Interpolant-Based Transition Relation Approximation

In predicate abstraction, exact image computation is problematic, requiring in the worst case an exponential number of calls to a decision procedure. For this reason, software model checkers typically use a weak approximation of the image. This can result in a failure to prove a property, even given an adequate set of predicates. We present an interpolant-based method for strengthening the abstract transition relation in case of such failures. This approach guarantees convergence given an adequate set of predicates, without requiring an exact image computation. We show empirically that the method converges more rapidly than an earlier method based on counterexample analysis.Comment: Conference Version at CAV 2005. 17 Pages, 9 Figure

Symbolic Exploration of Transition Hierarchies

In formal design verification, successful model checking is typically preceded by a laborious manual process of constructing design abstractions. We present a methodology for partially - and in some cases, fully - bypassing the abstraction process. For this purpose, we provide to the designer abstraction operators which, if used judiciously in the description of a design, structure the corresponding state space hierarchically. This structure can then be exploited by verification tools, and makes possible the automatic and exhaustive exploration of state spaces that would otherwise be out of scope for existing model checkers. Specifically, we present the following contributions: - A temporal abstraction operator that aggregates transitions and hides intermediate steps. Mathematically, our abstraction operator is a function that maps a flat transition system into a two-level hierarchy where each atomic upper-level transition expands into an entire lower-level transition system. For example, an arithmetic operation may expand to a sequence of bit operations. - A BDD-based algorithm for the symbolic exploration of multi-level hierarchies of transition systems. The algorithm traverses a level-n transition by expanding the corresponding level-(n-1) transition system on-the-fly. The level-n successors of a state are determined by computing a level-(n-1) reach set, which is then immediately released from memory. In this fashion, we can exhaustively explore hierarchically structured state spaces whose flat counterparts cause memory overflows. - We experimentally demonstrate the efficiency of our method with three examples - a multiplier, a cache coherence protocol, and a multiprocessor system. In the first two examples, we obtain significant improvements in run times and peak BDD sizes over traditional state-space search. The third example cannot be model checked at all using conventional methods (without manual abstractions), but can be analyzed fully automatically using transition hierarchies

Development of UAV as a Platform for Current and Future Dynamic Soaring Research

We address the ongoing development of a dynamic soaring (DS) capable unmanned aerial vehicle (UAV) platform optimized for minimal power consumption. This project has been funded by the Embry-Riddle Office of Undergraduate Research through the Ignite program. Dynamic soaring is a bio-inspired flight maneuver in which energy is extracted from the wind shear layer by flying through regions of varying wind speed. The objective of our project is to design an autonomous dynamic soaring flight controller and perform DS with a real-world UAV. Development of this project can be divided into three sub-categories: (1) the UAV platform, (2) flight simulations, and (3) the flight controller. The UAV platform is an FMS Fox Aerobatic Glider, a high aspect-ratio glider with a nose-mounted engine. A flight control system has been crafted to allow us to integrate our DS autopilot. In previous works we have created a 6-degree-of-freedom (6DoF) flight simulation environment in MATLAB and Simulink to develop and test DS flight controllers. The simulator can be adapted to integrate our current UAV by building a variable-fidelity aerodynamic model using computational fluid dynamics (CFD). Finally, we are developing a robust reinforcement-learning (RL) trained artificial intelligence (AI) that will optimize the path of the UAV to minimize power consumption. RL is performed in the simulator and the AI will be deployed on the UAV when complete. This presentation will discuss current progress as well as address challenges we face in the completion of our goals

Development of UAV as a Platform for Current and Future Dynamic Soaring Research

We address the final stages in the development of a dynamic soaring (DS) capable unmanned aerial vehicle (UAV). This project has been funded by the Embry-Riddle Office of Undergraduate Research through the Ignite program. Dynamic soaring is a bio-inspired flight maneuver in which energy is extracted by flying through regions of wind velocity gradient such as the wind shear layer. The objective of our project is to design an autonomous dynamic soaring flight controller through simulation, develop a DS capable UAV platform, and perform DS maneuvers in the real world. For simulation, a 6-degrees-of-freedom (6DoF) flight simulation environment in MATLAB and Simulink has been developed. Using computational fluid dynamics (CFD) a variable-fidelity aerodynamic model was obtained. The UAV platform is an FMS Fox Aerobatic Glider, a high aspect-ratio powered glider with a robust sensor suite and autonomous flight control system. Finally, we are developing a reinforcement-learning (RL) trained artificial intelligence (AI) that will optimize the path of the UAV to minimize power consumption. After completion, the UAV will be capable of testing future DS navigation systems. This presentation will discuss current progress as well as address challenges we face in the completion of our goals

StaticFixer: From Static Analysis to Static Repair

Static analysis tools are traditionally used to detect and flag programs that violate properties. We show that static analysis tools can also be used to perturb programs that satisfy a property to construct variants that violate the property. Using this insight we can construct paired data sets of unsafe-safe program pairs, and learn strategies to automatically repair property violations. We present a system called \sysname, which automatically repairs information flow vulnerabilities using this approach. Since information flow properties are non-local (both to check and repair), \sysname also introduces a novel domain specific language (DSL) and strategy learning algorithms for synthesizing non-local repairs. We use \sysname to synthesize strategies for repairing two types of information flow vulnerabilities, unvalidated dynamic calls and cross-site scripting, and show that \sysname successfully repairs several hundred vulnerabilities from open source {\sc JavaScript} repositories, outperforming neural baselines built using {\sc CodeT5} and {\sc Codex}. Our datasets can be downloaded from \url{http://aka.ms/StaticFixer}

Frustrated with Code Quality Issues? LLMs can Help!

As software projects progress, quality of code assumes paramount importance as it affects reliability, maintainability and security of software. For this reason, static analysis tools are used in developer workflows to flag code quality issues. However, developers need to spend extra efforts to revise their code to improve code quality based on the tool findings. In this work, we investigate the use of (instruction-following) large language models (LLMs) to assist developers in revising code to resolve code quality issues. We present a tool, CORE (short for COde REvisions), architected using a pair of LLMs organized as a duo comprised of a proposer and a ranker. Providers of static analysis tools recommend ways to mitigate the tool warnings and developers follow them to revise their code. The \emph{proposer LLM} of CORE takes the same set of recommendations and applies them to generate candidate code revisions. The candidates which pass the static quality checks are retained. However, the LLM may introduce subtle, unintended functionality changes which may go un-detected by the static analysis. The \emph{ranker LLM} evaluates the changes made by the proposer using a rubric that closely follows the acceptance criteria that a developer would enforce. CORE uses the scores assigned by the ranker LLM to rank the candidate revisions before presenting them to the developer. CORE could revise 59.2% Python files (across 52 quality checks) so that they pass scrutiny by both a tool and a human reviewer. The ranker LLM is able to reduce false positives by 25.8% in these cases. CORE produced revisions that passed the static analysis tool in 76.8% Java files (across 10 quality checks) comparable to 78.3% of a specialized program repair tool, with significantly much less engineering efforts