| Title |
Under-approximating loops in C programs for fast counterexample detection
|
|---|---|
| Published in |
Formal Methods in System Design, April 2015
|
| DOI | 10.1007/s10703-015-0228-1 |
| Pubmed ID | |
| Authors |
Daniel Kroening, Matt Lewis, Georg Weissenbacher |
| Abstract |
Many software model checkers only detect counterexamples with deep loops after exploring numerous spurious and increasingly longer counterexamples. We propose a technique that aims at eliminating this weakness by constructing auxiliary paths that represent the effect of a range of loop iterations. Unlike acceleration, which captures the exact effect of arbitrarily many loop iterations, these auxiliary paths may under-approximate the behaviour of the loops. In return, the approximation is sound with respect to the bit-vector semantics of programs. Our approach supports arbitrary conditions and assignments to arrays in the loop body, but may as a result introduce quantified conditionals. To reduce the resulting performance penalty, we present two quantifier elimination techniques specially geared towards our application. Loop under-approximation can be combined with a broad range of verification techniques. We paired our techniques with lazy abstraction and bounded model checking, and evaluated the resulting tool on a number of buffer overflow benchmarks, demonstrating its ability to efficiently detect deep counterexamples in C programs that manipulate arrays. |
X Demographics
The data shown below were collected from the profile of 1 X user who shared this research output. Click here to find out more about how the information was compiled.
Geographical breakdown
| Country | Count | As % |
|---|---|---|
| Unknown | 1 | 100% |
Demographic breakdown
| Type | Count | As % |
|---|---|---|
| Members of the public | 1 | 100% |
Mendeley readers
The data shown below were compiled from readership statistics for 20 Mendeley readers of this research output. Click here to see the associated Mendeley record.
Geographical breakdown
| Country | Count | As % |
|---|---|---|
| United Kingdom | 2 | 10% |
| Japan | 1 | 5% |
| Unknown | 17 | 85% |
Demographic breakdown
| Readers by professional status | Count | As % |
|---|---|---|
| Student > Ph. D. Student | 9 | 45% |
| Researcher | 4 | 20% |
| Student > Master | 2 | 10% |
| Student > Bachelor | 1 | 5% |
| Unknown | 4 | 20% |
| Readers by discipline | Count | As % |
|---|---|---|
| Computer Science | 17 | 85% |
| Unknown | 3 | 15% |
Attention Score in Context
This research output has an Altmetric Attention Score of 1. This is our high-level measure of the quality and quantity of online attention that it has received. This Attention Score, as well as the ranking and number of research outputs shown below, was calculated when the research output was last mentioned on 15 September 2015.
All research outputs
#20,291,881
of 22,828,180 outputs
Outputs from Formal Methods in System Design
#64
of 82 outputs
Outputs of similar age
#223,604
of 264,790 outputs
Outputs of similar age from Formal Methods in System Design
#2
of 5 outputs
Altmetric has tracked 22,828,180 research outputs across all sources so far. This one is in the 1st percentile – i.e., 1% of other outputs scored the same or lower than it.
So far Altmetric has tracked 82 research outputs from this source. They receive a mean Attention Score of 2.2. This one is in the 1st percentile – i.e., 1% of its peers scored the same or lower than it.
Older research outputs will score higher simply because they've had more time to accumulate mentions. To account for age we can compare this Altmetric Attention Score to the 264,790 tracked outputs that were published within six weeks on either side of this one in any source. This one is in the 1st percentile – i.e., 1% of its contemporaries scored the same or lower than it.
We're also able to compare this research output to 5 others from the same source and published within six weeks on either side of this one. This one has scored higher than 3 of them.