20 research outputs found
Modeling assembly program with constraints. A contribution to WCET problem
Dissertação para obtenção do Grau de Mestre em
Lógica ComputacionalModel checking with program slicing has been successfully applied to compute Worst Case
Execution Time (WCET) of a program running in a given hardware. This method lacks path
feasibility analysis and suffers from the following problems: The model checker (MC) explores exponential number of program paths irrespective of their feasibility. This limits the scalability of this method to multiple path programs. And the witness trace returned by the MC corresponding
to WCET may not be feasible (executable). This may result in a solution which is
not tight i.e., it overestimates the actual WCET.
This thesis complements the above method with path feasibility analysis and addresses these problems. To achieve this: we first validate the witness trace returned by the MC and generate test data if it is executable. For this we generate constraints over a trace and solve a constraint
satisfaction problem. Experiment shows that 33% of these traces (obtained while computing
WCET on standard WCET benchmark programs) are infeasible. Second, we use constraint
solving technique to compute approximate WCET solely based on the program (without taking into account the hardware characteristics), and suggest some feasible and probable worst case paths which can produce WCET. Each of these paths forms an input to the MC. The more precise WCET then can be computed on these paths using the above method. The maximum of all these is the WCET. In addition this, we provide a mechanism to compute an upper bound of
over approximation for WCET computed using model checking method. This effort of combining constraint solving technique with model checking takes advantages of their strengths and makes WCET computation scalable and amenable to hardware changes. We use our technique to compute WCET on standard benchmark programs from M¨alardalen University and compare our results with results from model checking method
Analysis and Transformation Tools for Constrained Horn Clause Verification
Several techniques and tools have been developed for verification of
properties expressed as Horn clauses with constraints over a background theory
(CHC). Current CHC verification tools implement intricate algorithms and are
often limited to certain subclasses of CHC problems. Our aim in this work is to
investigate the use of a combination of off-the-shelf techniques from the
literature in analysis and transformation of Constraint Logic Programs (CLPs)
to solve challenging CHC verification problems. We find that many problems can
be solved using a combination of tools based on well-known techniques from
abstract interpretation, semantics-preserving transformations, program
specialisation and query-answer transformations. This gives insights into the
design of automatic, more general CHC verification tools based on a library of
components.Comment: To appear in Theory and Practice of Logic Programming (TPLP
Decomposition by tree dimension in Horn clause verification
This volume contains the papers selected among those which were presented at
the 3rd International Workshop on Verification and Program Transformation (VPT
2015) held in London, UK, on April 11th, 2015. Previous editions of the
Workshop were held at Saint-Petersburg (Russia) in 2013, and Vienna (Austria)
in 2014.
Those papers show that methods and tools developed in the field of program
transformation such as partial evaluation and fold/unfold transformations, and
supercompilation, can be applied in the verification of software systems. They
also show how some program verification methods, such as model checking
techniques, abstract interpretation, SAT and SMT solving, and automated theorem
proving, can be used to enhance program transformation techniques, thereby
making these techniques more powerful and useful in practice
An iterative approach to precondition inference using constrained Horn clauses
We present a method for automatic inference of conditions on the initial
states of a program that guarantee that the safety assertions in the program
are not violated. Constrained Horn clauses (CHCs) are used to model the program
and assertions in a uniform way, and we use standard abstract interpretations
to derive an over-approximation of the set of unsafe initial states. The
precondition then is the constraint corresponding to the complement of that
set, under-approximating the set of safe initial states. This idea of
complementation is not new, but previous attempts to exploit it have suffered
from the loss of precision. Here we develop an iterative specialisation
algorithm to give more precise, and in some cases optimal safety conditions.
The algorithm combines existing transformations, namely constraint
specialisation, partial evaluation and a trace elimination transformation. The
last two of these transformations perform polyvariant specialisation, leading
to disjunctive constraints which improve precision. The algorithm is
implemented and tested on a benchmark suite of programs from the literature in
precondition inference and software verification competitions.Comment: Paper presented at the 34nd International Conference on Logic
Programming (ICLP 2018), Oxford, UK, July 14 to July 17, 2018 18 pages, LaTe
Regular Path Clauses and Their Application in Solving Loops
A well-established approach to reasoning about loops during program analysis is to capture the effect of a loop by extracting recurrences from the loop; these express relationships between the values of variables, or program properties such as cost, on successive loop iterations. Recurrence solvers are capable of computing closed forms for some recurrences, thus deriving precise relationships capturing the complete loop execution. However, many recurrences extracted from loops cannot be solved, due to their having multiple recursive cases or multiple arguments. In the literature, several techniques for approximating the solution of unsolvable recurrences have been proposed. The approach presented in this paper is to define transformations based on regular path expressions and loop counters that (i) transform multi-path loops to single-path loops, giving rise to recurrences with a single recursive case, and (ii) transform multi-argument recurrences to single-argument recurrences, thus enabling the use of recurrence solvers on the transformed recurrences. Using this approach, precise solutions can sometimes be obtained that are not obtained by approximation methods
Solving non-linear Horn clauses using a linear Horn clause solver
In this paper we show that checking satisfiability of a set of non-linear
Horn clauses (also called a non-linear Horn clause program) can be achieved
using a solver for linear Horn clauses. We achieve this by interleaving a
program transformation with a satisfiability checker for linear Horn clauses
(also called a solver for linear Horn clauses). The program transformation is
based on the notion of tree dimension, which we apply to a set of non-linear
clauses, yielding a set whose derivation trees have bounded dimension. Such a
set of clauses can be linearised. The main algorithm then proceeds by applying
the linearisation transformation and solver for linear Horn clauses to a
sequence of sets of clauses with successively increasing dimension bound. The
approach is then further developed by using a solution of clauses of lower
dimension to (partially) linearise clauses of higher dimension. We constructed
a prototype implementation of this approach and performed some experiments on a
set of verification problems, which shows some promise.Comment: In Proceedings HCVS2016, arXiv:1607.0403