1,809 research outputs found
Compositional Verification of Heap-Manipulating Programs through Property-Guided Learning
Analyzing and verifying heap-manipulating programs automatically is
challenging. A key for fighting the complexity is to develop compositional
methods. For instance, many existing verifiers for heap-manipulating programs
require user-provided specification for each function in the program in order
to decompose the verification problem. The requirement, however, often hinders
the users from applying such tools. To overcome the issue, we propose to
automatically learn heap-related program invariants in a property-guided way
for each function call. The invariants are learned based on the memory graphs
observed during test execution and improved through memory graph mutation. We
implemented a prototype of our approach and integrated it with two existing
program verifiers. The experimental results show that our approach enhances
existing verifiers effectively in automatically verifying complex
heap-manipulating programs with multiple function calls
S2TD: a Separation Logic Verifier that Supports Reasoning of the Absence and Presence of Bugs
Heap-manipulating programs are known to be challenging to reason about. We
present a novel verifier for heap-manipulating programs called S2TD, which
encodes programs systematically in the form of Constrained Horn Clauses (CHC)
using a novel extension of separation logic (SL) with recursive predicates and
dangling predicates. S2TD actively explores cyclic proofs to address the path
explosion problem. S2TD differentiates itself from existing CHC-based verifiers
by focusing on heap-manipulating programs and employing cyclic proof to
efficiently verify or falsify them with counterexamples. Compared with existing
SL-based verifiers, S2TD precisely specifies the heaps of de-allocated pointers
to avoid false positives in reasoning about the presence of bugs. S2TD has been
evaluated using a comprehensive set of benchmark programs from the SV-COMP
repository. The results show that S2TD is more effective than state-of-art
program verifiers and is more efficient than most of them.Comment: 24 page
Concolic Testing Heap-Manipulating Programs
Concolic testing is a test generation technique which works effectively by
integrating random testing generation and symbolic execution. Existing concolic
testing engines focus on numeric programs. Heap-manipulating programs make
extensive use of complex heap objects like trees and lists. Testing such
programs is challenging due to multiple reasons. Firstly, test inputs for such
program are required to satisfy non-trivial constraints which must be specified
precisely. Secondly, precisely encoding and solving path conditions in such
programs are challenging and often expensive. In this work, we propose the
first concolic testing engine called CSF for heap-manipulating programs based
on separation logic. CSF effectively combines specification-based testing and
concolic execution for test input generation. It is evaluated on a set of
challenging heap-manipulating programs. The results show that CSF generates
valid test inputs with high coverage efficiently. Furthermore, we show that CSF
can be potentially used in combination with precondition inference tools to
reduce the user effort
Learning likely invariants to explain why a program fails
Debugging is difficult. Recent studies show that automatic bug localization
techniques have limited usefulness. One of the reasons is that programmers
typically have to understand why the program fails before fixing it. In this
work, we aim to help programmers understand a bug by automatically generating
likely invariants which are violated in the failed tests. Given a program with
an initial assertion and at least one test case failing the assertion, we first
generate random test cases, identify potential bug locations through bug
localization, and then generate program state mutation based on active learning
techniques to identify a predicate "explaining" the cause of the bug. The
predicate is a classifier for the passed test cases and failed test cases. Our
main contribution is the application of invariant learning for bug explanation,
as well as a novel approach to overcome the problem of lack of test cases in
practice. We apply our method to real-world bugs and show the generated
invariants are often correlated to the actual bug fixes.Comment: 10 page
sFuzz: An efficient adaptive fuzzer for solidity smart contracts
Ministry of Education, Singapore under its Academic Research Funding Tier
Effect of Dzyaloshinskii–Moriya interaction on Heisenberg antiferromagnetic spin chain in a longitudinal magnetic field
Using functional integral method for the Heisenberg antiferromagnetic spin chain with the added Dzyaloshinskii-Moriya Interaction in the presence of the longitudinal magnetic field, we find out expression for free energy of the spin chain via spin fluctuations, from which quantities characterize the antiferromagnetic order and phase transition such as staggered and total magnetizations derived. From that, we deduce the significant effect of the Dzyaloshinskii-Moriya interaction on the reduction of the antiferromagnetic order and show that the total magnetization can be deviated from the initial one under the influence of canting of the spins due to a combination of the Dzyaloshinskii-Moriya interaction and the magnetic field. Besides, the remarkable role of the transverse spin fluctuations due to the above factors on the antiferromagnetic behaviours of the spin chain is also indicated.  
- …