Results 1 
4 of
4
Ranking function synthesis for bitvector relations
 In Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS’10
, 2010
"... Abstract. Ranking function synthesis is a key aspect to the success of modern termination provers for imperative programs. While it is wellknown how to generate linear ranking functions for relations over (mathematical) integers or rationals, efficient synthesis of ranking functions for machinelev ..."
Abstract

Cited by 22 (5 self)
 Add to MetaCart
(Show Context)
Abstract. Ranking function synthesis is a key aspect to the success of modern termination provers for imperative programs. While it is wellknown how to generate linear ranking functions for relations over (mathematical) integers or rationals, efficient synthesis of ranking functions for machinelevel integers (bitvectors) is an open problem. This is particularly relevant for the verification of lowlevel code. We propose several novel algorithms to generate ranking functions for relations over machine integers: a complete method based on a reduction to Presburger arithmetic, and a templatematching approach for predefined classes of ranking functions based on reduction to SATand QBFsolving. The utility of our algorithms is demonstrated on examples drawn from Windows device drivers.
Signednessagnostic program analysis: Precise integer bounds for lowlevel code
 In Proc. of APLAS 2012, volume 7705 of LNCS
, 2012
"... Abstract. Many compilers target common backends, thereby avoiding the need to implement the same analyses for many different source languages. This has led to interest in static analysis of LLVM code. In LLVM (and similar languages) most signedness information associated with variables has been com ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Many compilers target common backends, thereby avoiding the need to implement the same analyses for many different source languages. This has led to interest in static analysis of LLVM code. In LLVM (and similar languages) most signedness information associated with variables has been compiled away. Current analyses of LLVM code tendtoassume thateitherall valuesaresignedor allare unsigned(except where the code specifies the signedness). We show how program analysis can simultaneously consider each bitstring to be both signed and unsigned, thus improving precision, and we implement the idea for the specific case of integer bounds analysis. Experimental evaluation shows that this provides higher precision at little extra cost. Our approach turns out to be beneficial even when all signedness information is available, such as when analysing C or Java code. 1
Wordlength Optimization Beyond Straight Line Code
"... The silicon area benefits that result from wordlength optimization have been widely reported by the FPGA community. However, to date, most approaches are restricted to straight line code, or code that can be converted into straight line code using techniques such as loopunrolling. In this paper, w ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
The silicon area benefits that result from wordlength optimization have been widely reported by the FPGA community. However, to date, most approaches are restricted to straight line code, or code that can be converted into straight line code using techniques such as loopunrolling. In this paper, we take the first steps towards creating analytical techniques to optimize the precision used throughout custom FPGA accelerators for algorithms that contain loops with data dependent exit conditions. To achieve this, we build on ideas emanating from the software verification community to prove program termination. Our idea is to apply wordlength optimization techniques to find the minimum precision required to guarantee that a loop with data dependent exit conditions will terminate. Without techniques to analyze algorithms containing these types of loops, a hardware designer may elect to implement every arithmetic operator throughout a custom FPGAbased accelerator using IEEE754 standard single or double precision arithmetic. With this approach, the FPGA accelerator would have comparable accuracy to a software implementation. However, we show that using our new technique to create custom fixed and floating point designs, we can obtain silicon area savings of up to 50 % over IEEE standard single precision arithmetic, or 80 % over IEEE standard double precision arithmetic, at the same time as providing guarantees that the created hardware designs will work in practice.
Synthesising Interprocedural BitPrecise Termination Proofs
"... Abstract—Proving program termination is key to guaranteeing absence of undesirable behaviour, such as hanging programs and even security vulnerabilities such as denialofservice attacks. To make termination checks scale to large systems, interprocedural termination analysis seems essential, which i ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—Proving program termination is key to guaranteeing absence of undesirable behaviour, such as hanging programs and even security vulnerabilities such as denialofservice attacks. To make termination checks scale to large systems, interprocedural termination analysis seems essential, which is a largely unexplored area of research in termination analysis, where most effort has focussed on difficult singleprocedure problems. We present a modular termination analysis for C programs using templatebased interprocedural summarisation. Our analysis combines a contextsensitive, overapproximating forward analysis with the inference of underapproximating preconditions for termination. Bitprecise termination arguments are synthesised over lexicographic linear ranking function templates. Our experimental results show that our tool 2LS outperforms stateoftheart alternatives, and demonstrate the clear advantage of interprocedural reasoning over monolithic analysis in terms of efficiency, while retaining comparable precision. I.