566 research outputs found
A simple abstraction of arrays and maps by program translation
We present an approach for the static analysis of programs handling arrays,
with a Galois connection between the semantics of the array program and
semantics of purely scalar operations. The simplest way to implement it is by
automatic, syntactic transformation of the array program into a scalar program
followed analysis of the scalar program with any static analysis technique
(abstract interpretation, acceleration, predicate abstraction,.. .). The
scalars invariants thus obtained are translated back onto the original program
as universally quantified array invariants. We illustrate our approach on a
variety of examples, leading to the " Dutch flag " algorithm
Platform Dependent Verification: On Engineering Verification Tools for 21st Century
The paper overviews recent developments in platform-dependent explicit-state
LTL model checking.Comment: In Proceedings PDMC 2011, arXiv:1111.006
Parallel bug-finding in concurrent programs via reduced interleaving instances
Concurrency poses a major challenge for program verification, but it can also offer an opportunity to scale when subproblems can be analysed in parallel. We exploit this opportunity here and use a parametrizable code-to-code translation to generate a set of simpler program instances, each capturing a reduced set of the original program’s interleavings. These instances can then be checked independently in parallel. Our approach does not depend on the tool that is chosen for the final analysis, is compatible with weak memory models, and amplifies the effectiveness of existing tools, making them find bugs faster and with fewer resources. We use Lazy-CSeq as an off-the-shelf final verifier to demonstrate that our approach is able, already with a small number of cores, to find bugs in the hardest known concurrency benchmarks in a matter of minutes, whereas other dynamic and static tools fail to do so in hours
Sequentializing Parameterized Programs
We exhibit assertion-preserving (reachability preserving) transformations
from parameterized concurrent shared-memory programs, under a k-round
scheduling of processes, to sequential programs. The salient feature of the
sequential program is that it tracks the local variables of only one thread at
any point, and uses only O(k) copies of shared variables (it does not use extra
counters, not even one counter to keep track of the number of threads).
Sequentialization is achieved using the concept of a linear interface that
captures the effect an unbounded block of processes have on the shared state in
a k-round schedule. Our transformation utilizes linear interfaces to
sequentialize the program, and to ensure the sequential program explores only
reachable states and preserves local invariants.Comment: In Proceedings FIT 2012, arXiv:1207.348
Improving WCET Evaluation using Linear Relation Analysis
International audienceThe precision of a worst case execution time (WCET) evaluation tool on a given program is highly dependent on how the tool is able to detect and discard semantically infeasible executions of the program. In this paper, we propose to use the classical abstract interpretation-based method of linear relation analysis to discover and exploit relations between execution paths. For this purpose, we add auxiliary variables (counters) to the program to trace its execution paths. The results are easily incorporated in the classical workflow of a WCET evaluator, when the evaluator is based on the popular implicit path enumeration technique. We use existing tools-a WCET evaluator and a linear relation analyzer-to build and experiment a prototype implementation of this idea. * This work is supported by the French research fundation (ANR) as part of the W-SEPT project (ANR-12-INSE-0001
Contract Aware Components, 10 years after
The notion of contract aware components has been published roughly ten years
ago and is now becoming mainstream in several fields where the usage of
software components is seen as critical. The goal of this paper is to survey
domains such as Embedded Systems or Service Oriented Architecture where the
notion of contract aware components has been influential. For each of these
domains we briefly describe what has been done with this idea and we discuss
the remaining challenges.Comment: In Proceedings WCSI 2010, arXiv:1010.233
Eco-Driving Systems for Connected Automated Vehicles: Multi-Objective Trajectory Optimization
This study aims to leverage advances in connected automated vehicle (CAV) technology to design an eco-driving and platooning system that can improve the fuel and operational efficiency of vehicles during freeway driving. Following a two-stage control logic, the proposed algorithm optimizes CAVs’ trajectories with three objectives: travel time minimization, fuel consumption minimization, and traffic safety improvement. The first stage, designed for CAV trajectory planning, is carried out with two optimization models. The second stage, for real-time control purposes, is developed to ensure the operational safety of CAVs. Based on extensive numerical simulations, the results have confirmed the effectiveness of the proposed framework both in mitigating freeway congestion and in reducing vehicles’ fuel consumption
Invariant Generation through Strategy Iteration in Succinctly Represented Control Flow Graphs
We consider the problem of computing numerical invariants of programs, for
instance bounds on the values of numerical program variables. More
specifically, we study the problem of performing static analysis by abstract
interpretation using template linear constraint domains. Such invariants can be
obtained by Kleene iterations that are, in order to guarantee termination,
accelerated by widening operators. In many cases, however, applying this form
of extrapolation leads to invariants that are weaker than the strongest
inductive invariant that can be expressed within the abstract domain in use.
Another well-known source of imprecision of traditional abstract interpretation
techniques stems from their use of join operators at merge nodes in the control
flow graph. The mentioned weaknesses may prevent these methods from proving
safety properties. The technique we develop in this article addresses both of
these issues: contrary to Kleene iterations accelerated by widening operators,
it is guaranteed to yield the strongest inductive invariant that can be
expressed within the template linear constraint domain in use. It also eschews
join operators by distinguishing all paths of loop-free code segments. Formally
speaking, our technique computes the least fixpoint within a given template
linear constraint domain of a transition relation that is succinctly expressed
as an existentially quantified linear real arithmetic formula. In contrast to
previously published techniques that rely on quantifier elimination, our
algorithm is proved to have optimal complexity: we prove that the decision
problem associated with our fixpoint problem is in the second level of the
polynomial-time hierarchy.Comment: 35 pages, conference version published at ESOP 2011, this version is
a CoRR version of our submission to Logical Methods in Computer Scienc
- …