Communications of the ACM
The synthesis of loop predicates
Communications of the ACM
Guarded commands, nondeterminacy and formal derivation of programs
Communications of the ACM
A program verifier
Automatic verification of programs with complex data structure.
Automatic verification of programs with complex data structure.
A fresh look at optimizing array bound checking
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Toward special-purpose program verification
Conference proceedings on Formal methods in software development
Optimizing array bound checks using flow analysis
ACM Letters on Programming Languages and Systems (LOPLAS)
Elimination of redundant array subscript range checks
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Eliminating array bound checking through dependent types
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Dynamically discovering likely program invariants to support program evolution
Proceedings of the 21st international conference on Software engineering
Putting static analysis to work for verification: A case study
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
Safety checking of machine code
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
ABCD: eliminating array bounds checks on demand
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Dynamically Discovering Likely Program Invariants to Support Program Evolution
IEEE Transactions on Software Engineering - Special issue on 1999 international conference on software engineering
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Predicate abstraction for software verification
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Automating proofs of the absence of common runtime errors
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
POPL '80 Proceedings of the 7th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Output-constraint specialization
ASIA-PEPM '02 Proceedings of the ASIAN symposium on Partial evaluation and semantics-based program manipulation
Elimination of Java array bounds checks in the presence of indirection
JGI '02 Proceedings of the 2002 joint ACM-ISCOPE conference on Java Grande
Typestate Checking of Machine Code
ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
Deriving Pre-conditions for Array Bound Check Elimination
PADO '01 Proceedings of the Second Symposium on Programs as Data Objects
Combining Theorem Proving and Model Checking through Symbolic Analysis
CONCUR '00 Proceedings of the 11th International Conference on Concurrency Theory
Symbolic Analysis of Transition Systems
ASM '00 Proceedings of the International Workshop on Abstract State Machines, Theory and Applications
Software-fault detector for microprocessors
SIGSMALL '81 Proceedings of the 1981 ACM SIGSMALL symposium on Small systems and SIGMOD workshop on Small database systems
Inference rules for program annotation
ICSE '78 Proceedings of the 3rd international conference on Software engineering
High-level debugging assistance via optimizing compiler technology (Extended Abstract)
SIGSOFT '83 Proceedings of the ACM SIGSOFT/SIGPLAN software engineering symposium on High-level debugging
Protecting C programs from attacks via invalid pointer dereferences
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Program Adaptation via Output-Constraint Specialization
Higher-Order and Symbolic Computation
Automated Generation of Test Programs from Closed Specifications of Classes and Test Cases
Proceedings of the 26th International Conference on Software Engineering
Symbolic bounds analysis of pointers, array indices, and accessed memory regions
ACM Transactions on Programming Languages and Systems (TOPLAS)
Efficient and effective array bound checking
ACM Transactions on Programming Languages and Systems (TOPLAS)
Using Static Analysis to Reduce Dynamic Analysis Overhead
Formal Methods in System Design
A class of polynomially solvable range constraints for interval analysis without widenings
Theoretical Computer Science - Tools and algorithms for the construction and analysis of systems (TACAS 2004)
Generating all polynomial invariants in simple loops
Journal of Symbolic Computation
Speculative optimization using hardware-monitored guarded regions for java virtual machines
Proceedings of the 3rd international conference on Virtual execution environments
A practical and precise inference and specializer for array bound checks elimination
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Optimization on array bound check and redundancy elimination
ISTASC'05 Proceedings of the 5th WSEAS/IASME International Conference on Systems Theory and Scientific Computation
Testudo: Heavyweight security analysis via statistical sampling
Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture
Dual analysis for proving safety and finding bugs
Proceedings of the 2010 ACM Symposium on Applied Computing
Inferring disjunctive postconditions
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Sufficient preconditions for modular assertion checking
VMCAI'08 Proceedings of the 9th international conference on Verification, model checking, and abstract interpretation
On-demand refinement of dependent types
FLOPS'08 Proceedings of the 9th international conference on Functional and logic programming
Modular inference of subprogram contracts for safety checking
Journal of Symbolic Computation
An overview of the Jahob analysis system: project goals and current status
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Subregion analysis and bounds check elimination for high level arrays
CC'11/ETAPS'11 Proceedings of the 20th international conference on Compiler construction: part of the joint European conferences on theory and practice of software
Eliminating partially-redundant array-bounds check in the Android Dalvik JIT compiler
Proceedings of the 9th International Conference on Principles and Practice of Programming in Java
Checking memory safety with blast
FASE'05 Proceedings of the 8th international conference, held as part of the joint European Conference on Theory and Practice of Software conference on Fundamental Approaches to Software Engineering
Verification conditions for source-level imperative programs
Computer Science Review
Using dynamic analysis to discover polynomial and array invariants
Proceedings of the 34th International Conference on Software Engineering
Dual analysis for proving safety and finding bugs
Science of Computer Programming
Loop summarization using state and transition invariants
Formal Methods in System Design
Hi-index | 0.00 |
This paper describes a system which checks correctness of array accesses automatically without any inductive assertions or human interaction. For each array access in the program a condition that the subscript is greater than or equal to the lower bound and a condition that the subscript is smaller than or equal to the upper bound are checked and the results indicating within the bound, out of bound, or undetermined are produced. It can check ordinary programs at about fifty lines per ten seconds, and it shows linear time complexity behavior.It has been long discussed whether program verification will ever become practical. The main argument against program verification is that it is very hard for a programmer to write assertions about programs. Even if he can supply enough assertions, he must have some knowledge about logic in order to prove the lemmas (or verification conditions) obtained from the verifier.However, there are some assertions about programs which must always be true no matter what the programs do; and yet which cannot be checked for all cases. These assertions include: integer values do not overflow, array subscripts are within range, pointers do not fall off NIL, cells are not reclaimed if they are still pointed to, uninitialized variables are not used.Since these conditions cannot be completely checked, many compilers produce dynamic checking code so that if the condition fails, then the program terminates with proper diagnostics. These dynamic checking code sometimes take up much computation time. It is better to have some checking so that unexpected overwriting of data will not occur, but it is still very awkward that the computation stops because of error. Moreover, these errors can be traced back to some other errors in the program. If we can find out whether these conditions will be met or not before actually running the program, we can benefit both by being able to generate efficient code and by being able to produce more reliable programs by careful examination of errors in the programs. Similar techniques can be used to detect semantically equivalent subexpressions or redundant statements to do more elaborate code movement optimization.The system we have constructed runs fast enough to be used as a preprocessor of a compiler. The system first creates logical assertions immediately before array elements such that these assertions must be true whenever the control passes the assertion in order for the access to be valid. These assertions are proved using similar techniques as inductive assertion methods. If an array element lies inside a loop or after a loop a loop invariant is synthesized. A theorem prover was created which has the decision capabilities for a subset of arithmetic formulas. We can use this prover to prove some valid formulas, but we can also use it to generalize nonvalid formulas so that we can hypothesize more general loop invariants.Theoretical considerations on automatic synthesis of loop invariants have been taken into account and a complete formula for loop invariants was obtained. We reduced the problem of loop invariant synthesis to the computation of this formula. This new approach of the synthesis of loop invariant will probably give more firmer basis for the automatic generation of loop invariants in general purpose verifiers.