Results 1  10
of
12
Program Verification using Templates over Predicate Abstraction
"... We address the problem of automatically generating invariants with quantified and boolean structure for proving the validity of given assertions or generating preconditions under which the assertions are valid. We present three novel algorithms, having different strengths, that combine template and ..."
Abstract

Cited by 32 (4 self)
 Add to MetaCart
(Show Context)
We address the problem of automatically generating invariants with quantified and boolean structure for proving the validity of given assertions or generating preconditions under which the assertions are valid. We present three novel algorithms, having different strengths, that combine template and predicate abstraction based formalisms to discover required sophisticated program invariants using SMT solvers. Two of these algorithms use an iterative approach to compute fixedpoints (one computes a least fixedpoint and the other computes a greatest fixedpoint), while the third algorithm uses a constraint based approach to encode the fixedpoint. The key idea in all these algorithms is to reduce the problem of invariant discovery to that of finding optimal solutions for unknowns (over conjunctions of some predicates from a given set) in a template formula such that
Symbolic string verification: Combining string analysis and size analysis
 in Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS
"... Abstract. We present an automatabased approach for symbolic verification of systems with unbounded string and integer variables. Particularly, we are interested in automatically discovering the relationships among the string and integer variables. The lengths of the strings in a regular language fo ..."
Abstract

Cited by 27 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We present an automatabased approach for symbolic verification of systems with unbounded string and integer variables. Particularly, we are interested in automatically discovering the relationships among the string and integer variables. The lengths of the strings in a regular language form a semilinear set. We present a novel construction for length automata that accept the unary or binary representations of the lengths of the strings in a regular language. These length automata can be integrated with an arithmetic automaton that recognizes the valuations of the integer variables at a program point. We propose a static analysis technique that uses these automata in a forward fixpoint computation with widening and is able to catch relationships among the lengths of the string variables and the values of the integer variables. This composite string and integer analysis enables us to verify properties that cannot be verified using string analysis or size analysis alone. 1
Abstract domains for automated reasoning about listmanipulating programs with infinite data
 In VMCAI, volume 7148 of LNCS
, 2012
"... Abstract. We describe a framework for reasoning about programs with lists carrying integer numerical data. We use abstract domains to describe and manipulate complex constraints on configurations of these programs mixing constraints on the shape of the heap, sizes of the lists, on the multisets of ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a framework for reasoning about programs with lists carrying integer numerical data. We use abstract domains to describe and manipulate complex constraints on configurations of these programs mixing constraints on the shape of the heap, sizes of the lists, on the multisets of data stored in these lists, and on the data at their different positions. Moreover, we provide powerful techniques for automatic validation of Hoaretriples and invariant checking, as well as for automatic synthesis of invariants and procedure summaries using modular interprocedural analysis. The approach has been implemented in a tool called CELIA and experimented successfully on a large benchmark of programs. 1
What’s Decidable About Sequences?
, 2010
"... We present a firstorder theory of sequences with integer elements, Presburger arithmetic, and regular constraints, which can model significant properties of data structures such as arrays and lists. We give a decision procedure for the quantifierfree fragment, based on an encoding into the firsto ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
We present a firstorder theory of sequences with integer elements, Presburger arithmetic, and regular constraints, which can model significant properties of data structures such as arrays and lists. We give a decision procedure for the quantifierfree fragment, based on an encoding into the firstorder theory of concatenation; the procedure has PSPACE complexity. The quantifierfree fragment of the theory of sequences can express properties such as sortedness and injectivity, as well as Boolean combinations of periodic and arithmetic facts relating the elements of the sequence and their positions (e.g., “for all even i’s, the element at position i has value i + 3 or 2i”). The resulting expressive power is orthogonal to that of the most expressive decidable logics for arrays. Some examples demonstrate that the fragment is also suitable to reason about sequencemanipulating programs within the standard framework of axiomatic
Using ellipsoidal domains to analyze control systems software
 CoRR
"... Abstract. We propose a methodology for the automatic verification of safety properties of controllers based on dynamical systems, such as those typically used in avionics. In particular, our focus is on proving stability properties of software implementing linear and some nonlinear controllers. We ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a methodology for the automatic verification of safety properties of controllers based on dynamical systems, such as those typically used in avionics. In particular, our focus is on proving stability properties of software implementing linear and some nonlinear controllers. We develop an abstract interpretation framework that follows closely the Lyapunov methods used in proofs at the model level and describe the corresponding abstract domains, which for linear systems consist of ellipsoidal constraints. These ellipsoidal domains provide abstractions for the values of state variables and must be combined with other domains that model the remaining variables in a program. Thus, the problem of automatically assigning the right type of abstract domain to each variable arises. We provide an algorithm that solves this classification problem in many practical cases and suggest how it could be generalized to more complicated cases. We then find a fixpoint by solving a matrix equation, which in the linear case is just the discrete Lyapunov equation. Contrary to most cases in software analysis, this fixpoint cannot be reached by the usual iterative method of propagating constraints until saturation and so numerical methods become essential. Finally, we illustrate our methodology with several examples.
SatisfiabilityBased Program REASONING AND PROGRAM SYNTHESIS
, 2010
"... Program reasoning consists of the tasks of automatically and statically verifying correctness and inferring properties of programs. Program synthesis is the task of automatically generating programs. Both program reasoning and synthesis are theoretically undecidable, but the results in this disserta ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Program reasoning consists of the tasks of automatically and statically verifying correctness and inferring properties of programs. Program synthesis is the task of automatically generating programs. Both program reasoning and synthesis are theoretically undecidable, but the results in this dissertation show that they are practically tractable. We show that there is enough structure in programs written by human developers to make program reasoning feasible, and additionally we can leverage program reasoning technology for automatic program synthesis. This dissertation describes expressive and efficient techniques for program reasoning and program synthesis. Our techniques work by encoding the underlying inference tasks as solutions to satisfiability instances. A core ingredient in the reduction of these problems to finite satisfiability instances is the assumption of templates. Templates are userprovided hints about the structural form of the desired artifact, e.g., invariant, pre and postcondition templates for reasoning; or program templates for synthesis. We propose novel algorithms, parameterized by suitable templates, that reduce the inference of these artifacts to satisfiability. We show that fixedpoint computation—the key technical challenge in program reasoning— is encodable as SAT instances. We also show that program synthesis can be viewed as generalized
QUIC Graphs: Relational Invariant Generation for Containers
"... Abstract. Programs written in modern languages perform intricate manipulations of containers such as arrays, lists, dictionaries, and sets. We present an abstract interpretationbased framework for automatically inferring relations between the set of values stored in these containers. Relations incl ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Programs written in modern languages perform intricate manipulations of containers such as arrays, lists, dictionaries, and sets. We present an abstract interpretationbased framework for automatically inferring relations between the set of values stored in these containers. Relations include inclusion relations over unions and intersections, as well as quantified relationships with scalar variables. We develop an abstract domain constructor that builds a container domain out of a Quantified UnionIntersection Constraint (QUIC) graph parameterized by an arbitrary base domain. We instantiate our domain with a polyhedral base domain and evaluate it on programs extracted from the Python test suite. Over traditional, nonrelational domains, we find significant precision improvements with minimal performance cost. 1
Automatically Computing Path Complexity of Programs∗
"... Recent automated software testing techniques concentrate on achieving path coverage. We present a complexity measure that provides an upper bound for the number of paths in a program, and hence, can be used for assessing the difficulty of achieving path coverage for a given method. We define the p ..."
Abstract
 Add to MetaCart
(Show Context)
Recent automated software testing techniques concentrate on achieving path coverage. We present a complexity measure that provides an upper bound for the number of paths in a program, and hence, can be used for assessing the difficulty of achieving path coverage for a given method. We define the path complexity of a program as a function that takes a depth bound as input and returns the number of paths in the control flow graph that are within that bound. We show how to automatically compute the path complexity function in closed form, and the asymptotic path complexity which identifies the dominant term in the path complexity function. Our results demonstrate that path complexity can be computed efficiently, and it is a better complexity measure for path coverage compared to cyclomatic complexity and NPATH complexity.
Templatebased Program Verification and Program Synthesis
 SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER
"... Program verification is the task of automatically generating proofs for a program’s compliance with a given specification. Program synthesis is the task of automatically generating a program that meets a given specification. Both program verification and program synthesis can be viewed as search pr ..."
Abstract
 Add to MetaCart
(Show Context)
Program verification is the task of automatically generating proofs for a program’s compliance with a given specification. Program synthesis is the task of automatically generating a program that meets a given specification. Both program verification and program synthesis can be viewed as search problems, for proofs and programs, respectively. For these search problems, we present approaches based on userprovided insights in the form of templates. Templates are hints about the syntactic forms of the invariants and programs, and help guide the search for solutions. We show how to reduce the templatebased search problem to satisfiability solving, which permits the use of offtheshelf solvers to efficiently explore the search space. Templatebased approaches have allowed us to verify and synthesize programs outside the abilities of previous verifiers and synthesizers. Our approach can verify and synthesize difficult algorithmic textbook programs (e.g., sorting, and dynamic programmingbased algorithms, etc.), and difficult arithmetic programs.
Automatic Coq Proofs Generation from Static Analyzers by Lightweight Instrumentation
, 2011
"... This paper deals with program verification and more precisely with the question of how to provide verifiable evidence that a program verifies certain semantics properties. Program processing tools such as compiler or static analyzers are complex pieces of software which may contain errors. The idea ..."
Abstract
 Add to MetaCart
(Show Context)
This paper deals with program verification and more precisely with the question of how to provide verifiable evidence that a program verifies certain semantics properties. Program processing tools such as compiler or static analyzers are complex pieces of software which may contain errors. The idea of using analyzers as guessing algorithms and proving the discovered properties by independent means has been proposed a decade ago. However, automatically generating the proofs without user interaction is still a major challenge. We present a methodology of instrumentation of existing static analyzers based on abstract interpretation to make them produce certificates of their results. We apply our methodology on an existing static analyzer that discovers invariants of arrayprocessing programs which can be expressed in firstorder logic. Certificates are provided as COQ proofs based on FloydHoare’s method for proving program invariants.