63 research outputs found
Termination Analysis by Learning Terminating Programs
We present a novel approach to termination analysis. In a first step, the
analysis uses a program as a black-box which exhibits only a finite set of
sample traces. Each sample trace is infinite but can be represented by a finite
lasso. The analysis can "learn" a program from a termination proof for the
lasso, a program that is terminating by construction. In a second step, the
analysis checks that the set of sample traces is representative in a sense that
we can make formal. An experimental evaluation indicates that the approach is a
potentially useful addition to the portfolio of existing approaches to
termination analysis
Separation of Interfering Signals in an Ultrasonic Flow Measurement System by Using Variable Time-Delay Properties
Petrification: Software Model Checking for Programs with Dynamic Thread Management (Extended Version)
We address the verification problem for concurrent program that dynamically
create (fork) new threads or destroy (join) existing threads. We present a
reduction to the verification problem for concurrent programs with a fixed
number of threads. More precisely, we present petrification, a transformation
from programs with dynamic thread management to an existing, Petri net-based
formalism for programs with a fixed number of threads. Our approach is
implemented in a software model checking tool for C programs that use the
pthreads API.Comment: 32 pages, 8 figures, 2 tables, extended version of the paper which is
to appear at VMCAI 202
Differentially Testing Soundness and Precision of Program Analyzers
In the last decades, numerous program analyzers have been developed both by
academia and industry. Despite their abundance however, there is currently no
systematic way of comparing the effectiveness of different analyzers on
arbitrary code. In this paper, we present the first automated technique for
differentially testing soundness and precision of program analyzers. We used
our technique to compare six mature, state-of-the art analyzers on tens of
thousands of automatically generated benchmarks. Our technique detected
soundness and precision issues in most analyzers, and we evaluated the
implications of these issues to both designers and users of program analyzers
Efficient Interpolation for the Theory of Arrays
Existing techniques for Craig interpolation for the quantifier-free fragment
of the theory of arrays are inefficient for computing sequence and tree
interpolants: the solver needs to run for every partitioning of the
interpolation problem to avoid creating -mixed terms. We present a new
approach using Proof Tree Preserving Interpolation and an array solver based on
Weak Equivalence on Arrays. We give an interpolation algorithm for the lemmas
produced by the array solver. The computed interpolants have worst-case
exponential size for extensionality lemmas and worst-case quadratic size
otherwise. We show that these bounds are strict in the sense that there are
lemmas with no smaller interpolants. We implemented the algorithm and show that
the produced interpolants are useful to prove memory safety for C programs.Comment: long version of the paper at IJCAR 201
- …