1,281 research outputs found
On Verifying Complex Properties using Symbolic Shape Analysis
One of the main challenges in the verification of software systems is the
analysis of unbounded data structures with dynamic memory allocation, such as
linked data structures and arrays. We describe Bohne, a new analysis for
verifying data structures. Bohne verifies data structure operations and shows
that 1) the operations preserve data structure invariants and 2) the operations
satisfy their specifications expressed in terms of changes to the set of
objects stored in the data structure. During the analysis, Bohne infers loop
invariants in the form of disjunctions of universally quantified Boolean
combinations of formulas. To synthesize loop invariants of this form, Bohne
uses a combination of decision procedures for Monadic Second-Order Logic over
trees, SMT-LIB decision procedures (currently CVC Lite), and an automated
reasoner within the Isabelle interactive theorem prover. This architecture
shows that synthesized loop invariants can serve as a useful communication
mechanism between different decision procedures. Using Bohne, we have verified
operations on data structures such as linked lists with iterators and back
pointers, trees with and without parent pointers, two-level skip lists, array
data structures, and sorted lists. We have deployed Bohne in the Hob and Jahob
data structure analysis systems, enabling us to combine Bohne with analyses of
data structure clients and apply it in the context of larger programs. This
report describes the Bohne algorithm as well as techniques that Bohne uses to
reduce the ammount of annotations and the running time of the analysis
On Generalized Records and Spatial Conjunction in Role Logic
We have previously introduced role logic as a notation for describing
properties of relational structures in shape analysis, databases and knowledge
bases. A natural fragment of role logic corresponds to two-variable logic with
counting and is therefore decidable. We show how to use role logic to describe
open and closed records, as well the dual of records, inverse records. We
observe that the spatial conjunction operation of separation logic naturally
models record concatenation. Moreover, we show how to eliminate the spatial
conjunction of formulas of quantifier depth one in first-order logic with
counting. As a result, allowing spatial conjunction of formulas of quantifier
depth one preserves the decidability of two-variable logic with counting. This
result applies to two-variable role logic fragment as well. The resulting logic
smoothly integrates type system and predicate calculus notation and can be
viewed as a natural generalization of the notation for constraints arising in
role analysis and similar shape analysis approaches.Comment: 30 pages. A version appears in SAS 200
Simulating reachability using first-order logic with applications to verification of linked data structures
This paper shows how to harness existing theorem provers for first-order
logic to automatically verify safety properties of imperative programs that
perform dynamic storage allocation and destructive updating of pointer-valued
structure fields. One of the main obstacles is specifying and proving the
(absence) of reachability properties among dynamically allocated cells.
The main technical contributions are methods for simulating reachability in a
conservative way using first-order formulas--the formulas describe a superset
of the set of program states that would be specified if one had a precise way
to express reachability. These methods are employed for semi-automatic program
verification (i.e., using programmer-supplied loop invariants) on programs such
as mark-and-sweep garbage collection and destructive reversal of a singly
linked list. (The mark-and-sweep example has been previously reported as being
beyond the capabilities of ESC/Java.)Comment: 30 pages, LMC
Automating embedded analysis capabilities and managing software complexity in multiphysics simulation part I: template-based generic programming
An approach for incorporating embedded simulation and analysis capabilities
in complex simulation codes through template-based generic programming is
presented. This approach relies on templating and operator overloading within
the C++ language to transform a given calculation into one that can compute a
variety of additional quantities that are necessary for many state-of-the-art
simulation and analysis algorithms. An approach for incorporating these ideas
into complex simulation codes through general graph-based assembly is also
presented. These ideas have been implemented within a set of packages in the
Trilinos framework and are demonstrated on a simple problem from chemical
engineering
Implementing Option Pricing Models When Asset Returns Are Predictable
Option pricing formulas obtained from continuous-time no- arbitrage arguments such as the Black-Scholes formula generally do not depend on the drift term of the underlying asset's diffusion equation. However, the drift is essential for properly implementing such formulas empirically, since the numerical values of the parameters that do appear in the option pricing formula can depend intimately on the drift. In particular, if the underlying asset's returns are predictable, this will influence the theoretical value and the empirical estimate of the diffusion coefficient ĂĄ. We develop an adjustment to the Black-Scholes formula that accounts for predictability and show that this adjustment can be important even for small levels of predictability, especially for longer-maturity options. We propose a class of continuous-time linear diffusion processes for asset prices that can capture a wider variety of predictability, and provide several numerical examples that illustrate their importance for pricing options and other derivative assets.
A Survey of Symbolic Execution Techniques
Many security and software testing applications require checking whether
certain properties of a program hold for any possible usage scenario. For
instance, a tool for identifying software vulnerabilities may need to rule out
the existence of any backdoor to bypass a program's authentication. One
approach would be to test the program using different, possibly random inputs.
As the backdoor may only be hit for very specific program workloads, automated
exploration of the space of possible inputs is of the essence. Symbolic
execution provides an elegant solution to the problem, by systematically
exploring many possible execution paths at the same time without necessarily
requiring concrete inputs. Rather than taking on fully specified input values,
the technique abstractly represents them as symbols, resorting to constraint
solvers to construct actual instances that would cause property violations.
Symbolic execution has been incubated in dozens of tools developed over the
last four decades, leading to major practical breakthroughs in a number of
prominent software reliability applications. The goal of this survey is to
provide an overview of the main ideas, challenges, and solutions developed in
the area, distilling them for a broad audience.
The present survey has been accepted for publication at ACM Computing
Surveys. If you are considering citing this survey, we would appreciate if you
could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing
this survey, we would appreciate if you could use the following BibTeX entry:
http://goo.gl/Hf5Fv
Natural discretizations for the divergence, gradient, and curl on logically rectangular grids
AbstractThis is the first in series of papers creating a discrete analog of vector analysis on logically rectangular, nonorthogonal, nonsmooth grids. We introduce notations for 2-D logically rectangular grids, describe both cell-valued and nodal discretizations for scalar functions, and construct the natural discretizations of vector fields, using the vector components normal and tangential to the cell boundaries. We then define natural discrete analogs of the divergence, gradient, and curl operators based on coordinate invariant definitions and interpret these formulas in terms of curvilinear coordinates, such as length of elements of coordinate lines, areas of elements of coordinate surfaces, and elementary volumes.We introduce the discrete volume integral of scalar functions, the discrete surface integral, and a discrete analog of the line integral and prove discrete versions of the main theorems relating these objects. These theorems include the following: the discrete analog of relationship div A→ = 0 if and only if A→ = curl B→; curl A→ = 0 if and only if A→ = grad ϕ; if A→ = grad ϕ, then the line integral does not depend on path; and if the line integral of a vector function is equal to zero for any closed path, then this vector is the gradient of a scalar function.Last, we define the discrete operators DIV, GRAD, and CURL in terms of primitive differencing operators (based on forward and backward differences) and primitive metric operators (related to multiplications of discrete functions by length of edges, areas of surfaces, and volumes of 3-D cells). These formulations elucidate the structure of the discrete operators and are useful when investigating the relationships between operators and their adjoints
Application of optimization techniques to vehicle design: A review
The work that has been done in the last decade or so in the application of optimization techniques to vehicle design is discussed. Much of the work reviewed deals with the design of body or suspension (chassis) components for reduced weight. Also reviewed are studies dealing with system optimization problems for improved functional performance, such as ride or handling. In reviewing the work on the use of optimization techniques, one notes the transition from the rare mention of the methods in the 70's to an increased effort in the early 80's. Efficient and convenient optimization and analysis tools still need to be developed so that they can be regularly applied in the early design stage of the vehicle development cycle to be most effective. Based on the reported applications, an attempt is made to assess the potential for automotive application of optimization techniques. The major issue involved remains the creation of quantifiable means of analysis to be used in vehicle design. The conventional process of vehicle design still contains much experience-based input because it has not yet proven possible to quantify all important constraints. This restraint on the part of the analysis will continue to be a major limiting factor in application of optimization to vehicle design
- …