Anvesh Komuravelli

The SeaHorn Verification Framework

In this paper, we present SeaHorn, a software verification framework. The key distinguishing feature of SeaHorn is its modular design that separates the concerns of the syntax of the programming language, its operational semantics, and the verification semantics. SeaHorn encompasses several novelties: it (a) encodes verification conditions using an efficient yet precise inter-procedural technique, (b) provides flexibility in the verification semantics to allow different levels of precision, (c) leverages the state-of-the-art in software model checking and abstract interpretation for verification, and (d) uses Horn-clauses as an intermediate language to represent verification conditions which simplifies interfacing with multiple verification tools based on Horn-clauses. SeaHorn provides users with a powerful verification tool and researchers with an extensible and customizable framework for experimenting with new software verification techniques. The effectiveness and scalability of SeaHorn are demonstrated by an extensive experimental evaluation using benchmarks from SV-COMP 2015 and real avionics code.

Analysis and verification of the HMGB1 signaling pathway

BackgroundRecent studies have found that overexpression of the High-mobility group box-1 (HMGB1) protein, in conjunction with its receptors for advanced glycation end products (RAGEs) and toll-like receptors (TLRs), is associated with proliferation of various cancer types, including that of the breast and pancreatic.ResultsWe have developed a rule-based model of crosstalk between the HMGB1 signaling pathway and other key cancer signaling pathways. The model has been simulated using both ordinary differential equations (ODEs) and discrete stochastic simulation. We have applied an automated verification technique, Statistical Model Checking, to validate interesting temporal properties of our model.ConclusionsOur simulations show that, if HMGB1 is overexpressed, then the oncoproteins CyclinD/E, which regulate cell proliferation, are overexpressed, while tumor suppressor proteins that regulate cell apoptosis (programmed cell death), such as p53, are repressed. Discrete, stochastic simulations show that p53 and MDM2 oscillations continue even after 10 hours, as observed by experiments. This property is not exhibited by the deterministic ODE simulation, for the chosen parameters. Moreover, the models also predict that mutations of RAS, ARF and P21 in the context of HMGB1 signaling can influence the cancer cells fate - apoptosis or survival - through the crosstalk of different pathways.

SMT-Based Model Checking for Recursive Programs

We present an SMT-based symbolic model checking algorithm for safety verification of recursive programs. The algorithm is modular and analyzes procedures individually. Unlike other SMT-based approaches, it maintains both over- and under-approximations of procedure summaries. Under-approximations are used to analyze procedure calls without inlining. Over-approximations are used to block infeasible counterexamples and detect convergence to a proof. We show that for programs and properties over a decidable theory, the algorithm is guaranteed to find a counterexample, if one exists. However, efficiency depends on an oracle for quantifier elimination (QE). For Boolean Programs, the algorithm is a polynomial decision procedure, matching the worst-case bounds of the best BDD-based algorithms. For Linear Arithmetic (integers and rationals), we give an efficient instantiation of the algorithm by applying QE lazily. We use existing interpolation techniques to over-approximate QE and introduce Model Based Projection to under-approximate QE. Empirical evaluation on SV-COMP benchmarks shows that our algorithm improves significantly on the state-of-the-art.

Automatic Abstraction in SMT-Based Unbounded Software Model Checking

Software model checkers based on under-approximations and SMT solvers are very successful at verifying safety (i.e., reachability) properties. They combine two key ideas --- (a) concreteness: a counterexample in an under-approximation is a counterexample in the original program as well, and (b) generalization: a proof of safety of an under-approximation, produced by an SMT solver, are generalizable to proofs of safety of the original program. In this paper, we present a combination of automatic abstraction with the under-approximation-driven framework. We explore two iterative approaches for obtaining and refining abstractions --- proof based and counterexample based --- and show how they can be combined into a unified algorithm. To the best of our knowledge, this is the first application of Proof-Based Abstraction, primarily used to verify hardware, to Software Verification. We have implemented a prototype of the framework using Z3, and evaluate it on many benchmarks from the Software Verification Competition. We show experimentally that our combination is quite effective on hard instances.

Assume-guarantee abstraction refinement for probabilistic systems

We describe an automated technique for assume-guarantee style checking of strong simulation between a system and a specification, both expressed as non-deterministic Labeled Probabilistic Transition Systems (LPTSes). We first characterize counterexamples to strong simulation as stochastic trees and show that simpler structures are insufficient. Then, we use these trees in an abstraction refinement algorithm that computes the assumptions for assume-guarantee reasoning as conservative LPTS abstractions of some of the system components. The abstractions are automatically refined based on tree counterexamples obtained from failed simulation checks with the remaining components. We have implemented the algorithms for counterexample generation and assume-guarantee abstraction refinement and report encouraging results.

Computational modeling and verification of signaling pathways in cancer

We propose and analyze a rule-based model of the HMGB1 signaling pathway. The protein HMGB1 can activate a number of regulatory networks --- the p53, NFκ B, Ras and Rb pathways --- that control many physiological processes of the cell. HMGB1 has been recently shown to be implicated in cancer, inflammation and other diseases. In this paper, we focus on the NFκ B pathway and construct a crosstalk model of the HMGB1-p53-NFκ B-Ras-Rb network to investigate how these couplings influence proliferation and apoptosis (programmed cell death) of cancer cells. We first built a single-cell model of the HMGB1 network using the rule-based BioNetGen language. Then, we analyzed and verified qualitative properties of the model by means of simulation and statistical model checking. For model simulation, we used both ordinary differential equations and Gillespies stochastic simulation algorithm. Statistical model checking enabled us to verify our model with respect to behavioral properties expressed in temporal logic. Our analysis showed that HMGB1-activated receptors can generate sustained oscillations of irregular amplitude for the NFκ B, Iκ B, A20 and p53 proteins. Also, knockout of A20 can destroy the Iκ B-NFκ B negative feedback loop, leading to the development of severe inflammation or cancer. Our model also predicted that the knockout or overexpression of the Iκ B kinase can influence the cancer cells fate --- apoptosis or survival --- through the crosstalk of different pathways. Finally, our work shows that computational modeling and statistical model checking can be effectively combined in the study of biological signaling pathways.

Learning Probabilistic Systems from Tree Samples

We consider the problem of learning a non-deterministic probabilistic system consistent with a given finite set of positive and negative tree samples. Consistency is defined with respect to strong simulation conformance. We propose learning algorithms that use traditional and a new stochastic state-space partitioning, the latter resulting in the minimum number of states. We then use them to solve the problem of active learning, that uses a knowledgeable teacher to generate samples as counterexamples to simulation equivalence queries. We show that the problem is undecidable in general, but that it becomes decidable under a suitable condition on the teacher which comes naturally from the way samples are generated from failed simulation checks. The latter problem is shown to be undecidable if we impose an additional condition on the learner to always conjecture a minimum state hypothesis. We therefore propose a semi-algorithm using stochastic partitions. Finally, we apply the proposed (semi-) algorithms to infer intermediate assumptions in an automated assume-guarantee verification framework for probabilistic systems.

Analog circuit verification by statistical model checking

We show how statistical Model Checking can be used for verifying properties of analog circuits. As integrated circuit technologies scale down, manufacturing variations in devices make analog designs behave like stochastic systems. The problem of verifying stochastic systems is often difficult because of their large state space. Statistical Model Checking can be an efficient verification technique for stochastic systems. In this paper, we use sequential statistical techniques and model checking to verify properties of analog circuits in both the temporal and the frequency domain. In particular, randomly sampled system traces are sequentially generated by SPICE and passed to a trace checker to determine whether they satisfy a given specification, until the desired statistical strength is achieved.

SMT-based model checking for recursive programs

We present an SMT-based symbolic model checking algorithm for safety verification of recursive programs. The algorithm is modular and analyzes procedures individually. Unlike other SMT-based approaches, it maintains both over- and under-approximations of procedure summaries. Under-approximations are used to analyze procedure calls without inlining. Over-approximations are used to block infeasible counterexamples and detect convergence to a proof. We show that for programs and properties over a decidable theory, the algorithm is guaranteed to find a counterexample, if one exists. However, efficiency depends on an oracle for quantifier elimination (QE). For Boolean programs, the algorithm is a polynomial decision procedure, matching the worst-case bounds of the best BDD-based algorithms. For Linear Arithmetic (integers and rationals), we give an efficient instantiation of the algorithm by applying QE lazily. We use existing interpolation techniques to over-approximate QE and introduce Model Based Projection to under-approximate QE. Empirical evaluation on SV-COMP benchmarks shows that our algorithm improves significantly on the state-of-the-art.

Connectivity preserving voxel transformation

A three dimensional digital binary image is B26 connected if its set of black voxels is 26-connected, i.e. for all black voxels there exists at least one black voxel among its 26 neighbors. We show that any two such images I and J of c1 and c2 number of connected components respectively and n voxels each, can be transformed into one another maintaining the B26 connectivity of the black voxels by O((c1 + c2)n2) interchanges.