LNCS

This paper presents Aligators, a tool for the generation of universally quantified array invariants. Aligators leverages recurrence solving and algebraic techniques to carry out inductive reasoning over array content. The Aligators’ loop extraction module allows treatment of multi-path loops by exploiting their commutativity and serializability properties. Our experience in applying Aligators on a collection of loops from open source software projects indicates the applicability of recurrence and algebraic solving techniques for reasoning about arrays

Automatic Program Instrumentation for Automatic Verification (Extended Technical Report)

In deductive verification and software model checking, dealing with certain specification language constructs can be problematic when the back-end solver is not sufficiently powerful or lacks the required theories. One way to deal with this is to transform, for verification purposes, the program to an equivalent one not using the problematic constructs, and to reason about its correctness instead. In this paper, we propose instrumentation as a unifying verification paradigm that subsumes various existing ad-hoc approaches, has a clear formal correctness criterion, can be applied automatically, and can transfer back witnesses and counterexamples. We illustrate our approach on the automated verification of programs that involve quantification and aggregation operations over arrays, such as the maximum value or sum of the elements in a given segment of the array, which are known to be difficult to reason about automatically. We formalise array aggregation operations as monoid homomorphisms. We implement our approach in the MonoCera tool, which is tailored to the verification of programs with aggregation, and evaluate it on example programs, including SV-COMP programs.Comment: 36 page

Automatic program analysis using Max-SMT

This thesis addresses the development of techniques to build fully-automatic tools for analyzing sequential programs written in imperative languages like C or C++. In order to do the reasoning about programs, the approach taken in this thesis follows the constraint-based method used in program analysis. The idea of the constraint-based method is to consider a template for candidate invariant properties, e.g., linear conjunctions of inequalities. These templates involve both program variables as well as parameters whose values are initially unknown and have to be determined so as to ensure invariance. To this end, the conditions on inductive invariants are expressed by means of constraints (hence the name of the approach) on the unknowns. Any solution to these constraints then yields an invariant. In particular, if linear inequalities are taken as target invariants, conditions can be transformed into arithmetic constraints over the unknowns by means of Farkas' Lemma. In the general case, a Satisfiability Modulo Theories (SMT) problem over non-linear arithmetic is obtained, for which effective SMT solvers exist. One of the novelties of this thesis is the presentation of an optimization version of the SMT problems generated by the constraint-based method in such a way that, even when they turn out to be unsatisfiable, some useful information can be obtained for refining the program analysis. In particular, we show in this work how our approach can be exploited for proving termination of sequential programs, disproving termination of non-deterministic programs, and do compositional safety verification. Besides, an extension of the constraint-based method to generate universally quantified array invariants is also presented. Since the development of practical methods is a priority in this thesis, all the techniques have been implemented and tested with examples coming from academic and industrial environments. The main contributions of this thesis are summarized as follows: 1. A new constraint-based method for the generation of universally quantified invariants of array programs. We also provide extensions of the approach for sorted arrays. 2. A novel Max-SMT-based technique for proving termination. Thanks to expressing the generation of a ranking function as a Max-SMT optimization problem where constraints are assigned different weights, quasi-ranking functions -functions that almost satisfy all conditions for ensuring well-foundedness- are produced in a lack of ranking functions. Moreover, Max-SMT makes it easy to combine the process of building the termination argument with the usually necessary task of generating supporting invariants. 3. A Max-SMT constraint-based approach for proving that programs do not terminate. The key notion of the approach is that of a quasi-invariant, which is a property such that if it holds at a location during execution once, then it continues to hold at that location from then onwards. Our technique considers for analysis strongly connected subgraphs of a program's control flow graph and thus produces more generic witnesses of non-termination than existing methods. Furthermore, it can handle programs with unbounded non-determinism. 4. An automated compositional program verification technique for safety properties based on quasi-invariants. For a given program part (e.g., a single loop) and a postcondition, we show how to, using a Max-SMT solver, an inductive invariant together with a precondition can be synthesized so that the precondition ensures the validity of the invariant and that the invariant implies the postcondition. From this, we build a bottom-up program verification framework that propagates preconditions of small program parts as postconditions for preceding program parts. The method recovers from failures to prove validity of a precondition, using the obtained intermediate results to restrict the search space for further proof attempts.Esta tesis se centra en el desarrollo de técnicas para construir herramientas altamente automatizadas que analicen programas secuenciales escritos en lenguajes imperativos como C o C++. Para realizar el razonamiento sobre los programas, la aproximación tomada en esta tesis se basa en un conocido método basado en restricciones utilizado en análisis de progamas. La idea de dicho método consiste en considerar plantillas que expresen propiedades invariantes candidatas, p.e., conjunciones de desigualdades lineales. Estas plantillas contienen tanto variables del programa como parámetros cuyos valores son inicialmente desconocidos y tienen que ser determinados para garantizar la invariancia. Para este fin, las condiciones sobre invariantes inductivos son expresadas mediante restricciones sobre los valores desconocidos. Cualquier solución a estas restricciones llevan a un invariante. En particular, si desigualdades lineales son los invariantes objetivo, las condiciones pueden ser transformadas en restricciones aritméticas sobre los valores desconocidos mediante el lema de Farkas. En el caso general, un problema de Satisfactibilidad Modulo Teorías (SMT) sobre aritmética no-lineal es obtenido, para el cual existen resolvedores eficientes. Una de las novedades de esta tesis es la presentación de una versión de optimización de los problemas SMT generados por el método tal que, incluso cuando son insatisfactibles, se puede obtener cierta información útil para refinar el análisis del programa. En particular, en este trabajo se muestra como la aproximación tomada puede usarse para probar terminación de programas, probar la no terminación de programas y realizar verificación por partes de la corrección de programas. Además, también se describe una extensión del método basado en restricciones para generar invariantes universalmente cuantificados sobre arrays. Debido a que el desarrollo de métodos prácticos es una prioridad en esta tesis, todas las técnicas han sido implementadas y probadas con ejemplos extraídos del entorno académico e industrial. Las principales contribuciones de esta tesis pueden resumirse en: 1. Un nuevo método basado en restricciones para la generación de invariantes universalmente cuantificados sobre arrays. También se explica extensiones del método para aplicarlo a arrays ordenados. 2. Un técnica novedosa basada en Max-SMT para probar terminación. Gracias a expresar la generación de funciones de ranking como problemas de optimización Max-SMT, donde a las restricciones se les asigna diferentes pesos, se generan cuasi-funciones de ranking, funciones que casi satisfacen todas las condiciones que garantizan la existencia de una relación bien fundada, en ausencia de funciones de ranking. Además, Max-SMT facilita la combinación del proceso de construcción de un argumento de terminación con la tarea habitualmente necesaria de generar invariantes de apoyo. 3. Un método basado en restricciones y Max-SMT para probar que un programa no termina. El concepto clave del método es el de cuasi-invariante, que es una propiedad tal que si se cumple una vez en un punto del programa durante la ejecución, entonces continúa cumpliendose en ese punto desde entonces en adelante. Nuestra técnica considera en su análisis subgrafos fuertemente conexos del grafo de control de flujo del programa y produce testigos de no terminación más genéricos que otros métodos existentes. Además, es capaz de tratar programas con no determinismo. 4. Una técnica automatizada de verificación por partes de propiedades de corrección de un programa basada en cuasi-invariantes. Dado una parte de un programa (p.e., un único bucle) con una postcondición, se muestra como, usando Max-SMT, puede sintetizarse un invariante inductivo junto a una precondición que garantiza la validez del invariante y que el invariante implica la postcondición. Apartir de esto, se describe una infraestructura de verificación de programas de abajo a arriba que propaga precondiciones

Write a Book IQP

2050: The settlement on Mars has been cut off from Earth for nearly 5 years. In spite of their efforts to conserve what little food and water and oxygen they still have, they are running out of time... The Desperates back on Earth have mastered Darwinian survival, while the STEM-Heads have pursued a more discreet evasion of Death since the Collapse of 2045. Yet all of them dream of escaping from their overheated, overpopulated Hell called Home. As the mission to clean-up after First Mars leads a small STEM-Head band towards Kennedy Space Center, rumors of a distant paradise reach Desperate leaders, and, all of sudden, all eyes are back on Mars..

William Marsden and his Malayo-Polynesian legacy

William Marsden (1754-1836) exercised a strong influence on the study of island Southeast Asia. After early experience in Sumatra, he returned to England in December 1779. His journal publications quickly established him among the intellectual elite. In 1783 some months before the publication of the History of Sumatra Marsden was elected to the Royal Society. Between 1795 and 1807 he was a high-ranking civil servant at the Admiralty. His scholarly life was thus neatly divided into an eighteenth century and an early nineteenth century period. Inspired and informed by the publication of Cook's voyages, Marsden was instrumental in identifying the Malayo-Polynesian language family, especially through his 1783 History of Sumatra. Marsden identified the major components of Malay languages and culture as MalayoPolynesian, Islamic and Hindu-Buddhist. The Malayo-Polynesian and Islamic were dominant in the 1783 History; the third emerged from an article completed from his work in the 1790s. These three elements effectively dictated the future directions of Malay studies. Although there were radical changes in the nature of scholarship during the nineteenth century Marsden's article identifying Hindu elements in Malay culture was immensely influential in the formative years of Peninsular Malay studies. The two main versions of his History were written for entirely different audiences. The 1783 History was intended as a scholarly work that would explain and provide evidence for Marsden' s linguistic theories. It is a work of its time. This thesis elucidates the eighteenth century world view and ideas of civilisation which underlay the work, as well as analysing the work itself. The revisions in the 1811 History were intended to improve its practical usefulness and reflect the changed intellectual context of the early nineteenth century. In the 1783 edition of his History Marsden employed the eighteenth century concept of "national character" to explain the "physical" and "moral" causes of similarities and difference. He demonstrated that similarities between the Sumatrans and the Polynesians had "physical" causes. Marsden argued that the Sumatran languages were more "improved" and that the Malay language was the most "improved" of the MalayoPolynesian language group. Further the literate Sumatran peoples were more "advanced" and the Malays the most "advanced" of the Malayo-Polynesian peoples. To this end he also argued that there were significant differences between the Malays and all other Malayo-Polynesians of the Archipelago. Marsden introduced the issue of Malay "identity" in Malay studies and argued that the Malays had a "national character" that was distinct from that of "other" Sumatrans. His description of Malay "identity" is very similar to that found in Malay literature of the period. The 1811 edition of Marsden's History is more encyclopaedic than the 1783 edition. The delineation of Sumatra's economic potential and the incorporation of material collected from a variety of sources to update and expand the account tends to overshadow the former scholarly focus on the peoples of Sumatra and on his original observation. In the final chapter, the mixed legacy of Marsden's scholarship is traced, chiefly through the papers published by other British scholars over the succeeding century