Filters








14,454 Hits in 4.0 sec

Program analysis via satisfiability modulo path programs

William R. Harris, Sriram Sankaranarayanan, Franjo Ivančić, Aarti Gupta
2010 Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '10  
We present a program analysis technique that we call Satisfiability Modulo Path Programs (SMPP), based on a path-based decomposition of a program.  ...  It is inspired by insights that have driven the development of modern SMT (Satisfiability Modulo Theory) solvers.  ...  Conclusion We have presented the Satisfiability Modulo Path Programs (SMPP) approach to program analysis, which lifts to the architecture of SMT solvers to path-sensitive program analysis.  ... 
doi:10.1145/1706299.1706309 dblp:conf/popl/HarrisSIG10 fatcat:qb3lyc4a2zhinjiii2m6aqjema

Program analysis via satisfiability modulo path programs

William R. Harris, Sriram Sankaranarayanan, Franjo Ivančić, Aarti Gupta
2010 SIGPLAN notices  
We present a program analysis technique that we call Satisfiability Modulo Path Programs (SMPP), based on a path-based decomposition of a program.  ...  It is inspired by insights that have driven the development of modern SMT (Satisfiability Modulo Theory) solvers.  ...  Conclusion We have presented the Satisfiability Modulo Path Programs (SMPP) approach to program analysis, which lifts to the architecture of SMT solvers to path-sensitive program analysis.  ... 
doi:10.1145/1707801.1706309 fatcat:h2ftsjc56zgbrlrlrk5mewdsnm

SmacC: A Retargetable Symbolic Execution Engine [chapter]

Armin Biere, Jens Knoop, Laura Kovács, Jakob Zwirchmayr
2013 Lecture Notes in Computer Science  
SmacC uses the logic for bit-vectors with arrays to construct a bit-precise memorymodel of a program for path-wise exploration.  ...  More recently we also successfully applied SmacC for high-level timing analysis of programs to infer exact loop bounds and safe over-approximations.  ...  It derives verification conditions for program statements and expressions, expressed as satisfiability modulo theory (SMT) formulas in the logic of bit-vectors with arrays.  ... 
doi:10.1007/978-3-319-02444-8_40 fatcat:qsnedy6xnja2jetlowlxvnsj24

Model Counting Modulo Theories [article]

Quoc-Sang Phan
2015 arXiv   pre-print
These techniques are scalable to real-world programs, and illustrative case studies include C programs from Linux kernel, a Java program from a European project and anonymity protocols.  ...  In this thesis, we present a novel approach to the problem by reducing it to a model counting problem on first-order logic, which we name Model Counting Modulo Theories or #SMT for brevity.  ...  So the program leaks via both implicit and explicit flows.  ... 
arXiv:1504.02796v1 fatcat:vf5khgpgkfdqvhhdsivlmb4f5y

How to compute worst-case execution time by optimization modulo theory and a clever encoding of program semantics

Julien Henry, Mihail Asavoae, David Monniaux, Claire Maïza
2014 Proceedings of the 2014 SIGPLAN/SIGBED conference on Languages, compilers and tools for embedded systems - LCTES '14  
We experimented our approach on a variety of control programs, using the OTAWA analyzer both as baseline and as underlying microarchitectural analysis for our analysis, and show notable improvement on  ...  the WCET bound on a variety of benchmarks and control programs.  ...  Optimization modulo theory extends satisfiability modulo theory (SMT) to maximization problems.  ... 
doi:10.1145/2597809.2597817 dblp:conf/lctrts/HenryAMM14 fatcat:ai265vopxzfxhcx5mt3jxdtldq

How to compute worst-case execution time by optimization modulo theory and a clever encoding of program semantics

Julien Henry, Mihail Asavoae, David Monniaux, Claire Maïza
2014 SIGPLAN notices  
We experimented our approach on a variety of control programs, using the OTAWA analyzer both as baseline and as underlying microarchitectural analysis for our analysis, and show notable improvement on  ...  the WCET bound on a variety of benchmarks and control programs.  ...  Optimization modulo theory extends satisfiability modulo theory (SMT) to maximization problems.  ... 
doi:10.1145/2666357.2597817 fatcat:xaeddgjiorgqnnk3ojn37ixf2e

How to Compute Worst-Case Execution Time by Optimization Modulo Theory and a Clever Encoding of Program Semantics [article]

Julien Henry, David Monniaux
2014 arXiv   pre-print
Optimization modulo theory extends satisfiability modulo theory (SMT) to maximization problems.  ...  We experimented our approach on a variety of control programs, using the OTAWA analyzer both as baseline and as underlying microarchitectural analysis for our analysis, and show notable improvement on  ...  Conclusion We have shown that optimization using satisfiability modulo theory (SMT) is a workable approach for bounding the worst-case execution time of loop-free programs (or programs where loops can  ... 
arXiv:1405.7962v1 fatcat:stbzfw7rera7ncbdy6mncxtgra

Fairness Modulo Theory: A New Approach to LTL Software Model Checking [chapter]

Daniel Dietsch, Matthias Heizmann, Vincent Langenfeld, Andreas Podelski
2015 Lecture Notes in Computer Science  
The idea is to select finite prefixes of a path and check these for infeasibility before considering the full infinite path.  ...  ., to statically analyze a program and verify a temporal property from the full class of LTL including general liveness properties) which aims at exploiting this fact.  ...  In the setting of [42] , the existence of a program execution that violates a given safety property is proven via the reachability of an error location of the program along a feasible path.  ... 
doi:10.1007/978-3-319-21690-4_4 fatcat:fbisyn7olve6rj76nbcfdtgjzu

Information Reuse for Multi-goal Reachability Analyses [chapter]

Dirk Beyer, Andreas Holzer, Michael Tautschnig, Helmut Veith
2013 Lecture Notes in Computer Science  
We show the practical use of our multi-goal reachability analysis in a predicate-abstraction-based test-input generator for the test-specification language FQL.  ...  We represent test goals as automata and exploit relations between automata in order to reuse existing reachability information for the analysis of subsequent test goals.  ...  Via ϕ s we obtain a set [[s]] of concrete program states.  ... 
doi:10.1007/978-3-642-37036-6_26 fatcat:vw3zvxkjljdqregkkdx2dluufm

Debugging as a Science, that too, when your Program is Changing

Abhik Roychoudhury
2010 Electronical Notes in Theoretical Computer Science  
We show how symbolic execution and Satisfiability Modulo Theories (SMT) solvers can be gainfully employed to greatly automate software debugging of evolving programs.  ...  Program debugging is an extremely time-consuming process, and it takes up a large portion of software development time.  ...  Our advocated method for debugging evolving programs is built on symbolic execution and Satisfiability Modulo Theory (SMT) formula solving.  ... 
doi:10.1016/j.entcs.2010.08.045 fatcat:egj2dx6ogbh6rhafus7a74uqiu

Shape Neutral Analysis of Graph-based Data-structures [article]

Gregory J. Duck and Joxan Jaffar and Roland H. C. Yap
2018 arXiv   pre-print
We present an implementation that uses the Satisfiability Modulo Constraint Handling Rules (SMCHR) system. Experimental results show that our approach works well for real-world C programs.  ...  In this paper we present a constraint-based program analysis that checks data-structure integrity, w.r.t. given target data-structure properties, as the heap is manipulated by the program.  ...  Goals generated by program analysis can then be solved using the Satisfiability Modulo Constraint Handling Rules (SMCHR) system.  ... 
arXiv:1804.09352v2 fatcat:hg5oxf3obrhtzojokpfsaxwsqe

Analyzing Loop Paths for Execution Time Estimation [chapter]

Abhik Roychoudhury, Tulika Mitra, Hemendra Singh Negi
2005 Lecture Notes in Computer Science  
We employ constraint propagation methods to detect infeasible paths spanning across loop iterations. Our timing analysis is exact modulo the infeasible path information provided.  ...  In this paper, we study the problem of accurately bounding the execution time of a program loop. This involves infeasible path detection followed by timing analysis.  ...  The algorithm is exact modulo the infeasible path information provided (via our infeasible path detection method).  ... 
doi:10.1007/11604655_53 fatcat:ojpmcx4ltbfvtfgckvhppkbl7i

Confluence Modulo Equivalence in Constraint Handling Rules [chapter]

Henning Christiansen, Maja H. Kirkeby
2015 Lecture Notes in Computer Science  
Proofs of confluence are demonstrated for programs with redundant data representation, e.g., sets-as-lists, for dynamic programming algorithms with pruning as well as a Union-Find program, which are not  ...  This allows a much larger class of programs to enjoy the advantages of confluence, which include various optimization techniques and simplified correctness proofs.  ...  To simplify the program, a path is represented in reverse order.  ... 
doi:10.1007/978-3-319-17822-6_3 fatcat:yvq3l3fo3zfptctml56ohzhitm

Bringing CP, SAT and SMT together: Next Challenges in Constraint Solving (Dagstuhl Seminar 19062)

Sébastien Bardin, Nikolaj Bjørner, Cristian Cadar, Michael Wagner
2019 Dagstuhl Reports  
Constraint solving is at the heart of several key technologies, including program analysis, testing, formal methods, compilers, security analysis, optimization, and AI.  ...  This report documents the program and the outcomes of Dagstuhl Seminar 19062 "Bringing CP, SAT and SMT together: Next Challenges in Constraint Solving", whose main goals were to bring together leading  ...  of symbolic program analysis.  ... 
doi:10.4230/dagrep.9.2.27 dblp:journals/dagstuhl-reports/BardinBC19 fatcat:dyyxj6wc2newfkeayoj7x4lnbe

Hunting for Re-Entrancy Attacks in Ethereum Smart Contracts via Static Analysis [article]

Yuichiro Chinen and Naoto Yanai and Jason Paul Cruz and Shingo Okamura
2020 arXiv   pre-print
In this paper, we present a static analysis tool named RA (Re-entrancy Analyzer), a combination of symbolic execution and equivalence checking by a satisfiability modulo theories solver to analyze smart  ...  Ethereum smart contracts are programs that are deployed and executed in a consensus-based blockchain managed by a peer-to-peer network.  ...  These advantages are achieved via integration of symbolic execution and equivalence checking with a satisfiability modulo theories (SMT) solver.  ... 
arXiv:2007.01029v1 fatcat:o3f4u5yh35bs3i7y4p6zcw6axa
« Previous Showing results 1 — 15 out of 14,454 results