2,295 research outputs found
Thread-Modular Static Analysis for Relaxed Memory Models
We propose a memory-model-aware static program analysis method for accurately
analyzing the behavior of concurrent software running on processors with weak
consistency models such as x86-TSO, SPARC-PSO, and SPARC-RMO. At the center of
our method is a unified framework for deciding the feasibility of inter-thread
interferences to avoid propagating spurious data flows during static analysis
and thus boost the performance of the static analyzer. We formulate the
checking of interference feasibility as a set of Datalog rules which are both
efficiently solvable and general enough to capture a range of hardware-level
memory models. Compared to existing techniques, our method can significantly
reduce the number of bogus alarms as well as unsound proofs. We implemented the
method and evaluated it on a large set of multithreaded C programs. Our
experiments showthe method significantly outperforms state-of-the-art
techniques in terms of accuracy with only moderate run-time overhead.Comment: revised version of the ESEC/FSE 2017 pape
Engineering a static verification tool for GPU kernels
We report on practical experiences over the last 2.5 years related to the engineering of GPUVerify, a static verification tool for OpenCL and CUDA GPU kernels, plotting the progress of GPUVerify from a prototype to a fully functional and relatively efficient analysis tool. Our hope is that this experience report will serve the verification community by helping to inform future tooling efforts. © 2014 Springer International Publishing
Featherweight VeriFast
VeriFast is a leading research prototype tool for the sound modular
verification of safety and correctness properties of single-threaded and
multithreaded C and Java programs. It has been used as a vehicle for
exploration and validation of novel program verification techniques and for
industrial case studies; it has served well at a number of program verification
competitions; and it has been used for teaching by multiple teachers
independent of the authors. However, until now, while VeriFast's operation has
been described informally in a number of publications, and specific
verification techniques have been formalized, a clear and precise exposition of
how VeriFast works has not yet appeared. In this article we present for the
first time a formal definition and soundness proof of a core subset of the
VeriFast program verification approach. The exposition aims to be both
accessible and rigorous: the text is based on lecture notes for a graduate
course on program verification, and it is backed by an executable
machine-readable definition and machine-checked soundness proof in Coq
OpenJML: Software verification for Java 7 using JML, OpenJDK, and Eclipse
OpenJML is a tool for checking code and specifications of Java programs. We
describe our experience building the tool on the foundation of JML, OpenJDK and
Eclipse, as well as on many advances in specification-based software
verification. The implementation demonstrates the value of integrating
specification tools directly in the software development IDE and in automating
as many tasks as possible. The tool, though still in progress, has now been
used for several college-level courses on software specification and
verification and for small-scale studies on existing Java programs.Comment: In Proceedings F-IDE 2014, arXiv:1404.578
Pushing the envelope of Optimization Modulo Theories with Linear-Arithmetic Cost Functions
In the last decade we have witnessed an impressive progress in the
expressiveness and efficiency of Satisfiability Modulo Theories (SMT) solving
techniques. This has brought previously-intractable problems at the reach of
state-of-the-art SMT solvers, in particular in the domain of SW and HW
verification. Many SMT-encodable problems of interest, however, require also
the capability of finding models that are optimal wrt. some cost functions. In
previous work, namely "Optimization Modulo Theory with Linear Rational Cost
Functions -- OMT(LAR U T )", we have leveraged SMT solving to handle the
minimization of cost functions on linear arithmetic over the rationals, by
means of a combination of SMT and LP minimization techniques. In this paper we
push the envelope of our OMT approach along three directions: first, we extend
it to work also with linear arithmetic on the mixed integer/rational domain, by
means of a combination of SMT, LP and ILP minimization techniques; second, we
develop a multi-objective version of OMT, so that to handle many cost functions
simultaneously; third, we develop an incremental version of OMT, so that to
exploit the incrementality of some OMT-encodable problems. An empirical
evaluation performed on OMT-encoded verification problems demonstrates the
usefulness and efficiency of these extensions.Comment: A slightly-shorter version of this paper is published at TACAS 2015
conferenc
Bit-Vector Model Counting using Statistical Estimation
Approximate model counting for bit-vector SMT formulas (generalizing \#SAT)
has many applications such as probabilistic inference and quantitative
information-flow security, but it is computationally difficult. Adding random
parity constraints (XOR streamlining) and then checking satisfiability is an
effective approximation technique, but it requires a prior hypothesis about the
model count to produce useful results. We propose an approach inspired by
statistical estimation to continually refine a probabilistic estimate of the
model count for a formula, so that each XOR-streamlined query yields as much
information as possible. We implement this approach, with an approximate
probability model, as a wrapper around an off-the-shelf SMT solver or SAT
solver. Experimental results show that the implementation is faster than the
most similar previous approaches which used simpler refinement strategies. The
technique also lets us model count formulas over floating-point constraints,
which we demonstrate with an application to a vulnerability in differential
privacy mechanisms
- …