Refining approximations in software predicate ... - Semantic Scholar
Recommend Documents
In this paper we report on an application of Das & Dill's algorithm for predicate ...... The authors would like to thank David Dill, Ranjit Jhala, Shuvendu Lahiri,.
Abstract-The interpretations of logical expressions found in most introductory textbooks are not suitable for use in software engineering applications because ...
Abstract. In this paper, we describe the open source GATE component PAX for extracting predicate-argument structures (PASs). PASs are used in various ...
Coalgebraic Predicate Logic. Tadeusz Litak1â, Dirk Pattinson2, Katsuhiko Sano3, and Lutz Schröder4. 1 Department of Computer Science, University of ...
that y is a follower of x in Twitter and I(x) expressing that x is influential. .... there is a person (y â possibly Mark Zuckerberg) who is happy if x invites precisely.
Aggregate Predicate Support in DBMS. Apostol Paul Natsev*â . IBM Watson Research Center. Hawthorne, NY 10606. Email: [email protected]. Gene Y. C. ...
Sep 17, 1998 - Conjunctive Point Predicate-based Semantic Caching for Web Databases (Extended Abstract). Dongwon Lee. Department of Computer ...
satisfies Hypothesis 1.1(i) and (ii), with Rm replaced by C. Then we can extend it to a differential inclusion defined on the whole space Rm: For x â Rm let P(x) ...
Cadence Design Systems. New Providence, NJ, 07974-1143 [email protected]. Abstract. We review the techniques for over- and underapproximation used ...
Jul 20, 2006 - 5. Vol. 17 (2006), No. 5, Pages 745â762. S 1061-0022(06)00927-7 ... onalization of a pDO, we arrive at a factorized operator family of the form ...
we choose a chi-squared base distribution, Î. Its c.g.f. (for α degrees of freedom) is: .... of a chi-square base distribution for saddlepoint approximations for this ...
May 9, 2016 - miR- 224 and the passenger strand of miR- 221 increase. MBD2, suppressing maspin and promoting colorectal tumor growth and metastasis in ...
Abducing Rules with Predicate Invention. Katsumi Inoue1, Koichi Furukawa2, and Ikuo Kobayashi2. 1 National Institute of Informatics. 2-1-2 Hitotsubashi, ...
a generalization to the non- at case of \compatible" pairs of predicate transformers is given. Isomorphisms between state and predicate transformers have been ...
processing technique for efficient one-pass predicate evalua- tion. Starting with a set of rows with a fixed number of bits per column, we append columns to form ...
in caches in the user-to-server path, database caching uses full-fledged database ... ies, content-delivery nodes). As more and more ... servers of content de- livery networks [1] and at remote data centers. .... For example, Akamai's network has ...
nique, called the Predicate Global Update branch predictor, im- proves prediction by incorporating recent predicate information into the branch predictor. We use ...
Abstract. Predicate abstraction has been proved effective for verifying several infinite-state systems. In predicate abstraction, an abstract system is automati-.
We study relations between predicate transformers and multifunctions in a topological setting based on closure operators. We give topological de nitions of ...
A Reply to Shanon and Pribram. The commentaries by Shanon (2003) and Pribram (2003) on our original article. (Ramachandr
Britta Vogel,1â Andreas Keller,2,3â Karen S. Frese,1 Wanda Kloos,1 Elham ... Farbod Sedaghat-Hamedani,1 Sarah Hassel,1 Sabine Marquart,1 Markus Beier,4 ...
On-line communities are an active research and develop- ..... knowledge and authority in business organizations. ... CHI'91 Workshop (organizer and chair).
The services provided are also numerous, from consulting web pages to watching on-demand video ..... [10] B. Mac Larnon. TAPR's Spread Spectrum Update, ...
tools like Slam, where predicate abstraction is applied to software model checking, a .... where the constrain keyword in the abstraction will cause Slam's symbolic ..... Constrain is used lazily, the overall performance of Slam is at its best when.
Refining approximations in software predicate abstraction Thomas Ball† , Byron Cook† , Satyaki Das? , and Sriram K. Rajamani† † Microsoft Corporation
? Stanford University
Abstract. Predicate abstraction is an automatic technique that can be used to find abstract models of large or infinite-state systems. In tools like Slam, where predicate abstraction is applied to software model checking, a number of heuristic approximations must be used to improve the performance of computing an abstraction from a set of predicates. For this reason, Slam can sometimes reach a state in which it is not able to further refine the abstraction. In this paper we report on an application of Das & Dill’s algorithm for predicate abstraction refinement. Slam now uses this strategy lazily to recover precision in cases where the abstractions generated are too coarse. We describe how we have extended Das & Dill’s original algorithm for use in software model checking. Our extension supports procedures, threads, and potential pointer aliasing. We also present results from experiments with Slam on device driver sources from the Windows operating system.
1
Introduction
Automatic iterative abstraction refinement strategies allow us to apply model checking to large or infinite-state systems. When applying iterative abstraction refinement, we must strike a delicate balance between the accuracy of the abstraction that is produced and the speed at which it is generated. Therefore, in practice, a number of coarse approximations are typically employed. Slam [1], for example, uses the Cartesian approximation [2] and the maximum cube length approximation [3]. In addition, Slam’s abstraction module uses a special purpose symbolic theorem prover which is similar to the work of Lahiri, Bryant & Cook [4] but optimized for speed and not precision. For this reason Slam can run into the following situation: – The abstract program has an error trace t. – The trace t is found to be infeasible in the concrete program, and a set of predicates S are generated to rule out t in the abstraction. – Even after abstracting the program with respect to S, since the abstraction is imprecise, t is still feasible in the abstraction. As a result, iterative refinement is unable to make further progress. This situation, which we call an NDF-state (for “No Difference Found” in the error traces
1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) 12) 13)
void main() { int x = *; int y = *; int z = *; if (x
