Typestate: A programming language concept for enhancing software reliability
IEEE Transactions on Software Engineering
Constant propagation with conditional branches
ACM Transactions on Programming Languages and Systems (TOPLAS)
Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Timing verification by successive approximation
Information and Computation
A flexible architecture for building data flow analyzers
Proceedings of the 18th international conference on Software engineering
Refining data flow information using infeasible paths
ESEC '97/FSE-5 Proceedings of the 6th European SOFTWARE ENGINEERING conference held jointly with the 5th ACM SIGSOFT international symposium on Foundations of software engineering
Parametric shape analysis via 3-valued logic
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A unified approach to global program optimization
POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
A Discipline of Programming
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Construction of Abstract State Graphs with PVS
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Counterexample-Guided Abstraction Refinement
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
Expected forms of data flow analyses
Programs as Data Objects, Proceedings of a Workshop
Checking and inferring local non-aliasing
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Assertion Graphs for Verifying and Synthesizing Programs
Assertion Graphs for Verifying and Synthesizing Programs
Frameworks for precise program analysis
Frameworks for precise program analysis
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Flow analysis for verifying properties of concurrent software systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Scalable error detection using boolean satisfiability
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CMC: a pragmatic approach to model checking real code
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Static specification inference using predicate mining
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Comprehensive path-sensitive data-flow analysis
Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimization
Simulation-directed invariant mining for software verification
Proceedings of the conference on Design, automation and test in Europe
SLR: Path-Sensitive Analysis through Infeasible-Path Detection and Syntactic Language Refinement
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Combining predicate and numeric abstraction for software model checking
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
On temporal path conditions in dependence graphs
Automated Software Engineering
ACM Computing Surveys (CSUR)
WYSINWYX: What you see is not what you eXecute
ACM Transactions on Programming Languages and Systems (TOPLAS)
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Analyzing stripped device-driver executables
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Automatically refining abstract interpretations
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Exploiting program dependencies for scalable multiple-path symbolic execution
Proceedings of the 19th international symposium on Software testing and analysis
Path-Sensitive dataflow analysis with iterative refinement
SAS'06 Proceedings of the 13th international conference on Static Analysis
Using statically computed invariants inside the predicate abstraction and refinement loop
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Predicate analysis with BLAST 2.7
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Conditional model checking: a technique to pass information between verifiers
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Path-Sensitive backward slicing
SAS'12 Proceedings of the 19th international conference on Static Analysis
Hi-index | 0.00 |
Dataflow analyses sacrifice path-sensitivity for efficiency and lead to false positives when used for verification. Predicate refinement based model checking methods are path-sensitive but must perform many expensive iterations to find all the relevant facts about a program, not all of which are naturally expressed and analyzed using predicates. We show how to join these complementary techniques to obtain efficient and precise versions of any lattice-based dataflow analysis using predicated lattices. A predicated lattice partitions the program state according to a set of predicates and tracks a lattice element for each partition. The resulting dataflow analysis is more precise than the eager dataflow analysis without the predicates.In addition, we automatically infer predicates to rule out imprecisions. The result is a dataflow analysis that can adaptively refine its precision. We then instantiate this generic framework using a symbolic execution lattice, which tracks pointer and value information precisely. We give experimental evidence that our combined analysis is both more precise than the eager analysis in that it is sensitive enough to prove various properties, as well as much faster than the lazy analysis, as many relevant facts are eagerly computed, thus reducing the number of iterations.This results in an order of magnitude improvement in the running times from a purely lazy analysis.