Scaling Bounded Model Checking By Transforming Programs With Arrays

Bounded Model Checking is one the most successful techniques for finding bugs in program. However, model checkers are resource hungry and are often unable to verify programs with loops iterating over large arrays.We present a transformation that enables bounded model checkers to verify a certain class of array properties. Our technique transforms an array-manipulating (ANSI-C) program to an array-free and loop-free (ANSI-C) program thereby reducing the resource requirements of a model checker significantly. Model checking of the transformed program using an off-the-shelf bounded model checker simulates the loop iterations efficiently. Thus, our transformed program is a sound abstraction of the original program and is also precise in a large number of cases - we formally characterize the class of programs for which it is guaranteed to be precise. We demonstrate the applicability and usefulness of our technique on both industry code as well as academic benchmarks

Efficient Certified RAT Verification

Clausal proofs have become a popular approach to validate the results of SAT solvers. However, validating clausal proofs in the most widely supported format (DRAT) is expensive even in highly optimized implementations. We present a new format, called LRAT, which extends the DRAT format with hints that facilitate a simple and fast validation algorithm. Checking validity of LRAT proofs can be implemented using trusted systems such as the languages supported by theorem provers. We demonstrate this by implementing two certified LRAT checkers, one in Coq and one in ACL2

Rich Counter-Examples for Temporal-Epistemic Logic Model Checking

Model checking verifies that a model of a system satisfies a given property, and otherwise produces a counter-example explaining the violation. The verified properties are formally expressed in temporal logics. Some temporal logics, such as CTL, are branching: they allow to express facts about the whole computation tree of the model, rather than on each single linear computation. This branching aspect is even more critical when dealing with multi-modal logics, i.e. logics expressing facts about systems with several transition relations. A prominent example is CTLK, a logic that reasons about temporal and epistemic properties of multi-agent systems. In general, model checkers produce linear counter-examples for failed properties, composed of a single computation path of the model. But some branching properties are only poorly and partially explained by a linear counter-example. This paper proposes richer counter-example structures called tree-like annotated counter-examples (TLACEs), for properties in Action-Restricted CTL (ARCTL), an extension of CTL quantifying paths restricted in terms of actions labeling transitions of the model. These counter-examples have a branching structure that supports more complete description of property violations. Elements of these counter-examples are annotated with parts of the property to give a better understanding of their structure. Visualization and browsing of these richer counter-examples become a critical issue, as the number of branches and states can grow exponentially for deeply-nested properties. This paper formally defines the structure of TLACEs, characterizes adequate counter-examples w.r.t. models and failed properties, and gives a generation algorithm for ARCTL properties. It also illustrates the approach with examples in CTLK, using a reduction of CTLK to ARCTL. The proposed approach has been implemented, first by extending the NuSMV model checker to generate and export branching counter-examples, secondly by providing an interactive graphical interface to visualize and browse them.Comment: In Proceedings IWIGP 2012, arXiv:1202.422

Search for CP violation in D0 and D+ decays

A high statistics sample of photoproduced charm particles from the FOCUS (E831) experiment at Fermilab has been used to search for CP violation in the Cabibbo suppressed decay modes D+ to K-K+pi+, D0 to K-K+ and D0 to pi-pi+. We have measured the following CP asymmetry parameters: A_CP(K-K+pi+) = +0.006 +/- 0.011 +/- 0.005, A_CP(K-K+) = -0.001 +/- 0.022 +/- 0.015 and A_CP(pi-pi+) = +0.048 +/- 0.039 +/- 0.025 where the first error is statistical and the second error is systematic. These asymmetries are consistent with zero with smaller errors than previous measurements.Comment: 12 pages, 4 figure

New FOCUS results on charm mixing and CP violation

We present a summary of recent results on CP violation and mixing in the charm quark sector based on a high statistics sample collected by photoproduction experiment FOCUS (E831 at Fermilab). We have measured the difference in lifetimes for the $D^0$ decays: $D^0 \to K^-\pi^+$ and $D^0 \to K^-K^+$. This translates into a measurement of the $y_{CP}$ mixing parameter in the \d0d0 system, under the assumptions that $K^-K^+$ is an equal mixture of CP odd and CP even eigenstates, and CP violation is negligible in the neutral charm meson system. We verified the latter assumption by searching for a CP violating asymmetry in the Cabibbo suppressed decay modes $D^+ \to K^-K^+\pi^+$, $D^0 \to K^-K^+$ and $D^0 \to \pi^-\pi^+$. We show preliminary results on a measurement of the branching ratio $\Gamma(D^{*+}\to \pi^+ (K^+\pi^-))/\Gamma(D^{*+}\to \pi^+ (K^-\pi^+))$.Comment: 9 pages, 6 figures, requires espcrc2.sty. Presented by S.Bianco at CPConf2000, September 2000, Ferrara (Italy). In this revision, fixed several stylistic flaws, add two significant references, fixed a typo in Tab.

Dalitz Plot Analysis of the Decay D^+ --> K^- pi^+ pi^+ and Indication of a Low-Mass Scalar K pi Resonance

We study the Dalitz plot of the decay D^+ --> K^- pi^+ pi^+ with a sample of 15090 events from Fermilab experiment E791. Modeling the decay amplitude as the coherent sum of known K pi resonances and a uniform nonresonant term, we do not obtain an acceptable fit. If we allow the mass and width of the K^*_0(1430) to float, we obtain values consistent with those from PDG but the chi^2 per degree of freedom of the fit is still unsatisfactory. A good fit is found when we allow for the presence of an additional scalar resonance, with mass 797 +/- 19 +/- 43 MeV/c^2 and width 410 +/- 43 +/- 87 MeV/c^2. The mass and width of the K^*_0(1430) become 1459 +/- 7 +/- 5 MeV/c^2 and 175 +/- 12 +/- 12 MeV/c^2, respectively. Our results provide new information on the scalar sector in hadron spectroscopy.Comment: Accepted for publication in Physical Review Letter

The Target Silicon Detector for the FOCUS Spectrometer

We describe a silicon microstrip detector interleaved with segments of a beryllium oxide target which was used in the FOCUS photoproduction experiment at Fermilab. The detector was designed to improve the vertex resolution and to enhance the reconstruction efficiency of short-lived charm particles.Comment: 18 pages, 14 figure

Search for CP violation in D0 and D+ decays

A high statistics sample of photoproduced charm particles from the FOCUS (E831) experiment at Fermilab has been used to search for CP violation in the Cabibbo suppressed decay modes D+ to K-K+pi+, D0 to K-K+ and D0 to pi-pi+. We have measured the following CP asymmetry parameters: A_CP(K-K+pi+) = +0.006 +/- 0.011 +/- 0.005, A_CP(K-K+) = -0.001 +/- 0.022 +/- 0.015 and A_CP(pi-pi+) = +0.048 +/- 0.039 +/- 0.025 where the first error is statistical and the second error is systematic. These asymmetries are consistent with zero with smaller errors than previous measurements.Comment: 12 pages, 4 figure

Study of the Ds+→π−π+π+D^+_s \to \pi^- \pi^+ \pi^+ decay and measurement of f0f_0 masses and widths

From a sample of 848 $\pm$ 44 $D_s^+ \to \pi^- \pi^+ \pi^+$ decays, we find $\Gamma(D_s^+ \to \pi^- \pi^+ \pi^+) / \Gamma(D_s^+ \to \phi \pi^+) = 0.245 \pm 0.028^{+0.019}_{-0.012}$. Using a Dalitz plot analysis of this three body decay, we find significant contributions from the channels $\rho^0(770)\pi^+$, $\rho^0(1450)\pi^+$, $f_0(980)\pi^+$, $f_2(1270)\pi^+$, and $f_0(1370)\pi^+$. We present also the values obtained for masses and widths of the resonances $f_0(980)$ and $f_0(1370)$.Comment: 10 pages, 3 eps figure