checking of C \& C++ Programs}",
  booktitle = "{NASA Formal Methods (NFM 2013)}",
  pages = "1--15",
  year = "2013",
  volume = "7871",
  series = "LNCS",
  publisher = "Springer Berlin Heidelberg",
  keywords = {divine, red hat},
  editor = "Brat, Guillaume and Rungta, Neha and Venet, Arnaud",
  abstract="In this paper, we present substantial improvements in efficiency of explicit-state LTL model checking of C {\&} C++ programs, building on [2], including improvements to state representation and to state space reduction techniques. The improved state representation allows to easily exploit symmetries in heap configurations of the program, especially in programs with interleaved heap allocations. Finally, we present a major improvement through a semi-dynamic proviso for partial-order reduction, based on eager local searches constrained through control-flow loop detection.",
  isbn="978-3-642-38088-4",
  doi = "10.1007/978-3-642-38088-4_1"
}

@article{Yorav2004,
    title={Static analysis for state-space reductions preserving temporal logics},
    author={Yorav, Karen and Grumberg, Orna},
    journal={Formal Methods in System Design},
    volume={25},
    number={1},
    pages={67--96},
    year={2004},
    publisher={Springer},
    doi = "10.1023/B:FORM.0000033963.55470.9e"
}

@InProceedings{Peled1993,
    author="Peled, Doron",
    editor="Courcoubetis, Costas",
    title="All from one, one for all: on model checking using representatives",
    booktitle="Computer Aided Verification",
    year="1993",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="409--423",
    abstract="Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based on infinite traces such that for each equivalence class, either all or none of the sequences satisfy the checked formula. We present an algorithm for constructing a state graph that contains at least one representative sequence for each equivalence class. This allows applying existing model checking algorithms to the reduced state graph rather than on the larger full state graph of the program. It also allows model checking under fairness assumptions, and exploits these assumptions to obtain smaller state graphs. A formula rewriting technique is presented to allow coarser equivalence relation among sequences, such that less representatives are needed.",
    isbn="978-3-540-47787-7",
    doi="10.1007/3-540-56922-7_34"
}

@book{Holzmann2004,
    title={The SPIN model checker: Primer and reference manual},
    author={Holzmann, Gerard J},
    volume={1003},
    year={2004},
    publisher={Addison-Wesley Reading},
    isbn={978-0-321-22862-8},
    url={https://www.cin.ufpe.br/~acm/esd/intranet/spinPrimer.pdf}
}

@InProceedings{Zaks2008,
    author="Zaks, Anna
    and Joshi, Rajeev",
    editor="Havelund, Klaus
    and Majumdar, Rupak
    and Palsberg, Jens",
    title="Verifying Multi-threaded C Programs with SPIN",
    booktitle="Model Checking Software",
    year="2008",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="325--342",
    abstract="A key challenge in model checking software is the difficulty of verifying properties of implementation code, as opposed to checking an abstract algorithmic description. We describe a tool for verifying multi-threaded C programs that uses the SPIN model checker. Our tool works by compiling a multi-threaded C program into a typed bytecode format, and then using a virtual machine that interprets the bytecode and computes new program states under the direction of SPIN. Our virtual machine is compatible with most of SPIN's search options and optimization flags, such as bitstate hashing and multi-core checking. It provides support for dynamic memory allocation (the malloc and free family of functions), and for the pthread library, which provides primitives often used by multi-threaded C programs. A feature of our approach is that it can check code after compiler optimizations, which can sometimes introduce race conditions. We describe how our tool addresses the state space explosion problem by allowing users to define data abstraction functions and to constrain the number of allowed context switches. We also describe a reduction method that reduces context switches using dynamic knowledge computed on-the-fly, while being sound for both safety and liveness properties. Finally, we present initial experimental results with our tool on some small examples.",
    isbn="978-3-540-85114-1",
    doi="10.1007/978-3-540-85114-1_22"
}

@book{Godefroid1996partial,
    title={Partial-Order Methods for the Verification of Concurrent Systems},
    subtitle={An Approach to the State-Explosion Problem},
    author={Godefroid, Patrice and van Leeuwen, Jan and Hartmanis, Juris and Goos, Gerhard and Wolper, Pierre},
    volume={1032},
    year={1996},
    publisher={Springer Heidelberg},
    doi={10.1007/3-540-60761-7},
    isbn={978-3-540-60761-8}
}

@article{Pratt1986,
    title={Modeling concurrency with partial orders},
    author={Pratt, Vaughan},
    journal={International journal of parallel programming},
    volume={15},
    number={1},
    pages={33--71},
    year={1986},
    publisher={Springer}
}

@InProceedings{Yin2018,
    author="Yin, Liangze
    and Dong, Wei
    and Liu, Wanwei
    and Li, Yunchou
    and Wang, Ji",
    editor="Beyer, Dirk
    and Huisman, Marieke",
    title="YOGAR-CBMC: CBMC with Scheduling Constraint Based Abstraction Refinement",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2018",
    publisher="Springer International Publishing",
    address="Cham",
    pages="422--426",
    abstract="This paper presents the Yogar-CBMC tool for verification of multi-threaded C programs. It employs a scheduling constraint based abstraction refinement method for bounded model checking of concurrent programs. To obtain effective refinement constraints, we have proposed the notion of Event Order Graph (EOG), and have devised two graph-based algorithms over EOG for counterexample validation and refinement generation. The experiments in SV-COMP 2017 show the promising results of our tool.",
    isbn="978-3-319-89963-3",
    doi="10.1007/978-3-319-89963-3_25"
}

@INPROCEEDINGS{Yin2019,
    author={L. {Yin} and W. {Dong} and W. {Liu} and J. {Wang}},
    booktitle={2019 IEEE/ACM 41st International Conference on Software
    Engineering (ICSE)},
    title={Parallel Refinement for Multi-Threaded Program Verification},
    year={2019},
    volume={},
    number={},
    pages={643-653},
    doi={10.1109/ICSE.2019.00074}
}

@InProceedings{Khazem2019,
    author="Khazem, Kareem and Tautschnig, Michael",
    editor="Beyer, Dirk and Huisman, Marieke and Kordon, Fabrice and Steffen,Bernhard",
    title="CBMC Path: A Symbolic Execution Retrofit of the C Bounded Model Checker",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="199--203",
    abstract="We gave CBMC the ability to explore and model check single program paths, as opposed to its default whole-program model-checking behaviour. This means that CBMC, when invoked with theflag, symbolically executes one program path at a time---saving unexplored paths for later---and attempts to prove properties for only that path. By doing this repeatedly for each path that CBMC encounters, CBMC can detect property violations in a scalable and incremental way.",
    isbn="978-3-030-17502-3",
    doi="10.1007/978-3-030-17502-3_13"
}

@InProceedings{Cordeiro2019,
    author="Cordeiro, Lucas and Kroening, Daniel and Schrammel, Peter",
    editor="Beyer, Dirk and Huisman, Marieke and Kordon, Fabrice and Steffen, Bernhard",
    title="JBMC: Bounded Model Checking for Java Bytecode",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="219--223",
    abstract="JBMC is a bounded model checking tool for verifying Java bytecode. It is built on top of the CPROVER framework. JBMC processes Java bytecode together with a model of the standard Java libraries. It checks a set of desired properties, such as assertions and absence of uncaught exceptions, under given bounds on loops, recursion and data structures. Internally, it uses the same bounded model checking engine as its sibling tool CBMC and discharges the generated verification conditions with the help of MiniSAT 2.2.1.",
    isbn="978-3-030-17502-3",
    doi="10.1007/978-3-030-17502-3_17"
}

@InProceedings{Cordeiro2018,
    author="Cordeiro, Lucas and Kesseli, Pascal and Kroening, Daniel and Schrammel,Peter and Trtik, Marek",
    editor="Chockler, Hana and Weissenbacher, Georg",
    title="JBMC: A Bounded Model Checking Tool for Verifying Java Bytecode",
    booktitle="Computer Aided Verification",
    year="2018",
    publisher="Springer International Publishing",
    address="Cham",
    pages="183--190",
    abstract="We present a bounded model checking tool for verifying Java bytecode, which is built on top of the CPROVER framework, named Java Bounded Model Checker (JBMC). JBMC processes Java bytecode together with a model of the standard Java libraries and checks a set of desired properties. Experimental results show that JBMC can correctly verify a set of Java benchmarks from the literature and that it is competitive with two state-of-the-art Java verifiers.",
    isbn="978-3-319-96145-3",
    doi="10.1007/978-3-319-96145-3_10"
}

@InProceedings{Gadelha2019,
    author="Gadelha, Mikhail R.  and Monteiro, Felipe and Cordeiro, Lucas and Nicole, Denis",
    editor="Beyer, Dirk and Huisman, Marieke and Kordon, Fabrice and Steffen, Bernhard",
    title="ESBMC v6.0: Verifying C Programs Using k-Induction and Invariant Inference",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="209--213",
    abstract="ESBMC v6.0 employs a k-induction algorithm to both falsify and prove safety properties in C programs. We have developed a new interval-invariant generator that pre-processes the program, inferring invariants based on intervals and introducing them in the program as assumptions. Our experiments show that ESBMC v6.0 using k-induction can prove up to 7{\%} more programs when the invariant generation is enabled.",
    isbn="978-3-030-17502-3",
    doi="10.1007/978-3-030-17502-3_15"
}

@inproceedings{Gadelha2018,
    author = {Gadelha, Mikhail R. and Monteiro, Felipe R. and Morse, Jeremy and Cordeiro, Lucas C. and Fischer, Bernd and Nicole, Denis A.},
    title = {ESBMC 5.0: An Industrial-Strength C Model Checker},
    year = {2018},
    isbn = {9781450359375},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    _url = {https://doi.org/10.1145/3238147.3240481},
    doi = {10.1145/3238147.3240481},
    booktitle = {Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering},
    pages = {888–891},
    numpages = {4},
    keywords = {Software model checking, {it k}-induction, Bug detection},
    location = {Montpellier, France},
    series = {ASE 2018}
}

@InProceedings{Merz2012,
    author="Merz, Florian and Falke, Stephan and Sinz, Carsten",
    editor="Joshi, Rajeev and M{\"u}ller, Peter and Podelski, Andreas",
    title="LLBMC: Bounded Model Checking of C and C++ Programs Using a Compiler IR",
    booktitle="Verified Software: Theories, Tools, Experiments",
    year="2012",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="146--161",
    abstract="Bounded model checking (BMC) of C and C++ programs is challenging due to the complex and intricate syntax and semantics of these programming languages. The BMC tool LLBMC presented in this paper thus uses the LLVM compiler framework in order to translate C and C++ programs into LLVM's intermediate representation. The resulting code is then converted into a logical representation and simplified using rewrite rules. The simplified formula is finally passed to an SMT solver. In contrast to many other tools, LLBMC uses a flat, bit-precise memory model. It can thus precisely model, e.g., memory-based re-interpret casts as used in C and static/dynamic casts as used in C++. An empirical evaluation shows that LLBMC compares favorable to the related BMC tools CBMC and ESBMC.",
    isbn="978-3-642-27705-4",
    doi="10.1007/978-3-642-27705-4_12"
}

@INPROCEEDINGS{Falke2013,
    author={Stephan {Falke} and Florian {Merz} and Carsten {Sinz}},
    booktitle={2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE)},
    title={The bounded model checker LLBMC},
    year={2013},
    volume={},
    number={},
    pages={706-709},
    doi={10.1109/ASE.2013.6693138}
}

@article{Sousa2013,
    title={LLVMVF: A generic approach for verification of multicore software},
    author={Sousa, Marcelo and Sen, Alper},
    journal={Journal of Electronic Testing},
    volume={29},
    number={5},
    pages={635--646},
    year={2013},
    publisher={Springer},
    doi={10.1007/s10836-013-5405-9}
}

@InProceedings{Rocha2017svc,
    author="Rocha, Williame and Rocha, Herbert and Ismail, Hussama and Cordeiro, Lucas and Fischer, Bernd",
    editor="Legay, Axel and Margaria, Tiziana",
    title="DepthK: A k-Induction Verifier Based on Invariant Inference for C Programs",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2017",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="360--364",
    abstract="DepthK is a software verification tool that employs a proof by induction algorithm that combines k-induction with invariant inference. In order to efficiently and effectively verify and falsify safety properties in C programs, DepthK infers program invariants using polyhedral constraints. Experimental results show that our approach can handle a wide variety of safety properties in several intricate verification tasks.",
    isbn="978-3-662-54580-5",
    doi="10.1007/978-3-662-54580-5_23"
}

@Inbook{Rocha2017,
author="Rocha, Herbert
and Ismail, Hussama
and Cordeiro, Lucas
and Barreto, Raimundo",
editor="Lettnin, Djones
and Winterholer, Markus",
title="Model Checking Embedded C Software Using k-Induction and Invariants",
bookTitle="Embedded Software Verification and Debugging",
year="2017",
publisher="Springer New York",
address="New York, NY",
pages="159--182",
abstract="We present a novel proof by induction algorithm, which combines k-induction with invariants to model check embedded C software with bounded and unbounded loops. The k-induction algorithm consists of three cases: in the base case, we aim to find a counterexample with up to k loop unwindings; in the forward condition, we check whether loops have been fully unrolled and that the safety property P holds in all states reachable within k unwindings; and in the inductive step, we check that whenever P holds for k unwindings, it also holds after the next unwinding of the system. For each step of the k-induction algorithm, we infer invariants using affine constraints (i.e., polyhedral) to specify pre and postconditions. The algorithm was implemented in two different ways, with and without invariants using polyhedral, and the results were compared. Experimental results show that both forms can handle a wide variety of safety properties in typical embedded software applications from telecommunications, control systems, and medical devices domains; however, the k-induction algorithm adopting polyhedral solves more verification tasks, which demonstrate an improvement of the induction algorithm effectiveness.",
isbn="978-1-4614-2266-2",
doi="10.1007/978-1-4614-2266-2_7",
_url="https://doi.org/10.1007/978-1-4614-2266-2_7"
}

@inproceedings{Cordeiro2011,
    author = {Cordeiro, Lucas and Fischer, Bernd},
    title = {Verifying Multi-Threaded Software Using SMT-based Context-Bounded Model Checking},
    year = {2011},
    isbn = {9781450304450},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    _url = {https://doi.org/10.1145/1985793.1985839},
    doi = {10.1145/1985793.1985839},
    booktitle = {Proceedings of the 33rd International Conference on Software Engineering},
    pages = {331–340},
    numpages = {10},
    keywords = {symbolic and explicit model checking, formal software verification, sat modulo theories, multi-threaded systems},
    location = {Waikiki, Honolulu, HI, USA},
    series = {ICSE ’11}
}

@inproceedings{10.1145/1040305.1040316,
author = {Grumberg, Orna and Lerda, Flavio and Strichman, Ofer and Theobald, Michael},
title = {Proof-Guided Underapproximation-Widening for Multi-Process Systems},
year = {2005},
isbn = {158113830X},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
_url = {https://doi.org/10.1145/1040305.1040316},
doi = {10.1145/1040305.1040316},
booktitle = {Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages},
pages = {122–131},
numpages = {10},
keywords = {software verification, SAT proofs, underapproximation-widening, bounded model checking, abstraction},
location = {Long Beach, California, USA},
series = {POPL ’05}
}

@article{Grumberg2005,
    author = {Grumberg, Orna and Lerda, Flavio and Strichman, Ofer and Theobald, Michael},
    title = {Proof-Guided Underapproximation-Widening for Multi-Process Systems},
    year = {2005},
    issue_date = {January 2005},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {40},
    number = {1},
    issn = {0362-1340},
    _url = {https://doi.org/10.1145/1047659.1040316},
    doi = {10.1145/1047659.1040316},
    journal = {SIGPLAN Not.},
    month = jan,
    pages = {122–131},
    numpages = {10},
    keywords = {SAT proofs, underapproximation-widening, bounded model checking, software verification, abstraction}
}

@article{Cordeiro2016,
    author = {Cordeiro, Lucas C. and de Lima Filho, Eddie B.},
    title = {SMT-Based Context-Bounded Model Checking for Embedded Systems: Challenges and Future Trends},
    year = {2016},
    issue_date = {June 2016},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {41},
    number = {3},
    issn = {0163-5948},
    _url = {https://doi.org/10.1145/2934240.2934247},
    doi = {10.1145/2934240.2934247},
    journal = {SIGSOFT Softw. Eng. Notes},
    month = jun,
    pages = {1–6},
    numpages = {6}
}

@INPROCEEDINGS{Ramalho2013,
    author={Ramalho, Mikhail and Freitas, Mauro and Sousa, Felipe and Marques, Hendrio and Cordeiro, Lucas and Fischer, Bernd},
    booktitle={2013 20th IEEE International Conference and Workshops on Engineering of Computer Based Systems (ECBS)},
    title={SMT-Based Bounded Model Checking of C++ Programs},
    year={2013},
    volume={},
    number={},
    pages={147-156},
    doi="10.1109/ECBS.2013.15"
}

@INPROCEEDINGS{Sousa2015,
    author={Sousa, Felipe R. M. and Cordeiro, Lucas C. and de Lima Filho, Eddie B.},
    booktitle={2015 IEEE 4th Global Conference on Consumer Electronics (GCCE)},
    title={Bounded model checking of C++ programs based on the Qt framework},
    year={2015},
    volume={},
    number={},
    pages={179-180},
    doi={10.1109/GCCE.2015.7398699}
}

@InProceedings{Garcia2016,
    author="Garcia, M{\'a}rio and Monteiro, Felipe and Cordeiro, Lucas and de Lima Filho, Eddie",
    editor="Bo{\v{s}}na{\v{c}}ki, Dragan and Wijs, Anton",
    title="ESBMC{$^{QtOM}$}: A Bounded Model Checking Tool to Verify Qt Applications",
    booktitle="Model Checking Software",
    year="2016",
    publisher="Springer International Publishing",
    address="Cham",
    pages="97--103",
    abstract="We integrate a simplified model of the Qt framework, named as Qt operational model (QtOM), into the efficient SMT-based context-bounded model checker (ESBMC++), which results in ESBMC{$^{QtOM}$}. In particular, ESBMC{$^{QtOM}$} is a bounded model checking tool to verify Qt-based applications, which focuses on the verification of code properties, such as invalid memory access and containers usage, through pre- and postconditions, data usage evaluation, and simulation features. Experimental results show that ESBMC{$^{QtOM}$} can be effectively and efficiently applied to verify Qt-based consumer electronics applications.",
    isbn="978-3-319-32582-8",
    doi="10.1007/978-3-319-32582-8_6"
}

@InProceedings{Inverso2014,
    author="Inverso, Omar and Tomasco, Ermenegildo and Fischer, Bernd and La Torre, Salvatore and Parlato, Gennaro",
    editor="Biere, Armin
    and Bloem, Roderick",
    title="Bounded Model Checking of Multi-threaded C Programs via Lazy Sequentialization",
    booktitle="Computer Aided Verification",
    year="2014",
    publisher="Springer International Publishing",
    address="Cham",
    pages="585--602",
    abstract="Bounded model checking (BMC) has successfully been used for many practical program verification problems, but concurrency still poses a challenge. Here we describe a new approach to BMC of sequentially consistent C programs using POSIX threads. Our approach first translates a multi-threaded C program into a nondeterministic sequential C program that preserves reachability for all round-robin schedules with a given bound on the number of rounds. It then re-uses existing high-performance BMC tools as backends for the sequential verification problem. Our translation is carefully designed to introduce very small memory overheads and very few sources of nondeterminism, so that it produces tight SAT/SMT formulae, and is thus very effective in practice: our prototype won the concurrency category of SV-COMP14. It solved all verification tasks successfully and was 30x faster than the best tool with native concurrency handling.",
    isbn="978-3-319-08867-9"
}

@article{Qadeer2004,
    author = {Qadeer, Shaz and Wu, Dinghao},
    title = {KISS: Keep It Simple and Sequential},
    year = {2004},
    issue_date = {June 2004},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {39},
    number = {6},
    issn = {0362-1340},
    _url = {https://doi.org/10.1145/996893.996845},
    doi = {10.1145/996893.996845},
    journal = {SIGPLAN Not.},
    month = jun,
    pages = {14–24},
    numpages = {11},
    keywords = {program analysis, assertion checking, concurrent software, race detection, model checking}
}

@InProceedings{Tomasco2015,
    author="Tomasco, Ermenegildo and Inverso, Omar and Fischer, Bernd and La Torre, Salvatore and Parlato, Gennaro",
    editor="Baier, Christel
    and Tinelli, Cesare",
    title="Verifying Concurrent Programs by Memory Unwinding",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2015",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="551--565",
    abstract="We describe a new sequentialization-based approach to the symbolic verification of multithreaded programs with shared memory and dynamic thread creation. Its main novelty is the idea of memory unwinding (MU), i.e., a sequence of write operations into the shared memory. For the verification, we nondeterministically guess an MU and then simulate the behavior of the program according to any scheduling that respects it. This approach is complementary to other sequentializations and explores an orthogonal dimension, i.e., the number of write operations. It also simplifies the implementation of several important optimizations, in particular the targeted exposure of individual writes. We implemented this approach as a code-to-code transformation from multithreaded into nondeterministic sequential programs, which allows the reuse of sequential verification tools. Experiments show that our approach is effective: it found all errors in the concurrency category of SV-COMP15.",
    isbn="978-3-662-46681-0",
    doi="10.1007/978-3-662-46681-0_52"
}

@InProceedings{Tomasco2016,
    author="Tomasco, Ermenegildo and Nguyen, Truc L.  and Inverso, Omar and Fischer, Bernd and La Torre, Salvatore and Parlato, Gennaro",
    editor="Chechik, Marsha
    and Raskin, Jean-Fran{\c{c}}ois",
    title="MU-CSeq 0.4: Individual Memory Location Unwindings",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2016",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="938--941",
    abstract="We present the MU-CSeq tool for the verification of multi-threaded C programs with dynamic thread creation, dynamic memory allocation, and pointer arithmetic. It is based on sequentializing the programs over the new notion of individual memory location unwinding (IMU). IMU is derived from the notion of memory unwinding that has been implemented in the previous versions of MU-CSeq. The main concepts of IMU are: (1) the use of multiple write sequences, one for each individual shared memory location that is effectively used in the executions and (2) the use of memory addresses rather than variable names in the operations on the shared memory, which requires a separate table to map write sequences but supports pointer arithmetic.",
    isbn="978-3-662-49674-9",
    doi="10.1007/978-3-662-49674-9_65"
}

@InProceedings{Tomasco2017,
    author="Tomasco, Ermenegildo and Nguyen, Truc Lam and Fischer, Bernd and La Torre, Salvatore and Parlato, Gennaro",
    editor="Cimatti, Alessandro
    and Sirjani, Marjan",
    title="Using Shared Memory Abstractions to Design Eager Sequentializations for Weak Memory Models",
    booktitle="Software Engineering and Formal Methods",
    year="2017",
    publisher="Springer International Publishing",
    address="Cham",
    pages="185--202",
    abstract="Sequentialization translates concurrent programs into equivalent nondeterministic sequential programs so that the different concurrent schedules no longer need to be handled explicitly. However, existing sequentializations assume sequential consistency, which modern hardware architectures no longer guarantee. Here we describe a new approach to embed weak memory models within eager sequentializations. Our approach is based on the separation of intra-thread computations from inter-thread communications by means of a shared memory abstraction (SMA). We give details of SMA implementations for the SC, TSO, and PSO memory models that are based on the idea of individual memory unwindings. We use our approach to implement a new, efficient BMC-based bug finding tool for multi-threaded C programs under SC, TSO, or PSO based on these SMAs, and show experimentally that it is competitive to existing tools.",
    isbn="978-3-319-66197-1",
    doi="10.1007/978-3-319-66197-1_12"
}

@INPROCEEDINGS{Canet2009,
    author={G. {Canet} and P. {Cuoq} and B. {Monate}},
    booktitle={2009 Ninth IEEE International Working Conference on Source Code Analysis and Manipulation},
    title={A Value Analysis for C Programs},
    year={2009},
    volume={},
    number={},
    pages={123-124},
    doi={10.1109/SCAM.2009.22}
} 

@InProceedings{Nguyen2017,
    author="Nguyen, Truc L.  and Inverso, Omar and Fischer, Bernd and La Torre, Salvatore and Parlato, Gennaro",
    editor="Legay, Axel
    and Margaria, Tiziana",
    title="Lazy-CSeq 2.0: Combining Lazy Sequentialization with Abstract Interpretation",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2017",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="375--379",
    abstract="Lazy sequentialization has emerged as one of the most effective techniques to find bugs in concurrent programs. However, the size of the shared global and thread-local state still poses a problem for further scaling. We therefore use abstract interpretation to minimize the representation of the concurrent program's state variables. More specifically, we run the Frama-C abstract interpretation tool over the sequentialized program output by Lazy-CSeq to compute over-approximating intervals for all (original) state variables and then exploit CBMC's bitvector support to reduce the number of bits required to represent these in the sequentialized program. We demonstrate that this leads to substantial performance gains on complex instances.",
    isbn="978-3-662-54580-5",
    doi="10.1007/978-3-662-54580-5_26"
}

@INPROCEEDINGS{Inverso2015,
    author={Omar {Inverso} and Truc L. {Nguyen} and Bernd {Fischer} and Salvatore La {Torre} and Gennaro {Parlato}},
    booktitle={2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE)},
    title={Lazy-CSeq: A Context-Bounded Model Checking Tool for Multi-threaded C-Programs},
    year={2015},
    volume={},
    number={},
    pages={807-812},
    doi={10.1109/ASE.2015.108}
}

@InProceedings{Artho2019,
    author="Artho, Cyrille and Visser, Willem",
    editor="Beyer, Dirk and Huisman, Marieke and Kordon, Fabrice and Steffen, Bernhard",
    title="Java Pathfinder at SV-COMP 2019 (Competition Contribution)",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="224--228",
    abstract="This paper gives a brief overview of Java Pathfinder, or jpf-core. We describe the architecture of JPF, its strengths, and how it was set up for SV-COMP 2019.",
    isbn="978-3-030-17502-3",
    doi="10.1007/978-3-030-17502-3_18"
}

@article{Visser2003,
    title={Model checking programs},
    author={Visser, Willem and Havelund, Klaus and Brat, Guillaume and Park, SeungJoon and Lerda, Flavio},
    journal={Automated software engineering},
    volume={10},
    number={2},
    pages={203--232},
    year={2003},
    publisher={Springer},
    doi={10.1023/A:1022920129859}
}

@article{Pasareanu2013,
    title={Symbolic PathFinder: integrating symbolic execution with model checking for Java bytecode analysis},
    author={P{\u{a}}s{\u{a}}reanu, Corina S and Visser, Willem and Bushnell, David and Geldenhuys, Jaco and Mehlitz, Peter and Rungta, Neha},
    journal={Automated Software Engineering},
    volume={20},
    number={3},
    pages={391--425},
    year={2013},
    publisher={Springer},
    doi={10.1007/s10515-013-0122-2}
}

@article{Holzmann1998,
    title={An analysis of bitstate hashing},
    author={Holzmann, Gerard J},
    journal={Formal methods in system design},
    volume={13},
    number={3},
    pages={289--307},
    year={1998},
    publisher={Springer},
    doi={10.1023/A:1008696026254}
}

@article{Laarman2019,
    title={Optimal compression of combinatorial state spaces},
    author={Laarman, Alfons},
    journal={Innovations in Systems and Software Engineering},
    volume={15},
    number={3-4},
    pages={235--251},
    year={2019},
    publisher={Springer},
    doi={10.1007/s11334-019-00341-7}
}

@InProceedings{Kant2015,
    author="Kant, Gijs and Laarman, Alfons and Meijer, Jeroen and van de Pol, Jaco and Blom, Stefan and van Dijk, Tom",
    editor="Baier, Christel and Tinelli, Cesare",
    title="LTSmin: High-Performance Language-Independent Model Checking",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2015",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="692--707",
    abstract="In recent years, the LTSmin model checker has been extended with support for several new modelling languages, including probabilistic (Mapa) and timed systems (Uppaal). Also, connecting additional language front-ends or ad-hoc state-space generators to LTSmin was simplified using custom C-code. From symbolic and distributed reachability analysis and minimisation, LTSmin's functionality has developed into a model checker with multi-core algorithms for on-the-fly LTL checking with partial-order reduction, and multi-core symbolic checking for the modal $\mu$ calculus, based on the multi-core decision diagram package Sylvan.",
    isbn="978-3-662-46681-0",
    doi="10.1007/978-3-662-46681-0_61"
}

@InProceedings{Malik2018,
    author="Mal{\'i}k, Viktor and Marti{\v{c}}ek, {\v{S}}tefan and Schrammel, Peter and Srivas, Mandayam and Vojnar, Tom{\'a}{\v{s}} and Wahlang, Johanan",
    editor="Beyer, Dirk and Huisman, Marieke",
    title="2LS: Memory Safety and Non-termination",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2018",
    publisher="Springer International Publishing",
    address="Cham",
    pages="417--421",
    abstract="2LS is a C program analyser built upon the CPROVER infrastructure. 2LS is bit-precise and it can verify and refute program assertions and termination. 2LS implements template-based synthesis techniques, e.g. to find invariants and ranking functions, and incremental loop unwinding techniques to find counterexamples and k-induction proofs. New features in this year's version are improved handling of heap-allocated data structures using a template domain for shape analysis and two approaches to prove program non-termination.",
    isbn="978-3-319-89963-3",
    doi="10.1007/978-3-319-89963-3_24"
}

@article{Chen2017,
    author = {Chen, Hong-Yi and David, Cristina and Kroening, Daniel and Schrammel, Peter and Wachter, Bj\"{o}rn},
    title = {Bit-Precise Procedure-Modular Termination Analysis},
    year = {2017},
    issue_date = {January 2018},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {40},
    number = {1},
    issn = {0164-0925},
    _url = {https://doi.org/10.1145/3121136},
    doi = {10.1145/3121136},
    journal = {ACM Trans. Program. Lang. Syst.},
    month = dec,
    articleno = {Article 1},
    numpages = {38},
    keywords = {interprocedural analysis, bit-precise analysis, Termination analysis, templates}
}

@article{Albert2017,
    title={Rely-guarantee termination and cost analyses of loops with concurrent interleavings},
    author={Albert, Elvira and Flores-Montoya, Antonio and Genaim, Samir and Martin-Martin, Enrique},
    journal={Journal of Automated Reasoning},
    volume={59},
    number={1},
    pages={47--85},
    year={2017},
    publisher={Springer},
    doi={10.1007/s10817-016-9400-6}
}

@inproceedings{BBCR10,
    author = {Jiří Barnat and Luboš Brim and Milan Češka and Petr Ročkai},
    booktitle = {{Parallel and Distributed Methods in Verification and High
    Performance Computational Systems Biology}},
    doi = {10.1109/PDMC-HiBi.2010.9},
    keywords = {formal verification;parallel processing;reachability
    analysis;DiVinE;LTL model checking;parallel distributed model
    checker;reachability analysis, divine, red hat},
    month = {Sept},
    organization = {IEEE},
    pages = {4--7},
    title = {{DiVinE: Parallel Distributed Model Checker}},
    year = {2010}
}

@inproceedings{BBCS05,
    author = {Jiří Barnat and Luboš Brim and Ivana Černá and Pavel Šimeček},
    booktitle = {Proceedings of 4th International Workshop on Parallel and Distributed Methods in verifiCation},
    editor = {M. Leucker and J. van de Pol},
    month = {7},
    pages = {89--94},
    title = {{D}i{V}in{E} -- {T}he {D}istributed {V}erification {E}nvironment},
    year = {2005}
}

@inproceedings{LRB2018,
    doi = {10.1007/978-3-030-02508-3_17},
    author="Lauko, Henrich and Ro{\v{c}}kai, Petr and Barnat, Ji{\v{r}}{\'i}",
    editor="Fischer, Bernd and Uustalu, Tarmo",
    title="Symbolic Computation via Program Transformation",
    booktitle="Theoretical Aspects of Computing -- ICTAC 2018",
    year="2018",
    publisher="Springer International Publishing",
    address="Cham",
    pages="313--332",
    abstract="Symbolic computation is an important approach in automated program analysis. Most state-of-the-art tools perform symbolic computation as interpreters and directly maintain symbolic data. In this paper, we show that it is feasible, and in fact practical, to use a compiler-based strategy instead. Using compiler tooling, we propose and implement a transformation which takes a standard program and outputs a program that performs a semantically equivalent, but partially symbolic, computation. The transformed program maintains symbolic values internally and operates directly on them; therefore, the program can be processed by a tool without support for symbolic manipulation.",
    isbn="978-3-030-02508-3"
}

@InProceedings{CLOR2019,
    author="Cortesi, Agostino and Lauko, Henrich and Olliaro, Martina and Ro{\v{c}}kai, Petr",
    editor="Biondi, Fabrizio
    and Given-Wilson, Thomas
    and Legay, Axel",
    title="String Abstraction for Model Checking of C Programs",
    booktitle="Model Checking Software",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="74--93",
    abstract="Automatic abstraction is a powerful software verification technique. In this paper, we elaborate an abstract domain for C strings, that is, null-terminated arrays of characters. We describe the abstract semantics of basic string operations and prove their soundness with regards to previously established concrete semantics of those operations. In addition to a selection of string functions from the standard C library, we provide semantics for character access and update, enabling automatic lifting of arbitrary string-manipulating code into the domain.",
    isbn="978-3-030-30923-7",
    doi="10.1007/978-3-030-30923-7_5"
}

@inproceedings{MBLB2016,
    address = {Cham},
    author = {Jan Mrázek and Petr Bauch and Henrich Lauko and Jiří Barnat},
    booktitle = {{Model Checking Software: 23rd International Symposium, SPIN}},
    doi = {10.1007/978-3-319-32582-8_14},
    editor = {Bošnački, Dragana and Wijs, Anton},
    isbn = {978-3-319-32582-8},
    keywords = {divine,symdivine},
    pages = {208--213},
    publisher = {Springer International Publishing},
    title = {{SymDIVINE: Tool for Control-Explicit Data-Symbolic State Space Exploration}},
    _url = {http://dx.doi.org/10.1007/978-3-319-32582-8_14},
    year = {2016}
}

@InProceedings{Mazurkiewicz1987,
    author="Mazurkiewicz, Antoni",
    editor="Brauer, W.  and Reisig, W.  and Rozenberg, G.",
    title="Trace theory",
    booktitle="Petri Nets: Applications and Relationships to Other Models of Concurrency",
    year="1987",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="278--324",
    abstract="The concept of traces has been introduced for describing non-sequential behaviour of concurrent systems via its sequential observations. Traces represent concurrent processes in the same way as strings represent sequential ones. The theory of traces can be used as a tool for reasoning about nets and it is hoped that applying this theory one can get a calculus of the concurrent processes anologous to that available for sequential systems. The following topics will be discussed: algebraic properties of traces, trace models of some concurrency phenomena, fixed-point calculus for finding the behaviour of nets, modularity, and some applications of the presented theory.",
    isbn="978-3-540-47926-0",
    doi="10.1007/3-540-17906-2_30"
}

@InProceedings{RBMKB2019,
    author="Ro{\v{c}}kai, Petr and Baranov{\'a}, Zuzana and Mr{\'a}zek, Jan and Kejstov{\'a}, Katar{\'i}na and Barnat, Ji{\v{r}}{\'i}",
    editor="{\"O}lveczky, Peter Csaba and Sala{\"u}n, Gwen",
    title="Reproducible Execution of POSIX Programs with DiOS ",
    booktitle="Software Engineering and Formal Methods",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="333--349",
    abstract="In this paper, we describe DiOS, a lightweight model operating system which can be used to execute programs that make use of POSIX APIs. Such executions are fully reproducible: running the same program with the same inputs twice will result in two exactly identical instruction traces, even if the program uses threads for parallelism.",
    isbn="978-3-030-30446-1",
    doi="10.1007/978-3-030-30446-1_18"
}

@InProceedings{Biere1999,
    author="Biere, Armin and Cimatti, Alessandro and Clarke, Edmund and Zhu, Yunshan",
    editor="Cleaveland, W. Rance",
    title="Symbolic Model Checking without BDDs",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="1999",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="193--207",
    abstract="Symbolic Model Checking [3], [14] has proven to be a powerful technique for the verification of reactive systems. BDDs [2] have traditionally been used as a symbolic representation of the system. In this paper we show how boolean decision procedures, like St{\aa}lmarck's Method [16] or the Davis {\&} Putnam Procedure [7], can replace BDDs. This new technique avoids the space blow up of BDDs, generates counterexamples much faster, and sometimes speeds up the verification. In addition, it produces counterexamples of minimal length. We introduce a bounded model checking procedure for LTL which reduces model checking to propositional satisfiability.We show that bounded LTL model checking can be done without a tableau construction. We have implemented a model checker BMC, based on bounded model checking, and preliminary results are presented.",
    isbn="978-3-540-49059-3",
    doi="10.1007/3-540-49059-0_14"
}

@inproceedings{Cho2013,
    title={Blitz: Compositional bounded model checking for real-world programs},
    author={Cho, Chia Yuan and D'Silva, Vijay and Song, Dawn},
    booktitle={2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE)},
    pages={136--146},
    year={2013},
    organization={IEEE},
    doi={10.1109/ASE.2013.6693074}
}

@InProceedings{Rabinovitz2005,
    author="Rabinovitz, Ishai and Grumberg, Orna",
    editor="Etessami, Kousha and Rajamani, Sriram K.",
    title="Bounded Model Checking of Concurrent Programs",
    booktitle="Computer Aided Verification",
    year="2005",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="82--97",
    abstract="We propose a SAT-based bounded verification technique, called TCBMC, for threaded C programs. Our work is based on CBMC, which models sequential C programs in which the number of executions for each loop and the depth of recursion are bounded.",
    isbn="978-3-540-31686-2",
    doi="10.1007/11513988_9"
}

@InProceedings{Ganai2008,
    author="Ganai, Malay K.  and Gupta, Aarti",
    editor="Havelund, Klaus and Majumdar, Rupak and Palsberg, Jens",
    title="Efficient Modeling of Concurrent Systems in BMC",
    booktitle="Model Checking Software",
    year="2008",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="114--133",
    abstract="We present an efficient method for modeling multi-threaded concurrent systems with shared variables and locks in Bounded Model Checking (BMC), and use it to improve the detection of safety properties such as data races. Previous approaches based on synchronous modeling of interleaving semantics do not scale up well due to the inherent asynchronism in those models. Instead, in our approach, we first create independent (uncoupled) models for each individual thread in the system, then explicitly add additional synchronization variables and constraints, incrementally, and only where such synchronization is needed to guarantee the (chosen) concurrency semantics (based on sequential consistency). We describe our modeling in detail and report verification results to demonstrate the efficacy of our approach on a complex case study.",
    isbn="978-3-540-85114-1",
    doi="10.1007/978-3-540-85114-1_10"
}

@inproceedings{Burckhardt2007,
    author = {Burckhardt, Sebastian and Alur, Rajeev and Martin, Milo M. K.},
    title = {CheckFence: Checking Consistency of Concurrent Data Types on Relaxed Memory Models},
    year = {2007},
    isbn = {9781595936332},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    _url = {https://doi.org/10.1145/1250734.1250737},
    doi = {10.1145/1250734.1250737},
    booktitle = {Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation},
    pages = {12–21},
    numpages = {10},
    keywords = {sequential consistency, concurrent data structures, multi-threading, software model checking, memory models, lock-free synchronization, shared-memory multiprocessors},
    location = {San Diego, California, USA},
    series = {PLDI ’07}
}

@InProceedings{Birgmeier2014,
    doi="10.1007/978-3-319-08867-9_55",
    author="Birgmeier, Johannes and Bradley, Aaron R.  and Weissenbacher, Georg",
    editor="Biere, Armin and Bloem, Roderick",
    title="Counterexample to Induction-Guided Abstraction-Refinement (CTIGAR)",
    booktitle="Computer Aided Verification",
    year="2014",
    publisher="Springer International Publishing",
    address="Cham",
    pages="831--848",
    abstract="Typical CEGAR-based verification methods refine the abstract domain based on full counterexample traces. The finite state model checking algorithm IC3 introduced the concept of discovering, generalizing from, and thereby eliminating individual state counterexamples to induction (CTIs). This focus on individual states suggests a simpler abstraction-refinement scheme in which refinements are performed relative to single steps of the transition relation, thus reducing the expense of refinement and eliminating the need for full traces. Interestingly, this change in refinement focus leads to a natural spectrum of refinement options, including when to refine and which type of concrete single-step query to refine relative to. Experiments validate that CTI-focused abstraction refinement, or CTIGAR, is competitive with existing CEGAR-based tools.",
    isbn="978-3-319-08867-9"
}

@InProceedings{Bradley2011,
    doi="10.1007/978-3-642-18275-4_7",
    author="Bradley, Aaron R.",
    editor="Jhala, Ranjit and Schmidt, David",
    title="SAT-Based Model Checking without Unrolling",
    booktitle="Verification, Model Checking, and Abstract Interpretation",
    year="2011",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="70--87",
    abstract="A new form of SAT-based symbolic model checking is described. Instead of unrolling the transition relation, it incrementally generates clauses that are inductive relative to (and augment) stepwise approximate reachability information. In this way, the algorithm gradually refines the property, eventually producing either an inductive strengthening of the property or a counterexample trace. Our experimental studies show that induction is a powerful tool for generalizing the unreachability of given error states: it can refine away many states at once, and it is effective at focusing the proof search on aspects of the transition system relevant to the property. Furthermore, the incremental structure of the algorithm lends itself to a parallel implementation.",
    isbn="978-3-642-18275-4"
}

@inproceedings{Gunther2014,
    doi="10.1145/2632362.2632374",
    author = {G\"{u}nther, Henning and Weissenbacher, Georg},
    title = {Incremental Bounded Software Model Checking},
    year = {2014},
    isbn = {9781450324526},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    _url = {https://doi.org/10.1145/2632362.2632374},
    doi = {10.1145/2632362.2632374},
    booktitle = {Proceedings of the 2014 International SPIN Symposium on Model Checking of Software},
    pages = {40–47},
    numpages = {8},
    keywords = {Incremental, C, SMT, LLVM},
    location = {San Jose, CA, USA},
    series = {SPIN 2014}
}

@InProceedings{Rajkhowa2019,
    doi="10.1007/978-3-030-17502-3_23",
    author="Rajkhowa, Pritom and Lin, Fangzhen",
    editor="Beyer, Dirk and Huisman, Marieke and Kordon, Fabrice and Steffen,
    Bernhard",
    title="VIAP 1.1",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="250--255",
    abstract="VIAP (Verifier for Integer Assignment Programs) is an automated system for verifying safety properties of procedural programs with integer assignments and loops. It is based on a translation from of a program to a set of first-order axioms with quantification over natural numbers, and currently makes use of SymPy as the algebraic simplifier and the SMT solver Z3 as the theorem prover. Our first version of the system competed at SV-COMP 2018. This paper describes VIAP 1.1, a new version that makes use of our newly developed recurrence solver. As a result, VIAP 1.1. is able to verify many programs that were out of reach for the older version VIAP 1.0.",
    isbn="978-3-030-17502-3"
}

@INPROCEEDINGS{Rajkhowa2017,
    author={Pritom {Rajkhowa} and Fangzhen {Lin}},
    booktitle={2017 19th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)},
    title={VIAP - Automated System for Verifying Integer Assignment Programs with Loops},
    year={2017},
    volume={},
    number={},
    pages={137-144},
    doi={10.1109/SYNASC.2017.00032}
}

@InProceedings{Noller2019,
    doi="10.1007/978-3-030-17502-3_21",
    author="Noller, Yannic and P{\u{a}}s{\u{a}}reanu, Corina S.  and Fromherz, Aymeric and Le, Xuan-Bach D.  and Visser, Willem",
    editor="Beyer, Dirk and Huisman, Marieke and Kordon, Fabrice and Steffen, Bernhard",
    title="Symbolic Pathfinder for SV-COMP",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="239--243",
    abstract="This paper describes the benchmark entry for Symbolic Pathfinder, a symbolic execution tool for Java bytecode. We give a brief description of the tool and we describe the particular run configuration that was used in the SV-COMP competition. Furthermore, we comment on the competition results and we outline some directions for future work.",
    isbn="978-3-030-17502-3"
}

@InProceedings{Khurshid2003,
    doi="10.1007/3-540-36577-X_40",
    author="Khurshid, Sarfraz and P{\u{A}}s{\u{A}}reanu, Corina S.  and Visser, Willem",
    editor="Garavel, Hubert and Hatcliff, John",
    title="Generalized Symbolic Execution for Model Checking and Testing",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2003",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="553--568",
    abstract="Modern software systems, which often are concurrent and manipulate complex data structures must be extremely reliable. We present a novel framework based on symbolic execution, for automated checking of such systems. We provide a two-fold generalization of traditional symbolic execution based approaches. First, we define a source to source translation to instrument a program, which enables standard model checkers to perform symbolic execution of the program. Second, we give a novel symbolic execution algorithm that handles dynamically allocated structures (e.g., lists and trees), method preconditions (e.g., acyclicity), data (e.g., integers and strings) and concurrency. The program instrumentation enables a model checker to automatically explore different program heap configurations and manipulate logical formulae on program data (using a decision procedure). We illustrate two applications of our framework: checking correctness of multi-threaded programs that take inputs from unbounded domains with complex structure and generation of non-isomorphic test inputs that satisfy a testing criterion. Our implementation for Java uses the Java PathFinder model checker.",
    isbn="978-3-540-36577-8"
}

@inproceedings{Bang2016,
    author = {Bang, Lucas and Aydin, Abdulbaki and Phan, Quoc-Sang and P\u{a}s\u{a}reanu, Corina S. and Bultan, Tevfik},
    title = {String Analysis for Side Channels with Segmented Oracles},
    year = {2016},
    isbn = {9781450342186},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    _url = {https://doi.org/10.1145/2950290.2950362},
    doi = {10.1145/2950290.2950362},
    booktitle = {Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering},
    pages = {193–204},
    numpages = {12},
    keywords = {String constraints, Symbolic execution, Side-channel analysis},
    location = {Seattle, WA, USA},
    series = {FSE 2016}
}

@article{Fromherz2017,
    author = {Fromherz, Aymeric and Luckow, Kasper S. and P\u{a}s\u{a}reanu, Corina S.},
    title = {Symbolic Arrays in Symbolic PathFinder},
    year = {2017},
    issue_date = {January 2017},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {41},
    number = {6},
    issn = {0163-5948},
    _url = {https://doi.org/10.1145/3011286.3011296},
    doi = {10.1145/3011286.3011296},
    journal = {SIGSOFT Softw. Eng. Notes},
    month = jan,
    pages = {1–5},
    numpages = {5},
    keywords = {Symbolic PathFinder, Software Engineering, Symbolic Execution, Test-case Generation, Java PathFinder}
}

@InProceedings{Heizmann2017,
    doi="10.1007/978-3-662-54580-5_30",
    author="Heizmann, Matthias and Chen, Yu-Wen and Dietsch, Daniel and Greitschus, Marius and Nutz, Alexander and Musa, Betim and Sch{\"a}tzle, Claus and Schilling, Christian and Sch{\"u}ssele, Frank and Podelski, Andreas",
    editor="Legay, Axel and Margaria, Tiziana",
    title="Ultimate Automizer with an On-Demand Construction of Floyd-Hoare Automata",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2017",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="394--398",
    abstract="Ultimate Automizer is a software verifier that implements an automata-based approach for the verification of safety and liveness properties. A central new feature that speeded up the abstraction refinement of the tool is an on-demand construction of Floyd-Hoare automata.",
    isbn="978-3-662-54580-5"
}

@InProceedings{Heizmann2013,
    doi="10.1007/978-3-642-39799-8_2",
    author="Heizmann, Matthias and Hoenicke, Jochen and Podelski, Andreas",
    editor="Sharygina, Natasha
    and Veith, Helmut",
    title="Software Model Checking for People Who Love Automata",
    booktitle="Computer Aided Verification",
    year="2013",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="36--52",
    abstract="In this expository paper, we use automata for software model checking in a new way. The starting point is to fix the alphabet: the set of statements of the given program. We show how automata over the alphabet of statements can help to decompose the main problem in software model checking, which is to find the right abstraction of a program for a given correctness property.",
    isbn="978-3-642-39799-8"
}

@InProceedings{Greitschus2017,
    doi="10.1007/978-3-662-54580-5_31",
    author="Greitschus, Marius and Dietsch, Daniel and Heizmann, Matthias and Nutz, Alexander and Sch{\"a}tzle, Claus and Schilling, Christian and Sch{\"u}ssele, Frank and Podelski, Andreas",
    editor="Legay, Axel and Margaria, Tiziana",
    title="Ultimate Taipan: Trace Abstraction and Abstract Interpretation",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2017",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="399--403",
    abstract="Ultimate Taipan is a software model checker for C programs. It is based on a CEGAR variant, trace abstraction [7], where program abstractions, counterexample selection and abstraction refinement are based on automata. Ultimate Taipan constructs path programs from counterexamples and computes fixpoints for those path programs using abstract interpretation. If the fixpoints are strong enough to prove the path program to be correct, they are guaranteed to be loop invariants for the path program. If they are not strong enough, Ultimate Taipan uses an interpolating SMT solver to obtain state assertions from the original counterexample, thus guaranteeing progress.",
    isbn="978-3-662-54580-5"
}

@InProceedings{Nutz2015,
    doi="10.1007/978-3-662-46681-0_44",
    author="Nutz, Alexander and Dietsch, Daniel and Mohamed, Mostafa Mahmoud and Podelski, Andreas",
    editor="Baier, Christel
    and Tinelli, Cesare",
    title="ULTIMATE KOJAK with Memory Safety Checks",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2015",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="458--460",
    abstract="Ultimate Kojak is a symbolic software model checker implemented in the Ultimate framework. It follows the CEGAR approach and uses Craig interpolants to refine an overapproximation of the program until it can either prove safety or has found a real counterexample.",
    isbn="978-3-662-46681-0"
}

@InProceedings{Chalupa2018,
    doi="10.1007/978-3-319-94111-0_7",
    author="Chalupa, Marek and Strej{\v{c}}ek, Jan and Vitovsk{\'a}, Martina",
    editor="Gallardo, Mar{\'i}a del Mar and Merino, Pedro",
    title="Joint Forces for Memory Safety Checking",
    booktitle="Model Checking Software",
    year="2018",
    publisher="Springer International Publishing",
    address="Cham",
    pages="115--132",
    abstract="The paper describes a successful approach to checking computer programs for standard memory handling errors like invalid pointer dereference or memory leaking. The approach is based on four well-known techniques, namely pointer analysis, instrumentation, static program slicing, and symbolic execution. We present a particular very efficient combination of these techniques, which has been implemented in the tool Symbiotic and won by a large margin the MemSafety category of SV-COMP 2018. We explain the approach and provide a detailed analysis of effects of particular components.",
    isbn="978-3-319-94111-0"
}

@InProceedings{Dietsch2015,
    doi="10.1007/978-3-319-21690-4_4",
    author="Dietsch, Daniel and Heizmann, Matthias and Langenfeld, Vincent and Podelski, Andreas",
    editor="Kroening, Daniel and P{\u{a}}s{\u{a}}reanu, Corina S.",
    title="Fairness Modulo Theory: A New Approach to LTL Software Model Checking",
    booktitle="Computer Aided Verification",
    year="2015",
    publisher="Springer International Publishing",
    address="Cham",
    pages="49--66",
    abstract="The construction of a proof for unsatisfiability is less costly than the construction of a ranking function. We present a new approach to LTL software model checking (i.e., to statically analyze a program and verify a temporal property from the full class of LTL including general liveness properties) which aims at exploiting this fact. The idea is to select finite prefixes of a path and check these for infeasibility before considering the full infinite path. We have implemented a tool which demonstrates the practical potential of the approach. In particular, the tool can verify several benchmark programs for a liveness property just with finite prefixes (and thus without the construction of a single ranking function).",
    isbn="978-3-319-21690-4"
}

@InProceedings{Berdine2006,
    doi="10.1007/11817963_35",
    author="Berdine, Josh and Cook, Byron and Distefano, Dino and O'Hearn, Peter W.",
    editor="Ball, Thomas and Jones, Robert B.",
    title="Automatic Termination Proofs for Programs with Shape-Shifting Heaps",
    booktitle="Computer Aided Verification",
    year="2006",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="386--400",
    abstract="We describe a new program termination analysis designed to handle imperative programs whose termination depends on the mutation of the program's heap. We first describe how an abstract interpretation can be used to construct a finite number of relations which, if each is well-founded, implies termination. We then give an abstract interpretation based on separation logic formul{\ae}which tracks the depths of pieces of heaps. Finally, we combine these two techniques to produce an automatic termination prover. We show that the analysis is able to prove the termination of loops extracted from Windows device drivers that could not be proved terminating before by other means; we also discuss a previously unknown bug found with the analysis.",
    isbn="978-3-540-37411-4"
}

@article{Cook2007,
    author = {Cook, Byron and Gotsman, Alexey and Podelski, Andreas and Rybalchenko, Andrey and Vardi, Moshe Y.},
    title = {Proving That Programs Eventually Do Something Good},
    year = {2007},
    issue_date = {January 2007},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {42},
    number = {1},
    issn = {0362-1340},
    _url = {https://doi.org/10.1145/1190215.1190257},
    doi = {10.1145/1190215.1190257},
    journal = {SIGPLAN Not.},
    month = jan,
    pages = {265–276},
    numpages = {12},
    keywords = {termination, liveness, software model checking, formal verification}
}

@article{Cook2006,
    author = {Cook, Byron and Podelski, Andreas and Rybalchenko, Andrey},
    title = {Termination Proofs for Systems Code},
    year = {2006},
    issue_date = {June 2006},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {41},
    number = {6},
    issn = {0362-1340},
    _url = {https://doi.org/10.1145/1133255.1134029},
    doi = {10.1145/1133255.1134029},
    journal = {SIGPLAN Not.},
    month = jun,
    pages = {415–426},
    numpages = {12},
    keywords = {formal verification, model checking, program termination, program verification}
}

@InProceedings{Hensel2017,
    doi="10.1007/978-3-662-54580-5_21",
    author="Hensel, Jera and Emrich, Frank and Frohn, Florian and Str{\"o}der, Thomas and Giesl, J{\"u}rgen",
    editor="Legay, Axel and Margaria, Tiziana",
    title="AProVE: Proving and Disproving Termination of Memory-Manipulating C Programs",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2017",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="350--354",
    abstract="AProVE is a system for automatic termination and complexity analysis of C, Java, Haskell, Prolog, and several forms of rewrite systems. The new contributions in this version of AProVE are its capabilities to prove non-termination of C programs and to handle recursive C programs, even if these programs use pointer arithmetic combined with direct memory accesses. Moreover, in addition to mathematical integers, AProVE can now also handle fixed-width bitvector integers.",
    isbn="978-3-662-54580-5"
}

@inproceedings{BR2020,
    title="{Compiling C and C++ Programs for Dynamic White-Box Analysis}",
    author="Zuzana Baranová and Petr Ročkai",
    editor="Nelma Moreira, Emil Sekerinski",
    booktitle="Workshop on Practical Formal Verification for Software Dependability (AFFORD 2019)",
    publisher="Springer International Publishing",
    address="Cham",
    year=2020,
    url="https://divine.fi.muni.cz/2019/divcc/",
    TODO="doi"
}

@article{RBB16,
    author = {Ro\v{c}kai, P. and Barnat, J. and Brim, L.},
    title = {Model Checking C++ Programs with Exceptions},
    year = {2016},
    issue_date = {October 2016},
    publisher = {Elsevier North-Holland, Inc.},
    address = {USA},
    volume = {128},
    number = {C},
    issn = {0167-6423},
    _url = {https://doi.org/10.1016/j.scico.2016.05.007},
    doi = {10.1016/j.scico.2016.05.007},
    journal = {Sci. Comput. Program.},
    month = oct,
    pages = {68–85},
    numpages = {18},
    keywords = {Model checking, Exception handling, LLVM, C++}
}

@InProceedings{Prabhu2011,
    doi="10.1007/978-3-642-22655-7_27",
    author="Prabhu, Prakash and Maeda, Naoto and Balakrishnan, Gogul and Ivan{\v{c}}i{\'{c}}, Franjo and Gupta, Aarti",
    editor="Mezini, Mira",
    title="Interprocedural Exception Analysis for C++",
    booktitle="ECOOP 2011 -- Object-Oriented Programming",
    year="2011",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="583--608",
    abstract="C++ Exceptions provide a useful way for dealing with abnormal program behavior, but often lead to irregular interprocedural control flow that complicates compiler optimizations and static analysis. In this paper, we present an interprocedural exception analysis and transformation framework for C++ that captures the control-flow induced by exceptions and transforms it into an exception-free program that is amenable for precise static analysis. Control-flow induced by exceptions is captured in a modular interprocedural exception control-flow graph (IECFG). The IECFG is further refined using a novel interprocedural dataflow analysis algorithm based on a compact representation for a set of types called the Signed-TypeSet domain. The results of the interprocedural analysis are used by a lowering transformation to generate an exception-free C++ program. The lowering transformations do not affect the precision and accuracy of any subsequent program analysis. Our framework handles all the features of synchronous C++ exception handling and all exception sub-typing rules from the C++0x standard. We demonstrate two applications of our framework: (a) automatic inference of exception specifications for C++ functions for documentation, and (b) checking the ``no-throw'' and ``no-leak'' exception-safety properties.",
    isbn="978-3-642-22655-7"
}

@InProceedings{Li2011,
    doi="10.1007/978-3-642-22110-1_49",
    author="Li, Guodong and Ghosh, Indradeep and Rajan, Sreeranga P.",
    editor="Gopalakrishnan, Ganesh and Qadeer, Shaz",
    title="KLOVER: A Symbolic Execution and Automatic Test Generation Tool for C++ Programs",
    booktitle="Computer Aided Verification",
    year="2011",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="609--615",
    abstract="We present the first symbolic execution and automatic test generation tool for C++ programs. First we describe our effort in extending an existing symbolic execution tool for C programs to handle C++ programs. We then show how we made this tool generic, efficient and usable to handle real-life industrial applications. Novel features include extended symbolic virtual machine, library optimization for C and C++, object-level execution and reasoning, interfacing with specific type of efficient solvers, and semi-automatic unit and component testing. This tool is being used to assist the validation and testing of industrial software as well as publicly available programs written using the C++ language.",
    isbn="978-3-642-22110-1"
}

@InProceedings{Dangl2015,
    doi="10.1007/978-3-662-46681-0_34",
    author="Dangl, Matthias and L{\"o}we, Stefan and Wendler, Philipp",
    editor="Baier, Christel and Tinelli, Cesare",
    title="CPAchecker with Support for Recursive Programs and Floating-Point Arithmetic",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2015",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="423--425",
    abstract="We submit to SV-COMP'15 the software-verification framework CPAchecker. The submitted configuration is a combination of seven different analyses, based on explicit-value analysis, k-induction, predicate analysis, and concrete memory graphs. These analyses use concepts such as CEGAR, lazy abstraction, interpolation, adjustable-block encoding, bounded model checking, invariant generation, and block-abstraction memoization. Found counterexamples are cross-checked by a bit-precise analysis. The combination of several different analyses copes well with the diversity of the verification tasks in SV-COMP.",
    isbn="978-3-662-46681-0"
}

@InProceedings{Beyer2011,
    doi="10.1007/978-3-642-22110-1_16",
    author="Beyer, Dirk and Keremoglu, M. Erkan",
    editor="Gopalakrishnan, Ganesh and Qadeer, Shaz",
    title="CPAchecker: A Tool for Configurable Software Verification",
    booktitle="Computer Aided Verification",
    year="2011",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="184--190",
    abstract="Configurable software verification is a recent concept for expressing different program analysis and model checking approaches in one single formalism. This paper presents CPAchecker, a tool and framework that aims at easy integration of new verification components. Every abstract domain, together with the corresponding operations, implements the interface of configurable program analysis (CPA). The main algorithm is configurable to perform a reachability analysis on arbitrary combinations of existing CPAs. In software verification, it takes a considerable amount of effort to convert a verification idea into actual experimental results --- we aim at accelerating this process. We hope that researchers find it convenient and productive to implement new verification ideas and algorithms using this flexible and easy-to-extend platform, and that it advances the field by making it easier to perform practical experiments. The tool is implemented in Java and runs as command-line tool or as eclipse plug-in. CPAchecker implements CPAs for several abstract domains. We evaluate the efficiency of the current version of our tool on software-verification benchmarks from the literature, and compare it with other state-of-the-art model checkers. CPAchecker is an open-source toolkit and publicly available.",
    isbn="978-3-642-22110-1"
}

@InProceedings{Andrianov2017,
    doi="10.1007/978-3-662-54580-5_22",
    author="Andrianov, Pavel and Friedberger, Karlheinz and Mandrykin, Mikhail and Mutilin, Vadim and Volkov, Anton",
    editor="Legay, Axel and Margaria, Tiziana",
    title="CPA-BAM-BnB: Block-Abstraction Memoization and Region-Based Memory Models for Predicate Abstractions",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2017",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="355--359",
    abstract="Our submission to SV-COMP'17 is based on the software verification framework CPAchecker. Combined with value analysis and predicate analysis we use the concept of block-abstraction memoization with optimization and several fixes relative to the version of SV-COMP'16. A novelty of our approach is usage of BnB memory model for predicate analysis, which efficiently divides the accessed memory into memory regions and thus leads to smaller formulas.",
    isbn="978-3-662-54580-5"
}

@InProceedings{Andrianov2018,
    doi="10.1007/978-3-319-71734-0_2",
    author="Andrianov, Pavel and Mutilin, Vadim and Khoroshilov, Alexey",
    editor="Itsykson, Vladimir and Scedrov, Andre and Zakharov, Victor",
    title="Predicate Abstraction Based Configurable Method for Data Race Detection in Linux Kernel",
    booktitle="Tools and Methods of Program Analysis",
    year="2018",
    publisher="Springer International Publishing",
    address="Cham",
    pages="11--23",
    abstract="The paper presents a configurable method for static data race detection. The method is based on a lightweight approach that implements Lockset algorithm with a simplified memory model. The paper contributes two heavyweight extensions which allow to adjust required precision of the analysis by choosing the balance between spent resources and a number of false alarms. The extensions are (1) counterexample guided refinement based on predicate abstraction and (2) thread analysis. The approach was implemented in the CPALockator tool and was applied to Linux kernel modules. Real races found by the tool have been approved and fixed by Linux kernel developers.",
    isbn="978-3-319-71734-0"
}

@InProceedings{Chaudhary2019,
    doi="10.1007/978-3-030-17502-3_20",
    author="Chaudhary, Eti and Joshi, Saurabh",
    editor="Beyer, Dirk and Huisman, Marieke and Kordon, Fabrice and Steffen,
    Bernhard",
    title="Pinaka: Symbolic Execution Meets Incremental Solving",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="234--238",
    abstract="Many modern-day solvers offer functionality for incremental SAT solving, which preserves the state of the solver across invocations. This is beneficial when multiple, closely related SAT queries need to be fed to the solver. Pinaka is a symbolic execution engine which makes aggressive use of incremental SAT solving coupled with eager state infeasibility checks. It is built on top of the CProver/Symex framework. Pinaka supports both Breadth First Search and Depth First Search as state exploration strategies along with partial and full incremental modes. For SVCOMP 2019, Pinaka is configured to use partial incremental mode with Depth First Search strategy.",
    isbn="978-3-030-17502-3"
}

@article{King1976,
    author = {King, James C.},
    title = {Symbolic Execution and Program Testing},
    year = {1976},
    issue_date = {July 1976},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {19},
    number = {7},
    issn = {0001-0782},
    _url = {https://doi.org/10.1145/360248.360252},
    doi = {10.1145/360248.360252},
    journal = {Commun. ACM},
    month = jul,
    pages = {385–394},
    numpages = {10},
    keywords = {program proving, program debugging, program verification, program testing, symbolic interpretation, symbolic execution}
}

@InProceedings{Brockschmidt2016,
    doi="10.1007/978-3-662-49674-9_22",
    author="Brockschmidt, Marc and Cook, Byron and Ishtiaq, Samin and Khlaaf, Heidy and Piterman, Nir",
    editor="Chechik, Marsha and Raskin, Jean-Fran{\c{c}}ois",
    title="T2: Temporal Property Verification",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2016",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="387--393",
    abstract="We present the open-source tool T2, the first public release from the TERMINATOR project [9]. T2 has been extended over the past decade to support automatic temporal-logic proving techniques and to handle a general class of user-provided liveness and safety properties. Input can be provided in a native format and in C, via the support of the LLVM compiler framework. We briefly discuss T2's architecture, its underlying techniques, and conclude with an experimental illustration of its competitiveness and directions for future extensions.",
    isbn="978-3-662-49674-9"
}

@InProceedings{Kupriyanov2014,
    doi="10.1007/978-3-319-08867-9_54",
    author="Kupriyanov, Andrey and Finkbeiner, Bernd",
    editor="Biere, Armin and Bloem, Roderick",
    title="Causal Termination of Multi-threaded Programs",
    booktitle="Computer Aided Verification",
    year="2014",
    publisher="Springer International Publishing",
    address="Cham",
    pages="814--830",
    abstract="We present a new model checking procedure for the termination analysis of multi-threaded programs. Current termination provers scale badly in the number of threads; our new approach easily handles 100 threads on multi-threaded benchmarks like Producer-Consumer. In our procedure, we characterize the existence of non-terminating executions as Mazurkiewicz-style concurrent traces and apply causality-based transformation rules to refine them until a contradiction can be shown. The termination proof is organized into a tableau, where the case splits represent a novel type of modular reasoning according to different causal explanations of a hypothetical error. We report on experimental results obtained with a tool implementation of the new procedure, called Arctor, on previously intractable multi-threaded benchmarks.",
    isbn="978-3-319-08867-9"
}

@inproceedings{Cook2007thr,
    doi="10.1145/1250734.1250771",
    author = {Cook, Byron and Podelski, Andreas and Rybalchenko, Andrey},
    title = {Proving Thread Termination},
    year = {2007},
    isbn = {9781595936332},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    _url = {https://doi.org/10.1145/1250734.1250771},
    doi = {10.1145/1250734.1250771},
    booktitle = {Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation},
    pages = {320–330},
    numpages = {11},
    keywords = {program verification, formal verification, concurrency, termination, model checking, threads},
    location = {San Diego, California, USA},
    series = {PLDI ’07}
}

@InProceedings{Haran2015,
    doi="10.1007/978-3-662-46681-0_42",
    author="Haran, Arvind and Carter, Montgomery and Emmi, Michael and Lal, Akash and Qadeer, Shaz and Rakamari{\'{c}}, Zvonimir",
    editor="Baier, Christel and Tinelli, Cesare",
    title="SMACK+Corral: A Modular Verifier",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2015",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="451--454",
    abstract="SMACK and Corral are two components of a modular toolchain for verifying C programs. Together they exploit state-of-the-art compiler technologies and theorem provers to simplify and dispatch verification conditions.",
    isbn="978-3-662-46681-0"
}

@InProceedings{Beyer2020svc,
    doi="10.1007/978-3-030-45237-7_21",
    author="Beyer, Dirk",
    editor="Biere, Armin and Parker, David",
    title="Advances in Automatic Software Verification: SV-COMP 2020",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="347--367",
    isbn="978-3-030-45237-7"
}

@InProceedings{PonceDeLeon2020,
    doi="10.1007/978-3-030-45237-7_24",
    author="Ponce-de-Le{\'o}n, Hern{\'a}n and Furbach, Florian and Heljanko, Keijo and Meyer, Roland",
    editor="Biere, Armin and Parker, David",
    title="Dartagnan: Bounded Model Checking for Weak Memory Models (Competition Contribution)",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="378--382",
    abstract="Dartagnanis a bounded model checker for concurrent programs under weak memory models. What makes it different from other tools is that the memory model is not hard-coded inside Dartagnanbut taken as part of the input. For SV-COMP'20, we take as input sequential consistency (i.e. the standard interleaving memory model) extended by support for atomic blocks. Our point is to demonstrate that a universal tool can be competitive and perform well in SV-COMP. Being a bounded model checker, Dartagnan's focus is on disproving safety properties by finding counterexample executions. For programs with bounded loops, Dartagnanperforms an iterative unwinding that results in a complete analysis. The SV-COMP'20 version of Dartagnanworks on Boogiecode. The C programs of the competition are translated internally to Boogieusing SMACK.",
    isbn="978-3-030-45237-7",
}

@InProceedings{Gavrilenko2019,
    doi="10.1007/978-3-030-25540-4_19",
    author="Gavrilenko, Natalia and Ponce-de-Le{\'o}n, Hern{\'a}n and Furbach, Florian and Heljanko, Keijo and Meyer, Roland",
    editor="Dillig, Isil and Tasiran, Serdar",
    title="BMC for Weak Memory Models: Relation Analysis for Compact SMT Encodings",
    booktitle="Computer Aided Verification",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="355--365",
    abstract="We present Dartagnan, a bounded model checker (BMC) for concurrent programs under weak memory models. Its distinguishing feature is that the memory model is not implemented inside the tool but taken as part of the input. Dartagnan reads CAT, the standard language for memory models, which allows to define x86/TSO, ARMv7, ARMv8, Power, C/C++, and Linux kernel concurrency primitives. BMC with memory models as inputs is challenging. One has to encode into SMT not only the program but also its semantics as defined by the memory model. What makes Dartagnan scale is its relation analysis, a novel static analysis that significantly reduces the size of the encoding. Dartagnan matches or even exceeds the performance of the model-specific verification tools Nidhugg and CBMC, as well as the performance of Herd, a CAT-compatible litmus testing tool. Compared to the unoptimized encoding, the speed-up is often more than two orders of magnitude.",
    isbn="978-3-030-25540-4"
}

@InProceedings{Kahsai2019,
    doi="10.1007/978-3-030-17502-3_16",
    author="Kahsai, Temesghen and R{\"u}mmer, Philipp and Sch{\"a}f, Martin",
    editor="Beyer, Dirk and Huisman, Marieke and Kordon, Fabrice and Steffen, Bernhard",
    title="JayHorn: A Java Model Checker",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="214--218",
    abstract="JayHorn is a model checker for verifying sequential Java programs annotated with assertions expressing safety conditions. JayHorn uses the Soot library to read Java bytecode and translate it to the Jimple three-address format, then converts the Jimple code in several stages to a set of constrained Horn clauses, and solves the Horn clauses using solvers like SPACER and Eldarica. JayHorn uses a novel, invariant-based representation of heap data-structures, and is therefore particularly useful for analyzing programs with unbounded data-structures and unbounded run-time. JayHorn is open source and distributed under MIT license (https://github.com/jayhorn/jayhorn).",
    isbn="978-3-030-17502-3"
}

@inproceedings{Inverso2020,
    author = {Inverso, Omar and Trubiani, Catia},
    title = {Parallel and Distributed Bounded Model Checking of Multi-Threaded Programs},
    year = {2020},
    isbn = {9781450368186},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    _url = {https://doi.org/10.1145/3332466.3374529},
    doi = {10.1145/3332466.3374529},
    booktitle = {Proceedings of the 25th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming},
    pages = {202–216},
    numpages = {15},
    keywords = {multithreading, sequentialization, concurrency, SAT, bounded model checking, parallel analysis, software verification},
    location = {San Diego, California},
    series = {PPoPP ’20}
}

@InProceedings{Chalupa2020,
    doi="10.1007/978-3-030-45237-7_31",
    author="Chalupa, Marek and Ja{\v{s}}ek, Tom{\'a}{\v{s}} and Tomovi{\v{c}}, Luk{\'a}{\v{s}} and Hru{\v{s}}ka, Martin and {\v{S}}okov{\'a}, Veronika and Ayaziov{\'a}, Paul{\'i}na and Strej{\v{c}}ek, Jan and Vojnar, Tom{\'a}{\v{s}}",
    editor="Biere, Armin and Parker, David",
    title="Symbiotic 7: Integration of Predator and More",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="413--417",
    abstract="Symbiotic  7 brings improvements in all parts of the tool. In particular, we integrated the advanced shape analysis implemented in Predator to our instrumentation process for memory safety checking. Further, we extended our slicer to correctly handle non-terminating programs. This new slicing is applied in termination analysis, where we also added instrumentation for detection of simple cycles in the program state space. The witness generation process changed as well.",
    isbn="978-3-030-45237-7"
}

@InProceedings{Mues2020,
    doi="10.1007/978-3-030-45237-7_28",
    author="Mues, Malte and Howar, Falk",
    editor="Biere, Armin and Parker, David",
    title="JDart: Dynamic Symbolic Execution for Java Bytecode (Competition Contribution)",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="398--402",
    abstract="JDart performs dynamic symbolic execution of Java programs: it executes programs with concrete inputs while recording symbolic constraints on executed program paths. A constraint solver is then used for generating new concrete values from recorded constraints that drive execution along previously unexplored paths. JDart is built on top of the Java PathFinder software model checker and uses the JConstraints library for the integration of constraint solvers.",
    isbn="978-3-030-45237-7"
}

@InProceedings{Luckow2016,
    doi="10.1007/978-3-662-49674-9_26",
    author="Luckow, Kasper and Dimja{\v{s}}evi{\'{c}}, Marko and Giannakopoulou, Dimitra and Howar, Falk and Isberner, Malte and Kahsai, Temesghen and Rakamari{\'{c}}, Zvonimir and Raman, Vishwanath",
    editor="Chechik, Marsha
    and Raskin, Jean-Fran{\c{c}}ois",
    title="JDart: A Dynamic Symbolic Analysis Framework",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2016",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="442--459",
    abstract="We describe JDart, a dynamic symbolic analysis framework for Java. A distinguishing feature of JDart is its modular architecture: the main component that performs dynamic exploration communicates with a component that efficiently constructs constraints and that interfaces with constraint solvers. These components can easily be extended or modified to support multiple constraint solvers or different exploration strategies. Moreover, JDart has been engineered for robustness, driven by the need to handle complex NASA software. These characteristics, together with its recent open sourcing, make JDart an ideal platform for research and experimentation. In the current release, JDart supports the CORAL, SMTInterpol, and Z3 solvers, and is able to handle NASA software with constraints containing bit operations, floating point arithmetic, and complex arithmetic operations (e.g., trigonometric and nonlinear). We illustrate how JDart has been used to support other analysis techniques, such as automated interface generation and testing of libraries. Finally, we demonstrate the versatility and effectiveness of JDart, and compare it with state-of-the-art dynamic or pure symbolic execution engines through an extensive experimental evaluation.",
    isbn="978-3-662-49674-9"
}

@InProceedings{Sharma2020,
    doi="10.1007/978-3-030-45237-7_27",
    author="Sharma, Vaibhav and Hussein, Soha and Whalen, Michael W.  and McCamant,Stephen and Visser, Willem",
    editor="Biere, Armin and Parker, David",
    title="Java Ranger at SV-COMP 2020 (Competition Contribution)",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="393--397",
    abstract="Path-merging is a known technique for accelerating symbolic execution. One technique, named ``veritesting'' by Avgerinos et al. uses summaries of bounded control-flow regions and has been shown to accelerate symbolic execution of binary code. But, when applied to symbolic execution of Java code, veritesting needs to be extended to summarize dynamically dispatched methods and exceptional control-flow. Such an extension of veritesting has been implemented in Java Ranger by implementing as an extension of Symbolic PathFinder, a symbolic executor for Java bytecode. In this paper, we briefly describe the architecture of Java Ranger and describe its setup for SV-COMP 2020.",
    isbn="978-3-030-45237-7"
}

@InProceedings{Peringer2020,
    doi="10.1007/978-3-030-45237-7_30",
    author="Peringer, Petr and {\v{S}}okov{\'a}, Veronika and Vojnar, Tom{\'a}{\v{s}}",
    editor="Biere, Armin and Parker, David",
    title="PredatorHP Revamped (Not Only) for Interval-Sized Memory Regions and Memory Reallocation (Competition Contribution)",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="408--412",
    abstract="This paper concentrates on improvements of the PredatorHP shape analyzer in the past two years, including, e.g., improved handling of interval-sized memory regions or new support of memory reallocation. The paper characterizes PredatorHP's participation in SV-COMP 2020, pointing out its strengths and weakness and the way they were influenced by the latest changes in the tool.",
    isbn="978-3-030-45237-7"
}

@InProceedings{Dudka2013,
    doi="10.1007/978-3-642-38856-9_13",
    author="Dudka, Kamil and Peringer, Petr and Vojnar, Tom{\'a}{\v{s}}",
    editor="Logozzo, Francesco and F{\"a}hndrich, Manuel",
    title="Byte-Precise Verification of Low-Level List Manipulation",
    booktitle="Static Analysis",
    year="2013",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="215--237",
    abstract="We propose a new approach to shape analysis of programs with linked lists that use low-level memory operations. Such operations include pointer arithmetic, safe usage of invalid pointers, block operations with memory, reinterpretation of the memory contents, address alignment, etc. Our approach is based on a new representation of sets of heaps, which is to some degree inspired by works on separation logic with higher-order list predicates, but it is graph-based and uses a more fine-grained (byte-precise) memory model in order to support the various low-level memory operations. The approach was implemented in the Predator tool and successfully validated on multiple non-trivial case studies that are beyond the capabilities of other current fully automated shape analysis tools.",
    isbn="978-3-642-38856-9"
}

@inproceedings{Afzal2019,
    title={VeriAbs: Verification by Abstraction and Test Generation},
    author={Afzal, Mohammad and Asia, A and Chauhan, Avriti and Chimdyalwar, Bharti and Darke, Priyanka and Datar, Advaita and Kumar, Shrawan and Venkatesh, R},
    booktitle={2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)},
    pages={1138--1141},
    year={2019},
    doi="10.1109/ASE.2019.00121",
    organization={IEEE}
}

@InProceedings{Basak2019,
    doi="10.1007/978-3-030-17502-3_22",
    author="Basak Chowdhury, Animesh
    and Medicherla, Raveendra Kumar
    and R, Venkatesh",
    editor="Beyer, Dirk
    and Huisman, Marieke
    and Kordon, Fabrice
    and Steffen, Bernhard",
    title="VeriFuzz: Program Aware Fuzzing",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="244--249",
    abstract="VeriFuzz is a program aware fuzz testing tool, which combines the power of feedback-driven evolutionary fuzz testing with static analysis. VeriFuzz deploys lightweight static analysis to extract meaningful information about program behavior that can aid fuzzing based test-input generation to achieve coverage goals quickly. We use constraint-solver to generate an initial population of test-inputs. VeriFuzz could generate the maximum number of counterexamples for reachsafety category benchmarks in SV-COMP 2019 and in Test-Comp 2019 [16]. (All the terms in typewriter font are competition specific. See [15].)",
    isbn="978-3-030-17502-3"
}

@InProceedings{Richter2019,
    doi="10.1007/978-3-030-17502-3_19",
    author="Richter, Cedric and Wehrheim, Heike",
    editor="Beyer, Dirk and Huisman, Marieke and Kordon, Fabrice and Steffen, Bernhard",
    title="PeSCo: Predicting Sequential Combinations of Verifiers",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2019",
    publisher="Springer International Publishing",
    address="Cham",
    pages="229--233",
    abstract="PeSCo is a tool for predicting a (likely best) sequential combination of verifiers on a given verification task and then running it. The approach is based on machine learning, more precisely on learning rankings of verifiers on verification tasks (where the ordering of verifiers is based on the SV-COMP scoring schema). The learning part employs Support Vector Machines; as base verifiers we use CPAchecker in 6 different configurations.",
    isbn="978-3-030-17502-3"
}

@inproceedings{Czech2017,
    author = {Czech, Mike and H\"{u}llermeier, Eyke and Jakobs, Marie-Christine and Wehrheim, Heike},
    title = {Predicting Rankings of Software Verification Tools},
    year = {2017},
    isbn = {9781450351577},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    _url = {https://doi.org/10.1145/3121257.3121262},
    doi = {10.1145/3121257.3121262},
    booktitle = {Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Analytics},
    pages = {23–26},
    numpages = {4},
    keywords = {Software verification, ranking, machine learning},
    location = {Paderborn, Germany},
    series = {SWAN 2017}
}

@InProceedings{Malik2020,
    doi="10.1007/978-3-030-45237-7_22",
    author="Mal{\'i}k, Viktor and Schrammel, Peter and Vojnar, Tom{\'a}{\v{s}}",
    editor="Biere, Armin
    and Parker, David",
    title="2LS: Heap Analysis and Memory Safety",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="368--372",
    abstract="2LS is a framework for analysis of sequential C programs based on the CPROVER infrastructure and template-based synthesis techniques for checking both safety and termination. The paper presents the main improvements done in 2LS since 2018, which concern mainly the way 2LS handles dynamically allocated objects and structures as well as combinations of abstract domains.",
    isbn="978-3-030-45237-7"
}

@InProceedings{Visser2020,
    doi="10.1007/978-3-030-45237-7_23",
    author="Visser, Willem and Geldenhuys, Jaco",
    editor="Biere, Armin and Parker, David",
    title="COASTAL: Combining Concolic and Fuzzing for Java (Competition Contribution)",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="373--377",
    abstract="COASTAL is a program analysis tool for Java programs. It combines concolic execution and fuzz testing in a framework with built-in concurrency, allowing the two approaches to cooperate naturally.",
    isbn="978-3-030-45237-7"
}

@InProceedings{Rocha2020,
    doi="10.1007/978-3-030-45237-7_29",
    author="Rocha, Herbert and Menezes, Rafael and Cordeiro, Lucas C.  and Barreto, Raimundo",
    editor="Biere, Armin and Parker, David",
    title="Map2Check: Using Symbolic Execution and Fuzzing",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="403--407",
    abstract="Map2Check is a software verification tool that combines fuzzing, symbolic execution, and inductive invariants. It automatically checks safety properties in C programs by adopting source code instrumentation to monitor data (e.g., memory pointers) from the program's executions using LLVM compiler infrastructure. For SV-COMP 2020, we extended Map2Check to exploit an iterative deepening approach using LibFuzzer and Klee to check for safety properties. We also use Crab-LLVM to infer program invariants based on reachability analysis. Experimental results show that Map2Check can handle a wide variety of safety properties in several intricate verification tasks from SV-COMP 2020.",
    isbn="978-3-030-45237-7"
}

@InProceedings{Rocha2015,
    doi="10.1007/978-3-319-22969-0_18",
    author="Rocha, Herbert and Barreto, Raimundo and Cordeiro, Lucas",
    editor="Calinescu, Radu and Rumpe, Bernhard",
    title="Memory Management Test-Case Generation of C Programs Using Bounded Model Checking",
    booktitle="Software Engineering and Formal Methods",
    year="2015",
    publisher="Springer International Publishing",
    address="Cham",
    pages="251--267",
    abstract="We describe a novel method to automatically generate and verify memory management test cases for unit tests, which are based on assertions extracted from safety properties typically generated by bounded model checking (BMC) tools. In particular, the proposed method checks for properties related to pointer safety, memory leaks, and invalid deallocation. To investigate our method's effectiveness, we developed a tool called Map2Check that adopts the ESBMC model checker and the CUnit testing framework. Additionally, Map2Check provides an integration of BMC tools with unit testing frameworks, which helps developers not very familiar with formal methods to verify large C programs. We use Map2Check to perform an empirical evaluation over publicly available benchmarks and compare the results to recognized tools, e.g., Valgrind's Memcheck, CBMC, LLBMC, CPAChecker, Predator, and ESBMC. Experimental results show that our proposed method detects at least as many memory management defects as existing tools; and it does not report any false positive and negative. We compared Map2Check with tools on the Competition on Software Verification 2014 (SVCOMP), in the MemorySafety category. Map2Check would have the same score than the 1st place and it would win the 2st place when ranking the evaluated tools on memory consumption.",
    isbn="978-3-319-22969-0"
}

@InProceedings{Dietsch2020,
    doi="10.1007/978-3-030-45237-7_32",
    author="Dietsch, Daniel and Heizmann, Matthias and Nutz, Alexander and Sch{\"a}tzle, Claus and Sch{\"u}ssele, Frank",
    editor="Biere, Armin and Parker, David",
    title="Ultimate Taipan with Symbolic Interpretation and Fluid Abstractions",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="418--422",
    abstract="Ultimate Taipan is a software model checker that combines trace abstraction with abstract interpretation on path programs. In this year's version, we replaced our abstract interpretation engine and now use a combination of multiple abstraction functions, fixpoint computation, algebraic program analysis, and SMT solving. Our new approach will allow us to integrate new techniques more easily.",
    isbn="978-3-030-45237-7"
}

@inproceedings{Ivancic2005,
    doi="10.1007/11513988_31",
    author="Ivan{\v{c}}i{\'{c}}, F.  and Yang, Z.  and Ganai, M. K.  and Gupta, A.  and Shlyakhter, I.  and Ashar, P.",
    editor="Etessami, Kousha and Rajamani, Sriram K.",
    title="F-Soft: Software Verification Platform",
    booktitle="Computer Aided Verification",
    year="2005",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="301--306",
    abstract="In this paper, we describe our verification tool F-Soft, which is developed for the analysis of C programs. Its novelty lies in the combination of several recent advances in formal verification research including SAT-based verification, static analyses and predicate abstraction. As shown in the tool overview in Figure 1, we translate a program into a Boolean model to be analyzed by our verification engine DiVer [4], which includes BDD-based and SAT-based model checking techniques. We include various static analyses, such as computing the control flow graph of the program, program slicing with respect to the property, and performing range analysis as described in Section 2.2. We model the software using a Boolean representation, and use customized heuristics for the SAT-based analysis as described in Section [2.1]. We can also perform a localized predicate abstraction with register sharing as described in Section [2.3], if the user so chooses. The actual analysis of the resulting Boolean model is performed using DiVer. If a counter-example is discovered, we use a testbench generator that automatically generates an executable program for the user to examine the bug in his/her favorite debugger. The F-Soft tool has been applied on numerous case studies and publicly available benchmarks for sequential C programs. We are currently working on extending it to handle concurrent programs.",
    isbn="978-3-540-31686-2"
}

@InProceedings{Gupta2011,
    doi="10.1007/978-3-642-22110-1_32",
    author="Gupta, Ashutosh and Popeea, Corneliu and Rybalchenko, Andrey",
    editor="Gopalakrishnan, Ganesh and Qadeer, Shaz",
    title="Threader: A Constraint-Based Verifier for Multi-threaded Programs",
    booktitle="Computer Aided Verification",
    year="2011",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="412--417",
    abstract="We present a tool that implements Owicki-Gries and rely-guarantee methods for the compositional verification of multi-threaded programs. Our tool computes the requisite auxiliary assertions automatically using an abstraction and refinement procedure. Our procedure is based on a Horn clause encoding of refinement queries and facilitates the discovery of thread-modular proofs when such proofs exist. We present the tool and its evaluation on a collection of benchmarks, including a direct comparison of the effectiveness of the proof rules.",
    isbn="978-3-642-22110-1"
}

@article{Jones1983,
    author = {Jones, C. B.},
    title = {Tentative Steps toward a Development Method for Interfering Programs},
    year = {1983},
    issue_date = {October 1983},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {5},
    number = {4},
    issn = {0164-0925},
    _url = {https://doi.org/10.1145/69575.69577},
    doi = {10.1145/69575.69577},
    journal = {ACM Trans. Program. Lang. Syst.},
    month = oct,
    pages = {596–619},
    numpages = {24}
}

@article{Owicki1976,
    title={An axiomatic proof technique for parallel programs I},
    author={Owicki, Susan and Gries, David},
    journal={Acta informatica},
    volume={6},
    number={4},
    pages={319--340},
    year={1976},
    publisher={Springer},
    doi={10.1007/BF00268134}
}

@inproceedings{Carter2016,
    author = {Carter, Montgomery and He, Shaobo and Whitaker, Jonathan and Rakamari\'{c}, Zvonimir and Emmi, Michael},
    title = {SMACK Software Verification Toolchain},
    year = {2016},
    isbn = {9781450342056},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    _url = {https://doi.org/10.1145/2889160.2889163},
    doi = {10.1145/2889160.2889163},
    booktitle = {Proceedings of the 38th International Conference on Software Engineering Companion},
    pages = {589–592},
    numpages = {4},
    location = {Austin, Texas},
    series = {ICSE ’16}
}

@InProceedings{Baranowski2018,
    doi="10.1007/978-3-030-01090-4_32",
    author="Baranowski, Marek and He, Shaobo and Rakamari{\'{c}}, Zvonimir",
    editor="Lahiri, Shuvendu K.  and Wang, Chao",
    title="Verifying Rust Programs with SMACK",
    booktitle="Automated Technology for Verification and Analysis",
    year="2018",
    publisher="Springer International Publishing",
    address="Cham",
    pages="528--535",
    abstract="Rust is an emerging systems programming language with guaranteed memory safety and modern language features that has been extensively adopted to build safety-critical software. However, there is currently a lack of automated software verifiers for Rust. In this work, we present our experience extending the SMACK verifier to enable its usage on Rust programs. We evaluate SMACK on a set of Rust programs to demonstrate a wide spectrum of language features it supports.",
    isbn="978-3-030-01090-4"
}

@InProceedings{Garzella2020,
    doi="10.1007/978-3-030-39322-9_5",
    author="Garzella, Jack J.  and Baranowski, Marek and He, Shaobo and Rakamari{\'{c}}, Zvonimir",
    editor="Beyer, Dirk and Zufferey, Damien",
    title="Leveraging Compiler Intermediate Representation for Multi- and Cross-Language Verification",
    booktitle="Verification, Model Checking, and Abstract Interpretation",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="90--111",
    abstract="Developers nowadays regularly use numerous programming languages with different characteristics and trade-offs. Unfortunately, implementing a software verifier for a new language from scratch is a large and tedious undertaking, requiring expert knowledge in multiple domains, such as compilers, verification, and constraint solving. Hence, only a tiny fraction of the used languages has readily available software verifiers to aid in the development of correct programs. In the past decade, there has been a trend of leveraging popular compiler intermediate representations (IRs), such as LLVM IR, when implementing software verifiers. Processing IR promises out-of-the-box multi- and cross-language verification since, at least in theory, a verifier ought to be able to handle a program in any programming language (and their combination) that can be compiled into the IR. In practice though, to the best of our knowledge, nobody has explored the feasibility and ease of such integration of new languages. In this paper, we provide a procedure for adding support for a new language into an IR-based verification toolflow. Using our procedure, we extend the SMACK verifier with prototypical support for 6 additional languages. We assess the quality of our extensions through several case studies, and we describe our experience in detail to guide future efforts in this area.",
    isbn="978-3-030-39322-9"
}

@article{Gadelha2017,
    title={Handling loops in bounded model checking of C programs via k-induction},
    author={Gadelha, Mikhail YR and Ismail, Hussama I and Cordeiro, Lucas C},
    journal={International Journal on Software Tools for Technology Transfer},
    volume={19},
    number={1},
    pages={97--114},
    year={2017},
    publisher={Springer},
    doi="10.1007/s10009-015-0407-9",
}

@InProceedings{Donaldson2011,
    doi="10.1007/978-3-642-23702-7_26",
    author="Donaldson, Alastair F.  and Haller, Leopold and Kroening, Daniel and R{\"u}mmer, Philipp",
    editor="Yahav, Eran",
    title="Software Verification Using k-Induction",
    booktitle="Static Analysis",
    year="2011",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="351--368",
    abstract="We present combined-case k-induction, a novel technique for verifying software programs. This technique draws on the strengths of the classical inductive-invariant method and a recent application of k-induction to program verification. In previous work, correctness of programs was established by separately proving a base case and inductive step. We present a new k-induction rule that takes an unstructured, reducible control flow graph (CFG), a natural loop occurring in the CFG, and a positive integer k, and constructs a single CFG in which the given loop is eliminated via an unwinding proportional to k. Recursively applying the proof rule eventually yields a loop-free CFG, which can be checked using SAT-/SMT-based techniques. We state soundness of the rule, and investigate its theoretical properties. We then present two implementations of our technique: K-Inductor, a verifier for C programs built on top of the CBMC model checker, and K-Boogie, an extension of the Boogie tool. Our experiments, using a large set of benchmarks, demonstrate that our k-induction technique frequently allows program verification to succeed using significantly weaker loop invariants than are required with the standard inductive invariant approach.",
    isbn="978-3-642-23702-7"
}

@online{P0668R4,
    author="Hans-J. Boehm and Olivier Giroux and Viktor Vafeiades and with input from from Will Deacon and Doug Lea and Daniel Lustig and Paul McKenney and others",
    title="P0668R4: Revising the C++ memory model",
    urldate={2020-04-29},
    year="2018",
    url="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p0668r4.html",
}

@online{cpp20,
    title="C++ Draft International Standard -- N4860",
    author={{ISO C++ Standards Committee}},
    date="2020-03-31",
    year="2020",
    urldate="2020-05-02",
    publisher="ISO",
    url="https://isocpp.org/files/papers/N4860.pdf",
    institution={ISO IEC JTC1/SC22/WG21},
    shorthand={ISO20}
}

@inproceedings{Abdulla2015,
    author="Abdulla, Parosh Aziz and Aronis, Stavros and Atig, Mohamed Faouzi and Jonsson, Bengt and Leonardsson, Carl and Sagonas, Konstantinos",
    _editor="Baier, Christel and Tinelli, Cesare",
    title="{Stateless Model Checking for TSO and PSO}",
    bookTitle="TACAS",
    year="2015",
    publisher="Springer",
    address="Berlin, Heidelberg",
    pages="353--367",
    _isbn="978-3-662-46681-0",
    doi="10.1007/978-3-662-46681-0_28",
    _url="https://doi.org/10.1007/978-3-662-46681-0_28"
}

@Inbook{SV-COMP:2017,
    author="Beyer, Dirk",
    editor="Legay, Axel and Margaria, Tiziana",
    title="Software Verification with Validation of Results",
    bookTitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2017",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="331--349",
    _isbn="978-3-662-54580-5",
    doi="10.1007/978-3-662-54580-5_20",
    _url="https://doi.org/10.1007/978-3-662-54580-5_20"
}

@online{DIVINEWeb,
    title="DIVINE~4",
    author="Peter Ročkai",
    url="https://divine.fi.muni.cz/",
    year="2020",
    urldate="2020-05-23",
}

@InProceedings{Hammer2007,
    doi="10.1007/978-3-540-70952-7_4",
    author="Hammer, Moritz and Weber, Michael",
    editor="Brim, Lubo{\v{s}} and Haverkort, Boudewijn and Leucker, Martin and van de Pol, Jaco",
    title="''To Store or Not To Store'' Reloaded: Reclaiming Memory on Demand",
    booktitle="Formal Methods: Applications and Technology",
    year="2007",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="51--66",
    abstract="Behrmann et al. posed the question whether ''To Store or Not To Store'' [1] states during reachability analysis, in order to counter the effects of the well-known state space explosion problem in explicitstate model checking. Their answer was to store not all but only some strategical states. They pay in run-time if the answer too often is ''Not To Store''. We propose a different strategy to adaptively trade time for space: ''To Store'' as many states as memory limits permit. If free memory becomes scarce, we gradually swap states out to secondary storage. We are careful to minimize revisits, and I/O overhead, and also stay sound, i.e. on termination it is guaranteed that the full state space has been explored. It is also available for counterexample reconstruction. In our experiments we tackled state spaces of industrial-scale models with more than 109 explicit states with still modest storage requirements.",
    isbn="978-3-540-70952-7"
}

@InProceedings{Clarke1998,
    doi="10.1007/BFb0028741",
    author="Clarke, E. M.  and Emerson, E. A.  and Jha, S.  and Sistla, A. P.",
    editor="Hu, Alan J.  and Vardi, Moshe Y.",
    title="Symmetry reductions in model checking",
    booktitle="Computer Aided Verification",
    year="1998",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="147--158",
    abstract="The use of symmetry to alleviate state-explosion problems during model-checking has become a important research topic. This paper investigates several problems which are important to techniques exploiting symmetry. The most important of these problems is the orbit problem. We prove that the orbit problem is equivalent to an important problem in computational group theory which is at least as hard as the graph isomorphism but not known to be NP-complete. This paper also shows classes of commonly occurring groups for which the orbit problem is easy. Some methods of deriving symmetry for a shared variable model of concurrent programs are also investigated. Experimental results providing evidence of reduction in state space by using symmetry are also provided.",
    isbn="978-3-540-69339-0"
}

@InProceedings{Tasharofi2012,
    doi="10.1007/978-3-642-30793-5_14",
    author="Tasharofi, Samira and Karmani, Rajesh K.  and Lauterburg, Steven and Legay, Axel and Marinov, Darko and Agha, Gul",
    editor="Giese, Holger and Rosu, Grigore",
    title="TransDPOR: A Novel Dynamic Partial-Order Reduction Technique for Testing Actor Programs",
    booktitle="Formal Techniques for Distributed Systems",
    year="2012",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="219--234",
    abstract="To detect hard-to-find concurrency bugs, testing tools try to systematically explore all possible interleavings of the transitions in a concurrent program. Unfortunately, because of the nondeterminism in concurrent programs, exhaustively exploring all interleavings is time-consuming and often computationally intractable. Speeding up such tools requires pruning the state space explored. Partial-order reduction (POR) techniques can substantially prune the number of explored interleavings. These techniques require defining a dependencyrelation on transitions in the program, and exploit independency among certain transitions to prune the state space.",
    isbn="978-3-642-30793-5"
}

@InProceedings{Sen2007,
    doi="10.1007/978-3-540-70889-6_13",
    author="Sen, Koushik and Agha, Gul",
    editor="Bin, Eyal and Ziv, Avi and Ur, Shmuel",
    title="A Race-Detection and Flipping Algorithm for Automated Testing of Multi-threaded Programs",
    booktitle="Hardware and Software, Verification and Testing",
    year="2007",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="166--182",
    abstract="Testing concurrent programs that accept data inputs is notoriously hard because, besides the large number of possible data inputs, nondeterminism results in an exponentially large number of interleavings of concurrent events. In order to efficiently test shared-memory multi-threaded programs, we develop an algorithm based on race-detection and flipping and illustrate how it can be combined with concolic execution (a simultaneous symbolic and concrete execution method) to test multi-threaded programs with data inputs. The goal of our algorithm is to minimize redundant executions while ensuring that all reachable statements in a program are executed. To achieve this, our algorithm explores all distinct causal structures of a multi-threaded program (i.e., the partial order among events generated during an execution). Because our algorithm is based on race-detection, it enables us to report potential data races and deadlocks. We have implemented our algorithm in a tool called jCUTE. We describe the results of applying jCUTE to real-world multi-threaded Java applications and libraries. In particular, we discovered several undocumented potential concurrency-related bugs in the widely used Java collection framework distributed with the Sun Microsystems' JDK 1.4.",
    isbn="978-3-540-70889-6"
}

@inproceedings{Saarikivi2012,
    title={Improving dynamic partial order reductions for concolic testing},
    author={Saarikivi, Olli and K{\"a}hk{\"o}nen, Kari and Heljanko, Keijo},
    booktitle={2012 12th International Conference on Application of Concurrency to System Design},
    pages={132--141},
    year={2012},
    organization={IEEE},
    doi={10.1109/ACSD.2012.18},
}

@inproceedings{Godefroid2005,
    author = {Godefroid, Patrice and Klarlund, Nils and Sen, Koushik},
    title = {DART: Directed Automated Random Testing},
    year = {2005},
    isbn = {1595930566},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    url = {https://doi.org/10.1145/1065010.1065036},
    doi = {10.1145/1065010.1065036},
    booktitle = {Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation},
    pages = {213–223},
    numpages = {11},
    keywords = {software testing, program verification, automated test generation, random testing, interfaces},
    location = {Chicago, IL, USA},
    series = {PLDI ’05}
}

@article{Kahkonen2013,
    title = "LCT: A Parallel Distributed Testing Tool for Multithreaded Java Programs",
    journal = "Electronic Notes in Theoretical Computer Science",
    volume = "296",
    pages = "253 - 259",
    year = "2013",
    note = "Proceedings the Sixth International Workshop on the Practical Application of Stochastic Modelling (PASM) and the Eleventh International Workshop on Parallel and Distributed Methods in Verification (PDMC).",
    issn = "1571-0661",
    doi = "https://doi.org/10.1016/j.entcs.2013.09.002",
    url = "http://www.sciencedirect.com/science/article/pii/S1571066113000480",
    author = "Kari Kähkönen and Olli Saarikivi and Keijo Heljanko",
    keywords = "Concolic testing, distributed testing, symbolic execution",
    abstract = "LIME Concolic Tester (LCT) is an open source automated testing tool that allows testing both sequential and multithreaded Java programs. The tool uses concolic testing to handle input values and dynamic partial order reduction (DPOR) combined with sleep sets to avoid exploring unnecessary interleavings of threads. The LCT tool has been designed for distributed use where the SMT constraint solving and test execution can be distributed to multiple processes on a network of workstations. In this paper we describe the architecture behind the tool and how it allows distributing concolic testing with DPOR and sleep set algorithms. This allows different execution paths of a given program to be tested in parallel. We evaluate the architecture and distributed algorithms of the tool on several Java benchmark programs."
}

@article{Godefroid2005verisoft,
  title={Software model checking: The VeriSoft approach},
  author={Godefroid, Patrice},
  journal={Formal Methods in System Design},
  volume={26},
  number={2},
  pages={77--101},
  year={2005},
  publisher={Springer},
  doi={10.1007/s10703-005-1489-x}
}

@article{Abdulla2018,
    author = {Abdulla, Parosh Aziz and Atig, Mohamed Faouzi and Jonsson, Bengt and Ngo, Tuan Phong},
    title = {Optimal Stateless Model Checking under the Release-Acquire Semantics},
    year = {2018},
    issue_date = {November 2018},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {2},
    number = {OOPSLA},
    url = {https://doi.org/10.1145/3276505},
    doi = {10.1145/3276505},
    journal = {Proc. ACM Program. Lang.},
    month = oct,
    articleno = {135},
    numpages = {29},
    keywords = {Release-Acquire, software model checking, weak memory models, C/C++11}
}

@article{Abdulla2019,
    author = {Abdulla, Parosh Aziz and Atig, Mohamed Faouzi and Jonsson, Bengt and L\r{a}ng, Magnus and Ngo, Tuan Phong and Sagonas, Konstantinos},
    title = {Optimal Stateless Model Checking for Reads-from Equivalence under Sequential Consistency},
    year = {2019},
    issue_date = {October 2019},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {3},
    number = {OOPSLA},
    url = {https://doi.org/10.1145/3360576},
    doi = {10.1145/3360576},
    journal = {Proc. ACM Program. Lang.},
    month = oct,
    articleno = {150},
    numpages = {29},
    keywords = {dynamic partial order reduction, concurrent programs, stateless model checking, sequential consistency, program verification}
}

@inproceedings{Musuvathi2008,
    title={Finding and Reproducing Heisenbugs in Concurrent Programs.},
    author={Musuvathi, Madanlal and Qadeer, Shaz and Ball, Thomas and Basler, Gerard and Nainar, Piramanayagam Arumuga and Neamtiu, Iulian},
    booktitle={OSDI},
    volume={8},
    pages={267--280},
    year={2008},
    url={https://www.usenix.org/legacy/event/osdi08/tech/full_papers/musuvathi/musuvathi.pdf}
}

@INPROCEEDINGS{Christakis2013,
    author={M. {Christakis} and A. {Gotovos} and K. {Sagonas}},
    booktitle={2013 IEEE Sixth International Conference on Software Testing, Verification and Validation}, 
    title={Systematic Testing for Detecting Concurrency Errors in Erlang Programs}, 
    year={2013},
    volume={},
    number={},
    pages={154-163},
    doi={10.1109/ICST.2013.50}
}

@InProceedings{Aronis2018,
    doi="10.1007/978-3-319-89963-3_14",
    author="Aronis, Stavros and Jonsson, Bengt and L{\aa}ng,     Magnus and Sagonas, Konstantinos",
    editor="Beyer, Dirk and Huisman, Marieke",
    title="Optimal Dynamic Partial Order Reduction with Observers",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2018",
    publisher="Springer International Publishing",
    address="Cham",
    pages="229--248",
    abstract="Dynamic partial order reduction (DPOR) algorithms are used in stateless model checking (SMC) to combat the combinatorial explosion in the number of schedulings that need to be explored to guarantee soundness. The most effective of them, the Optimal DPOR algorithm, is optimal in the sense that it explores only one scheduling per Mazurkiewicz trace. In this paper, we enhance DPOR with the notion of observability, which makes dependencies between operations conditional on the existence of future operations, called observers. Observers naturally lead to a lazy construction of dependencies. This requires significant changes in the core of POR algorithms (and Optimal DPOR in particular), but also makes the resulting algorithm, Optimal DPOR with Observers, super-optimal in the sense that it explores exponentially less schedulings than Mazurkiewicz traces in some cases. We argue that observers come naturally in many concurrency models, and demonstrate the performance benefits that Optimal DPOR with Observers achieves in both an SMC tool for shared memory concurrency and a tool for concurrency via message passing, using both synthetic and actual programs as benchmarks.",
    isbn="978-3-319-89963-3"
}

@article{Huang2016,
    author = {Huang, Shiyou and Huang, Jeff},
    title = {Maximal Causality Reduction for TSO and PSO},
    year = {2016},
    issue_date = {October 2016},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {51},
    number = {10},
    issn = {0362-1340},
    _url = {https://doi.org/10.1145/3022671.2984025},
    doi = {10.1145/3022671.2984025},
    journal = {SIGPLAN Not.},
    month = oct,
    pages = {447–461},
    numpages = {15},
    keywords = {Maximal Causality Reduction, Model Checking, PSO, TSO}
}

@InProceedings{Albert2017cspor,
    doi="10.1007/978-3-319-63387-9_26",
    author="Albert, Elvira and Arenas, Puri and de la Banda, Mar{\'i}a     Garc{\'i}a and G{\'o}mez-Zamalloa, Miguel and Stuckey, Peter J.",
    editor="Majumdar, Rupak and Kun{\v{c}}ak, Viktor",
    title="Context-Sensitive Dynamic Partial Order Reduction",
    booktitle="Computer Aided Verification",
    year="2017",
    publisher="Springer International Publishing",
    address="Cham",
    pages="526--543",
    abstract="Dynamic Partial Order Reduction (DPOR) is a powerful technique used in verification and testing to reduce the number of equivalent executions explored. Two executions are equivalent if they can be obtained from each other by swapping adjacent, non-conflicting (independent) execution steps. Existing DPOR algorithms rely on a notion of independence that is context-insensitive, i.e., the execution steps must be independent in all contexts. In practice, independence is often proved by just checking no execution step writes on a shared variable. We present context-sensitive DPOR, an extension of DPOR that uses context-sensitive independence, where two steps might be independent only in the particular context explored. We show theoretically and experimentally how context-sensitive DPOR can achieve exponential gains.",
    isbn="978-3-319-63387-9"
}

@inproceedings{Albert2019,
    author = {Albert, Elvira and de la Banda, Maria Garcia and G\'{o}mez-Zamalloa, Miguel and Isabel, Miguel and Stuckey, Peter J.},
    title = {Optimal Context-Sensitive Dynamic Partial Order Reduction with Observers},
    year = {2019},
    isbn = {9781450362245},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    url = {https://doi.org/10.1145/3293882.3330565},
    doi = {10.1145/3293882.3330565},
    booktitle = {Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis},
    pages = {352–362},
    numpages = {11},
    keywords = {Model-Checking, Testing, Software Verification, Partial-Order Reduction},
    location = {Beijing, China},
    series = {ISSTA 2019}
}

@article{Norris2016,
    author = {Norris, Brian and Demsky, Brian},
    title = {A Practical Approach for Model Checking C/C++11 Code},
    year = {2016},
    issue_date = {May 2016},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {38},
    number = {3},
    issn = {0164-0925},
    url = {https://doi.org/10.1145/2806886},
    doi = {10.1145/2806886},
    journal = {ACM Trans. Program. Lang. Syst.},
    month = may,
    articleno = {10},
    numpages = {51},
    keywords = {Relaxed memory model, model checking}
}

@article{Lal2009,
    title={Reducing concurrent analysis under a context bound to sequential analysis},
    author={Lal, Akash and Reps, Thomas},
    journal={Formal Methods in System Design},
    volume={35},
    number={1},
    pages={73--97},
    year={2009},
    publisher={Springer},
    doi={10.1007/s10703-009-0078-9}
}

@InProceedings{Cimatti2012,
    doi="10.1007/978-3-642-31424-7_23",
    author="Cimatti, Alessandro and Griggio, Alberto",
    editor="Madhusudan, P.  and Seshia, Sanjit A.",
    title="Software Model Checking via IC3",
    booktitle="Computer Aided Verification",
    year="2012",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="277--293",
    abstract="IC3 is a recently proposed verification technique for the analysis of sequential circuits. IC3 incrementally overapproximates the state space, refuting potential violations to the property at hand by constructing relative inductive blocking clauses. The algorithm relies on aggressive use of Boolean satisfiability (SAT) techniques, and has demonstrated impressive effectiveness.",
    isbn="978-3-642-31424-7"
}

@inproceedings{Een2011,
    author = {Een, Niklas and Mishchenko, Alan and Brayton, Robert},
    title = {Efficient Implementation of Property Directed Reachability},
    year = {2011},
    isbn = {9780983567813},
    publisher = {FMCAD Inc},
    address = {Austin, Texas},
    booktitle = {Proceedings of the International Conference on Formal Methods in Computer-Aided Design},
    pages = {125–134},
    numpages = {10},
    location = {Austin, Texas},
    series = {FMCAD ’11},
    url={https://ieeexplore.ieee.org/abstract/document/6148886/}
}

@InProceedings{Cimatti2014,
    doi="10.1007/978-3-642-54862-8_4",
    author="Cimatti, Alessandro
    and Griggio, Alberto
    and Mover, Sergio
    and Tonetta, Stefano",
    editor="{\'A}brah{\'a}m, Erika
    and Havelund, Klaus",
    title="IC3 Modulo Theories via Implicit Predicate Abstraction",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2014",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="46--61",
    abstract="We present a novel approach for generalizing the IC3 algorithm for invariant checking from finite-state to infinite-state transition systems, expressed over some background theories. The procedure is based on a tight integration of IC3 with Implicit (predicate) Abstraction, a technique that expresses abstract transitions without computing explicitly the abstract system and is incremental with respect to the addition of predicates. In this scenario, IC3 operates only at the Boolean level of the abstract state space, discovering inductive clauses over the abstraction predicates. Theory reasoning is confined within the underlying SMT solver, and applied transparently when performing satisfiability checks. When the current abstraction allows for a spurious counterexample, it is refined by discovering and adding a sufficient set of new predicates. Importantly, this can be done in a completely incremental manner, without discarding the clauses found in the previous search.",
    isbn="978-3-642-54862-8"
}

@InProceedings{Gunther2017,
    doi="10.1007/978-3-319-52234-0_14",
    author="G{\"u}nther, Henning and Laarman, Alfons and Sokolova, Ana and Weissenbacher, Georg",
    editor="Bouajjani, Ahmed and Monniaux, David",
    title="Dynamic Reductions for Model Checking Concurrent Software",
    booktitle="Verification, Model Checking, and Abstract Interpretation",
    year="2017",
    publisher="Springer International Publishing",
    address="Cham",
    pages="246--265",
    abstract="Symbolic model checking of parallel programs stands and falls with effective methods of dealing with the explosion of interleavings. We propose a dynamic reduction technique to avoid unnecessary interleavings. By extending Lipton's original work with a notion of bisimilarity, we accommodate dynamic transactions, and thereby reduce dependence on the accuracy of static analysis, which is a severe bottleneck in other reduction techniques.",
    isbn="978-3-319-52234-0"
}

@InProceedings{Beyer2020pdr,
    doi="10.1007/978-3-030-45190-5_1",
    author="Beyer, Dirk and Dangl, Matthias",
    editor="Biere, Armin and Parker, David",
    title="Software Verification with PDR: An Implementation of the State of the Art",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="3--21",
    abstract="Property-directed reachability (PDR) is a SAT/SMT-based reachability algorithm that incrementally constructs inductive invariants. After it was successfully applied to hardware model checking, several adaptations to software model checking have been proposed. We contribute a replicable and thorough comparative evaluation of the state of the art: We (1)Â implemented a standalone PDR algorithm and, as improvement, a PDR-based auxiliary-invariant generator for k-induction, and (2) performed an experimental study on the largest publicly available benchmark set of CÂ verification tasks, in which we explore the effectiveness and efficiency of software verification with PDR. The main contribution of our work is to establish a reproducible baseline for ongoing research in the area by providing a well-engineered reference implementation and an experimental evaluation of the existing techniques.",
    isbn="978-3-030-45190-5"
}

@InProceedings{Beyer2015,
    doi="10.1007/978-3-319-21690-4_42",
    author="Beyer, Dirk and Dangl, Matthias and Wendler, Philipp",
    editor="Kroening, Daniel and P{\u{a}}s{\u{a}}reanu, Corina S.",
    title="Boosting k-Induction with Continuously-Refined Invariants",
    booktitle="Computer Aided Verification",
    year="2015",
    publisher="Springer International Publishing",
    address="Cham",
    pages="622--640",
    abstract="{\$}{\$}k{\$}{\$}-induction is a promising technique to extend bounded model checking from falsification to verification. In software verification, {\$}{\$}k{\$}{\$}-induction works only if auxiliary invariants are used to strengthen the induction hypothesis. The problem that we address is to generate such invariants (1)Â automatically without user-interaction, (2)Â efficiently such that little verification time is spent on the invariant generation, and (3)Â that are sufficiently strong for a {\$}{\$}k{\$}{\$}-induction proof. We boost the {\$}{\$}k{\$}{\$}-induction approach to significantly increase effectiveness and efficiency in the following way: We start in parallel to {\$}{\$}k{\$}{\$}-induction a data-flow-based invariant generator that supports dynamic precision adjustment and refine the precision of the invariant generator continuously during the analysis, such that the invariants become increasingly stronger. The {\$}{\$}k{\$}{\$}-induction engine is extended such that the invariants from the invariant generator are injected in each iteration to strengthen the hypothesis. The new method solves the above-mentioned problem because it (1)Â automatically chooses an invariant by step-wise refinement, (2)Â starts always with a lightweight invariant generation that is computationally inexpensive, and (3)Â refines the invariant precision more and more to inject stronger and stronger invariants into the induction system. We present and evaluate an implementation of our approach, as well as all other existing approaches, in the open-source verification-framework CPAchecker. Our experiments show that combining {\$}{\$}k{\$}{\$}-induction with continuously-refined invariants significantly increases effectiveness and efficiency, and outperforms all existing implementations of {\$}{\$}k{\$}{\$}-induction-based verification of C programs in terms of successful results.      ",
    isbn="978-3-319-21690-4"
}

@article{Sen2005,
    author = {Sen, Koushik and Marinov, Darko and Agha, Gul},
    title = {CUTE: A Concolic Unit Testing Engine for C},
    year = {2005},
    issue_date = {September 2005},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {30},
    number = {5},
    issn = {0163-5948},
    _url = {https://doi.org/10.1145/1095430.1081750},
    doi = {10.1145/1095430.1081750},
    journal = {SIGSOFT Softw. Eng. Notes},
    month = sep,
    pages = {263–272},
    numpages = {10},
    keywords = {testing C programs, explicit path model-checking, unit testing, random testing, data structure testing, concolic testing}
}

@article{Larson2003,
    title={High Coverage Detection of Input-Related Security Faults},
    author={Larson, Eric and Austin, Todd},
    year={2003},
    month={08},
    booktitle={USENIX Security Symposium},
    url={https://www.researchgate.net/profile/Todd_Austin2/publication/234804437_High_Coverage_Detection_of_Input-Related_Security_Faults/links/54bf0ba60cf2acf661cdbcad/High-Coverage-Detection-of-Input-Related-Security-Faults.pdf}
}

@InProceedings{Sen2006,
    doi="10.1007/11817963_38",
    author="Sen, Koushik and Agha, Gul",
    editor="Ball, Thomas and Jones, Robert B.",
    title="CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools",
    booktitle="Computer Aided Verification",
    year="2006",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="419--423",
    abstract="CUTE, a Concolic Unit Testing Engine for C and Java, is a tool to systematically and automatically test sequential C programs (including pointers) and concurrent Java programs. CUTE combines concrete and symbolic execution in a way that avoids redundant test cases as well as false warnings. The tool also introduces a race-flipping technique to efficiently test and model check concurrent programs with data inputs.",
    isbn="978-3-540-37411-4"
}


@INPROCEEDINGS{Majumdar2007,
  author={Rupak Majumdar and Koushik Sen},
  booktitle={29th International Conference on Software Engineering (ICSE'07)}, 
  title={Hybrid Concolic Testing}, 
  year={2007},
  pages={416-426},
  doi={10.1109/ICSE.2007.41}
}

@InProceedings{Lal2012,
    doi="10.1007/978-3-642-31424-7_32",
    author="Lal, Akash and Qadeer, Shaz and Lahiri, Shuvendu K.",
    editor="Madhusudan, P.  and Seshia, Sanjit A.",
    title="A Solver for Reachability Modulo Theories",
    booktitle="Computer Aided Verification",
    year="2012",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="427--443",
    abstract="Consider a sequential programming language with control flow constructs such as assignments, choice, loops, and procedure calls. We restrict the syntax of expressions in this language to one that can be efficiently decided by a satisfiability-modulo-theories solver. For such a language, we define the problem of deciding whether a program can reach a particular control location as the reachability-modulo-theories problem. This paper describes the architecture of Corral, a semi-algorithm for the reachability-modulo-theories problem. Corraluses novel algorithms for inlining procedures on demand (Stratified Inlining) and abstraction refinement (Hierarchical Refinement). The paper also presents an evaluation of Corralagainst other related tools. Corralconsistently outperforms its competitors on most benchmarks.",
    isbn="978-3-642-31424-7"
}

@InProceedings{Quiring2020,
    doi="10.1007/978-3-030-45237-7_26",
    author="Quiring, Benjamin and Manolios, Panagiotis",
    editor="Biere, Armin and Parker, David",
    title="GACAL: Conjecture-Based Verification",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2020",
    publisher="Springer International Publishing",
    address="Cham",
    pages="388--392",
    abstract="GACAL verifies C programs by searching over the space of possible invariants, using traces of the input program to identify potential invariants. GACAL uses the ACL2s theorem prover to verify these potential invariants, using an interface provided by ACL2s for connecting with external tools. GACAL iteratively searches for and proves invariants of increasing complexity until the program is verified.",
    isbn="978-3-030-45237-7"
}

@InProceedings{Clarke2005,
    doi="10.1007/978-3-540-31980-1_40",
    author="Clarke, Edmund and Kroening, Daniel and Sharygina, Natasha and Yorav, Karen",
    editor="Halbwachs, Nicolas and Zuck, Lenore D.",
    title="SATABS: SAT-Based Predicate Abstraction for ANSI-C",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2005",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="570--574",
    abstract="This paper presents a model checking tool, SatAbs, that implements a predicate abstraction refinement loop. Existing software verification tools such as Slam, Blast, or Magic use decision procedures for abstraction and simulation that are limited to integers. SatAbs overcomes these limitations by using a SAT-solver. This allows the model checker to handle the semantics of the ANSI-C standard accurately. This includes a sound treatment of bit-vector overflow, and of the ANSI-C pointer arithmetic constructs.",
    isbn="978-3-540-31980-1"
}

@InProceedings{Popeea2012,
    doi="10.1007/978-3-642-28756-5_17",
    author="Popeea, Corneliu and Rybalchenko, Andrey",
    editor="Flanagan, Cormac and K{\"o}nig, Barbara",
    title="Compositional Termination Proofs for Multi-threaded Programs",
    booktitle="Tools and Algorithms for the Construction and Analysis of Systems",
    year="2012",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="237--251",
    abstract="Automated verification of multi-threaded programs is difficult. Direct treatment of all possible thread interleavings by reasoning about the program globally is a prohibitively expensive task, even for small programs. Rely-guarantee reasoning is a promising technique to address this challenge by reducing the verification problem to reasoning about each thread individually with the help of assertions about other threads. In this paper, we propose a proof rule that uses rely-guarantee reasoning for compositional verification of termination properties. The crux of our proof rule lies in its compositionality wrt. the thread structure of the program and wrt. the applied termination arguments -- transition invariants. We present a method for automating the proof rule using an abstraction refinement procedure that is based on solving recursion-free Horn clauses. To deal with termination, we extend an existing Horn-clause solver with the capability to handle well-foundedness constraints. Finally, we present an experimental evaluation of our algorithm on a set of micro-benchmarks.",
    isbn="978-3-642-28756-5"
}

@InProceedings{Atig2012term,
    doi="10.1007/978-3-642-31424-7_19",
    author="Atig, Mohamed Faouzi and Bouajjani, Ahmed and Emmi, Michael and Lal, Akash",
    editor="Madhusudan, P.  and Seshia, Sanjit A.",
    title="Detecting Fair Non-termination in Multithreaded Programs",
    booktitle="Computer Aided Verification",
    year="2012",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="210--226",
    abstract="We develop compositional analysis algorithms for detecting non-termination in multithreaded programs. Our analysis explores fair and ultimately-periodic executions---i.e., those in which the infinitely-often enabled threads repeatedly execute the same sequences of actions over and over. By limiting the number of context-switches each thread is allowed along any repeating action sequence, our algorithm quickly discovers practically-arising non-terminating executions. Limiting the number of context-switches in each period leads to a compositional analysis in which we consider each thread separately, in isolation, and reduces the search for fair ultimately-periodic executions in multithreaded programs to state-reachability in sequential programs. We implement our analysis by a systematic code-to-code translation from multithreaded programs to sequential programs. By leveraging standard sequential analysis tools, our prototype tool Mutant is able to discover fair non-terminating executions in typical mutual exclusion protocols and concurrent data-structure algorithms.",
    isbn="978-3-642-31424-7"
}

@InProceedings{Kozen1982,
	doi="10.1007/BFb0012782",
	author="Kozen, Dexter",
	editor="Nielsen, Mogens and Schmidt, Erik Meineche",
	title="Results on the propositional $\mu$-calculus",
	booktitle="Automata, Languages and Programming",
	year="1982",
	publisher="Springer Berlin Heidelberg",
	address="Berlin, Heidelberg",
	pages="348--359",
	abstract="We define a propositional version of the $\Mu$-calculus, and give an exponential-time decision procedure, small model property, and complete deductive system. We also show that it is strictly more expressive than PDL. Finally, we give an algebraic semantics and prove a representation theorem.",
	isbn="978-3-540-39308-5"
}

@InProceedings{KRB2017,
    doi="10.1007/978-3-319-67531-2_14",
    author="Kejstov{\'a}, Katar{\'i}na and Ro{\v{c}}kai, Petr and Barnat, Ji{\v{r}}{\'i}",
    editor="Lahiri, Shuvendu
    and Reger, Giles",
    title="From Model Checking to Runtime Verification and Back",
    booktitle="Runtime Verification",
    year="2017",
    publisher="Springer International Publishing",
    address="Cham",
    pages="225--240",
    abstract="We describe a novel approach for adapting an existing software model checker to perform precise runtime verification. The software under test is allowed to communicate with the wider environment (including the file system and network). The modifications to the model checker are small and self-contained, making this a viable strategy for re-using existing model checking tools in a new context.",
    isbn="978-3-319-67531-2"
}

@InProceedings{Clarke2000,
    doi="10.1007/10722167_15",
    author="Clarke, Edmund and Grumberg, Orna and Jha, Somesh and Lu, Yuan and Veith, Helmut",
    editor="Emerson, E. Allen
    and Sistla, Aravinda Prasad",
    title="Counterexample-Guided Abstraction Refinement ",
    booktitle="Computer Aided Verification",
    year="2000",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="154--169",
    abstract="We present an automatic iterative abstraction-refinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or ``spurious'') counterexamples. We devise new symbolic techniques which analyze such counterexamples and refine the abstract model correspondingly. The refinement algorithm keeps the size of the abstract state space small due to the use of abstraction functions which distinguish many degrees of abstraction for each program variable. We describe an implementation of our methodology in NuSMV. Practical experiments including a large Fujitsu IP core design with about 500 latches and 10000 lines of SMV code confirm the effectiveness of our approach.",
    isbn="978-3-540-45047-4"
}

@InProceedings{Hu1998,
    doi="10.1007/BFb0028753",
    author="Col{\'o}n, Michael A.  and Uribe, Tom{\'a}s E.",
    editor="Hu, Alan J.  and Vardi, Moshe Y.",
    title="Generating finite-state abstractions of reactive systems using decision procedures",
    booktitle="Computer Aided Verification",
    year="1998",
    publisher="Springer Berlin Heidelberg",
    address="Berlin, Heidelberg",
    pages="293--304",
    abstract="We present an algorithm that uses decision procedures to generate finite-state abstractions of possibly infinite-state systems. The algorithm compositionally abstracts the transitions of the system, relative to a given, fixed set of assertions. Thus, the number of validity checks is proportional to the size of the system description, rather than the size of the abstract state-space. The generated abstractions are weakly preserving for ∀CTL temporal properties. We describe several applications of the algorithm, implemented using the decision procedures of the Stanford Temporal Prover (STeP).",
    isbn="978-3-540-69339-0"
}

@book{Kurshan1995,
    title={Computer-aided Verification of Coordinating Processes: The Automata-theoretic Approach},
    author={Kurshan, Robert P.},
    volume={302},
    year={1995},
    publisher={Princeton University Press}
}