A Structure-preserving Clause Form Translation
Journal of Symbolic Computation
Introduction to algorithms
Analysis of pointers and structures
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
Automating first-order relational logic
SIGSOFT '00/FSE-8 Proceedings of the 8th ACM SIGSOFT international symposium on Foundations of software engineering: twenty-first century applications
Finding bugs with a constraint solver
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
ACM Transactions on Programming Languages and Systems (TOPLAS)
Compactly Representing First-Order Structures for Static Analysis
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
BerkMin: A Fast and Robust Sat-Solver
Proceedings of the conference on Design, automation and test in Europe
Faster constraint solving with subtypes
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
TestEra: Specification-Based Testing of Java Programs Using SAT
Automated Software Engineering
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
A specification-based approach to reasoning about pointers
SAVCBS '05 Proceedings of the 2005 conference on Specification and verification of component-based systems
Modular verification of code with SAT
Proceedings of the 2006 international symposium on Software testing and analysis
DSD-Crasher: a hybrid analysis tool for bug finding
Proceedings of the 2006 international symposium on Software testing and analysis
Efficient software model checking of data structure properties
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Visualizing SAT Instances and Runs of the DPLL Algorithm
Journal of Automated Reasoning
Finding bugs efficiently with a SAT solver
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
DSD-Crasher: A hybrid analysis tool for bug finding
ACM Transactions on Software Engineering and Methodology (TOSEM)
Efficient software model checking of soundness of type systems
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
An Incremental Approach to Scope-Bounded Checking Using a Lightweight Formal Method
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Kodkod: a relational model finder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Analysis of invariants for efficient bounded verification
Proceedings of the 19th international symposium on Software testing and analysis
Test case generation for object-oriented imperative languages in clp*
Theory and Practice of Logic Programming
Efficient modular glass box software model checking
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Falling back on executable specifications
ECOOP'10 Proceedings of the 24th European conference on Object-oriented programming
jMoped: a java bytecode checker based on moped
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Parallel bounded analysis in code with rich invariants by refinement of field bounds
Proceedings of the 2013 International Symposium on Software Testing and Analysis
| Hi-index | 0.00 |
A method for finding bugs in object-oriented code is presented. It is capable of checking complex user-defined structural properties - that is, of the configuration of objects on the heap - and generates counterexample traces with no false alarms. It requires no annotation beyond the specification to be checked, and is fully automatic. The method relies on a three-step translation: from code to a formula in a first-order relational logic, then to a propositional formula, and finally to conjunctive normal form. An off-the-shelf SAT solver is then used to find a solution that constitutes a counter example. This underlying scheme, presented previously, does not scale readily. In this paper, we show how a suite of optimizations results in much improved scalability. The optimizations are based on a special treatment of relations that are known to be functional, and target all steps. The effect of the optimizations is demonstrated by application to the analysis of a red-black tree implementation.