Filters








1,869 Hits in 2.0 sec

A combination framework for tracking partition sizes

Sumit Gulwani, Tal Lev-Ami, Mooly Sagiv
2009 SIGPLAN notices  
We describe an abstract interpretation based framework for proving relationships between sizes of memory partitions. Instances of this framework can prove traditional properties such as memory safety and program termination but can also establish upper bounds on usage of dynamically allocated memory. Our framework also stands out in its ability to prove properties of programs manipulating both heap and arrays which is considered a difficult task. Technically, we define an abstract domain that
more » ... parameterized by an abstract domain for tracking memory partitions (sets of memory locations) and by a numerical abstract domain for tracking relationships between cardinalities of the partitions. We describe algorithms to construct the transfer functions for the abstract domain in terms of the corresponding transfer functions of the parameterized abstract domains. A prototype of the framework was implemented and used to prove interesting properties of realistic programs, including programs that could not have been automatically analyzed before.
doi:10.1145/1594834.1480912 fatcat:rjdjh22tlvexpobhqalb6jx7ly

Abstract Transformers for Thread Correlation Analysis [chapter]

Michal Segalov, Tal Lev-Ami, Roman Manevich, Ramalingam Ganesan, Mooly Sagiv
2009 Lecture Notes in Computer Science  
We present a new technique for speeding up static analysis of (shared memory) concurrent programs. We focus on analyses that compute thread correlations: such analyses infer invariants that capture correlations between the local states of different threads (as well as the global state). Such invariants are required for verifying many natural properties of concurrent programs. Tracking correlations between different thread states, however, is very expensive. A significant factor that makes such
more » ... nalysis expensive is the cost of applying abstract transformers. In this paper, we introduce a technique that exploits the notion of footprints and memoization to compute individual abstract transformers more efficiently. We have implemented this technique in our concurrent shape analysis framework. We have used this implementation to prove properties of fine-grained concurrent programs with a shared, mutable, heap in the presence of an unbounded number of objects and threads. The properties we verified include memory safety, data structure invariants, partial correctness, and linearizability. Our empirical evaluation shows that our new technique reduces the analysis time significantly (e.g., by a factor of 35 in one case).
doi:10.1007/978-3-642-10672-9_5 fatcat:5h3drclntzacxgiti7xe3upm6a

Putting static analysis to work for verification

Tal Lev-Ami, Thomas Reps, Mooly Sagiv, Reinhard Wilhelm
2000 Software engineering notes  
We study how program analysis can be used to: • Automatically prove partial correctness of correct programs. • Discover, locate, and diagnose bugs in incorrect programs. Specifically, we present an algorithm that analyzes sorting programs that manipulate linked lists. A prototype of the algorithm has been implemented. We show that the algorithm is sufficiently precise to discover that (correct versions) of bubble-sort and insertion-sort procedures do, in fact, produce correctly sorted lists as
more » ... utputs, and that the invariant "is-sorted" is maintained by listmanipulation operations such as element-insertion, elementdeletion, and even destructive list reversal and merging of two sorted lists. When we run the algorithm on erroneous versions of bubble-sort and insertion-sort procedures, it is able to discover and sometimes even locate and diagnose the error.
doi:10.1145/347636.348031 fatcat:wwbolxs4uneuhpq3x3bvqhblfi

Abstraction for Shape Analysis with Fast and Precise Transformers [chapter]

Tal Lev-Ami, Neil Immerman, Mooly Sagiv
2006 Lecture Notes in Computer Science  
This paper addresses the problem of proving safety properties of imperative programs manipulating dynamically allocated data structures using destructive pointer updates. We present a new abstraction for linked data structures whose underlying graphs do not contain cycles. The abstraction is simple and allows us to decide reachability between dynamically allocated heap cells. We present an efficient algorithm that computes the effect of low level heap mutations in the most precise way. The
more » ... ithm does not rely on the usage of a theorem prover. In particular, the worst case complexity of computing a single successor abstract state is O(V log V ) where V is the number of program variables. The overall number of successor abstract states can be exponential in V . A prototype of the algorithm was implemented and is shown to be fast. Our method also handles programs with "simple cycles" such as cyclic singlylinked lists, (cyclic) doubly-linked lists, and trees with parent pointers. Moreover, we allow programs which temporarily violate these restrictions as long as they are restored in loop boundaries.
doi:10.1007/11817963_49 fatcat:qqzj6lfccvfgpazoy4nnl4xlwu

Putting static analysis to work for verification

Tal Lev-Ami, Thomas Reps, Mooly Sagiv, Reinhard Wilhelm
2000 Proceedings of the International Symposium on Software Testing and Analysis - ISSTA '00  
We study how program analysis can be used to: • Automatically prove partial correctness of correct programs. • Discover, locate, and diagnose bugs in incorrect programs. Specifically, we present an algorithm that analyzes sorting programs that manipulate linked lists. A prototype of the algorithm has been implemented. We show that the algorithm is sufficiently precise to discover that (correct versions) of bubble-sort and insertion-sort procedures do, in fact, produce correctly sorted lists as
more » ... utputs, and that the invariant "is-sorted" is maintained by listmanipulation operations such as element-insertion, elementdeletion, and even destructive list reversal and merging of two sorted lists. When we run the algorithm on erroneous versions of bubble-sort and insertion-sort procedures, it is able to discover and sometimes even locate and diagnose the error.
doi:10.1145/347324.348031 dblp:conf/issta/Lev-AmiRSW00 fatcat:aqm3mk62zjbppn4fm64khj7oye

A combination framework for tracking partition sizes

Sumit Gulwani, Tal Lev-Ami, Mooly Sagiv
2008 Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '09  
We describe an abstract interpretation based framework for proving relationships between sizes of memory partitions. Instances of this framework can prove traditional properties such as memory safety and program termination but can also establish upper bounds on usage of dynamically allocated memory. Our framework also stands out in its ability to prove properties of programs manipulating both heap and arrays which is considered a difficult task. Technically, we define an abstract domain that
more » ... parameterized by an abstract domain for tracking memory partitions (sets of memory locations) and by a numerical abstract domain for tracking relationships between cardinalities of the partitions. We describe algorithms to construct the transfer functions for the abstract domain in terms of the corresponding transfer functions of the parameterized abstract domains. A prototype of the framework was implemented and used to prove interesting properties of realistic programs, including programs that could not have been automatically analyzed before.
doi:10.1145/1480881.1480912 dblp:conf/popl/GulwaniLS09 fatcat:xlbp3ggbq5gm3pstckrbpkzwny

Immature platelets in patients hospitalized with Covid-19

Amir Cohen, Emanuel Harari, Michal Cipok, Avishag Laish-Farkash, Gabriel Bryk, Ella Yahud, Yaron Sela, Nili Karp Lador, Tal Mann, Ami Mayo, Eli I. Lev
2020 Journal of Thrombosis and Thrombolysis  
The maximal IPC in Covid-19 was higher than the maximal IPC in both the stable and AMI groups (COVID-19: 14.4 × 109/L [9.4-20.9], AMI: 10.9 × 109/L [7.6-15.2], P = 0.0035, Stable: 7.55 × 109/L [5.55-10.5  ...  The maximal IPF% among the Covid-19 group was higher than the stable group and similar to the AMI group.  ...  AMI p value Covid-19 vs.  ... 
doi:10.1007/s11239-020-02290-6 pmid:32997333 pmcid:PMC7526077 fatcat:zzenwisu7fcdzdwguqtoflczem

Customization change impact analysis for erp professionals via program slicing

Nurit Dor, Tal Lev-Ami, Shay Litvak, Mooly Sagiv, Dror Weiss
2008 Proceedings of the 2008 international symposium on Software testing and analysis - ISSTA '08  
We describe a new tool that automatically identifies impact of customization changes, i.e., how changes affect software behavior. As opposed to existing static analysis tools that aim at aiding programmers or improve performance, our tool is designed for endusers without prior knowledge in programming. We utilize stateof-the-art static analysis algorithms for the programs within an Enterprise Resource Planning system (ERP). Key challenges in analyzing real world ERP programs are their
more » ... t size and the interdependency between programs. In particular, we describe and compare three customization change impact analyses for real-world programs, and a balancing algorithm built upon the three independent analyses. This paper presents PanayaImpactAnalysis (PanayaIA), a web on-demand tool, providing ERP professionals a clear view of the impact of a customization change on the system. In addition we report empirical results of PanayaIA when used by end-users on an ERP system of tens of millions LOCs.
doi:10.1145/1390630.1390644 dblp:conf/issta/DorLLSW08 fatcat:qig64hz7qfbudjc3b2sxnkip4m

Simulating reachability using first-order logic with applications to verification of linked data structures

Tal Lev-Ami, Neil Immerman, Thomas Reps, Mooly Sagiv, Siddharth Srivastava, Greta Yorsh, Pierre Wolper
2009 Logical Methods in Computer Science  
This paper shows how to harness existing theorem provers for first-order logic to automatically verify safety properties of imperative programs that perform dynamic storage allocation and destructive updating of pointer-valued structure fields. One of the main obstacles is specifying and proving the (absence) of reachability properties among dynamically allocated cells. The main technical contributions are methods for simulating reachability in a conservative way using first-order formulas--the
more » ... formulas describe a superset of the set of program states that would be specified if one had a precise way to express reachability. These methods are employed for semi-automatic program verification (i.e., using programmer-supplied loop invariants) on programs such as mark-and-sweep garbage collection and destructive reversal of a singly linked list. (The mark-and-sweep example has been previously reported as being beyond the capabilities of ESC/Java.)
doi:10.2168/lmcs-5(2:12)2009 fatcat:6jnbgs673vah7gvezkz44lf4gq

Labelled Clauses [chapter]

Tal Lev-Ami, Christoph Weidenbach, Thomas Reps, Mooly Sagiv
Lecture Notes in Computer Science  
We add labels to first-order clauses to simultaneously apply superpositions to several proof obligations inside one clause set. From a theoretical perspective, the approach unifies a variety of deduction modes. These include different strategies such as set of support, as well as explicit case analysis, e.g., splitting. From a practical perspective, labelled clauses offer advantages in the case of related proof obligations resulting from multiple conjectures over the same axiom set or from a
more » ... gle conjecture that is a large conjunction. Here we can share clauses (e.g., the axioms and clauses deduced from them, share Skolem symbols), share deduced clause variants, and transfer lemmas between the different obligations. Motivated by software verification, we have created a prototype implementation of labelled clauses that supports multiple conjectures, and we provide convincing experiments for the benefits.
doi:10.1007/978-3-540-73595-3_21 fatcat:gg6chltzlrfgbgmvnfrcpfy2am

Proving Conditional Termination [chapter]

Byron Cook, Sumit Gulwani, Tal Lev-Ami, Andrey Rybalchenko, Mooly Sagiv
Lecture Notes in Computer Science  
We describe a method for synthesizing reasonable underapproximations to weakest preconditions for termination-a long-standing open problem. The paper provides experimental evidence to demonstrate the usefulness of the new procedure.
doi:10.1007/978-3-540-70545-1_32 fatcat:3d4dvlqc2bc7rfb6ork7437azq

TVLA: A System for Generating Abstract Interpreters [chapter]

Tal Lev-Ami, Roman Manevich, Mooly Sagiv
Building the Information Society  
the TVLA System In this paper, we review TVLA (Three-Valued-Logic Analyzer), a system for automatically generating a static-analysis implementation from the operational semantics of a given program (Lev-Ami  ... 
doi:10.1007/978-1-4020-8157-6_28 dblp:conf/ifip/Lev-AmiMS04 fatcat:xynfsui7gnbqvlhnnu2vpx2mgy

Revamping TVLA: Making Parametric Shape Analysis Competitive [chapter]

Igor Bogudlov, Tal Lev-Ami, Thomas Reps, Mooly Sagiv
Computer Aided Verification  
TVLA is a parametric framework for shape analysis that can be easily instantiated to create different kinds of analyzers for checking properties of programs that use linked data structures. We report on dramatic improvements in TVLA's performance, which make the cost of parametric shape analysis comparable to that of the most efficient specialized shape-analysis tools (which restrict the class of data structures and programs analyzed) without sacrificing TVLA's parametricity. The improvements
more » ... re obtained by employing well-known techniques from the database community to reduce the cost of extracting information from shape descriptors and performing abstract interpretation of program statements and conditions. Compared to the prior version of TVLA, we obtained as much as 50-fold speedup.
doi:10.1007/978-3-540-73368-3_25 dblp:conf/cav/BogudlovLRS07 fatcat:uabafgyl65dv7frqqi65cjpeei

Heap Decomposition for Concurrent Shape Analysis [chapter]

Roman Manevich, Tal Lev-Ami, Mooly Sagiv, Ganesan Ramalingam, Josh Berdine
Lecture Notes in Computer Science  
We demonstrate shape analyses that can achieve a state space reduction exponential in the number of threads compared to the state-of-the-art analyses, while retaining sufficient precision to verify sophisticated properties such as linearizability. The key idea is to abstract the global heap by decomposing it into (not necessarily disjoint) subheaps, abstracting away some correlations between them. These new shape analyses are instances of an analysis framework based on heap decomposition. This
more » ... ramework allows rapid prototyping of complex static analyses by providing efficient abstract transformers given user-specified decomposition schemes. Initial experiments confirm the value of heap decomposition in scaling concurrent shape analyses. Introduction The problem of verifying concurrent programs that manipulate heap-allocated data structures is challenging: it requires considering arbitrarily interleaved threads manipulating unbounded data structures. Both heap-allocated data structures and concurrency can introduce state explosion. Their combination only makes matters worse. This paper develops new static analysis algorithms that address the state space explosion problem in a systematic and generic way. The result of these analyses can be used to automatically establish interesting properties of concurrent heap-manipulating programs such as the absence of null dereferences, the absence of memory leaks, the preservation of data structure invariants, and linearizability [10]. The Intuition. Typical programs manipulate a large number of (instances of) data structures (possibly nested within other data structures). Each individual data structure can usually be in one of several different states (even in an abstract representation). This can lead to a combinatorial explosion in the number of distinct abstract states that can arise during abstract interpretation. The essential idea we pursue is that of decomposing the heap into multiple subheaps and abstracting away some correlations between the subheaps. Decomposition allows reusing subheaps that were decomposed from different heaps, thus representing a set of ⋆ This research was partially supported by the Clore Fellowship Programme. ⋆⋆ Supported by an Adams Fellowship through the Israel Academy of Sciences and Humanities. heaps more compactly (and more abstractly). For example, consider a program maintaining k disjoint lists. A powerset-based shape analysis such as the one in [20] uses a lattice whose height is exponential in k. An abstraction that ignores the correlations between the k lists reduces the lattice height to be linear in k, leading to exponentially faster analysis. (The savings come from not maintaining the correlations between different states of the different lists, which we observe are often irrelevant for a specific property of interest.) Similar situations arise in the kind of multithreaded programs discussed earlier, where the size of the state space is a function of the number of threads rather than the number of data structures. In this paper, we allow decomposing the heap into non-disjoint (i.e., overlapping) subheaps, which is important for handling programs with fine-grained concurrency (where different threads can simultaneously access the same objects) in a thread-modular way. Fine-Grained Concurrency. Fine-grained concurrent heap-manipulating programs allow multiple threads to use the same data structure simultaneously. They trade the simplicity of the single-thread-owning-a-data-structure model, which is at the heart of the coarse-grained concurrency approach, to achieve a higher degree of concurrency. However, the additional performance comes with a price: these programs are notoriously hard to develop and prove correct, even when the manipulated data structures are singlylinked lists (see, e.g., [5]). It is hard to employ thread-modular approaches that exploit locking [8] to analyze fine-grained concurrent programs because they have intentional (benign) dataraces. Thus, state-of-the-art shape analyses capable of verifying intricate properties of fine-grained concurrent heap-manipulating programs, e.g., linearizability (explained in Sec. 3), track all correlations between the states of all the threads [1]. This makes these analyses hard to scale. For example, the shape analysis in [1] handles at most 3 threads. It is interesting to observe, however, that it is often the case that although proving properties of these programs requires tracking sophisticated correlations between every thread and the part of the heap that it manipulates, the correlations between the states of different threads is often irrelevant. Intuitively, this is because fine-grained concurrent programs are often written in a way which attempts to ensure the correct operation of every thread regardless of the actions taken by other threads. This programming paradigm makes these programs an ideal match with our approach explained below. The Conceptual Framework. To permit the use of heap decomposition in several settings, we first present it as a parametric abstraction that can be tuned by the analysis designer in three ways: Decomposition: Specify along what lines a concrete heap should be decomposed into (possibly overlapping) subheaps. One of the strengths of the specification mechanism is that the decomposition of a heap depends on its properties. This allows us, for example, to decompose the state of a concurrent program based on the association between threads and data-structures in that state, which is usually not known a priori. Subheap abstraction: Create a bounded abstract heap representation from concrete subheaps (which are unbounded). Subheap abstractions can be obtained from existing whole-heap abstractions that satisfy certain properties.
doi:10.1007/978-3-540-69166-2_24 fatcat:soot4jzsg5gkhenewgj7esmnei

COVID-19 in Patients with Inflammatory Bowel Disease: The Israeli Experience

Lev Lichtenstein, Benjamin Koslowsky, Ami Ben Ya'acov, Irit Avni-Biron, Baruch Ovadia, Ofer Ben-Bassat, Timna Naftali, Uri Kopylov, Yael Haberman, Hagar Eran, Rami Eliakim, Adi Lahat-Zok (+35 others)
2022 Vaccines  
Crohn's disease (CD) and ulcerative colitis (UC) are chronic, immune-mediated inflammatory bowel diseases (IBD) affecting millions of people worldwide. IBD therapies, designed for continuous immune suppression, often render patients more susceptible to infections. The effect of the immune suppression on the risk of coronavirus disease-19 (COVID-19) is not fully determined yet. Objective: To describe COVID-19 characteristics and outcomes and to evaluate the association between IBD phenotypes,
more » ... ection outcomes and immunomodulatory therapies. Methods: In this multi-center study, we prospectively followed IBD patients with proven COVID-19. De-identified data from medical charts were collected including age, gender, IBD type, IBD clinical activity, IBD treatments, comorbidities, symptoms and outcomes of COVID-19. A multivariable regression model was used to examine the effect of immunosuppressant drugs on the risk of infection by COVID-19 and the outcomes. Results: Of 144 IBD patients, 104 (72%) were CD and 40 (28%) were UC. Mean age was 32.2 ± 12.6 years. No mortalities were reported. In total, 94 patients (65.3%) received biologic therapy. Of them, 51 (54%) at escalated doses, 10 (11%) in combination with immunomodulators and 9 (10%) with concomitant corticosteroids. Disease location, behavior and activity did not correlate with the severity of COVID-19. Biologics as monotherapy or with immunomodulators or corticosteroids were not associated with more severe infection. On the contrary, patients receiving biologics had significantly milder infection course (p = 0.001) and were less likely to be hospitalized (p = 0.001). Treatment was postponed in 34.7% of patients until recovery from COVID-19, without consequent exacerbation. Conclusion: We did not witness aggravated COVID-19 outcomes in patients with IBD. Patients treated with biologics had a favorable outcome.
doi:10.3390/vaccines10030376 pmid:35335008 pmcid:PMC8950285 fatcat:ifef2nxay5agtdogxwcaktuc7y
« Previous Showing results 1 — 15 out of 1,869 results