5,504 research outputs found
Why Just Boogie? Translating Between Intermediate Verification Languages
The verification systems Boogie and Why3 use their respective intermediate
languages to generate verification conditions from high-level programs. Since
the two systems support different back-end provers (such as Z3 and Alt-Ergo)
and are used to encode different high-level languages (such as C# and Java),
being able to translate between their intermediate languages would provide a
way to reuse one system's features to verify programs meant for the other. This
paper describes a translation of Boogie into WhyML (Why3's intermediate
language) that preserves semantics, verifiability, and program structure to a
large degree. We implemented the translation as a tool and applied it to 194
Boogie-verified programs of various sources and sizes; Why3 verified 83% of the
translated programs with the same outcome as Boogie. These results indicate
that the translation is often effective and practically applicable
Top down, bottom up structured programming and program structuring
New design and programming techniques for shuttle software. Based on previous Apollo experience, recommendations are made to apply top-down structured programming techniques to shuttle software. New software verification techniques for large software systems are recommended. HAL, the higher order language selected for the shuttle flight code, is discussed and found to be adequate for implementing these techniques. Recommendations are made to apply the workable combination of top-down, bottom-up methods in the management of shuttle software. Program structuring is discussed relevant to both programming and management techniques
Exact Gap Computation for Code Coverage Metrics in ISO-C
Test generation and test data selection are difficult tasks for model based
testing. Tests for a program can be meld to a test suite. A lot of research is
done to quantify the quality and improve a test suite. Code coverage metrics
estimate the quality of a test suite. This quality is fine, if the code
coverage value is high or 100%. Unfortunately it might be impossible to achieve
100% code coverage because of dead code for example. There is a gap between the
feasible and theoretical maximal possible code coverage value. Our review of
the research indicates, none of current research is concerned with exact gap
computation. This paper presents a framework to compute such gaps exactly in an
ISO-C compatible semantic and similar languages. We describe an efficient
approximation of the gap in all the other cases. Thus, a tester can decide if
more tests might be able or necessary to achieve better coverage.Comment: In Proceedings MBT 2012, arXiv:1202.582
Precise Null Pointer Analysis Through Global Value Numbering
Precise analysis of pointer information plays an important role in many
static analysis techniques and tools today. The precision, however, must be
balanced against the scalability of the analysis. This paper focusses on
improving the precision of standard context and flow insensitive alias analysis
algorithms at a low scalability cost. In particular, we present a
semantics-preserving program transformation that drastically improves the
precision of existing analyses when deciding if a pointer can alias NULL. Our
program transformation is based on Global Value Numbering, a scheme inspired
from compiler optimizations literature. It allows even a flow-insensitive
analysis to make use of branch conditions such as checking if a pointer is NULL
and gain precision. We perform experiments on real-world code to measure the
overhead in performing the transformation and the improvement in the precision
of the analysis. We show that the precision improves from 86.56% to 98.05%,
while the overhead is insignificant.Comment: 17 pages, 1 section in Appendi
- …