63 research outputs found
Scaling Bounded Model Checking By Transforming Programs With Arrays
Bounded Model Checking is one the most successful techniques for finding bugs
in program. However, model checkers are resource hungry and are often unable to
verify programs with loops iterating over large arrays.We present a
transformation that enables bounded model checkers to verify a certain class of
array properties. Our technique transforms an array-manipulating (ANSI-C)
program to an array-free and loop-free (ANSI-C) program thereby reducing the
resource requirements of a model checker significantly. Model checking of the
transformed program using an off-the-shelf bounded model checker simulates the
loop iterations efficiently. Thus, our transformed program is a sound
abstraction of the original program and is also precise in a large number of
cases - we formally characterize the class of programs for which it is
guaranteed to be precise. We demonstrate the applicability and usefulness of
our technique on both industry code as well as academic benchmarks
Electroexcitation of the Roper resonance from CLAS data
The helicity amplitudes of the electroexcitation of the Roper resonance on
proton are extracted at 1.7 < Q2 < 4.2 GeV2 from recent high precision
JLab-CLAS cross sections data and longitudinally polarized beam asymmetry for
pi+ electroproduction on protons. The analysis is made using two approaches,
dispersion relations and unitary isobar model, which give consistent results.
It is found that the transverse helicity amplitude for the gamma* p -->
P11(1440) transition, which is large and negative at Q2=0, becomes large and
positive at Q2 ~ 2 GeV2, and then drops slowly with Q2. Longitudinal helicity
amplitude, that was previously found from CLAS data as large and positive at
Q2=0.4,0.65 GeV2, drops with Q2. These results rule out the presentation of
P11(1440) as a 3qG hybrid state, and provide strong evidence in favor of this
resonance as a first radial excitation of the 3q ground state.Comment: 3 pages, 2 figures, Talk on the Workshop on "The Physics of Excited
Nucleons", Bonn, Germany, October 200
Proving Safety with Trace Automata and Bounded Model Checking
Loop under-approximation is a technique that enriches C programs with
additional branches that represent the effect of a (limited) range of loop
iterations. While this technique can speed up the detection of bugs
significantly, it introduces redundant execution traces which may complicate
the verification of the program. This holds particularly true for verification
tools based on Bounded Model Checking, which incorporate simplistic heuristics
to determine whether all feasible iterations of a loop have been considered.
We present a technique that uses \emph{trace automata} to eliminate redundant
executions after performing loop acceleration. The method reduces the diameter
of the program under analysis, which is in certain cases sufficient to allow a
safety proof using Bounded Model Checking. Our transformation is precise---it
does not introduce false positives, nor does it mask any errors. We have
implemented the analysis as a source-to-source transformation, and present
experimental results showing the applicability of the technique
A Simplex-Based Extension of Fourier-Motzkin for Solving Linear Integer Arithmetic
International audienceThis paper describes a novel decision procedure for quantifier-free linear integer arithmetic. Standard techniques usually relax the initial problem to the rational domain and then proceed either by projection (e.g. Omega-Test) or by branching/cutting methods (branch-and-bound, branch-and-cut, Gomory cuts). Our approach tries to bridge the gap between the two techniques: it interleaves an exhaustive search for a model with bounds inference. These bounds are computed provided an oracle capable of finding constant positive linear combinations of affine forms. We also show how to design an efficient oracle based on the Simplex procedure. Our algorithm is proved sound, complete, and terminating and is implemented in the Alt-Ergo theorem prover. Experimental results are promising and show that our approach is competitive with state-of-the-art SMT solvers
A simple abstraction of arrays and maps by program translation
We present an approach for the static analysis of programs handling arrays,
with a Galois connection between the semantics of the array program and
semantics of purely scalar operations. The simplest way to implement it is by
automatic, syntactic transformation of the array program into a scalar program
followed analysis of the scalar program with any static analysis technique
(abstract interpretation, acceleration, predicate abstraction,.. .). The
scalars invariants thus obtained are translated back onto the original program
as universally quantified array invariants. We illustrate our approach on a
variety of examples, leading to the " Dutch flag " algorithm
A Survey of Satisfiability Modulo Theory
Satisfiability modulo theory (SMT) consists in testing the satisfiability of
first-order formulas over linear integer or real arithmetic, or other theories.
In this survey, we explain the combination of propositional satisfiability and
decision procedures for conjunctions known as DPLL(T), and the alternative
"natural domain" approaches. We also cover quantifiers, Craig interpolants,
polynomial arithmetic, and how SMT solvers are used in automated software
analysis.Comment: Computer Algebra in Scientific Computing, Sep 2016, Bucharest,
Romania. 201
Mechanism of Pion Production in p Scattering at 1 GeV/nucleon
The one-pion and two-pion production in the p(alpha, alpha prime)X reaction
at an energy of E{alpha} = 4.2 GeV has been studied by simultaneous
registration of the scattered alpha particles and the secondary pion or proton.
The obtained results demonstrate that the inelastic alpha-particle scattering
on the proton at the energy of the experiment proceeds either through
excitation and decay of Delta resonance in the projectile or through excitation
in the target proton of the Roper resonance, which decays mainly on a nucleon
and a pion or a nucleon and a sigma meson - system of two pions in the isospin
I = 0, S-wave.Comment: 16 pages, 10 figures. Submitted to Proceedings of the XX
International Baldin Seminar on High - Energy Physics Problems, Dubna,
October 4 - 9, 201
A Reduction from Unbounded Linear Mixed Arithmetic Problems into Bounded Problems
We present a combination of the Mixed-Echelon-Hermite transformation and the
Double-Bounded Reduction for systems of linear mixed arithmetic that preserve
satisfiability and can be computed in polynomial time. Together, the two
transformations turn any system of linear mixed constraints into a bounded
system, i.e., a system for which termination can be achieved easily. Existing
approaches for linear mixed arithmetic, e.g., branch-and-bound and cuts from
proofs, only explore a finite search space after application of our two
transformations. Instead of generating a priori bounds for the variables, e.g.,
as suggested by Papadimitriou, unbounded variables are eliminated through the
two transformations. The transformations orient themselves on the structure of
an input system instead of computing a priori (over-)approximations out of the
available constants. Experiments provide further evidence to the efficiency of
the transformations in practice. We also present a polynomial method for
converting certificates of (un)satisfiability from the transformed to the
original system
LNCS
Static program analyzers are increasingly effective in checking correctness properties of programs and reporting any errors found, often in the form of error traces. However, developers still spend a significant amount of time on debugging. This involves processing long error traces in an effort to localize a bug to a relatively small part of the program and to identify its cause. In this paper, we present a technique for automated fault localization that, given a program and an error trace, efficiently narrows down the cause of the error to a few statements. These statements are then ranked in terms of their suspiciousness. Our technique relies only on the semantics of the given program and does not require any test cases or user guidance. In experiments on a set of C benchmarks, we show that our technique is effective in quickly isolating the cause of error while out-performing other state-of-the-art fault-localization techniques
A Generic Framework for Implicate Generation Modulo Theories
International audienceThe clausal logical consequences of a formula are called its implicates. The generation of these implicates has several applications, such as the identification of missing hypotheses in a logical specification. We present a procedure that generates the implicates of a quantifier-free formula modulo a theory. No assumption is made on the considered theory, other than the existence of a decision procedure. The algorithm has been implemented (using the solvers MiniSAT, CVC4 and Z3) and experimental results show evidence of the practical relevance of the proposed approach
- …