25 research outputs found
Deadlock detection of Java Bytecode
This paper presents a technique for deadlock detection of Java programs. The
technique uses typing rules for extracting infinite-state abstract models of
the dependencies among the components of the Java intermediate language -- the
Java bytecode. Models are subsequently analysed by means of an extension of a
solver that we have defined for detecting deadlocks in process calculi. Our
technique is complemented by a prototype verifier that also covers most of the
Java features.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
Nominal C-Unification
Nominal unification is an extension of first-order unification that takes
into account the \alpha-equivalence relation generated by binding operators,
following the nominal approach. We propose a sound and complete procedure for
nominal unification with commutative operators, or nominal C-unification for
short, which has been formalised in Coq. The procedure transforms nominal
C-unification problems into simpler (finite families) of fixpoint problems,
whose solutions can be generated by algebraic techniques on combinatorics of
permutations.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
CARET analysis of multithreaded programs
Dynamic Pushdown Networks (DPNs) are a natural model for multithreaded
programs with (recursive) procedure calls and thread creation. On the other
hand, CARET is a temporal logic that allows to write linear temporal formulas
while taking into account the matching between calls and returns. We consider
in this paper the model-checking problem of DPNs against CARET formulas. We
show that this problem can be effectively solved by a reduction to the
emptiness problem of B\"uchi Dynamic Pushdown Systems. We then show that CARET
model checking is also decidable for DPNs communicating with locks. Our results
can, in particular, be used for the detection of concurrent malware.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
Confluence and Convergence in Probabilistically Terminating Reduction Systems
Convergence of an abstract reduction system (ARS) is the property that any
derivation from an initial state will end in the same final state, a.k.a.
normal form. We generalize this for probabilistic ARS as almost-sure
convergence, meaning that the normal form is reached with probability one, even
if diverging derivations may exist. We show and exemplify properties that can
be used for proving almost-sure convergence of probabilistic ARS, generalizing
known results from ARS.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
Liveness-Driven Random Program Generation
Randomly generated programs are popular for testing compilers and program
analysis tools, with hundreds of bugs in real-world C compilers found by random
testing. However, existing random program generators may generate large amounts
of dead code (computations whose result is never used). This leaves relatively
little code to exercise a target compiler's more complex optimizations.
To address this shortcoming, we introduce liveness-driven random program
generation. In this approach the random program is constructed bottom-up,
guided by a simultaneous structural data-flow analysis to ensure that the
generator never generates dead code.
The algorithm is implemented as a plugin for the Frama-C framework. We
evaluate it in comparison to Csmith, the standard random C program generator.
Our tool generates programs that compile to more machine code with a more
complex instruction mix.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
A Rule-Based Approach to Analyzing Database Schema Objects with Datalog
Database schema elements such as tables, views, triggers and functions are
typically defined with many interrelationships. In order to support database
users in understanding a given schema, a rule-based approach for analyzing the
respective dependencies is proposed using Datalog expressions. We show that
many interesting properties of schema elements can be systematically determined
this way. The expressiveness of the proposed analysis is exemplarily shown with
the problem of computing induced functional dependencies for derived relations.
The propagation of functional dependencies plays an important role in data
integration and query optimization but represents an undecidable problem in
general. And yet, our rule-based analysis covers all relational operators as
well as linear recursive expressions in a systematic way showing the depth of
analysis possible by our proposal. The analysis of functional dependencies is
well-integrated in a uniform approach to analyzing dependencies between schema
elements in general.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
Enhancing Predicate Pairing with Abstraction for Relational Verification
Relational verification is a technique that aims at proving properties that
relate two different program fragments, or two different program runs. It has
been shown that constrained Horn clauses (CHCs) can effectively be used for
relational verification by applying a CHC transformation, called predicate
pairing, which allows the CHC solver to infer relations among arguments of
different predicates. In this paper we study how the effects of the predicate
pairing transformation can be enhanced by using various abstract domains based
on linear arithmetic (i.e., the domain of convex polyhedra and some of its
subdomains) during the transformation. After presenting an algorithm for
predicate pairing with abstraction, we report on the experiments we have
performed on over a hundred relational verification problems by using various
abstract domains. The experiments have been performed by using the VeriMAP
transformation and verification system, together with the Parma Polyhedra
Library (PPL) and the Z3 solver for CHCs.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
Erlang Code Evolution Control
During the software lifecycle, a program can evolve several times for
different reasons such as the optimisation of a bottle-neck, the refactoring of
an obscure function, etc. These code changes often involve several functions or
modules, so it can be difficult to know whether the correct behaviour of the
previous releases has been preserved in the new release. Most developers rely
on a previously defined test suite to check this behaviour preservation. We
propose here an alternative approach to automatically obtain a test suite that
specifically focusses on comparing the old and new versions of the code. Our
test case generation is directed by a sophisticated combination of several
already existing tools such as TypEr, CutEr, and PropEr; and other ideas such
as allowing the programmer to chose an expression of interest that must
preserve the behaviour, or the recording of the sequences of values to which
this expression is evaluated. All the presented work has been implemented in an
open-source tool that is publicly available on GitHub.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854