A Generic Annotation Inference Algorithm for the Safety Certification of Automatically Generated Code

Code generators for realistic application domains are not directly verifiable in practice. In the certifiable code generation approach the generator is extended to generate logical annotations (i.e., pre- and postconditions and loop invariants) along with the programs, allowing fully automated program proofs of different safety properties. However, this requires access to the generator sources, and remains difficult to implement and maintain because the annotations are cross-cutting concerns, both on the object-level (i.e., in the generated code) and on the meta-level (i.e., in the generator). Here we describe a new generic post-generation annotation inference algorithm that circumvents these problems. We exploit the fact that the output of a code generator is highly idiomatic, so that patterns can be used to describe all code constructs that require annotations. The patterns are specific to the idioms of the targeted code generator and to the safety property to be shown, but the algorithm itself remains generic. It is based on a pattern matcher used to identify instances of the idioms and build a property-specific abstracted control flow graph, and a graph traversal that follows the paths from the use nodes backwards to all corresponding definitions, annotating the statements along these paths. This core is instantiated for two generators and successfully applied to automatically certify initialization safety for a range of generated programs

Verifying multi-threaded software using SMT-based context-bounded model checking

We describe and evaluate three approaches to model check multi-threaded software with shared variables and locks using bounded model checking based on Satisfiability Modulo Theories (SMT) and our modelling of the synchronization primitives of the Pthread library. In the lazy approach, we generate all possible interleavings and call the SMT solver on each of them individually, until we either find a bug, or have systematically explored all interleavings. In the schedule recording approach, we encode all possible interleavings into one single formula and then exploit the high speed of the SMT solvers. In the underapproximation and widening approach, we reduce the state space by abstracting the number of interleavings from the proofs of unsatisfiability generated by the SMT solvers. In all three approaches, we bound the number of context switches allowed among threads in order to reduce the number of interleavings explored. We implemented these approaches in ESBMC, our SMT-based bounded model checker for ANSI-C programs. Our experiments show that ESBMC can analyze larger problems and substantially reduce the verification time compared to state-of-the-art techniques that use iterative context-bounding algorithms or counter-example guided abstraction refinement

AutoBayes: A System for Generating Data Analysis Programs from Statistical Models

Data analysis is an important scientific task which is required whenever information needs to be extracted from raw data. Statistical approaches to data analysis, which use methods from probability theory and numerical analysis, are well-founded but difficult to implement: the development of a statistical data analysis program for any given application is time-consuming and requires substantial knowledge and experience in several areas. In this paper, we describe AutoBayes, a program synthesis system for the generation of data analysis programs from statistical models. A statistical model specifies the properties for each problem variable (i.e., observation or parameter) and its dependencies in the form of a probability distribution. It is a fully declarative problem description, similar in spirit to a set of differential equations. From such a model, AutoBayes generates optimized and fully commented C/C++ code which can be linked dynamically into the Matlab and Octave environments. Code is produced by a schema-guided deductive synthesis process. A schema consists of a code template and applicability constraints which are checked against the model during synthesis using theorem proving technology. AutoBayes augments schema-guided synthesis by symbolic-algebraic computation and can thus derive closed-form solutions for many problems. It is well-suited for tasks like estimating best-fitting model parameters for the given data. Here, we describe AutoBayes's system architecture, in particular the schema-guided synthesis kernel. Its capabilities are illustrated by a number of advanced textbook examples and benchmarks

Chebyshev polynomials are not always optimal

The problem is that of finding among all polynomials of degree at most n and normalized to be 1 at c the one with minimal uniform norm on Epsilon. Here, Epsilon is a given ellipse with both foci on the real axis and c is a given real point not contained in Epsilon. Problems of this type arise in certain iterative matrix computations and, in this context, it is generally believed and widely referenced that suitably normalized Chebyshev polynomials are optimal for such constrained approximation problems. It is shown that this is not true in general. Moreover, sufficient conditions are derived which guarantee that Chebyshev polynomials are optimal. Some numerical examples are also presented

On the constrained Chebyshev approximation problem on ellipses

Constrained Chebyshev approximation problems of the type with minimum (p is an element of Pi(sub n):p(c)=1) and maximum (z is an element of E) with /p(z)/ are considered. Here Pi(sub n) denotes the set of all complex polynomials of degree at most n, E is any ellipse in the complex plane, and c is an element of C/E. Such approximation problems arise in the context of optimizing semi-iterative methods for the solution of large, sparse systems of linear equations Ax=b with complex non-Hermitian coefficient matrices A. The problem of obtaining optimal polynomial preconditioners for conjugate gradient type methods for Ax=b also leads to problems of this type. A new family of polynomials -- q(sub n)(z;c), n is an element of N, and c is an element of C/E -- are introduced as the polynomials which are optimal for a modified version of the Chebyshev approximation problem with Pi(sub n) replaced by a certain subfamily. Some simple properties of q(sub n) are also listed. A necessary and sufficient condition for q(sub n) to be the extremal polynomial for the approximation problem is then derived. Finally, it is shown that q(sub n) is indeed optimal for the problem for all fixed n whenever the distance between c and E is sufficiently large. Results of some numerical tests are presented

New Bernstein type inequalities for polynomials on ellipses

New and sharp estimates are derived for the growth in the complex plane of polynomials known to have a curved majorant on a given ellipse. These so-called Bernstein type inequalities are closely connected with certain constrained Chebyshev approximation problems on ellipses. Also presented are some new results for approximation problems of this type

Optimal Chebyshev polynomials on ellipses in the complex plane

The design of iterative schemes for sparse matrix computations often leads to constrained polynomial approximation problems on sets in the complex plane. For the case of ellipses, we introduce a new class of complex polynomials which are in general very good approximations to the best polynomials and even optimal in most cases

CSeq: A Sequentialization Tool for C - (Competition Contribution)

Abstract. Sequentialization translates concurrent programs into equivalent nondeterministic sequential programs so that the different concurrent schedules no longer need to be handled explicitly. It can thus be used as a concurrency preprocessor for many sequential program verification techniques. CSeq implements sequentialization for C and uses ESBMC as sequential verification backend [5].