Symbolic Polytopes for Quantitative Interpolation and Verification
نویسندگان
چکیده
Proving quantitative properties of programs, such as bounds on resource usage or information leakage, often leads to verification conditions that involve cardinalities of sets. Existing approaches for dealing with such verification conditions operate by checking cardinality bounds for given formulas. However, they cannot synthesize formulas that satisfy given cardinality constraints, which limits their applicability for inferring cardinality-based inductive arguments. In this paper we present an algorithm for synthesizing formulas for given cardinality constraints, which relies on the theory of counting integer points in symbolic polytopes. We cast our algorithm in terms of a cardinality-constrained interpolation procedure, which we put to work in a solver for recursive Horn clauses with cardinality constraints based on abstraction refinement. We implement our technique and describe its evaluation on a number of representative examples.
منابع مشابه
Global Residues for Sparse Polynomial Systems
We consider families of sparse Laurent polynomials f1, . . . , fn with a finite set of common zeroes Zf in the torus T n = (C − {0}) . The global residue assigns to every Laurent polynomial g the sum of its Grothendieck residues over Zf . We present a new symbolic algorithm for computing the global residue as a rational function of the coefficients of the fi when the Newton polytopes of the fi ...
متن کاملUnbounded Symbolic Execution for Program Verification
Symbolic execution with interpolation is emerging as an alternative to CEGAR for software verification. The performance of both methods relies critically on interpolation in order to obtain the most general abstraction of the current symbolic or abstract state which can be shown to remain error-free. CEGAR naturally handles unbounded loops because it is based on abstract interpretation. In cont...
متن کاملSymbol Elimination for Automated Generation of Program Properties
Automatic understanding of the intended meaning of computer programs is a very hard problem, requiring intelligence and reasoning. In this talk we describe applications of our symbol elimination methods in automated proram analysis. Symbol elimination uses first-order theorem proving techniques in conjunction with symbolic computation methods, and derives nontrivial program properties, such as ...
متن کاملPrecise Cache Timing Analysis via Symbolic Simulation
Worst-Case Execution Time (WCET) is a reliable guarantee for the temporal correctness of hard real-time systems. In this paper, we propose a novel integrated method for WCET analysis where micro-architectural modeling – with emphasis on caches – and systematic path-sensitivity, are synergized. This would give us very high precision for WCET analysis, but at the same time, it is a huge challenge...
متن کاملScalable Symbolic Execution For Verification
In previous work, we presented a symbolic execution method which starts with a concrete model of the program but progressively abstracts away details only when these are known to be irrelevant using interpolation. In this paper, we extend the technique to handle unbounded loops. The central idea is to progressively discover the strongest invariants through a process of loop unrolling. The key f...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015