Introduction to algorithms
Chaff: engineering an efficient SAT solver
Proceedings of the 38th annual Design Automation Conference
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation
PLILP '92 Proceedings of the 4th International Symposium on Programming Language Implementation and Logic Programming
Construction of Abstract State Graphs with PVS
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Counterexample-Guided Abstraction Refinement
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Saturn: A scalable framework for error detection using Boolean satisfiability
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special issue on POPL 2005
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
The software model checker Blast: Applications to software engineering
International Journal on Software Tools for Technology Transfer (STTT)
Program analysis as constraint solving
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Property-directed incremental invariant generation
Formal Aspects of Computing
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Static analysis in disjunctive numerical domains
SAS'06 Proceedings of the 13th international conference on Static Analysis
A fast linear-arithmetic solver for DPLL(T)
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Lazy abstraction with interpolants
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Using statically computed invariants inside the predicate abstraction and refinement loop
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Trace partitioning in abstract interpretation based static analyzers
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
F-SOFT: software verification platform
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Program analysis using symbolic ranges
SAS'07 Proceedings of the 14th international conference on Static Analysis
Loop refinement using octagons and satisfiability
SSV'10 Proceedings of the 5th international conference on Systems software verification
Numeric bounds analysis with conflict-driven learning
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Unbounded symbolic execution for program verification
RV'11 Proceedings of the Second international conference on Runtime verification
Software model checking via IC3
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
SAS'12 Proceedings of the 19th international conference on Static Analysis
SMT-based false positive elimination in static program analysis
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
Abstract conflict driven learning
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Thresher: precise refutations for heap reachability
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 14th ACM SIGPLAN/SIGBED conference on Languages, compilers and tools for embedded systems
Feedback-directed unit test generation for C/C++ using concolic execution
Proceedings of the 2013 International Conference on Software Engineering
Fissile type analysis: modular checking of almost everywhere invariants
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Symbolic optimization with SMT solvers
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Hi-index | 0.00 |
Path-sensitivity is often a crucial requirement for verifying safety properties of programs. As it is infeasible to enumerate and analyze each path individually, analyses compromise by soundly merging information about executions along multiple paths. However, this frequently results in a loss of precision. We present a program analysis technique that we call Satisfiability Modulo Path Programs (SMPP), based on a path-based decomposition of a program. It is inspired by insights that have driven the development of modern SMT(Satisfiability Modulo Theory) solvers. SMPP symbolically enumerates path programs using a SAT formula over control edges in the program. Each enumerated path program is verified using an oracle, such as abstract interpretation or symbolic execution, to either find a proof of correctness or report a potential violation. If a proof is found, then SMPP extracts a sufficient set of control edges and corresponding interference edges, as a form of proof-based learning. Blocking clauses derived from these edges are added back to the SAT formula to avoid enumeration of other path programs guaranteed to be correct, thereby improving performance and scalability. We have applied SMPP in the F-Soft program verification framework, to verify properties of real-world C programs that require path-sensitive reasoning. Our results indicate that the precision from analyzing individual path programs, combined with their efficient enumeration by SMPP, can prove properties as well as indicate potential violations in the large.