Results 1  10
of
53
HAMPI: A Solver for String Constraints
, 2009
"... Many automatic testing, analysis, and verification techniques for programs can be effectively reduced to a constraintgeneration phase followed by a constraintsolving phase. This separation of concerns often leads to more effective and maintainable tools. The increasing efficiency of offtheshelf ..."
Abstract

Cited by 102 (21 self)
 Add to MetaCart
(Show Context)
Many automatic testing, analysis, and verification techniques for programs can be effectively reduced to a constraintgeneration phase followed by a constraintsolving phase. This separation of concerns often leads to more effective and maintainable tools. The increasing efficiency of offtheshelf constraint solvers makes this approach even more compelling. However, there are few effective and sufficiently expressive offtheshelf solvers for string constraints generated by analysis techniques for stringmanipulating programs. We designed and implemented Hampi, a solver for string constraints over fixedsize string variables. Hampi constraints express membership in regular languages and fixedsize contextfree languages. Hampi constraints may contain contextfreelanguage definitions, regularlanguage definitions and operations, and the membership predicate. Given a set of constraints, Hampi outputs a string that satisfies all the constraints, or reports that the constraints are unsatisfiable. Hampi is expressive and efficient, and can be successfully applied to testing and analysis of real programs. Our experiments use Hampi in: static and dynamic analyses for finding SQL injection vulnerabilities in Web applications; automated bug finding in C programs using systematic testing; and compare Hampi with another string solver. Hampi’s source code, documentation, and the experimental data are available at
ConstraintBased Approach for Analysis of Hybrid Systems
 of Lecture Notes in Computer Science
, 2008
"... Abstract. This paper presents a constraintbased technique for discovering a rich class of inductive invariants (disjunctions of polynomial inequalities of bounded degree) for verification of hybrid systems. The key idea is to introduce a template for the unknown invariants and then translate the ve ..."
Abstract

Cited by 44 (12 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a constraintbased technique for discovering a rich class of inductive invariants (disjunctions of polynomial inequalities of bounded degree) for verification of hybrid systems. The key idea is to introduce a template for the unknown invariants and then translate the verification condition of the hybrid system into an ∃ ∀ constraint over the template unknowns (which are variables over reals) by making use of the fact that vector fields must point inwards at the boundary. These constraints are then solved using Farkas lemma. We also present preliminary experimental results that demonstrate the feasibility of our approach of solving the ∃ ∀ constraints generated from models of realworld hybrid systems. 1
Proving Conditional Termination
"... Abstract. We describe a method for synthesizing reasonable underapproximations to weakest preconditions for termination—a longstanding open problem. The paper provides experimental evidence to demonstrate the usefulness of the new procedure. 1 ..."
Abstract

Cited by 26 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a method for synthesizing reasonable underapproximations to weakest preconditions for termination—a longstanding open problem. The paper provides experimental evidence to demonstrate the usefulness of the new procedure. 1
Constraintbased Invariant Inference over Predicate Abstraction
"... Abstract. This paper describes a constraintbased invariant generation technique for proving the validity of safety assertions over the domain of predicate abstraction in an interprocedural setting. The key idea of the technique is to represent each invariant in bounded DNF form by means of boolean ..."
Abstract

Cited by 22 (3 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes a constraintbased invariant generation technique for proving the validity of safety assertions over the domain of predicate abstraction in an interprocedural setting. The key idea of the technique is to represent each invariant in bounded DNF form by means of boolean indicator variables, one for each predicate p and each disjunct d denoting whether p is present in d or not. The verification condition of the program is then encoded by means of a boolean formula over these boolean indicator variables such that any satisfying assignment to the formula yields the inductive invariants for proving the validity of given program assertions. This paper also describes how to use the constraintbased methodology for generating weakest preconditions for safety assertions. An interesting application of weakest precondition generation is to produce mostgeneral counterexamples for safety assertions. We also present preliminary experimental evidence demonstrating the feasibility of this technique. 1
From tests to proofs
 In Proc. ACAS, LNCS 5505
, 2009
"... Abstract. We describe the design and implementation of an automatic invariant generator for imperative programs. While automatic invariant generation through constraint solving has been extensively studied from a theoretical viewpoint as a classical means of program verification, in practice existin ..."
Abstract

Cited by 22 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We describe the design and implementation of an automatic invariant generator for imperative programs. While automatic invariant generation through constraint solving has been extensively studied from a theoretical viewpoint as a classical means of program verification, in practice existing tools do not scale even to moderately sized programs. This is because the constraints that need to be solved even for small programs are already too difficult for the underlying (nonlinear) constraint solving engines. To overcome this obstacle, we propose to strengthen static constraint generation with information obtained from static abstract interpretation and dynamic execution of the program. The strengthening comes in the form of additional linear constraints that trigger a series of simplifications in the solver, and make solving more scalable. We demonstrate the practical applicability of the approach by an experimental evaluation on a collection of challenging benchmark programs and comparisons with related tools based on abstract interpretation and software model checking. 1
Automated feedback generation for introductory programming assignments
, 2013
"... We present a new method for automatically providing feedback for introductory programming problems. In order to use this method, we need a reference implementation of the assignment, and an error model consisting of potential corrections to errors that students might make. Using this information, th ..."
Abstract

Cited by 22 (6 self)
 Add to MetaCart
(Show Context)
We present a new method for automatically providing feedback for introductory programming problems. In order to use this method, we need a reference implementation of the assignment, and an error model consisting of potential corrections to errors that students might make. Using this information, the system automatically derives minimal corrections to student’s incorrect solutions, providing them with a measure of exactly how incorrect a given solution was, as well as feedback about what they did wrong. We introduce a simple language for describing error models in terms of correction rules, and formally define a ruledirected translation strategy that reduces the problem of finding minimal corrections in an incorrect program to the problem of synthesizing a correct program from a sketch. We have evaluated our system on thousands of real student attempts obtained from the Introduction to
Automatically Generating Algebra Problems
"... We propose computerassisted techniques for helping with pedagogy in Algebra. In particular, given a proof problem p (of the form Lefthandsideterm = Righthandsideterm), we show how to automatically generate problems that are similar to p. We believe that such a tool can be used by teachers in m ..."
Abstract

Cited by 18 (10 self)
 Add to MetaCart
We propose computerassisted techniques for helping with pedagogy in Algebra. In particular, given a proof problem p (of the form Lefthandsideterm = Righthandsideterm), we show how to automatically generate problems that are similar to p. We believe that such a tool can be used by teachers in making examinations where they need to test students on problems similar to what they taught in class, and students in generating practice problems tailored to their specific needs. Our first insight is that we can generalize p syntactically to a query Q that implicitly represents a set of problems [[Q]] (which includes p). Our second insight is that we can explore the space of problems [[Q]] automatically, use classical results from polynomial identity testing to generate only those problems in [[Q]] that are correct, and then use pruning techniques to generate only unique and interesting problems. Our third insight is that with a small amount of manual tuning on the query Q, the user can interactively guide the computer to generate problems of interest to her. We present the technical details of the above mentioned steps, and also describe a tool where these steps have been implemented. We also present an empirical evaluation on a wide variety of problems from various subfields of algebra including polynomials, trigonometry, calculus, determinants etc. Our tool is able to generate a rich corpus of similar problems from each given problem; while some of these similar problems were already present in the textbook, several were new! 1
VS3: SMT Solvers for Program Verification
, 2009
"... Abstract. We present VS 3, a tool that automatically verifies complex properties of programs and infers maximally weak preconditions and maximally strong postconditions by leveraging the power of SMT solvers. VS 3 discovers program invariants with arbitrary, but prespecified, quantification and logi ..."
Abstract

Cited by 14 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We present VS 3, a tool that automatically verifies complex properties of programs and infers maximally weak preconditions and maximally strong postconditions by leveraging the power of SMT solvers. VS 3 discovers program invariants with arbitrary, but prespecified, quantification and logical structure. The user supplies VS 3 with a set of predicates and invariant templates. VS 3 automatically finds instantiations of the unknowns in the templates as subsets of the predicate set. We have used VS 3 to automatically verify ∀ ∃ properties of programs and to infer worst case upper bounds and preconditions for functional correctness. 1
Deductive Verification of Continuous Dynamical Systems
 LIPICS LEIBNIZ INTERNATIONAL PROCEEDINGS IN INFORMATICS
, 2009
"... We define the notion of inductive invariants for continuous dynamical systems and use it to present inference rules for safety verification of polynomial continuous dynamical systems. We present two different sound and complete inference rules, but neither of these rules can be effectively applied. ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
(Show Context)
We define the notion of inductive invariants for continuous dynamical systems and use it to present inference rules for safety verification of polynomial continuous dynamical systems. We present two different sound and complete inference rules, but neither of these rules can be effectively applied. We then present several simpler and practical inference rules that are sound and relatively complete for different classes of inductive invariants. The simpler inference rules can be effectively checked when all involved sets are semialgebraic.
Beautiful interpolants
 In CAV
, 2013
"... Abstract. We describe a compositional approach to Craig interpolation based on the heuristic that simpler proofs of special cases are more likely to generalize. The method produces simple interpolants because it is able to summarize a large set of cases using one relatively simple fact. In particul ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a compositional approach to Craig interpolation based on the heuristic that simpler proofs of special cases are more likely to generalize. The method produces simple interpolants because it is able to summarize a large set of cases using one relatively simple fact. In particular, we present a method for finding such simple facts in the theory of linear rational arithmetic. This makes it possible to use interpolation to discover inductive invariants for numerical programs that are challenging for existing techniques. We show that in some cases, the compositional approach can also be more efficient than traditional lazy SMT as a decision procedure. 1