HSF(C): A Software Verifier Based on Horn Clauses

Grebenshchikov, Sergey; Gupta, Ashutosh; Lopes, Nuno P.; Popeea, Corneliu; Rybalchenko, Andrey

doi:10.1007/978-3-642-28756-5_46

Cited by 64 publications

(72 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The second benchmark suite consists of 36 examples of SMT(NIA) generated by the QArmc-Hsf(c) tool [38], a predicate-abstraction-based model checker with a special focus on liveness properties. In these problems all variables are integer, and monomi- Table 2 and follow the same format as in Table 1.…”

Section: Methodsmentioning

confidence: 99%

Minimal-Model-Guided Approaches to Solving Polynomial Constraints and Extensions

Larraz

Oliveras

Rodríguez-Carbonell

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper we present new methods for deciding the satisfiability of formulas involving integer polynomial constraints. In previous work we proposed to solve SMT(NIA) problems by reducing them to SMT(LIA): non-linear monomials are linearized by abstracting them with fresh variables and by performing case splitting on integer variables with finite domain. When variables do not have finite domains, artificial ones can be introduced by imposing a lower and an upper bound, and made iteratively larger until a solution is found (or the procedure times out). For the approach to be practical, unsatisfiable cores are used to guide which domains have to be relaxed (i.e., enlarged) from one iteration to the following one. However, it is not clear then how large they have to be made, which is critical. Here we propose to guide the domain relaxation step by analyzing minimal models produced by the SMT(LIA) solver. Namely, we consider two different cost functions: the number of violated artificial domain bounds, and the distance with respect to the artificial domains. We compare these approaches with other techniques on benchmarks coming from constraint-based program analysis and show the potential of the method. Finally, we describe how one of these minimalmodel-guided techniques can be smoothly adapted to deal with the extension Max-SMT of SMT(NIA) and then applied to program termination proving.

show abstract

Section: Methodsmentioning

confidence: 99%

Minimal-Model-Guided Approaches to Solving Polynomial Constraints and Extensions

Larraz

Oliveras

Rodríguez-Carbonell

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Our work builds on a large amount of research for automatically finding good program abstraction, such as CEGAR [4, 7-9, 20, 45], parametric static analysis with parameter search algorithms [29,40,55,56], and static analysis based on Datalog or Horn solvers [6,16,17,49,53]. The novelty of our work lies in the use of adding a bias in this abstraction search using a probabilistic model, which predicts the behaviour of the static analysis under different abstractions.…”

Section: Related and Future Workmentioning

confidence: 99%

Abstraction refinement guided by a learnt probabilistic model

Grigore

Yang

2016

Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

View full text Add to dashboard Cite

The core challenge in designing an effective static program analysis is to find a good program abstraction -one that retains only details relevant to a given query. In this paper, we present a new approach for automatically finding such an abstraction. Our approach uses a pessimistic strategy, which can optionally use guidance from a probabilistic model. Our approach applies to parametric static analyses implemented in Datalog, and is based on counterexampleguided abstraction refinement. For each untried abstraction, our probabilistic model provides a probability of success, while the size of the abstraction provides an estimate of its cost in terms of analysis time. Combining these two metrics, probability and cost, our refinement algorithm picks an optimal abstraction. Our probabilistic model is a variant of the Erdős-Rényi random graph model, and it is tunable by what we call hyperparameters. We present a method to learn good values for these hyperparameters, by observing past runs of the analysis on an existing codebase. We evaluate our approach on an object sensitive pointer analysis for Java programs, with two client analyses (PolySite and Downcast).

show abstract

“…Due to the progress in SMT solving, formula-based symbolic representations of abstract states are nowadays effective and efficient. Microsoft's Sdv and Slam [1], and several current research tools are based on predicate abstraction [5,8,12,18]. Several tool implementations integrate the concepts of counterexample-guided abstract refinement (CEGAR) [11], various kinds of shape analysis, abstract reachability trees [5], lazy abstraction [21], interpolation [20], and large-block encoding [4,9].…”

Section: Research Directionsmentioning

confidence: 99%

Linux Driver Verification

Beyer

Petrenko²

2012

Leveraging Applications of Formal Methods, Verification and Validation. Applications and Case Studies

View full text Add to dashboard Cite

Abstract. Linux driver verification is a large application area for software verification methods, in particular, for functional, safety, and security verification. Linux driver software is industrial production code -IT infrastructures rely on its stability, and thus, there are strong requirements for correctness and reliability. This implies that if a verification engineer has identified a bug in a driver, the engineer can expect quick response from the development community in terms of bug confirmation and correction. Linux driver software is complex, low-level systems code, and its characteristics make it necessary to bring to bear techniques from program analysis, SMT solvers, model checking, and other areas of software verification. These areas have recently made a significant progress in terms of precision and performance, and the complex task of verifying Linux driver software can be successful if the conceptual state-of-the-art becomes available in tool implementations.

show abstract

HSF(C): A Software Verifier Based on Horn Clauses

Cited by 64 publications

References 10 publications

Minimal-Model-Guided Approaches to Solving Polynomial Constraints and Extensions

Minimal-Model-Guided Approaches to Solving Polynomial Constraints and Extensions

Abstraction refinement guided by a learnt probabilistic model

Linux Driver Verification

Contact Info

Product

Resources

About