Filters








83,145 Hits in 4.3 sec

A Precise and Abstract Memory Model for C Using Symbolic Values [chapter]

Frédéric Besson, Sandrine Blazy, Pierre Wilke
2014 Lecture Notes in Computer Science  
Our semantics builds upon a novel memory model leveraging a notion of symbolic values.  ...  Symbolic values are used by the semantics to delay the evaluation of operations and are normalised lazily to genuine values when needed.  ...  The VCC system [4] generates verification conditions using an abstract typed memory model [5] where the memory is a mapping from typed pointers (p ∈ T × B |u64| ) to structured C values.  ... 
doi:10.1007/978-3-319-12736-1_24 fatcat:26wv2aylrjd4nacifytzgck5ga

An Accurate Stack Memory Abstraction and Symbolic Analysis Framework for Executables

Kapil Anand, Khaled Elwazeer, Aparna Kotha, Matthew Smithson, Rajeev Barua, Angelos Keromytis
2013 2013 IEEE International Conference on Software Maintenance  
First, techniques are presented for recovering a precise and correct stack memory model in executables in presence of executable-specific artifacts such as indirect control transfers.  ...  Frameworks hitherto fail to simultaneously maintain the properties of correct representation and precise memory model and ignore memory-allocated variables while defining symbolic analysis mechanisms.  ...  for obtaining precise memory model and functional IR.  ... 
doi:10.1109/icsm.2013.20 dblp:conf/icsm/AnandEKSBK13 fatcat:peoxz33donc5teglukhaag32dq

Exploiting Pointer Analysis in Memory Models for Deductive Verification [article]

Bouillaguet Quentin, Bobot François, Sighireanu Mihaela and Yakobowski Boris
2018 arXiv   pre-print
We propose a framework based on memory models that captures the partitioning of memory inferred by pointer analyses, and complies with the memory models used to generate verification conditions.  ...  The paper focuses on the verification of C programs using pointers and it formalizes a cooperation between static analyzers doing pointer analysis and a deductive verification tool based on first order  ...  The memory model is modeled by a set of logic arrays, one for each symbolic block.  ... 
arXiv:1811.12515v1 fatcat:qhsdwaxf6fbd5h3iff7sx4rpba

A Memory Model for Static Analysis of C Programs [chapter]

Zhongxing Xu, Ted Kremenek, Jian Zhang
2010 Lecture Notes in Computer Science  
This paper proposes a memory modeling method that is particularly suitable for symbolic execution of C programs. It enables the symbolic execution to identify and track each memory object precisely.  ...  Automatic bug finding with static analysis requires precise tracking of different memory object values. This paper describes a memory modeling method for static analysis of C programs.  ...  Simulation of C Semantics With the region based memory model, we can simulate the C semantics precisely. We still use the semantics model in Section 4. But we extend it as follows.  ... 
doi:10.1007/978-3-642-16558-0_44 fatcat:f6bmycwjjbearmw55n2tu33xh4

Integrating Abstract Caches with Symbolic Pipeline Analysis

Stephan Wilhelm, Christoph Cullmann, Marc Herbstritt
2010 Worst-Case Execution Time Analysis  
For complex processors, task-level execution time bounds are obtained by a state space exploration which involves the abstract model and the program. Partial state space exploration is not sound.  ...  Symbolic methods using binary decision diagrams (BDDs) allow for a full state space exploration of the pipeline, thereby maintaining soundness.  ...  We thank Daniel Kästner and Reinhold Heckmann for proof-reading this paper and Marc Schlickling for providing information about the Motorola PowerPC 755 pipeline model.  ... 
doi:10.4230/oasics.wcet.2010.36 dblp:conf/wcet/WilhelmC10 fatcat:dlrsileu3nfupn6b5jafiuhic4

Optimizing automatic abstraction refinement for generalized symbolic trajectory evaluation

Yan Chen, Fei Xie, Jin Yang
2008 Proceedings of the 45th annual conference on Design automation - DAC '08  
We optimize both model refinement and spec refinement supported by AutoGSTE: a counterexample-guided refinement loop for GSTE.  ...  In this paper, we present a suite of optimizations targeting automatic abstraction refinement for Generalized Symbolic Trajectory Evaluation (GSTE).  ...  We plot the time and memory usage data for model refinement with and without the precise-nodes-withlifespans optimization in Figure 11 .  ... 
doi:10.1145/1391469.1391508 dblp:conf/dac/ChenXY08 fatcat:x7d3d4exjzahdaio7ydn2t5qfi

A Concrete Memory Model for CompCert [chapter]

Frédéric Besson, Sandrine Blazy, Pierre Wilke
2015 Lecture Notes in Computer Science  
This paper presents the proof of an enhanced and more concrete memory model for the CompCert C compiler which assigns a definite meaning to more C programs.  ...  We prove that the existing memory model is an abstraction of our more concrete model thus validating formally the soundness of CompCert's abstract semantics of pointers.  ...  Motivation for an Enhanced Memory Model Our memory model with symbolic expressions [3] gives a precise semantics to low-level C idioms which cannot be modelled by the existing memory model.  ... 
doi:10.1007/978-3-319-22102-1_5 fatcat:szsefeh2greerk7jozunjmafba

Gillian, part i: a multi-language platform for symbolic execution

José Fragoso Santos, Petar Maksimović, Sacha-Élie Ayoun, Philippa Gardner
2020 Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation  
We instantiate Gillian to obtain trusted symbolic testing tools for JavaScript and C, and use these tools to find bugs in real-world code, thus demonstrating the viability of our parametric approach.  ...  We prove a parametric soundness result, introducing restriction on abstract states, which generalises path conditions used in classical symbolic execution.  ...  Fragoso Santos, Gardner, and Maksimović were partially supported by the EPSRC Programme Grant 'REMS: Rigorous Engineering for Mainstream Systems' (EP/K008528/1) and the EP-SRC Fellowship 'VetSpec: Verified  ... 
doi:10.1145/3385412.3386014 dblp:conf/pldi/SantosMAG20 fatcat:6sm3bdduivh4tet5uzaqtgrgqi

Scalable and precise refinement of cache timing analysis via path-sensitive verification

Sudipta Chattopadhyay, Abhik Roychoudhury
2013 Real-time systems  
Our modeling is used to develop a precise yet scalable timing analysis method on top of the Chronos WCET analysis tool.  ...  In this paper, we propose a novel analysis framework by combining abstract interpretation and program verification for different varieties of cache analysis ranging from single to multi-core platforms.  ...  Acknowledgements This work was partially supported by A*STAR Public Sector Funding Project Number 1121202007 -"Scalable Timing Analysis Methods for Embedded Software".  ... 
doi:10.1007/s11241-013-9178-0 fatcat:ujsoyngfvvgilehsp3arp642bq

SmacC: A Retargetable Symbolic Execution Engine [chapter]

Armin Biere, Jens Knoop, Laura Kovács, Jakob Zwirchmayr
2013 Lecture Notes in Computer Science  
SmacC is a symbolic execution engine for C programs. It can be used for program verification, bounded model checking and generating SMT benchmarks.  ...  SmacC uses the logic for bit-vectors with arrays to construct a bit-precise memorymodel of a program for path-wise exploration.  ...  The program memory is a collection of symbolic values and modeled by a contiguous array.  ... 
doi:10.1007/978-3-319-02444-8_40 fatcat:qsnedy6xnja2jetlowlxvnsj24

Static Timing Analysis for Hard Real-Time Systems [chapter]

Reinhard Wilhelm, Sebastian Altmeyer, Claire Burguière, Daniel Grund, Jörg Herter, Jan Reineke, Björn Wachter, Stephan Wilhelm
2010 Lecture Notes in Computer Science  
The architectural platform also determines the precision and the complexity of timing analysis.  ...  Processor components such as caches, out-of-order pipelines, and speculation cause a large variation of the execution time of instructions, which may induce a large variability of a task's execution time  ...  The computed information is used for a precise data-cache analysis and in the subsequent control-flow analysis. Value analysis is the only one to use an abstraction of the processor's arithmetic.  ... 
doi:10.1007/978-3-642-11319-2_3 fatcat:jwplu7okyfckznjljrevsbqknq

Static verification for memory safety of Linux kernel drivers

A. A. Vasilyev
2019 Proceedings of the Institute for System Programming of RAS  
Also, we changed precision of a CPAchecker memory model from bytes to bits and supported structure alignment similar to the GCC compiler.  ...  Limitations of current tools for static verification disallow to analyze the Linux kernel as a whole, so we use a simplified automatically generated environment model.  ...  Nodes are used for symbolic values, memory regions and abstracted structures representation. Edges show references between nodes and are divided into point-to edges for pointers and has-value edges.  ... 
doi:10.15514/ispras-2016-30(6)-8 doaj:fa6ae6986abf4e148b038f374d370ad6 fatcat:zx4kvkyaqzao3a7ygn6rt3af74

The ASTREÉ Analyzer [chapter]

Patrick Cousot, Radhia Cousot, Jerôme Feret, Laurent Mauborgne, Antoine Miné, David Monniaux, Xavier Rival
2005 Lecture Notes in Computer Science  
ASTRÉE is an abstract interpretation-based static program analyzer aiming at proving automatically the absence of run time errors in programs written in the C programming language.  ...  It has been applied with success to large embedded control-command safety critical realtime software generated automatically from synchronous specifications, producing a correctness proof for complex software  ...  We warmly thank Bruno Blanchet for his contribution to ASTRÉE.  ... 
doi:10.1007/978-3-540-31987-0_3 fatcat:6ku3gny34bemtd7fmksc4ig26e

Page 4494 of Mathematical Reviews Vol. , Issue 97G [page]

1997 Mathematical Reviews  
We present two efficient algorithms that produce precise solutions: an exhaustive algorithm that finds values for all symbols at all program points, and a demand algorithm that finds the value for an individual  ...  97g:68023 97g:68023 68NO05 03B70 68-02 68Q60 68Q68 Dams, Dennis René (NL-EINDM; Eindhoven) * Abstract interpretation and partition refinement for model checking.  ... 

Introduction to generalized symbolic trajectory evaluation

Jin Yang, C.-J.H. Seger
2003 IEEE Transactions on Very Large Scale Integration (vlsi) Systems  
ACKNOWLEDGMENT We would like to thank C.-T. Chou, H. Yang, A.-J. Hu and the reviewers for reading the paper and providing many valuable suggestions.  ...  Seger Abstract-Symbolic trajectory evaluation (STE) is a lattice-based model checking technology that uses a form of symbolic simulation.  ...  For the adder example, the antecedent label on the first edge uses symbolic constants and to encode all possible boolean values for nodes and while assigning to .  ... 
doi:10.1109/tvlsi.2003.812320 fatcat:wsx4z7cmyzgxpjmgwjaruniejy
« Previous Showing results 1 — 15 out of 83,145 results