CH in stellar atmospheres: an extensive linelist

The advent of high-resolution spectrographs and detailed stellar atmosphere modelling has strengthened the need for accurate molecular data. Carbon-enhanced metal-poor (CEMP) stars spectra are interesting objects with which to study transitions from the CH molecule. We combine programs for spectral analysis of molecules and stellar-radiative transfer codes to build an extensive CH linelist, including predissociation broadening as well as newly identified levels. We show examples of strong predissociation CH lines in CEMP stars, and we stress the important role played by the CH features in the Bond-Neff feature depressing the spectra of barium stars by as much as 0.2 magnitudes in the $\lambda=$3000 -- 5500 \AA\ range. Because of the extreme thermodynamic conditions prevailing in stellar atmospheres (compared to the laboratory), molecular transitions with high energy levels can be observed. Stellar spectra can thus be used to constrain and improve molecular data.Comment: 33pages, 15 figures, accepted in A&A external data available at http://www.astro.ulb.ac.be/~spectrotools

IC-Cut: A Compositional Search Strategy for Dynamic Test Generation

Abstract. We present IC-Cut, short for “Interface-Complexity-based Cut”, a new compositional search strategy for systematically testing large programs. IC-Cut dynamically detects function interfaces that are simple enough to be cost-effective for summarization. IC-Cut then hierarchically decomposes the program into units defined by such functions and their sub-functions in the call graph. These units are tested independently, their test results are recorded as low-complexity function summaries, and the summaries are reused when testing higher-level functions in the call graph, thus limiting overall path explosion. When the decomposed units are tested exhaustively, they constitute verified components of the program. IC-Cut is run dynamically and on-the-fly during the search, typically refining cuts as the search advances. We have implemented this algorithm as a new search strategy in the whitebox fuzzer SAGE, and present detailed experimental results ob-tained when fuzzing the ANI Windows image parser. Our results show that IC-Cut alleviates path explosion while preserving or even increasing code coverage and bug finding, compared to the current generational-search strategy used in SAGE.

On Refinements of Boolean and Parametric Modal Transition Systems

We consider the extensions of modal transition systems (MTS), namely Boolean MTS and parametric MTS and we investigate the refinement problems over both classes. Firstly, we reduce the problem of modal refinement over both classes to a problem solvable by a QBF solver and provide experimental results showing our technique scales well. Secondly, we extend the algorithm for thorough refinement of MTS providing better complexity then via reductions to previously studied problems. Finally, we investigate the relationship between modal and thorough refinement on the two classes and show how the thorough refinement can be approximated by the modal refinement

Guiding Dynamic Symbolic Execution Toward Unverified Program Executions

Most techniques to detect program errors, such as testing, code reviews, and static program analysis, do not fully verify all possible executions of a program. They leave executions unverified when they do not check certain properties, fail to verify properties, or check properties under certain unsound assumptions such as the absence of arithmetic overflow. In this paper, we present a technique to complement partial verification results by automatic test case generation. In contrast to existing work, our technique supports the common case that the verification results are based on unsound assumptions. We annotate programs to reflect which executions have been verified, and under which assumptions. These annotations are then used to guide dynamic symbolic execution toward unverified program executions. Our main technical contribution is a code instrumentation that causes dynamic symbolic execution to abort tests that lead to verified executions, to prune parts of the search space, and to prioritize tests that cover more properties that are not fully verified. We have implemented our technique for the .NET static analyzer Clousot and the dynamic symbolic execution tool Pex. It produces smaller test suites (by up to 19.2%), covers more unverified executions (by up to 7.1%), and reduces testing time (by up to 52.4%) compared to combining Clousot and Pex without our technique

Irreducible tensor-form of the relativistic corrections to the M1 transition operator

The relativistic corrections to the magnetic dipole moment operator in the Pauli approximation were derived originally by Drake (Phys. Rev. A 3(1971)908). In the present paper, we derive their irreducible tensor-operator form to be used in atomic structure codes adopting the Fano-Racah-Wigner algebra for calculating its matrix elements.Comment: 26 page

Robustness Testing of Intermediate Verifiers

Program verifiers are not exempt from the bugs that affect nearly every piece of software. In addition, they often exhibit brittle behavior: their performance changes considerably with details of how the input program is expressed-details that should be irrelevant, such as the order of independent declarations. Such a lack of robustness frustrates users who have to spend considerable time figuring out a tool's idiosyncrasies before they can use it effectively. This paper introduces a technique to detect lack of robustness of program verifiers; the technique is lightweight and fully automated, as it is based on testing methods (such as mutation testing and metamorphic testing). The key idea is to generate many simple variants of a program that initially passes verification. All variants are, by construction, equivalent to the original program; thus, any variant that fails verification indicates lack of robustness in the verifier. We implemented our technique in a tool called "mugie", which operates on programs written in the popular Boogie language for verification-used as intermediate representation in numerous program verifiers. Experiments targeting 135 Boogie programs indicate that brittle behavior occurs fairly frequently (16 programs) and is not hard to trigger. Based on these results, the paper discusses the main sources of brittle behavior and suggests means of improving robustness

Towards concolic testing for hybrid systems

Hybrid systems exhibit both continuous and discrete behavior. Analyzing hybrid systems is known to be hard. Inspired by the idea of concolic testing (of programs), we investigate whether we can combine random sampling and symbolic execution in order to effectively verify hybrid systems. We identify a sufficient condition under which such a combination is more effective than random sampling. Furthermore, we analyze different strategies of combining random sampling and symbolic execution and propose an algorithm which allows us to dynamically switch between them so as to reduce the overall cost. Our method has been implemented as a web-based checker named HYCHECKER. HYCHECKER has been evaluated with benchmark hybrid systems and a water treatment system in order to test its effectiveness.CPCI-S(ISTP)[email protected]; [email protected]

Local reasoning about the presence of bugs: Incorrectness Separation Logic

There has been a large body of work on local reasoning for proving the absence of bugs, but none for proving their presence. We present a new formal framework for local reasoning about the presence of bugs, building on two complementary foundations: 1) separation logic and 2) incorrectness logic. We explore the theory of this new incorrectness separation logic (ISL), and use it to derive a begin-anywhere, intra-procedural symbolic execution analysis that has no false positives by construction. In so doing, we take a step towards transferring modular, scalable techniques from the world of program verification to bug catching