Results 1  10
of
58
Deciding QuantifierFree Presburger Formulas Using Finite Instantiation Based on Parameterized Solution Bounds
 In Proc. 19 th LICS. IEEE
, 2003
"... Given a formula # in quantifierfree Presburger arithmetic, it is well known that, if there is a satisfying solution to #, there is one whose size, measured in bits, is polynomially bounded in the size of #. In this paper, we consider a special class of quantifierfree Presburger formulas in which m ..."
Abstract

Cited by 35 (6 self)
 Add to MetaCart
Given a formula # in quantifierfree Presburger arithmetic, it is well known that, if there is a satisfying solution to #, there is one whose size, measured in bits, is polynomially bounded in the size of #. In this paper, we consider a special class of quantifierfree Presburger formulas in which most linear constraints are separation (di#erencebound) constraints, and the nonseparation constraints are sparse. This class has been observed to commonly occur in software verification problems. We derive a new solution bound in terms of parameters characterizing the sparseness of linear constraints and the number of nonseparation constraints, in addition to traditional measures of formula size. In particular, the number of bits needed per integer variable is linear in the number of nonseparation constraints and logarithmic in the number and size of nonzero coe#cients in them, but is otherwise independent of the total number of linear constraints in the formula. The derived bound can be used in a decision procedure based on instantiating integer variables over a finite domain and translating the input quantifierfree Presburger formula to an equisatisfiable Boolean formula, which is then checked using a Boolean satisfiability solver. We present empirical evidence indicating that this method can greatly outperform other decision procedures.
Data structures for the verification of timed automata
 97: HYBRID AND REALTIME SYSTEMS, LECTURE NOTES IN COMPUTER SCIENCE 1201
, 1997
"... In this paper we suggest numerical decision diagrams, a BDDbased datastructure for representing certain subsets of the Euclidean space, namely those encountered in verification of timed automata. Unlike other representation schemes, NDD's are canonical and provide for all the necessary operat ..."
Abstract

Cited by 34 (4 self)
 Add to MetaCart
In this paper we suggest numerical decision diagrams, a BDDbased datastructure for representing certain subsets of the Euclidean space, namely those encountered in verification of timed automata. Unlike other representation schemes, NDD's are canonical and provide for all the necessary operations needed in the verification and synthesis of timed automata. We report some preliminary experimental results.
An effective decision procedure for linear arithmetic with integer and real variables
 ACM Transactions on Computational Logic (TOCL
, 2005
"... This article considers finiteautomatabased algorithms for handling linear arithmetic with both real and integer variables. Previous work has shown that this theory can be dealt with by using finite automata on infinite words, but this involves some difficult and delicate to implement algorithms. T ..."
Abstract

Cited by 32 (9 self)
 Add to MetaCart
(Show Context)
This article considers finiteautomatabased algorithms for handling linear arithmetic with both real and integer variables. Previous work has shown that this theory can be dealt with by using finite automata on infinite words, but this involves some difficult and delicate to implement algorithms. The contribution of this article is to show, using topological arguments, that only a restricted class of automata on infinite words are necessary for handling real and integer linear arithmetic. This allows the use of substantially simpler algorithms, which have been successfully implemented.
A Comparison of Presburger Engines for EFSM Reachability
, 1998
"... Implicit state enumeration for extended finite state machines relies on a decision procedure for Presburger arithmetic. We compare the performance of two Presburger packages, the automatabased Shasta package and the polyhedrabased Omega package. While the raw speed of each of these two packages can ..."
Abstract

Cited by 31 (0 self)
 Add to MetaCart
(Show Context)
Implicit state enumeration for extended finite state machines relies on a decision procedure for Presburger arithmetic. We compare the performance of two Presburger packages, the automatabased Shasta package and the polyhedrabased Omega package. While the raw speed of each of these two packages can be superior to the other by a factor of 50 or more, we found the asymptotic performance of Shasta to be equal or superior to that of Omega for the experiments we performed.
An improved reachability analysis method for strongly linear hybrid systems (extended abstract
 In Computer Aided Verification, 9th International Conference, CAV ’97
"... Abstract. This paper addresses the exact computation of the set of reachable states of a strongly linear hybrid system. It proposes an approach that is an extension of classical statespace exploration. This approach uses a new operation, based on a cycle analysis in the control graph of the system, ..."
Abstract

Cited by 29 (15 self)
 Add to MetaCart
(Show Context)
Abstract. This paper addresses the exact computation of the set of reachable states of a strongly linear hybrid system. It proposes an approach that is an extension of classical statespace exploration. This approach uses a new operation, based on a cycle analysis in the control graph of the system, for generating sets of reachable states, as well as a powerful representation system for sets of values. The method broadens the range of hybrid systems for which a finite and exact representation of the set of reachable states can be computed. In particular, the statespace exploration may be performed even if the set of variable values reachable at a given control location cannot be expressed as a finite union of convex regions. The technique is illustrated on a very simple example. 1
A Class of Polynomially Solvable Range Constraints for Interval Analysis without Widenings and Narrowings
 In Tools and Algorithms for the Construction and Analysis of Systems
, 2004
"... In this paper, we study the problem of solving integer range constraints that arise in many static program analysis problems. In particular, we present the first polynomial time algorithm for a general class of integer range constraints. In contrast with abstract interpretation techniques based o ..."
Abstract

Cited by 28 (1 self)
 Add to MetaCart
In this paper, we study the problem of solving integer range constraints that arise in many static program analysis problems. In particular, we present the first polynomial time algorithm for a general class of integer range constraints. In contrast with abstract interpretation techniques based on widenings and narrowings, our algorithm computes, in polynomial time, the optimal solution of the arising fixpoint equations. Our result implies that "precise" range analysis can be performed in polynomial time without widening and narrowing operations.
Abstractionbased satisfiability solving of Presburger arithmetic
 In: Proc. CAV. Volume 3114 of LNCS. (2004) 308–320
, 2004
"... Abstract. We present a new abstractionbased framework for deciding satisfiability of quantifierfree Presburger arithmetic formulas. Given a Presburger formula φ, our algorithm invokes a SAT solver to produce proofs of unsatisfiability of approximations of φ. These proofs are in turn used to genera ..."
Abstract

Cited by 24 (9 self)
 Add to MetaCart
(Show Context)
Abstract. We present a new abstractionbased framework for deciding satisfiability of quantifierfree Presburger arithmetic formulas. Given a Presburger formula φ, our algorithm invokes a SAT solver to produce proofs of unsatisfiability of approximations of φ. These proofs are in turn used to generate abstractions of φ as inputs to a theorem prover. The SATencodings of the approximations of φ are obtained by instantiating the variables of the formula over finite domains. The satisfying integer assignments provided by the theorem prover are then used to selectively increase domain sizes and generate fresh SATencodings of φ. The efficiency of this approach derives from the ability of SAT solvers to extract small unsatisfiable cores, leading to small abstracted formulas. We present experimental results which suggest that our algorithm is considerably more efficient than directly invoking the theorem prover on the original formula. 1
Temporal Search: Detecting Hidden Malware Timebombs with Virtual Machines
 OPERATING SYSTEMS REVIEW
, 2006
"... Worms, viruses, and other malware can be ticking bombs counting down to a specific time, when they might, for example, delete files or download new instructions from a public web server. We propose a novel virtualmachinebased analysis technique to automatically discover the timetable of a piece of ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
(Show Context)
Worms, viruses, and other malware can be ticking bombs counting down to a specific time, when they might, for example, delete files or download new instructions from a public web server. We propose a novel virtualmachinebased analysis technique to automatically discover the timetable of a piece of malware, or when events will be triggered, so that other types of analysis can discern what those events are. This information can be invaluable for responding to rapid malware, and automating its discovery can provide more accurate information with less delay than careful human analysis. Developing an automated system that produces the timetable of a piece of malware is a challenging research problem. In this paper, we describe our implementation of a key component of such a system: the discovery of timers without making assumptions about the integrity of the infected system’s kernel. Our technique runs a virtual machine at slightly different rates of perceived time (time
Verification of Communication Protocols Using Abstract Interpretation of FIFO queues
 in &quot;Algebraic Methodology and Software Technology, AMAST ’06&quot;, LNCS
, 2006
"... Abstract. We address the verification of communication protocols or distributed systems that can be modeled by Communicating Finite State Machines (CFSMs), i.e. a set of sequential machines communicating via unbounded FIFO channels. Unlike recent related works based on acceleration techniques, we pr ..."
Abstract

Cited by 16 (8 self)
 Add to MetaCart
(Show Context)
Abstract. We address the verification of communication protocols or distributed systems that can be modeled by Communicating Finite State Machines (CFSMs), i.e. a set of sequential machines communicating via unbounded FIFO channels. Unlike recent related works based on acceleration techniques, we propose to apply the Abstract Interpretation approach to such systems, which consists in using approximated representations of sets of configurations. We show that the use of regular languages together with an extrapolation operator provides a simple and elegant method for the analysis of CFSMs, which is moreover often as accurate as acceleration techniques, and in some cases more expressive. Last, when the system has several queues, our method can be implemented either as an attributeindependent analysis or as a more precise (but also more costly) attributedependent analysis. 1