Identifying Overly Restrictive Matching Patterns in SMT-based Program Verifiers (extended version)
نویسندگان
چکیده
Universal quantifiers occur frequently in proof obligations produced by program verifiers, for instance, to axiomatize uninterpreted functions and statically express properties of arrays. SMT-based verifiers typically reason about them via E-matching, an SMT algorithm that requires syntactic matching patterns guide the quantifier instantiations. Devising good is challenging. In particular, overly restrictive may lead spurious verification errors if needed a are not instantiated; they also conceal unsoundness caused inconsistent axiomatizations. this paper, we present first technique identifies helps users developers remedy effects patterns. We designed novel synthesize missing triggering terms required complete unsatisfiability proofs E-matching. Tool can use information refine their prevent similar errors, or fix detected unsoundness.
منابع مشابه
Practical SMT-Based Type Error Localization Extended Version
Compilers for statically typed functional programming languages are notorious for generating confusing type error messages. When the compiler detects a type error, it typically reports the program location where the type checking failed as the source of the error. Since other error sources are not even considered, the actual root cause is often missed. A more adequate approach is to consider al...
متن کاملTowards Usable Program Verifiers
Code deficiencies and bugs constitute an unavoidable part of software systems. In safety-critical systems, like aircrafts or medical equipment, even a single bug can lead to catastrophic impacts such as injuries or death. Formal verification can be used to statically track code deficiencies by proving or disproving correctness properties of a system. However, at its current state formal verific...
متن کاملIdentifying Key Cyber-Physical Terrain (Extended Version)
The high mobility of Army tactical networks, combined with their close proximity to hostile actors, elevates the risks associated with short-range network attacks. The connectivity model for such short range connections under active operations is extremely fluid, and highly dependent upon the physical space within which the element is operating, as well as the patterns of movement within that s...
متن کاملFailure-Directed Program Trimming (Extended Version)
This paper describes a new program simplification technique called program trimming that aims to improve the scalability and precision of safety checking tools. Given a program P, program trimming generates a new program P ′ such that P and P ′ are equi-safe (i.e., P ′ has a bug if and only if P has a bug), but P ′ has fewer execution paths than P. Since many program analyzers are sensitive to ...
متن کاملSpeeding Up SMT-Based Quantitative Program Analysis
Quantitative program analysis involves computing numerical quantities about individual or collections of program executions. An example of such a computation is quantitative information flow analysis, where one estimates the amount of information leaked about secret data through a program’s output channels. Such information can be quantified in several ways, including channel capacity and (Shan...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Formal Aspects of Computing
سال: 2022
ISSN: ['1433-299X', '0934-5043']
DOI: https://doi.org/10.1145/3571748