Filters








1,140 Hits in 4.2 sec

Invariant Generation through Strategy Iteration in Succinctly Represented Control Flow Graphs

Thomas Gawlitza, David Monniaux, Gilles Barthe
2012 Logical Methods in Computer Science  
Another well-known source of imprecision of traditional abstract interpretation techniques stems from their use of join operators at merge nodes in the control flow graph.  ...  Such invariants can be obtained by Kleene iterations that are, in order to guarantee termination, accelerated by widening operators.  ...  at join nodes in the control flow graph.  ... 
doi:10.2168/lmcs-8(3:29)2012 fatcat:daswv22kazh2xdk67ftzit4nze

Using Bounded Model Checking to Focus Fixpoint Iterations [chapter]

David Monniaux, Laure Gonnord
2011 Lecture Notes in Computer Science  
Two classical sources of imprecision in static analysis by abstract interpretation are widening and merge operations.  ...  Our method combines well with acceleration techniques, thus doing away with widenings as well in some cases.  ...  Figure 1 : 1 Control flow graph corresponding to listing 2.  ... 
doi:10.1007/978-3-642-23702-7_27 fatcat:d2its6ygwbdk3hj5iic37htuuy

Using Bounded Model Checking to Focus Fixpoint Iterations [article]

David Monniaux
2011 arXiv   pre-print
Two classical sources of imprecision in static analysis by abstract interpretation are widening and merge operations.  ...  In this article, we describe how to avoid such systematic exploration by focusing on a single path at a time, designated by SMT-solving.  ...  Figure 1 : 1 Control flow graph corresponding to listing 2.  ... 
arXiv:1106.2637v1 fatcat:3mzhkdyyejbrbe7csqvr2ujvwu

Succinct Representations for Abstract Interpretation [chapter]

Julien Henry, David Monniaux, Matthieu Moy
2012 Lecture Notes in Computer Science  
We improve previously proposed techniques for guided static analysis and the generation of disjunctive invariants by combining them with techniques for succinct representations of paths and symbolic representations  ...  In forward analysis, control-flow joins correspond to convex hulls if using convex polyhedra (more generally, they correspond to least upper bounds in a lattice); in backward analysis, it is control-flow  ...  This means we work on an implicitly represented transition multigraph ; it is succinctly represented by the transition graph of the first program.  ... 
doi:10.1007/978-3-642-33125-1_20 fatcat:x2yfbbbczrdz5jkzxgoo5b4fq4

Succinct Representations for Abstract Interpretation [article]

Julien Henry , Matthieu Moy
2012 arXiv   pre-print
We improve previously proposed techniques for guided static analysis and the generation of disjunctive invariants by combining them with techniques for succinct representations of paths and symbolic representations  ...  In forward analysis, control-flow joins correspond to convex hulls if using convex polyhedra (more generally, they correspond to least upper bounds in a lattice); in backward analysis, it is control-flow  ...  This means we work on an implicitly represented transition multigraph ; it is succinctly represented by the transition graph of the first program.  ... 
arXiv:1206.4234v1 fatcat:kemhgf7hvzevlgx7aoor7nz57a

Speeding Up Logico-Numerical Strategy Iteration (extended version) [article]

David Monniaux, Peter Schrammel
2014 arXiv   pre-print
The strongest inductive invariant in such an abstract domain may be computed by upward strategy iteration.  ...  We therefore propose a modification of the strategy iteration algorithm where the strategies are stored succinctly, and the linear programs to be solved at each iteration step are simplified according  ...  all cycles in the control-flow graph, e.g. all loop heads within a structured program.  ... 
arXiv:1403.2319v2 fatcat:5skr4iixbbdgnnsla755whel3i

Infinite horizon safety controller synthesis through disjunctive polyhedral abstract interpretation

Hadi Ravanbakhsh, Sriram Sankaranarayanan
2014 Proceedings of the 14th International Conference on Embedded Software - EMSOFT '14  
Next, we focus on the automatic generation of controller implementation from the abstract interpretation results.  ...  Complementing this set yields the set of controllable states, starting from which, the safety property can be guaranteed by an appropriate controller feedback function.  ...  A few disjunctive domains used in program analysis include trace partitioning schemes that annotate polyhedra with fragments of the path taken through the control-flow graph [23] , disjunctive polyhedral  ... 
doi:10.1145/2656045.2656060 dblp:conf/emsoft/RavanbakhshS14 fatcat:kjsdiz57x5awrjlrs36txmexgi

Learning to Find Proofs and Theorems by Learning to Refine Search Strategies [article]

Jonathan Laurent, André Platzer
2022 arXiv   pre-print
We illustrate our approach on the problem of loop invariant synthesis for imperative programs and using neural networks to refine both the teacher and solver strategies.  ...  An analogous teacher agent is self-training to generate tasks of suitable relevance and difficulty for the learner.  ...  Table 7 : Some examples of problems generated by the teacher. We show the associated invariants for clarity but those should of course be hidden before problems are sent to the solver agent.  ... 
arXiv:2205.14229v2 fatcat:ddibp6mzabeyjj4qo265me2hq4

Integer Range Analysis for Whiley on Embedded Systems

David J. Pearce
2015 2015 IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops  
However, the presence of loop and data type invariants in Whiley means that loops can be handled quickly and precisely.  ...  In this paper, we present a technique for range analysis of integer variables in Whiley.  ...  They employ integer ranges in an unusual fashion to bound the number of iterations of each node in the control-flow graph.  ... 
doi:10.1109/isorcw.2015.54 dblp:conf/isorc/Pearce15 fatcat:qeoahzb7tnfw3dlb73o36w4cae

Precise Specification of Design Pattern Structure and Behaviour [chapter]

Ashley Sterritt, Siobhán Clarke, Vinny Cahill
2010 Lecture Notes in Computer Science  
In this paper, the meaning of the presented invariants is formalized and relevant ambiguities in the UML Standard are clarified.  ...  In particular, in a review of existing work, three invariant categories were found to be inexpressible in state-of-the-art DP-SLs: dependency, object state and data-structure.  ...  This work was supported, in part, by Science Foundation Ireland grant 03/CE2/I3031 to Lero -The Irish Software Engineering Research Centre (www.lero.ie).  ... 
doi:10.1007/978-3-642-13595-8_22 fatcat:4iz3dfn27zcxrimp6kq6qu4xbm

Ranking Abstraction as Companion to Predicate Abstraction [chapter]

Ittai Balaban, Amir Pnueli, Lenore D. Zuck
2005 Lecture Notes in Computer Science  
The paper presents strategies for determining which case is at hand.  ...  Deductive proof of progress properties requires well-founded ranking functions instead of invariants. We show how to obtain concrete global ranking functions from abstract programs.  ...  This research was supported in part by NSF grant CCR-0205571, ONR grant N00014-99-1-0131, and Israel Science Foundation grant 106/02-1.  ... 
doi:10.1007/11562436_1 fatcat:e67p72wepregfo2arjdkoabqhy

Data Flow Program Graphs

Davis, Keller
1982 Computer  
Iteration can be achieved through cyclic data flow graphs. The body of the iteration is initially activated by a token that arrives on the input of the graph.  ...  In one approach, a constantproducing node N can contain a graph, which is conceived as the value of a token flowing from N. The graph generally flows through conditionals, etc.  ... 
doi:10.1109/mc.1982.1653939 fatcat:iftxtmdudzgylfpv62twkynazy

Solver-Aided Constant-Time Circuit Verification [article]

Rami Gokhan Kici and Klaus v. Gleissenthall and Deian Stefan and Ranjit Jhala
2021 arXiv   pre-print
We present Xenon, a solver-aided method for formally verifying that Verilog hardware executes in constant-time.  ...  variety of circuits including AES, a highly modular AES-256 implementation where modularity cuts verification from six hours to under three seconds, and ScarV, a timing channel hardened RISC-V micro-controller  ...  Solid edges represent data-, and dashed edges represent control dependencies.  ... 
arXiv:2104.00461v1 fatcat:rpkzyxlss5billotbqinhp35lu

Software model checking

Ranjit Jhala, Rupak Majumdar
2009 ACM Computing Surveys  
This marked a trend toward automating the more mundane parts, leaving the human to provide guidance to an automatic tool (for example, through loop invariants and function pre-and post-conditions [Dijkstra  ...  Also, just because the general problem is undecidable does not imply that specific instances of the problem will also be hard.  ...  This work was sponsored in part by the National Science Foundation grants CCF-0546170, CCF-0702743, and CNS-0720881.  ... 
doi:10.1145/1592434.1592438 fatcat:hxexhmlpxjbx3hqlfh3o4bzz4u

Synthesizing parallel graph programs via automated planning

Dimitrios Prountzos, Roman Manevich, Keshav Pingali
2015 SIGPLAN notices  
In this way, we obtain an integrated compilation approach for a very challenging problem domain.  ...  We describe a system that uses automated planning to synthesize correct and efficient parallel graph programs from high-level algorithmic specifications.  ...  Since the average node degree is small and uniform, a simple strategy of iterating through all neighbors can incur less overhead than a more elaborate strategy that tries to find the right set of neighbors  ... 
doi:10.1145/2813885.2737953 fatcat:dfdt6paolrfdvlbttnm4anzqoa
« Previous Showing results 1 — 15 out of 1,140 results