Results 1  10
of
11
Modular Data Structure Verification
 EECS DEPARTMENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY
, 2007
"... This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java ..."
Abstract

Cited by 36 (21 self)
 Add to MetaCart
This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java programs with dynamically allocated data structures. Developers write Jahob specifications in classical higherorder logic (HOL); Jahob reduces the verification problem to deciding the validity of HOL formulas. I present a new method for proving HOL formulas by combining automated reasoning techniques. My method consists of 1) splitting formulas into individual HOL conjuncts, 2) soundly approximating each HOL conjunct with a formula in a more tractable fragment and 3) proving the resulting approximation using a decision procedure or a theorem prover. I present three concrete logics; for each logic I show how to use it to approximate HOL formulas, and how to decide the validity of formulas in this logic. First, I present an approximation of HOL based on a translation to firstorder logic, which enables the use of existing resolutionbased theorem provers. Second, I present an approximation of HOL based on field constraint analysis, a new technique that enables
Deciding Boolean Algebra with Presburger Arithmetic
 J. of Automated Reasoning
"... Abstract. We describe an algorithm for deciding the firstorder multisorted theory BAPA, which combines 1) Boolean algebras of sets of uninterpreted elements (BA) and 2) Presburger arithmetic operations (PA). BAPA can express the relationship between integer variables and cardinalities of unbounded ..."
Abstract

Cited by 31 (26 self)
 Add to MetaCart
Abstract. We describe an algorithm for deciding the firstorder multisorted theory BAPA, which combines 1) Boolean algebras of sets of uninterpreted elements (BA) and 2) Presburger arithmetic operations (PA). BAPA can express the relationship between integer variables and cardinalities of unbounded finite sets, and supports arbitrary quantification over sets and integers. Our original motivation for BAPA is deciding verification conditions that arise in the static analysis of data structure consistency properties. Data structures often use an integer variable to keep track of the number of elements they store; an invariant of such a data structure is that the value of the integer variable is equal to the number of elements stored in the data structure. When the data structure content is represented by a set, the resulting constraints can be captured in BAPA. BAPA formulas with quantifier alternations arise when verifying programs with annotations containing quantifiers, or when proving simulation relation conditions for refinement and equivalence of program fragments. Furthermore, BAPA constraints can be used for proving the termination of programs that manipulate data structures, as well as
Towards efficient satisfiability checking for boolean algebra with presburger arithmetic
 In CADE21
, 2007
"... 1 Introduction This paper considers the satisfiability problem for a logic that allows reasoning about sets and their cardinalities. We call this logic quantifierfree Boolean Algebra with Presburger Arithmetic and denote it QFBAPA. Our motivationfor QFBAPA is proving the validity of formulas arisi ..."
Abstract

Cited by 28 (17 self)
 Add to MetaCart
1 Introduction This paper considers the satisfiability problem for a logic that allows reasoning about sets and their cardinalities. We call this logic quantifierfree Boolean Algebra with Presburger Arithmetic and denote it QFBAPA. Our motivationfor QFBAPA is proving the validity of formulas arising from program verification [12,13,14], but
An algorithm for deciding BAPA: Boolean Algebra with Presburger Arithmetic
 In 20th International Conference on Automated Deduction, CADE20
, 2005
"... Abstract. We describe an algorithm for deciding the firstorder multisorted theory BAPA, which combines 1) Boolean algebras of sets of uninterpreted elements (BA) and 2) Presburger arithmetic operations (PA). BAPA can express the relationship between integer variables and cardinalities of a priory u ..."
Abstract

Cited by 26 (13 self)
 Add to MetaCart
Abstract. We describe an algorithm for deciding the firstorder multisorted theory BAPA, which combines 1) Boolean algebras of sets of uninterpreted elements (BA) and 2) Presburger arithmetic operations (PA). BAPA can express the relationship between integer variables and cardinalities of a priory unbounded finite sets, and supports arbitrary quantification over sets and integers. Our motivation for BAPA is deciding verification conditions that arise in the static analysis of data structure consistency properties. Data structures often use an integer variable to keep track of the number of elements they store; an invariant of such a data structure is that the value of the integer variable is equal to the number of elements stored in the data structure. When the data structure content is represented by a set, the resulting constraints can be captured in BAPA. BAPA formulas with quantifier alternations arise when verifying programs with annotations containing quantifiers, or when proving simulation relation conditions for refinement and equivalence of program fragments. Furthermore, BAPA constraints can be used for proving the termination of programs that manipulate data structures, and have applications in constraint databases. We give a formal description of a decision procedure for BAPA, which implies the decidability of BAPA. We analyze our algorithm and obtain an elementary upper bound on the running time, thereby giving the first complexity bound for BAPA. Because it works by a reduction to PA, our algorithm yields the decidability of a combination of sets of uninterpreted elements with any decidable extension of PA. Our algorithm can also be used to yield an optimal decision procedure for BA through a reduction to PA with bounded quantifiers. We have implemented our algorithm and used it to discharge verification conditions in the Jahob system for data structure consistency checking of Java programs; our experience with the algorithm is promising. 1
On algorithms and complexity for sets with cardinality constraints
, 2005
"... Typestate systems ensure many desirable properties of imperative programs, including initialization of object fields and correct use of stateful library interfaces. Abstract sets with cardinality constraints naturally generalize typestate properties: relationships between the typestates of objects c ..."
Abstract

Cited by 10 (7 self)
 Add to MetaCart
Typestate systems ensure many desirable properties of imperative programs, including initialization of object fields and correct use of stateful library interfaces. Abstract sets with cardinality constraints naturally generalize typestate properties: relationships between the typestates of objects can be expressed as subset and disjointness relations on sets, and elements of sets can be represented as sets of cardinality one. In addition, sets with cardinality constraints provide a natural language for specifying operations and invariants of data structures. Motivated by these program analysis applications, this paper presents new algorithms and new complexity results for constraints on sets and their cardinalities. We study several classes of constraints and demonstrate a tradeoff between their expressive power and their complexity. Our first result concerns a quantifierfree fragment of Boolean Algebra with Presburger Arithmetic. We give a nondeterministic polynomialtime algorithm for reducing the satisfiability of sets with symbolic cardinalities to constraints on constant cardinalities, and give a polynomialspace algorithm for the resulting problem. The best previously existing algorithm runs in exponential space and nondeterministic exponential time. In a quest for more efficient fragments, we identify several subclasses of sets with cardinality constraints whose satisfiability is NPhard. Finally, we identify a class of constraints that has polynomialtime satisfiability and entailment problems and can serve as a foundation for efficient program analysis. We give a system of rewriting rules for enforcing certain consistency properties of these constraints and show how to extract complete information from constraints in normal form. This result implies the soundness and completeness of our algorithms. 1.
SetBased Constraints
"... The notion of set constraint has been presented in literature with two dierent meanings and aims. Each of them allows to deal with a particular class of set based formulae. We compare the two notions and present their satis ability problem as instances of the more general framework of Computable ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
The notion of set constraint has been presented in literature with two dierent meanings and aims. Each of them allows to deal with a particular class of set based formulae. We compare the two notions and present their satis ability problem as instances of the more general framework of Computable Set Theory. We show that there are large classes of formulae for which both proposals provide suitable procedures for testing satis ability with respect to a given privileged interpretation. We show examples of how these constraints can be used for setbased analysis and for problem solving in general.
Polynomial Constraints for Sets with Cardinality Bounds
"... Abstract. Logics that can reason about sets and their cardinality bounds are useful in program analysis, program verification, databases, and knowledge bases. This paper presents a class of constraints on sets and their cardinalities for which the satisfiability and the entailment problems are compu ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. Logics that can reason about sets and their cardinality bounds are useful in program analysis, program verification, databases, and knowledge bases. This paper presents a class of constraints on sets and their cardinalities for which the satisfiability and the entailment problems are computable in polynomial time. Our class of constraints, based on treeshaped formulas, is unique in being simultaneously tractable and able to express 1) that a set is a union of other sets, 2) that sets are disjoint, and 3) that a set has cardinality within a given range. As the main result we present a polynomialtime algorithm for checking entailment of our constraints.
A Framework for Formalizing Set Theories Based on the Use of Static Set Terms
"... To Boaz Trakhtenbrot: a scientific father, a friend, and a great man. Abstract. We present a new unified framework for formalizations of axiomatic set theories of different strength, from rudimentary set theory to full ZF. It allows the use of set terms, but provides a static check of their validity ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
To Boaz Trakhtenbrot: a scientific father, a friend, and a great man. Abstract. We present a new unified framework for formalizations of axiomatic set theories of different strength, from rudimentary set theory to full ZF. It allows the use of set terms, but provides a static check of their validity. Like the inconsistent “ideal calculus ” for set theory, it is essentially based on just two settheoretical principles: extensionality and comprehension (to which we add ∈induction and optionally the axiom of choice). Comprehension is formulated as: x ∈{x  ϕ} ↔ϕ, where {x  ϕ} is a legal set term of the theory. In order for {x  ϕ} to be legal, ϕ should be safe with respect to {x}, where safety is a relation between formulas and finite sets of variables. The various systems we consider differ from each other mainly with respect to the safety relations they employ. These relations are all defined purely syntactically (using an induction on the logical structure of formulas). The basic one is based on the safety relation which implicitly underlies commercial query languages for relational database systems (like SQL). Our framework makes it possible to reduce all extensions by definitions to abbreviations. Hence it is very convenient for mechanical manipulations and for interactive theorem proving. It also provides a unified treatment of comprehension axioms and of absoluteness properties of formulas. 1
Algebraic semantics of ERmodels in the context of the calculus of relations. II: Dynamic view.
, 2001
"... We provide a detailed analysis of the insertion and deletion operations for an ERmodel represented in terms of the map calculus. This continues our previous study of compiling an ER model into the abstract setting of what might be called logic without variables. Page 1 Algebraic semantics of ERmo ..."
Abstract
 Add to MetaCart
We provide a detailed analysis of the insertion and deletion operations for an ERmodel represented in terms of the map calculus. This continues our previous study of compiling an ER model into the abstract setting of what might be called logic without variables. Page 1 Algebraic semantics of ERmodels, II: Dynamic View 1
Pipes and Filters: Modelling a Software Architecture Through Relations
, 2002
"... A pipeline is a popular architecture which connects computational components/filers) through connectors (pipes) so that computations are performed in a stream like fashion. The data are transported through the pipes between filers, gradually transforming inputs to outputs. This kind of stream proces ..."
Abstract
 Add to MetaCart
A pipeline is a popular architecture which connects computational components/filers) through connectors (pipes) so that computations are performed in a stream like fashion. The data are transported through the pipes between filers, gradually transforming inputs to outputs. This kind of stream processing has been made popular through UNIX pipes that serially connect independent components for performing a sequence of tasks. We show in this paper how to formalize this architecture in terms of monads, hereby including relational specifications as special cases. The system is given through a directed acyclic graph the nodes of which carry the computational structure by being labelled with morphisms from the monad, and the edges provide the data for these operations. It is shown how fundamental compositional operations like combining pipes and filers, and refining a system by replacing simple parts through more elaborate ones, are supported through this construction.