104 research outputs found
Non-polynomial Worst-Case Analysis of Recursive Programs
We study the problem of developing efficient approaches for proving
worst-case bounds of non-deterministic recursive programs. Ranking functions
are sound and complete for proving termination and worst-case bounds of
nonrecursive programs. First, we apply ranking functions to recursion,
resulting in measure functions. We show that measure functions provide a sound
and complete approach to prove worst-case bounds of non-deterministic recursive
programs. Our second contribution is the synthesis of measure functions in
nonpolynomial forms. We show that non-polynomial measure functions with
logarithm and exponentiation can be synthesized through abstraction of
logarithmic or exponentiation terms, Farkas' Lemma, and Handelman's Theorem
using linear programming. While previous methods obtain worst-case polynomial
bounds, our approach can synthesize bounds of the form
as well as where is not an integer. We present
experimental results to demonstrate that our approach can obtain efficiently
worst-case bounds of classical recursive algorithms such as (i) Merge-Sort, the
divide-and-conquer algorithm for the Closest-Pair problem, where we obtain
worst-case bound, and (ii) Karatsuba's algorithm for
polynomial multiplication and Strassen's algorithm for matrix multiplication,
where we obtain bound such that is not an integer and
close to the best-known bounds for the respective algorithms.Comment: 54 Pages, Full Version to CAV 201
Model-Checking Parametric Lock-Sharing Systems Against Regular Constraints
In parametric lock-sharing systems processes can spawn new processes to run in parallel, and can create new locks. The behavior of every process is given by a pushdown automaton. We consider infinite behaviors of such systems under strong process fairness condition. A result of a potentially infinite execution of a system is a limit configuration, that is a potentially infinite tree. The verification problem is to determine if a given system has a limit configuration satisfying a given regular property. This formulation of the problem encompasses verification of reachability as well as of many liveness properties. We show that this verification problem, while undecidable in general, is decidable for nested lock usage.
We show Exptime-completeness of the verification problem. The main source of complexity is the number of parameters in the spawn operation. If the number of parameters is bounded, our algorithm works in Ptime for properties expressed by parity automata with a fixed number of ranks
Improving dynamic code analysis by code abstraction
In this paper, our aim is to propose a model for code abstraction, based on abstract interpretation, allowing us to improve the precision of a recently proposed static analysis by abstract interpretation of dynamic languages. The problem we tackle here is that the analysis may add some spurious code to the string-to-execute abstract value and this code may need some abstract representations in order to make it analyzable. This is precisely what we propose here, where we drive the code abstraction by the analysis we have to perform
Get rid of inline assembly through verification-oriented lifting
Formal methods for software development have made great strides in the last
two decades, to the point that their application in safety-critical embedded
software is an undeniable success. Their extension to non-critical software is
one of the notable forthcoming challenges. For example, C programmers regularly
use inline assembly for low-level optimizations and system primitives. This
usually results in driving state-of-the-art formal analyzers developed for C
ineffective. We thus propose TInA, an automated, generic, trustable and
verification-oriented lifting technique turning inline assembly into
semantically equivalent C code, in order to take advantage of existing C
analyzers. Extensive experiments on real-world C code with inline assembly
(including GMP and ffmpeg) show the feasibility and benefits of TInA
RustHorn: CHC-based Verification for Rust Programs (full version)
Reduction to the satisfiability problem for constrained Horn clauses (CHCs)
is a widely studied approach to automated program verification. The current
CHC-based methods for pointer-manipulating programs, however, are not very
scalable. This paper proposes a novel translation of pointer-manipulating Rust
programs into CHCs, which clears away pointers and memories by leveraging
ownership. We formalize the translation for a simplified core of Rust and prove
its correctness. We have implemented a prototype verifier for a subset of Rust
and confirmed the effectiveness of our method.Comment: Full version of the same-titled paper in ESOP202
A Posthumous Contribution by {Larry Wos}: {E}xcerpts from an Unpublished Column
International audienceShortly before Larry Wos passed away, he sent a manuscript for discussion to Sophie Tourret, the editor of the AAR newsletter. We present excerpts from this final manuscript, put it in its historic context and explain its relevance for today’s research in automated reasoning
- …