Advertisement

Transfer Function Synthesis without Quantifier Elimination

  • Jörg Brauer
  • Andy King
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6602)

Abstract

Recently it has been shown how transfer functions for linear template constraints can be derived for bit-vector programs by operating over propositional Boolean formulae. The drawback of this method is that it relies on existential quantifier elimination, which induces a computational bottleneck. The contribution of this paper is a novel method for synthesising transfer functions that does not rely on quantifier elimination. We demonstrate the practicality of the method for generating transfer functions for both intervals and octagons.

Keywords

Transfer Function Model Check Boolean Formula Symbolic Constant Assembly Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Atmel Products. AVR32 Architecture Manual (2007), http://www.atmel.com/
  2. 2.
    Bagnara, R., Hill, P.M., Zaffanella, E.: Weakly-relational shapes for numeric abstractions: improved algorithms and proofs of correctness. Formal Methods in System Design 35(3), 279–323 (2009)CrossRefzbMATHGoogle Scholar
  3. 3.
    Baier, C., Katoen, J.-P.: Principles of Model Checking. The MIT Press, Cambridge (2008)zbMATHGoogle Scholar
  4. 4.
    Balakrishnan, G., Reps, T.: WYSINWYX: What You See Is Not What You eXecute. ACM Trans. Program. Lang. Syst. 32(6) (2010)Google Scholar
  5. 5.
    Barrett, E., King, A.: Range and Set Abstraction Using SAT. Electronic Notes in Theoretical Computer Science 267(1), 17–27 (2010)CrossRefzbMATHGoogle Scholar
  6. 6.
    Brauer, J., King, A.: Automatic Abstraction for Intervals using Boolean Formulae. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 167–183. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Codish, M., Lagoon, V., Stuckey, P.J.: Logic programming with satisfiability. Theory and Practice of Logic Programming 8(1), 121–128 (2008)CrossRefzbMATHGoogle Scholar
  9. 9.
    Cook, B., Kroening, D., Rümmer, P., Wintersteiger, C.: Ranking Function Synthesis for Bit-Vector Relations. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 236–250. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Cousot, P., Cousot, R.: Abstract Interpretation: A Unified Lattice model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In: POPL, pp. 238–252. ACM Press, New York (1977)Google Scholar
  11. 11.
    Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Mine, A., Monniaux, D., Rival, X.: The Astrée analyser. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Cousot, P., Halbwachs, N.: Automatic Discovery of Linear Restraints Among Variables of a Program. In: POPL, pp. 84–97. ACM Press, New York (1978)Google Scholar
  13. 13.
    Giacobazzi, R., Ranzato, F.: Optimal domains for disjunctive abstract interpretation. Sci. Comput. Program. 32(1-3), 177–210 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Granger, P.: Static Analysis of Arithmetical Congruences. International Journal of Computer Mathematics 30(13), 165–190 (1989)CrossRefzbMATHGoogle Scholar
  15. 15.
    Gulwani, S., Srivastava, S., Venkatesan, R.: Program Analysis as Constraint Solving. In: PLDI, pp. 281–292. ACM Press, New York (2008)CrossRefGoogle Scholar
  16. 16.
    Kam, J.B., Ullman, J.D.: Monotone Data Flow Analysis Frameworks. Acta Informatica 7, 305–317 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Kapur, D.: Automatically Generating Loop Invariants Using Quantifier Elimination. In: Deduction and Applications, vol. 05431, IBFI (2005)Google Scholar
  18. 18.
    Karr, M.: Affine Relationships among Variables of a Program. Acta Informatica 6, 133–151 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    King, A., Søndergaard, H.: Automatic Abstraction for Congruences. In: Barthe, G., Hermenegildo, M. (eds.) VMCAI 2010. LNCS, vol. 5944, pp. 197–213. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Kroening, D., Strichman, O.: Decision Procedures. Springer, Heidelberg (2008)zbMATHGoogle Scholar
  21. 21.
    Le Berre, D.: SAT4J: Bringing the power of SAT technology to the Java platform (2010), http://www.sat4j.org/
  22. 22.
    Miné, A.: The Octagon Abstract Domain. Higher-Order and Symbolic Computation 19(1), 31–100 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Monniaux, D.: Automatic Modular Abstractions for Linear Constraints. In: POPL, pp. 140–151. ACM Press, New York (2009)Google Scholar
  24. 24.
    Monniaux, D.: Quantifier Elimination by Lazy Model Enumeration. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 585–599. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  25. 25.
    Müller-Olm, M., Seidl, H.: Analysis of Modular Arithmetic. ACM Trans. Program. Lang. Syst. 29(5) (August 2007)Google Scholar
  26. 26.
    Neumaier, A., Shcherbina, O.: Safe Bounds in Linear and Mixed-Integer Linear Programming. Math. Program. 99(2), 283–296 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Plaisted, D.A., Greenbaum, S.: A Structure-Preserving Clause Form Translation. Journal of Symbolic Computation 2(3), 293–304 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Regehr, J., Reid, A.: HOIST: A System for Automatically Deriving Static Analyzers for Embedded Systems. ACM SIGOPS Operating Systems Review 38(5), 133–143 (2004)CrossRefGoogle Scholar
  29. 29.
    Reps, T., Sagiv, M., Yorsh, G.: Symbolic Implementation of the Best Transformer. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 252–266. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  30. 30.
    Schlich, B.: Model Checking of Software for Microcontrollers. ACM Trans. Embed. Comput. Syst. 9(4), 1–27 (2010)CrossRefGoogle Scholar
  31. 31.
    Simon, A., King, A.: Taming the Wrapping of Integer Arithmetic. In: Riis Nielson, H., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 121–136. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  32. 32.
    Simon, A., King, A., Howe, J.M.: The Two Variable Per Inequality Abstract Domain. Higher-Order and Symbolic Computation (to appear)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Jörg Brauer
    • 1
  • Andy King
    • 2
  1. 1.Embedded Software LaboratoryRWTH Aachen UniversityGermany
  2. 2.Portcullis Computer Security LimitedPinnerUK

Personalised recommendations