An effective guidance strategy for abstraction-guided simulation
Proceedings of the 44th annual Design Automation Conference
Guided model checking for programs with polymorphism
Proceedings of the 2009 ACM SIGPLAN workshop on Partial evaluation and program manipulation
A Meta Heuristic for Effectively Detecting Concurrency Errors
HVC '08 Proceedings of the 4th International Haifa Verification Conference on Hardware and Software: Verification and Testing
Generating counter-examples through randomized guided search
Proceedings of the 14th international SPIN conference on Model checking software
Automatic constraint generation for guided random simulation
Proceedings of the 2010 Asia and South Pacific Design Automation Conference
| Hi-index | 0.00 |
State exploration in directed software model checking is guided using a heuristic function to move states near errors to the front of the search queue. Distance heuristic functions rank states based on the number of transitions needed to move the current program state into an error location. Lack of calling context information causes the heuristic function to underestimate the true distance to the error; however, inlining functions at call sites in the control flow graph to capture calling context leads to an exponential growth in the computation. This paper presents a new algorithm that implicitly inlines functions at call sites to compute distance data with unbounded calling context that is polynomial in the number of nodes in the control flow graph. The new algorithm propagates distance data through call sites during a depth-first traversal of the program. We show in a series of benchmark examples that the new heuristic function with unbounded distance data is more efficient than the same heuristic function that inlines functions at their call sites up to a certain depth.