21 research outputs found
Simulating reachability using first-order logic with applications to verification of linked data structures
This paper shows how to harness existing theorem provers for first-order
logic to automatically verify safety properties of imperative programs that
perform dynamic storage allocation and destructive updating of pointer-valued
structure fields. One of the main obstacles is specifying and proving the
(absence) of reachability properties among dynamically allocated cells.
The main technical contributions are methods for simulating reachability in a
conservative way using first-order formulas--the formulas describe a superset
of the set of program states that would be specified if one had a precise way
to express reachability. These methods are employed for semi-automatic program
verification (i.e., using programmer-supplied loop invariants) on programs such
as mark-and-sweep garbage collection and destructive reversal of a singly
linked list. (The mark-and-sweep example has been previously reported as being
beyond the capabilities of ESC/Java.)Comment: 30 pages, LMC
Analogy-Making as a Core Primitive in the Software Engineering Toolbox
An analogy is an identification of structural similarities and
correspondences between two objects. Computational models of analogy making
have been studied extensively in the field of cognitive science to better
understand high-level human cognition. For instance, Melanie Mitchell and
Douglas Hofstadter sought to better understand high-level perception by
developing the Copycat algorithm for completing analogies between letter
sequences. In this paper, we argue that analogy making should be seen as a core
primitive in software engineering. We motivate this argument by showing how
complex software engineering problems such as program understanding and
source-code transformation learning can be reduced to an instance of the
analogy-making problem. We demonstrate this idea using Sifter, a new
analogy-making algorithm suitable for software engineering applications that
adapts and extends ideas from Copycat. In particular, Sifter reduces
analogy-making to searching for a sequence of update rule applications. Sifter
uses a novel representation for mathematical structures capable of effectively
representing the wide variety of information embedded in software. We conclude
by listing major areas of future work for Sifter and analogy-making in software
engineering.Comment: Conference paper at SPLASH 'Onward!' 2020. Code is available at
https://github.com/95616ARG/sifte
Labelled Clauses
Abstract. We add labels to first-order clauses to simultaneously apply superpositions to several proof obligations inside one clause set. From a theoretical perspective, the approach unifies a variety of deduction modes. These include different strategies such as set of support, as well as explicit case analysis, e.g., splitting. From a practical perspective, labelled clauses offer advantages in the case of related proof obligations resulting from multiple conjectures over the same axiom set or from a single conjecture that is a large conjunction. Here we can share clauses (e.g., the axioms and clauses deduced from them, share Skolem symbols), share deduced clause variants, and transfer lemmas between the different obligations. Motivated by software verification, we have created a prototype implementation of labelled clauses that supports multiple conjectures, and we provide convincing experiments for the benefits.
Putting static analysis to work for verification: A case study
Abstract We study how program analysis can be used to:* Automatically prove partial correctness of correct programs.* Discover, locate, and diagnose bugs in incorrect programs. Specifically, we present an algorithm that analyzes sorting programs that manipulate linked lists. A prototype of the algorithm has been implemented. We show that the algorithm is sufficiently precise to discover that (correct versions) of bubble-sort and insertion-sort procedures do, in fact, produce correctly sorted lists as outputs, and that the invariant "is-sorted " is maintained by listmanipulation operations such as element-insertion, elementdeletion, and even destructive list reversal and merging of two sorted lists. When we run the algorithm on erroneous versions of bubble-sort and insertion-sort procedures, it is able to discover and sometimes even locate and diagnose the error. 1 Introduction This paper shows that static analysis can be employed to* Automatically prove partial correctness of correct programs.
Constructing specialized shape analyses for uniform change
This paper is concerned with one of the basic problems in abstract interpretation, namely, for a given abstraction and a given set of concrete transformers (that express the concrete semantics of a program), how does one create the associated abstract transformers? We develop a new methodology for addressing this problem, based on a syntactically restricted language for expressing concrete transformers. We use this methodology to produce best abstract transformers for abstractions of many important data structures
Labelled Clauses
Abstract. We add labels to first-order clauses to simultaneously apply superpositions to several proof obligations inside one clause set. From a theoretical perspective, the approach unifies a variety of deduction modes. These include different strategies such as set of support, as well as explicit case analysis, e.g., splitting. From a practical perspective, labelled clauses offer advantages in the case of related proof obligations resulting from multiple conjectures over the same axiom set or from a single conjecture that is a large conjunction. Here we can share clauses (e.g., the axioms and clauses deduced from them, share Skolem symbols), share deduced clause variants, and transfer lemmas between the different obligations. Motivated by software verification, we have created a prototype implementation of labelled clauses that supports multiple conjectures, and we provide convincing experiments for the benefits.