Results 1  10
of
23
Modular Data Structure Verification
 EECS DEPARTMENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY
, 2007
"... This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java ..."
Abstract

Cited by 36 (21 self)
 Add to MetaCart
This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java programs with dynamically allocated data structures. Developers write Jahob specifications in classical higherorder logic (HOL); Jahob reduces the verification problem to deciding the validity of HOL formulas. I present a new method for proving HOL formulas by combining automated reasoning techniques. My method consists of 1) splitting formulas into individual HOL conjuncts, 2) soundly approximating each HOL conjunct with a formula in a more tractable fragment and 3) proving the resulting approximation using a decision procedure or a theorem prover. I present three concrete logics; for each logic I show how to use it to approximate HOL formulas, and how to decide the validity of formulas in this logic. First, I present an approximation of HOL based on a translation to firstorder logic, which enables the use of existing resolutionbased theorem provers. Second, I present an approximation of HOL based on field constraint analysis, a new technique that enables
Complete Functional Synthesis
"... Synthesis of program fragments from specifications can make programs easier to write and easier to reason about. To integrate synthesis into programming languages, synthesis algorithms should behave in a predictable way—they should succeed for a welldefined class of specifications. They should also ..."
Abstract

Cited by 29 (12 self)
 Add to MetaCart
Synthesis of program fragments from specifications can make programs easier to write and easier to reason about. To integrate synthesis into programming languages, synthesis algorithms should behave in a predictable way—they should succeed for a welldefined class of specifications. They should also support unbounded data types such as numbers and data structures. We propose to generalize decision procedures into predictable and complete synthesis procedures. Such procedures are guaranteed to find code that satisfies the specification if such code exists. Moreover, we identify conditions under which synthesis will statically decide whether the solution is guaranteed to exist, and whether it is unique. We demonstrate our approach by starting from decision procedures for linear arithmetic and data structures and transforming them into synthesis procedures. We establish results on the size and the efficiency of the synthesized code. We show that such procedures are useful as a language extension with implicit value definitions, and we show how to extend a compiler to support such definitions. Our constructs provide the benefits of synthesis to programmers, without requiring them to learn new concepts or give up a deterministic execution model.
Observations on Determinization of Büchi Automata
 IN 10TH CIAA, LNCS
, 2005
"... The two determinization procedures of Safra and MullerSchupp for Büchi automata are compared, based on an implementation in a program called OmegaDet. ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
The two determinization procedures of Safra and MullerSchupp for Büchi automata are compared, based on an implementation in a program called OmegaDet.
Omegaregular model checking
 In Proc. 10th TACAS. LNCS
, 2004
"... Checking infinitestate systems is frequently done by encoding infinite sets of states as regular languages. Computing such a regular representation of, say, the set of reachable states of a system requires acceleration techniques that can finitely compute the effect of an unbounded number of transi ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
Checking infinitestate systems is frequently done by encoding infinite sets of states as regular languages. Computing such a regular representation of, say, the set of reachable states of a system requires acceleration techniques that can finitely compute the effect of an unbounded number of transitions. Among the acceleration techniques that have been proposed, one finds both specific and generic techniques. Specific techniques exploit the particular type of system being analyzed, e.g. a system manipulating queues or integers, whereas generic techniques only assume that the transition relation is represented by a finitestate transducer, which has to be iterated. In this paper, we investigate the possibility of using generic techniques in cases where only specific techniques have been exploited so far. Finding that existing generic techniques are often not applicable in cases easily handled by specific techniques, we have developed a new approach to iterating transducers. This new approach builds on earlier work, but exploits a number of new conceptual and algorithmic ideas, often induced with the help of experiments, that give it a broad scope, as well as good performances.
ClosedLoop Learning of Visual Control Policies
, 2007
"... In this paper we present a general, flexible framework for learning mappings from images to actions by interacting with the environment. The basic idea is to introduce a featurebased image classifier in front of a reinforcement learning algorithm. The classifier partitions the visual space accordin ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
In this paper we present a general, flexible framework for learning mappings from images to actions by interacting with the environment. The basic idea is to introduce a featurebased image classifier in front of a reinforcement learning algorithm. The classifier partitions the visual space according to the presence or absence of few highly informative local descriptors that are incrementally selected in a sequence of attempts to remove perceptual aliasing. We also address the problem of fighting overfitting in such a greedy algorithm. Finally, we show how highlevel visual features can be generated when the power of local descriptors is insufficient for completely disambiguating the aliased states. This is done by building a hierarchy of composite features that consist of recursive spatial combinations of visual features. We demonstrate the efficacy of our algorithms by solving three visual navigation tasks and a visual version of the classical “Car on the Hill” control problem.
Automatic modular abstractions for template numerical constraints
 Logical Methods in Computer Science
, 2010
"... We propose a method for automatically generating abstract transformers for static analysis by abstract interpretation. The method focuses on linear constraints on programs operating on rational, real or floatingpoint variables and containing linear assignments and tests. Given the specification of a ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
We propose a method for automatically generating abstract transformers for static analysis by abstract interpretation. The method focuses on linear constraints on programs operating on rational, real or floatingpoint variables and containing linear assignments and tests. Given the specification of an abstract domain, and a program block, our method transformer. It is thus a form of program transformation. In addition to loopfree code, the same method also applies for obtaining least fixed points as functions of the precondition, which permits the analysis of loops and recursive functions. The motivation of our work is dataflow synchronous programming languages, used for building controlcommand embedded systems, but it also applies to imperative and functional programming. Our algorithms are based on quantifier elimination and symbolic manipulation techniques over linear arithmetic formulas. We also give less general results for nonlinear constraints and nonlinear program constructs. 1
Verifying mixed realinteger quantifier elimination
 IJCAR 2006, LNCS 4130
, 2006
"... We present a formally verified quantifier elimination procedure for the first order theory over linear mixed realinteger arithmetics in higherorder logic based on a work by Weispfenning. To this end we provide two verified quantifier elimination procedures: for Presburger arithmitics and for lin ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
We present a formally verified quantifier elimination procedure for the first order theory over linear mixed realinteger arithmetics in higherorder logic based on a work by Weispfenning. To this end we provide two verified quantifier elimination procedures: for Presburger arithmitics and for linear real arithmetics.
Don’t care words with an application to the automatabased approach for real addition
 in Proc. of the 18th Int. Conf. on Computer Aided Verification
, 2006
"... Abstract. Automata are a useful tool in infinitestate model checking, since they can represent infinite sets of integers and reals. However, analogous to the use of bdds to represent finite sets, the sizes of the automata are an obstacle in the automatabased set representation. In this paper, we g ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
Abstract. Automata are a useful tool in infinitestate model checking, since they can represent infinite sets of integers and reals. However, analogous to the use of bdds to represent finite sets, the sizes of the automata are an obstacle in the automatabased set representation. In this paper, we generalize the notion of “don’t cares ” for bdds to word languages as a means to reduce the automata sizes. We show that the minimal weak deterministic Büchi automaton (wdba) with respect to a given don’t care set, under certain restrictions, is uniquely determined and can be efficiently constructed. We apply don’t cares to improve the efficiency of a decision procedure for the firstorder logic over the mixed linear arithmetic over the integers and the reals based on wdbas. 1
Proof synthesis and reflection for linear arithmetic. Submitted
, 2006
"... This article presents detailed implementations of quantifier elimination for both integer and real linear arithmetic for theorem provers. The underlying algorithms are those by Cooper (for Z) and by Ferrante and Rackoff (for R). Both algorithms are realized in two entirely different ways: once in ta ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
This article presents detailed implementations of quantifier elimination for both integer and real linear arithmetic for theorem provers. The underlying algorithms are those by Cooper (for Z) and by Ferrante and Rackoff (for R). Both algorithms are realized in two entirely different ways: once in tactic style, i.e. by a proofproducing functional program, and once by reflection, i.e. by computations inside the logic rather than in the metalanguage. Both formalizations are highly generic because they make only minimal assumptions w.r.t. the underlying logical system and theorem prover. An implementation in Isabelle/HOL shows that the reflective approach is between one and two orders of magnitude faster. 1
LIRA: Handling Constraints of Linear Arithmetics over the Integers and the Reals ⋆
"... The mechanization of many verification tasks relies on efficient implementations of decision procedures for fragments of firstorder logic. Interactive ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
The mechanization of many verification tasks relies on efficient implementations of decision procedures for fragments of firstorder logic. Interactive