Results 11  20
of
144
Merge: A Programming Model for Heterogeneous Multicore Systems Abstract
"... In this paper we propose the Merge framework, a general purpose programming model for heterogeneous multicore systems. The Merge framework replaces current ad hoc approaches to parallel programming on heterogeneous platforms with a rigorous, librarybased methodology that can automatically distribu ..."
Abstract

Cited by 41 (1 self)
 Add to MetaCart
In this paper we propose the Merge framework, a general purpose programming model for heterogeneous multicore systems. The Merge framework replaces current ad hoc approaches to parallel programming on heterogeneous platforms with a rigorous, librarybased methodology that can automatically distribute computation across heterogeneous cores to achieve increased energy and performance efficiency. The Merge framework provides (1) a predicate dispatchbased library system for managing and invoking function variants for multiple architectures; (2) a highlevel, libraryoriented parallel language based on mapreduce; and (3) a compiler and runtime which implement the mapreduce language pattern by dynamically selecting the best available function implementations for a given input and machine configuration. Using a generic sequencer architecture interface for heterogeneous accelerators, the Merge framework can integrate function variants for specialized accelerators, offering the potential for tothemetal performance for a wide range of heterogeneous architectures, all transparent to the user. The Merge framework has been prototyped on a heterogeneous platform consisting of an Intel Core 2 Duo CPU and an 8core 32thread Intel Graphics and Media Accelerator X3000, and a homogeneous 32way Unisys SMP system with Intel Xeon processors. We implemented a set of benchmarks using the Merge framework and enhanced the library with X3000 specific implementations, achieving speedups of 3.6x – 8.5x using the X3000 and 5.2x – 22x using the 32way system relative to the straight C reference implementation on a single IA32 core.
All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask
 In Proceedings of the IEEE Symposium on Security and Privacy
, 2010
"... Abstract—Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discove ..."
Abstract

Cited by 37 (2 self)
 Add to MetaCart
Abstract—Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discovery. Despite the widespread usage of these two techniques, there has been little effort to formally define the algorithms and summarize the critical issues that arise when these techniques are used in typical security contexts. The contributions of this paper are twofold. First, we precisely describe the algorithms for dynamic taint analysis and forward symbolic execution as extensions to the runtime semantics of a general language. Second, we highlight important implementation choices, common pitfalls, and considerations when using these techniques in a security context. Keywordstaint analysis, symbolic execution, dynamic analysis I.
Modular Data Structure Verification
 EECS DEPARTMENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY
, 2007
"... This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java ..."
Abstract

Cited by 36 (21 self)
 Add to MetaCart
This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java programs with dynamically allocated data structures. Developers write Jahob specifications in classical higherorder logic (HOL); Jahob reduces the verification problem to deciding the validity of HOL formulas. I present a new method for proving HOL formulas by combining automated reasoning techniques. My method consists of 1) splitting formulas into individual HOL conjuncts, 2) soundly approximating each HOL conjunct with a formula in a more tractable fragment and 3) proving the resulting approximation using a decision procedure or a theorem prover. I present three concrete logics; for each logic I show how to use it to approximate HOL formulas, and how to decide the validity of formulas in this logic. First, I present an approximation of HOL based on a translation to firstorder logic, which enables the use of existing resolutionbased theorem provers. Second, I present an approximation of HOL based on field constraint analysis, a new technique that enables
Cogent: Accurate theorem proving for program verification
 Proceedings of CAV 2005, volume 3576 of Lecture Notes in Computer Science
, 2005
"... Abstract. Many symbolic software verification engines such as Slam and ESC/Java rely on automatic theorem provers. The existing theorem provers, such as Simplify, lack precise support for important programming language constructs such as pointers, structures and unions. This paper describes a theore ..."
Abstract

Cited by 35 (10 self)
 Add to MetaCart
Abstract. Many symbolic software verification engines such as Slam and ESC/Java rely on automatic theorem provers. The existing theorem provers, such as Simplify, lack precise support for important programming language constructs such as pointers, structures and unions. This paper describes a theorem prover, Cogent, that accurately supports all ANSIC expressions. The prover’s implementation is based on a machinelevel interpretation of expressions into propositional logic, and supports finite machinelevel variables, bit operations, structures, unions, references, pointers and pointer arithmetic. When used by Slam during the model checking of over 300 benchmarks, Cogent’s improved accuracy reduced the number of Slam timeouts by half, increased the number of true errors found, and decreased the number of false errors. 1
Efficient Ematching for SMT solvers
, 2007
"... Satisfiability Modulo Theories (SMT) solvers have proven highly scalable, efficient and suitable for integrating theory reasoning. However, for numerous applications from program analysis and verification, the ground fragment is insufficient, as proof obligations often include quantifiers. A well ..."
Abstract

Cited by 35 (7 self)
 Add to MetaCart
Satisfiability Modulo Theories (SMT) solvers have proven highly scalable, efficient and suitable for integrating theory reasoning. However, for numerous applications from program analysis and verification, the ground fragment is insufficient, as proof obligations often include quantifiers. A well known approach for quantifier reasoning uses a matching algorithm that works against an Egraph to instantiate quantified variables. This paper introduces algorithms that identify matches on Egraphs incrementally and efficiently. In particular, we introduce an index that works on Egraphs, called Ematching code trees that combine features of substitution and code trees, used in saturation based theorem provers. Ematching code trees allow performing matching against several patterns simultaneously. The code trees are combined with an additional index, called the inverted path index, which filters Egraph terms that may potentially match patterns when the Egraph is updated. Experimental results show substantial performance improvements over existing stateoftheart SMT solvers.
Efficient satisfiability modulo theories via delayed theory combination
 In Proc. CAV 2005, volume 3576 of LNCS
, 2005
"... Abstract. The problem of deciding the satisfiability of a quantifierfree formula with respect to a background theory, also known as Satisfiability Modulo Theories (SMT), is gaining increasing relevance in verification: representation capabilities beyond propositional logic allow for a natural model ..."
Abstract

Cited by 34 (15 self)
 Add to MetaCart
Abstract. The problem of deciding the satisfiability of a quantifierfree formula with respect to a background theory, also known as Satisfiability Modulo Theories (SMT), is gaining increasing relevance in verification: representation capabilities beyond propositional logic allow for a natural modeling of realworld problems (e.g., pipeline and RTL circuits verification, proof obligations in software systems). In this paper, we focus on the case where the background theory is the combination T1 £ T2 of two simpler theories. Many SMT procedures combine a boolean model enumeration with a decision procedure for T1 £ T2, where conjunctions of literals can be decided by an integration schema such as NelsonOppen, via a structured exchange of interface formulae (e.g., equalities in the case of convex theories, disjunctions of equalities otherwise). We propose a new approach for SMT¤T1 £ T2¥, called Delayed Theory Combination, which does not require a decision procedure for T1 £ T2, but only individual decision procedures for T1 and T2, which are directly integrated into the boolean model enumerator. This approach is much simpler and natural, allows each of the solvers to be implemented and optimized without taking into account the others, and it nicely encompasses the case of nonconvex theories. We show the effectiveness of the approach by a thorough experimental comparison. 1
Deciding Boolean Algebra with Presburger Arithmetic
 J. of Automated Reasoning
"... Abstract. We describe an algorithm for deciding the firstorder multisorted theory BAPA, which combines 1) Boolean algebras of sets of uninterpreted elements (BA) and 2) Presburger arithmetic operations (PA). BAPA can express the relationship between integer variables and cardinalities of unbounded ..."
Abstract

Cited by 31 (26 self)
 Add to MetaCart
Abstract. We describe an algorithm for deciding the firstorder multisorted theory BAPA, which combines 1) Boolean algebras of sets of uninterpreted elements (BA) and 2) Presburger arithmetic operations (PA). BAPA can express the relationship between integer variables and cardinalities of unbounded finite sets, and supports arbitrary quantification over sets and integers. Our original motivation for BAPA is deciding verification conditions that arise in the static analysis of data structure consistency properties. Data structures often use an integer variable to keep track of the number of elements they store; an invariant of such a data structure is that the value of the integer variable is equal to the number of elements stored in the data structure. When the data structure content is represented by a set, the resulting constraints can be captured in BAPA. BAPA formulas with quantifier alternations arise when verifying programs with annotations containing quantifiers, or when proving simulation relation conditions for refinement and equivalence of program fragments. Furthermore, BAPA constraints can be used for proving the termination of programs that manipulate data structures, as well as
An empirical comparison of automated generation and classification techniques for objectoriented unit testing
 In ASE 06: Automated Software Engineering
, 2006
"... Testing involves two major activities: generating test inputs and determining whether they reveal faults. Automated test generation techniques include random generation and symbolic execution. Automated test classification techniques include ones based on uncaught exceptions and violations of operat ..."
Abstract

Cited by 31 (11 self)
 Add to MetaCart
Testing involves two major activities: generating test inputs and determining whether they reveal faults. Automated test generation techniques include random generation and symbolic execution. Automated test classification techniques include ones based on uncaught exceptions and violations of operational models inferred from manually provided tests. Previous research on unit testing for objectoriented programs developed three pairs of these techniques: modelbased random testing, exceptionbased random testing, and exceptionbased symbolic testing. We develop a novel pair, modelbased symbolic testing. We also empirically compare all four pairs of these generation and classification techniques. The results show that the pairs are complementary (i.e., reveal faults differently), with their respective strengths and weaknesses. 1.
On a Rewriting Approach to Satisfiability Procedures: Extension, Combination of Theories and an Experimental Appraisal
, 2005
"... The rewriting approach to Tsatisfiability is based on establishing termination of a rewritebased inference system for firstorder logic on the Tsatisfiability problem. Extending previous such results, including the quantifierfree theory of equality and the theory of arrays with or without exte ..."
Abstract

Cited by 30 (19 self)
 Add to MetaCart
The rewriting approach to Tsatisfiability is based on establishing termination of a rewritebased inference system for firstorder logic on the Tsatisfiability problem. Extending previous such results, including the quantifierfree theory of equality and the theory of arrays with or without extensionality, we prove termination for the theories of records with or without extensionality, integer offsets and integer offsets modulo. A general theorem for termination on combinations of theories, that covers any combination of the theories above, is given next. For empirical evaluation, the rewritebased theorem prover E is compared with the validity checkers CVC and CVC Lite, on both synthetic and realworld benchmarks, including both valid and invalid instances. Parametric synthetic benchmarks test scalability, while realworld benchmarks test ability to handle huge sets of literals. Contrary to the folklore that a generalpurpose prover cannot compete with specialized reasoners, the experiments are overall favorable to the theorem prover, showing that the rewriting approach is both elegant and practical.
Towards efficient satisfiability checking for boolean algebra with presburger arithmetic
 In CADE21
, 2007
"... 1 Introduction This paper considers the satisfiability problem for a logic that allows reasoning about sets and their cardinalities. We call this logic quantifierfree Boolean Algebra with Presburger Arithmetic and denote it QFBAPA. Our motivationfor QFBAPA is proving the validity of formulas arisi ..."
Abstract

Cited by 28 (17 self)
 Add to MetaCart
1 Introduction This paper considers the satisfiability problem for a logic that allows reasoning about sets and their cardinalities. We call this logic quantifierfree Boolean Algebra with Presburger Arithmetic and denote it QFBAPA. Our motivationfor QFBAPA is proving the validity of formulas arising from program verification [12,13,14], but