121 research outputs found
Interpolant-Based Transition Relation Approximation
In predicate abstraction, exact image computation is problematic, requiring
in the worst case an exponential number of calls to a decision procedure. For
this reason, software model checkers typically use a weak approximation of the
image. This can result in a failure to prove a property, even given an adequate
set of predicates. We present an interpolant-based method for strengthening the
abstract transition relation in case of such failures. This approach guarantees
convergence given an adequate set of predicates, without requiring an exact
image computation. We show empirically that the method converges more rapidly
than an earlier method based on counterexample analysis.Comment: Conference Version at CAV 2005. 17 Pages, 9 Figure
Symbolic Exploration of Transition Hierarchies
In formal design verification, successful model checking is typically preceded by a laborious manual process of constructing design abstractions. We present a methodology for partially - and in some cases, fully - bypassing the abstraction process. For this purpose, we provide to the designer abstraction operators which, if used judiciously in the description of a design, structure the corresponding state space hierarchically. This structure can then be exploited by verification tools, and makes possible the automatic and exhaustive exploration of state spaces that would otherwise be out of scope for existing model checkers.
Specifically, we present the following contributions:
- A temporal abstraction operator that aggregates transitions and hides intermediate steps. Mathematically, our abstraction operator is a function that maps a flat transition system into a two-level hierarchy where each atomic upper-level transition expands into an entire lower-level transition system. For example, an arithmetic operation may expand to a sequence of bit operations.
- A BDD-based algorithm for the symbolic exploration of multi-level hierarchies of transition systems. The algorithm traverses a level-n transition by expanding the corresponding level-(n-1) transition system on-the-fly. The level-n successors of a state are determined by computing a level-(n-1) reach set, which is then immediately released from memory. In this fashion, we can exhaustively explore hierarchically structured state spaces whose flat counterparts cause memory overflows.
- We experimentally demonstrate the efficiency of our method with three examples - a multiplier, a cache coherence protocol, and a multiprocessor system. In the first two examples, we obtain significant improvements in run times and peak BDD sizes over traditional state-space search. The third example cannot be model checked at all using conventional methods (without manual abstractions), but can be analyzed fully automatically using transition hierarchies
Development of UAV as a Platform for Current and Future Dynamic Soaring Research
We address the ongoing development of a dynamic soaring (DS) capable unmanned aerial vehicle (UAV) platform optimized for minimal power consumption. This project has been funded by the Embry-Riddle Office of Undergraduate Research through the Ignite program. Dynamic soaring is a bio-inspired flight maneuver in which energy is extracted from the wind shear layer by flying through regions of varying wind speed. The objective of our project is to design an autonomous dynamic soaring flight controller and perform DS with a real-world UAV. Development of this project can be divided into three sub-categories: (1) the UAV platform, (2) flight simulations, and (3) the flight controller. The UAV platform is an FMS Fox Aerobatic Glider, a high aspect-ratio glider with a nose-mounted engine. A flight control system has been crafted to allow us to integrate our DS autopilot. In previous works we have created a 6-degree-of-freedom (6DoF) flight simulation environment in MATLAB and Simulink to develop and test DS flight controllers. The simulator can be adapted to integrate our current UAV by building a variable-fidelity aerodynamic model using computational fluid dynamics (CFD). Finally, we are developing a robust reinforcement-learning (RL) trained artificial intelligence (AI) that will optimize the path of the UAV to minimize power consumption. RL is performed in the simulator and the AI will be deployed on the UAV when complete. This presentation will discuss current progress as well as address challenges we face in the completion of our goals
Development of UAV as a Platform for Current and Future Dynamic Soaring Research
We address the final stages in the development of a dynamic soaring (DS) capable unmanned aerial vehicle (UAV). This project has been funded by the Embry-Riddle Office of Undergraduate Research through the Ignite program. Dynamic soaring is a bio-inspired flight maneuver in which energy is extracted by flying through regions of wind velocity gradient such as the wind shear layer. The objective of our project is to design an autonomous dynamic soaring flight controller through simulation, develop a DS capable UAV platform, and perform DS maneuvers in the real world. For simulation, a 6-degrees-of-freedom (6DoF) flight simulation environment in MATLAB and Simulink has been developed. Using computational fluid dynamics (CFD) a variable-fidelity aerodynamic model was obtained. The UAV platform is an FMS Fox Aerobatic Glider, a high aspect-ratio powered glider with a robust sensor suite and autonomous flight control system. Finally, we are developing a reinforcement-learning (RL) trained artificial intelligence (AI) that will optimize the path of the UAV to minimize power consumption. After completion, the UAV will be capable of testing future DS navigation systems. This presentation will discuss current progress as well as address challenges we face in the completion of our goals
StaticFixer: From Static Analysis to Static Repair
Static analysis tools are traditionally used to detect and flag programs that
violate properties. We show that static analysis tools can also be used to
perturb programs that satisfy a property to construct variants that violate the
property. Using this insight we can construct paired data sets of unsafe-safe
program pairs, and learn strategies to automatically repair property
violations. We present a system called \sysname, which automatically repairs
information flow vulnerabilities using this approach. Since information flow
properties are non-local (both to check and repair), \sysname also introduces a
novel domain specific language (DSL) and strategy learning algorithms for
synthesizing non-local repairs. We use \sysname to synthesize strategies for
repairing two types of information flow vulnerabilities, unvalidated dynamic
calls and cross-site scripting, and show that \sysname successfully repairs
several hundred vulnerabilities from open source {\sc JavaScript} repositories,
outperforming neural baselines built using {\sc CodeT5} and {\sc Codex}. Our
datasets can be downloaded from \url{http://aka.ms/StaticFixer}
Frustrated with Code Quality Issues? LLMs can Help!
As software projects progress, quality of code assumes paramount importance
as it affects reliability, maintainability and security of software. For this
reason, static analysis tools are used in developer workflows to flag code
quality issues. However, developers need to spend extra efforts to revise their
code to improve code quality based on the tool findings. In this work, we
investigate the use of (instruction-following) large language models (LLMs) to
assist developers in revising code to resolve code quality issues. We present a
tool, CORE (short for COde REvisions), architected using a pair of LLMs
organized as a duo comprised of a proposer and a ranker. Providers of static
analysis tools recommend ways to mitigate the tool warnings and developers
follow them to revise their code. The \emph{proposer LLM} of CORE takes the
same set of recommendations and applies them to generate candidate code
revisions. The candidates which pass the static quality checks are retained.
However, the LLM may introduce subtle, unintended functionality changes which
may go un-detected by the static analysis. The \emph{ranker LLM} evaluates the
changes made by the proposer using a rubric that closely follows the acceptance
criteria that a developer would enforce. CORE uses the scores assigned by the
ranker LLM to rank the candidate revisions before presenting them to the
developer. CORE could revise 59.2% Python files (across 52 quality checks) so
that they pass scrutiny by both a tool and a human reviewer. The ranker LLM is
able to reduce false positives by 25.8% in these cases. CORE produced revisions
that passed the static analysis tool in 76.8% Java files (across 10 quality
checks) comparable to 78.3% of a specialized program repair tool, with
significantly much less engineering efforts
- …