Andrew E. Santosa

TRACER: a symbolic execution tool for verification

We present tracer, a verifier for safety properties of sequential C programs. It is based on symbolic execution (se) and its unique features are in how it makes se finite in presence of unbounded loops and its use of interpolants from infeasible paths to tackle the path-explosion problem.

An interpolation method for CLP traversal

We consider the problem of exploring the search tree of a CLP goal in pursuit of a target property. Essential to such a process is a method of tabling to prevent duplicate exploration. Typically, only actually traversed goals are memoed in the table. In this paper we present a method where, upon the successful traversal of a subgoal, a generalization of the subgoal is memoed. This enlarges the record of already traversed goals, thus providing more pruning in the subsequent search process. The key feature is that the abstraction computed is guaranteed not to give rise to a spurious path that might violate the target property. A driving application area is the use of CLP to model the behavior of other programs. We demonstrate the performance of our method on a benchmark of program verfication problems.

A CLP proof method for timed automata

Constraint logic programming (CLP) has been used to model programs and transition systems for the purpose of verification problems. In particular, it has been used to model timed safety automata (TSA). In this paper, we start with a systematic translation of TSA into CLP. The main contribution is an expressive assertion language and a CLP inference method for proving assertions. A distinction of the assertion language is that it can specify important properties beyond traditional safety properties. We highlight one important property: that a system of processes is symmetric. The inference mechanism is based upon the well-known method of tabling in logic programming. It is distinguished by its ability to use assertions that are not yet proven, using a principle of coinduction. Apart from given assertions, the proof mechanism can also prove implicit assertions such as discovering a lower or upper bound of a variable. Finally, we demonstrate significant improvements over state-of-the-art systems using standard TSA benchmark examples.

Unbounded symbolic execution for program verification

Symbolic execution with interpolation is emerging as an alternative to cegar for software verification. The performance of both methods relies critically on interpolation in order to obtain the most general abstraction of the current symbolic or abstract state which can be shown to remain error-free. cegar naturally handles unbounded loops because it is based on abstract interpretation. In contrast, symbolic execution requires a special extension for such loops. In this paper, we present such an extension. Its main characteristic is that it performs eager subsumption , that is, it always attempts to perform abstraction in order to avoid exploring redundant symbolic states. It balances this primary desire for more abstraction with the secondary desire to maintain the strongest loop invariant , for earlier detection of infeasible paths, which entails less abstraction. Occasionally certain abstractions are not permitted because of the reachability of error states; this is the underlying mechanism which then causes selective unrolling , that is, the unrolling of a loop along relevant paths only.

Scalable distributed depth-first search with greedy work stealing

We present a framework for the parallelization of depth-first combinatorial search algorithms on a network of computers. Our architecture is intended for a distributed setting and uses a work stealing strategy coupled with a small number of primitives for the processors (which we call workers) to obtain new work and to communicate to other workers. These primitives are a minimal imposition and integrate easily with constraint programming systems. The main contribution is an adaptive architecture, which allows workers to incrementally join and leave and has good scaling properties as the number of workers increases. Our empirical results illustrate that near-linear speedup for backtrack search is achieved for up to 61 workers. It suggests that near-linear speedup is possible with even more workers. The experiments also demonstrate where departures from linearity can occur for small problems, and also for problems where the parallelism can itself affect the search as in branch and bound.

Modeling systems in CLP

Constraint Logic Programming has been successful as a programming language, and more recently, as a model of executable specifications. There have been numerous works which use CLP to model programs and which use an adaptation of the CLP proof system for proving certain properties, for example, the XMC system [3] uses SLG resolution on alternation-free μ-calculus formulas, and the work on deductive model checking [1] model for CTL properties on transition systems represented as CLP rules. These, amongst other works, cover a limited class of programs and use specialized proof methods. In our work, we present a systematic method to model a general class of programs, and provide adaptations of the CLP proof systems in order to provide a systematic and general proof method.

Path-Sensitive backward slicing

Backward slicers are typically path-insensitive (i.e., they ignore the evaluation of predicates at conditional branches) often producing too big slices. Though the effect of path-sensitivity is always desirable, the major challenge is that there are, in general, an exponential number of predicates to be considered. We present a path-sensitive backward slicer and demonstrate its practicality with real C programs. The crux of our method is a symbolic execution-based algorithm that excludes spurious dependencies lying on infeasible paths and avoids imprecise joins at merging points while reusing dependencies already computed by other paths, thus pruning the search space significantly.

A Coinduction Rule for Entailment of Recursively Defined Properties

Recursively defined properties are ubiquitous. We present a proof method for establishing entailment

Relative safety

\mathcal{G} \models \mathcal{H}

Curracurrong: a stream programming environment for wireless sensor networks

of such properties