SMT-based Model Checking for Recursive Programs

We present an SMT-based symbolic model checking algorithm for safety verification of recursive programs. The algorithm is modular and analyzes procedures individually. Unlike other SMT-based approaches, it maintains both "over-" and "under-approximations" of procedure summaries. Under-approximations are used to analyze procedure calls without inlining. Over-approximations are used to block infeasible counterexamples and detect convergence to a proof. We show that for programs and properties over a decidable theory, the algorithm is guaranteed to find a counterexample, if one exists. However, efficiency depends on an oracle for quantifier elimination (QE). For Boolean Programs, the algorithm is a polynomial decision procedure, matching the worst-case bounds of the best BDD-based algorithms. For Linear Arithmetic (integers and rationals), we give an efficient instantiation of the algorithm by applying QE "lazily". We use existing interpolation techniques to over-approximate QE and introduce "Model Based Projection" to under-approximate QE. Empirical evaluation on SV-COMP benchmarks shows that our algorithm improves significantly on the state-of-the-art.Comment: originally published as part of the proceedings of CAV 2014; fixed typos, better wording at some place

Proving Safety with Trace Automata and Bounded Model Checking

Loop under-approximation is a technique that enriches C programs with additional branches that represent the effect of a (limited) range of loop iterations. While this technique can speed up the detection of bugs significantly, it introduces redundant execution traces which may complicate the verification of the program. This holds particularly true for verification tools based on Bounded Model Checking, which incorporate simplistic heuristics to determine whether all feasible iterations of a loop have been considered. We present a technique that uses \emph{trace automata} to eliminate redundant executions after performing loop acceleration. The method reduces the diameter of the program under analysis, which is in certain cases sufficient to allow a safety proof using Bounded Model Checking. Our transformation is precise---it does not introduce false positives, nor does it mask any errors. We have implemented the analysis as a source-to-source transformation, and present experimental results showing the applicability of the technique

Ranking Templates for Linear Loops

We present a new method for the constraint-based synthesis of termination arguments for linear loop programs based on linear ranking templates. Linear ranking templates are parametrized, well-founded relations such that an assignment to the parameters gives rise to a ranking function. This approach generalizes existing methods and enables us to use templates for many different ranking functions with affine-linear components. We discuss templates for multiphase, piecewise, and lexicographic ranking functions. Because these ranking templates require both strict and non-strict inequalities, we use Motzkin's Transposition Theorem instead of Farkas Lemma to transform the generated $\exists\forall$-constraint into an $\exists$-constraint.Comment: TACAS 201

Using a runway paradigm to assess the relative strength of rats' motivations for enrichment objects

Laboratory animals should be provided with enrichment objects in their cages; however, it is first necessary to test whether the proposed enrichment objects provide benefits that increase the animals’ welfare. The two main paradigms currently used to assess proposed enrichment objects are the choice test, which is limited to determining relative frequency of choice, and consumer demand studies, which can indicate the strength of a preference but are complex to design. Here, we propose a third methodology: a runway paradigm, which can be used to assess the strength of an animal’s motivation for enrichment objects, is simpler to use than consumer demand studies, and is faster to complete than typical choice tests. Time spent with objects in a standard choice test was used to rank several enrichment objects in order to compare with the ranking found in our runway paradigm. The rats ran significantly more times, ran faster, and interacted longer with objects with which they had previously spent the most time. It was concluded that this simple methodology is suitable for measuring rats’ motivation to reach enrichment objects. This can be used to assess the preference for different types of enrichment objects or to measure reward system processes

Urinary tract infection in men

Uri nary tract in fec tion in men Ab stract. Ob jec tive: To ex plore the prev alence and mi cro bi ol ogy of uri nary tract in fection (UTI) in symp tom atic men in a pri mary care set ting and to de ter mine the ap pro pri ateness of pa tient man age ment of these con ditions by the gen eral prac ti tio ners. Meth ods: A cross-sec tional sur vey was car ried out matching doc u men ta tion of symp toms and man agement with urine cul ture and re sults of sus cep tibil ity tests. All pa tients pre sent ing with symptoms typ i cal for a UTI in 36 teach ing gen eral prac tices in the area of Göttingen, Ger many, were el i gi ble for en rol ment in the study. 15% (n = 90) of all pa tients were adult men. Gen eral prac ti tio ners (GPs) were in structed to man age pa tients as usual. Pa tient char ac ter is tics, dipstick tests and treat ment were matched with results of urine cul tures and sus cep ti bil ity testing. Re sults: Men pre sent ing with symp toms in dic a tive of UTI were pre dom i nantly el derly (me dian age 61 years) and 41% had ad di tional risk fac tors. An ti bi ot ics were pre scribed for 36%, but these were not well-tar geted. Urine cul ture re vealed UTI in 60%, of which half had low col ony counts (23% of all pa tients) or multi ple bac te rial growth (7%); 40% had ster ile urine. Dip stick tests proved un help ful: leu kocytes and ni trite had sen si tiv i ties of 54% and 38%, specificities of 55% and 84%, pos i tive pre dic tive val ues of 65% and 78% and neg ative pre dic tive val ues of 44% and 46%, re spectively. Re sis tance lev els were 53% for amoxicillin and cefaclor, 28% for cefixim, 22% for ciprofloxacin, 34% for both trimethoprim as in di vid ual sub stance and the com bi na tion with sulfamethoxazole (cotrimoxazole) and 25% for ni tro fu ran toin. Con clusion: Men with symp toms in dic a tive of a UTI should not be treated em pir i cally. A urine culture and antibiogram should be ob tained before a treat ment de ci sion is made. A low-count UTI was com mon and should not be con sidered nor mal

Proving termination and memory safety for programs with Pointer Arithmetic

Proving termination automatically for programs with explicit pointer arithmetic is still an open problem. To close this gap, we introduce a novel abstract domain that can track allocated memory in detail. We use it to automatically construct a symbolic execution graph that represents all possible runs of the program and that can be used to prove memory safety. This graph is then transformed into an integer transition system, whose termination can be proved by standard techniques. We implemented this approach in the automated termination prover AProVE and demonstrate its capability of analyzing C programs with pointer arithmetic that existing tools cannot handle

LNCS

Static program analyzers are increasingly effective in checking correctness properties of programs and reporting any errors found, often in the form of error traces. However, developers still spend a significant amount of time on debugging. This involves processing long error traces in an effort to localize a bug to a relatively small part of the program and to identify its cause. In this paper, we present a technique for automated fault localization that, given a program and an error trace, efficiently narrows down the cause of the error to a few statements. These statements are then ranked in terms of their suspiciousness. Our technique relies only on the semantics of the given program and does not require any test cases or user guidance. In experiments on a set of C benchmarks, we show that our technique is effective in quickly isolating the cause of error while out-performing other state-of-the-art fault-localization techniques