760 research outputs found
Using SMT engine to generate Symbolic Automata
International audienceOpen pNets are used to model the behaviour of open systems , both synchronous or asynchronous, expressed in various calculi or languages. They are endowed with a symbolic operational semantics in terms of so-called "Open Automata". This allows us to check properties of such systems in a compositional manner. We implement an algorithm computing these semantics, building predicates expressing the synchronization conditions between the events of the pNet subsystems. Checking such predicates requires symbolic reasoning over first order logics, but also over application-specific data. We use the Z3 SMT engine to check satisfiability of the predicates, and prune the open automaton of its unsatisfiable transitions. As an industrial oriented use-case, we use so-called "architectures" for BIP systems, that have been used in the framework of an ESA project and to specify the control software of a nanosatellite at the EPFL Space Engineering Center. We use pNets to encode a BIP architecture extended with explicit data, and compute its open automaton semantics. This automaton may be used to prove be-havioural properties; we give 2 examples, a safety and a liveness property
SAT-based Explicit LTL Reasoning
We present here a new explicit reasoning framework for linear temporal logic
(LTL), which is built on top of propositional satisfiability (SAT) solving. As
a proof-of-concept of this framework, we describe a new LTL satisfiability
tool, Aalta\_v2.0, which is built on top of the MiniSAT SAT solver. We test the
effectiveness of this approach by demonnstrating that Aalta\_v2.0 significantly
outperforms all existing LTL satisfiability solvers. Furthermore, we show that
the framework can be extended from propositional LTL to assertional LTL (where
we allow theory atoms), by replacing MiniSAT with the Z3 SMT solver, and
demonstrating that this can yield an exponential improvement in performance
A Survey of Symbolic Execution Techniques
Many security and software testing applications require checking whether
certain properties of a program hold for any possible usage scenario. For
instance, a tool for identifying software vulnerabilities may need to rule out
the existence of any backdoor to bypass a program's authentication. One
approach would be to test the program using different, possibly random inputs.
As the backdoor may only be hit for very specific program workloads, automated
exploration of the space of possible inputs is of the essence. Symbolic
execution provides an elegant solution to the problem, by systematically
exploring many possible execution paths at the same time without necessarily
requiring concrete inputs. Rather than taking on fully specified input values,
the technique abstractly represents them as symbols, resorting to constraint
solvers to construct actual instances that would cause property violations.
Symbolic execution has been incubated in dozens of tools developed over the
last four decades, leading to major practical breakthroughs in a number of
prominent software reliability applications. The goal of this survey is to
provide an overview of the main ideas, challenges, and solutions developed in
the area, distilling them for a broad audience.
The present survey has been accepted for publication at ACM Computing
Surveys. If you are considering citing this survey, we would appreciate if you
could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing
this survey, we would appreciate if you could use the following BibTeX entry:
http://goo.gl/Hf5Fv
Compositional Verification for Timed Systems Based on Automatic Invariant Generation
We propose a method for compositional verification to address the state space
explosion problem inherent to model-checking timed systems with a large number
of components. The main challenge is to obtain pertinent global timing
constraints from the timings in the components alone. To this end, we make use
of auxiliary clocks to automatically generate new invariants which capture the
constraints induced by the synchronisations between components. The method has
been implemented in the RTD-Finder tool and successfully experimented on
several benchmarks
Analyzing Conflict Freedom For Multi-threaded Programs With Time Annotations
Avoiding access conflicts is a major challenge in the design of
multi-threaded programs. In the context of real-time systems, the absence of
conflicts can be guaranteed by ensuring that no two potentially conflicting
accesses are ever scheduled concurrently.In this paper, we analyze programs
that carry time annotations specifying the time for executing each statement.
We propose a technique for verifying that a multi-threaded program with time
annotations is free of access conflicts. In particular, we generate constraints
that reflect the possible schedules for executing the program and the required
properties. We then invoke an SMT solver in order to verify that no execution
gives rise to concurrent conflicting accesses. Otherwise, we obtain a trace
that exhibits the access conflict.Comment: http://journal.ub.tu-berlin.de/eceasst/article/view/97
Satisfiability Modulo Transcendental Functions via Incremental Linearization
In this paper we present an abstraction-refinement approach to Satisfiability
Modulo the theory of transcendental functions, such as exponentiation and
trigonometric functions. The transcendental functions are represented as
uninterpreted in the abstract space, which is described in terms of the
combined theory of linear arithmetic on the rationals with uninterpreted
functions, and are incrementally axiomatized by means of upper- and
lower-bounding piecewise-linear functions. Suitable numerical techniques are
used to ensure that the abstractions of the transcendental functions are sound
even in presence of irrationals. Our experimental evaluation on benchmarks from
verification and mathematics demonstrates the potential of our approach,
showing that it compares favorably with delta-satisfiability /interval
propagation and methods based on theorem proving
- …