Roberta Gori

Symbolic Path-Oriented Test Data Generation for Floating-Point Programs

Verifying critical numerical software involves the generation of test data for floating-point intensive programs. As the symbolic execution of floating-point computations presents significant difficulties, existing approaches usually resort to random or search-based test data generation. However, without symbolic reasoning, it is almost impossible to generate test inputs that execute many paths with floating-point computations. Moreover, constraint solvers over the reals or the rationals do not handle the rounding errors. In this paper, we present a new version of FPSE, a symbolic evaluator for C program paths, that specifically addresses this problem. The tool solves path conditions containing floating-point computations by using correct and precise projection functions. This version of the tool exploits an essential filtering property based on the representation of floating-point numbers that makes it suitable to generate path-oriented test inputs for complex paths characterized by floating-point intensive computations. The paper reviews the key implementation choices in FPSE and the labeling search heuristics we selected to maximize the benefits of enhanced filtering. Our experimental results show that FPSE can generate correct test inputs for selected paths containing several hundreds of iterations and thousands of executable floating-point statements on a standard machine: this is currently outside the scope of any other symbolic-execution test data generator tool.

A new occurrence counting analysis for bioambients

This paper concerns the application of formal methods to biological systems, modelled specifically in BioAmbients [30]. BioAmbients [30] is a variant of the Mobile Ambients (MA) [7] calculus, designed precisely for more faithfully capturing basic biological concepts. We propose a new static analysis for BioAmbients which computes approximate information about the run-time behaviour of a system. The analysis is derived following the abstract interpretation approach and introduces two main novelties with respect to the analyses in literature [25,24,26,27]: (i) it records information about the number of occurrences of objects; (ii) it maintains more detailed information about the possible contents of ambients, at any time. In this way, the analysis gives substantially more precise results and captures both the quantitative and causal aspect which are really important for reasoning on the temporal and spatial structure of biological systems. The interest of the analysis is demonstrated by considering a few simple examples which point out the limitations of the existing analyses for BioAmbients.

Abstract interpretation based verification of temporal properties for BioAmbients

This paper concerns the application of formal methods to biological systems, modeled specifically in BioAmbients, a variant of the Mobile Ambients calculus. Following the semantic-based approach of abstract interpretation, we define a new static analysis that computes an abstract transition system. Our analysis has two main advantages with respect to the analyses appearing in the literature: (i) it is able to address temporal properties which are more general than invariant properties; (ii) it supports, by means of a particular labeling discipline, the validation of systems where several copies of an ambient may appear. We also design new weaker and more efficient analyses by means of simple widening operators.

Finite-tree analysis for constraint logic-based languages

Logic languages based on the theory of rational, possibly infinite, trees have much appeal in that rational trees allow for faster unification (due to the safe omission of the occurs-check) and increased expressivity (cyclic terms can provide very efficient representations of grammars and other useful objects). Unfortunately, the use of infinite rational trees has problems. For instance, many of the built-in and library predicates are ill-defined for such trees and need to be supplemented by run-time checks whose cost may be significant. Moreover, some widely-used program analysis and manipulation techniques are correct only for those parts of programs working over finite trees. It is thus important to obtain, automatically, a knowledge of the program variables (the finite variables) that, at the program points of interest, will always be bound to finite terms. For these reasons, we propose here a new data-flow analysis, based on abstract interpretation, that captures such information.

An analysis for proving temporal properties of biological systems

This paper concerns the application of formal methods to biological systems, modeled specifically in BioAmbients [34], a variant of the Mobile Ambients [4] calculus. Following the semantic-based approach of abstract interpretation, we define a new static analysis that computes an abstract transition system. Our analysis has two main advantages with respect to the analyses appearing in literature: (i) it is able to address temporal properties which are more general than invariant properties; (ii) it supports, by means of a particular labeling discipline, the validation of systems where several copies of an ambient may appear.

An Experiment in Type Inference and Verification by Abstract Interpretation

This paper describes an experiment in the definition of tools for type inference and type verification of ML-like functional languages, using abstract interpretation techniques. We first show that by extending the Damas-Milner type inference algorithm, with a (bounded) fixpoint computation (as suggested by the abstract interpretation view, i.e. by a slight variation of one of the type abstract semantics in [7]), we succeed in getting a better precision and solving some problems of the ML type inference algorithm without resorting to more complex type systems (e.g. polymorphic recursion). We then show how to transform the analyzer into a tool for type verification, using an existing verification method based on abstract interpretation. The resulting type verification method can be exploited to improve the ML type inference algorithm, when the intended type of functions is specified by the programmer.

Boolean Functions for Finite-Tree Dependencies

Several logic-based languages, such as Prolog II and its successors, SICStus Prolog and Oz, offer a computation domain including rational trees that allow for increased expressivity and faster unification. Unfortunately, the use of infinite rational trees has problems. For instance, many of the built-in and library predicates are ill-defined for such trees and need to be supplemented by run-time checks whose cost may be significant. In a recent paper [3], we have proposed a data-flow analysis called finite-tree analysis aimed at identifying those program variables (the finite variables) that are not currently bound to infinite terms. Here we present a domain of Boolean functions, called finite-tree dependencies that precisely captures how the finiteness of some variables influences the finiteness of other variables. We also summarize our experimental results showing how finite-tree analysis, enhanced with finite-tree dependencies is a practical means of obtaining precise finiteness information.

An abstract interpretation approach to termination of logic programs

In this paper we define a semantic foundation for an abstract interpretation approach to universal termination and we develop a new abstract domain useful for termination analysis. Based on this approximation we define a method which is able to detect classes of goals which universally terminate (with a fair selection rule). We also define a method which is able to characterize classes of programs and goals for which depth-first search is fair.

A Hierarchy of Semantics for Normal Constraint Logic Programs

The different properties characterizing the operational behavior of logic programs can be organized in a hierarchy of fixpoint semantics related by Galois insertions, having the least Herbrand model as most abstract semantics, and the SLD operational semantics as most concrete semantics. The choice of a semantics in the hierarchy allows to model precisely the program properties of interest while getting rid of useless details of too concrete semantics, which is crucial for the development of efficient program analysis tools.

Investigating dynamic causalities in reaction systems

Reaction systems are a qualitative formalism for modeling systems of biochemical reactions characterized by the non-permanency of the elements: molecules disappear if not produced by any enabled reaction. Moreover, reaction systems execute in an environment that provides new molecules at each step. Brijder, Ehrenfeucht and Rozenberg investigated dynamic causalities in reaction systems by introducing the idea of predictors. A predictor of a molecule s, for a given n, is the set of molecules to be observed in the environment in order to determine whether s is produced or not by the system at step n. In this paper, we continue the investigation on dynamic causalities by defining an abstract interpretation framework containing three different notions of predictor: Formula based predictors, that is a propositional logic formula that precisely characterizes environments that lead to the production of s after n steps; Multi-step based predictors, that consist of n sets of molecules to be observed in the environment, one for each step; and Set based predictors, that are those proposed by Brijder, Ehrenfeucht and Rozenberg, and consist of a unique set of molecules to be observed in all steps. For each kind of predictor we define an effective operator that allows predictors to be computed for any molecule s and number of steps n. The abstract interpretation framework allows us to compare the three notions of predictor in terms of precision, to relate the three defined operators and to compute minimal predictors. We also discuss a generalization of this approach that allows predictors to be defined independently of the value of n, and a tabling approach for the practical use of predictors on reaction systems models. As an application, we use predictors, generalization and tabling to give theoretical grounds to previously obtained results on a model of gene regulation.