Abstract-Verifying critical numerical software involves the generation of test data for floating-point intensive programs. As the symbolic execution of floating-point computations presents significant difficulties, existing approaches usually resort to random or search-based test data generation. However, without symbolic reasoning, it is almost impossible to generate test inputs that execute many paths with floating-point computations. Moreover, constraint solvers over the reals or the rationals do not handle the rounding errors. In this paper, we present a new version of FPSE, a symbolic evaluator for C program paths, that specifically addresses this problem. The tool solves path conditions containing floating-point computations by using correct and precise projection functions. This version of the tool exploits an essential filtering property based on the representation of floating-point numbers that makes it suitable to generate path-oriented test inputs for complex paths characterized by floating-point intensive computations. The paper reviews the key implementation choices in FPSE and the labeling search heuristics we selected to maximize the benefits of enhanced filtering. Our experimental results show that FPSE can generate correct test inputs for selected paths containing several hundreds of iterations and thousands of executable floating-point statements on a standard machine: this is currently outside the scope of any other symbolicexecution test data generator tool.
Reaction systems are a qualitative formalism for modeling systems of biochemical reactions characterized by the non-permanency of the elements: molecules disappear if not produced by any enabled reaction. Moreover, reaction systems execute in an environment that provides new molecules at each step. Brijder, Ehrenfeucht and Rozenberg investigated dynamic causalities in reaction systems by introducing the idea of predictors. A predictor of a molecule s, for a given n, is the set of molecules to be observed in the environment in order to determine whether s is produced or not by the system at step n.\ud \ud In this paper, we continue the investigation on dynamic causalities by defining an abstract interpretation framework containing three different notions of predictor: Formula based predictors, that is a propositional logic formula that precisely characterizes environments that lead to the production of s after n steps; Multi-step based predictors, that consist of n sets of molecules to be observed in the environment, one for each step; and Set based predictors, that are those proposed by Brijder, Ehrenfeucht and Rozenberg, and consist of a unique set of molecules to be observed in all steps.\ud \ud For each kind of predictor we define an effective operator that allows predictors to be computed for any molecule s and number of steps n. The abstract interpretation framework allows us to compare the three notions of predictor in terms of precision, to relate the three defined operators and to compute minimal predictors. We also discuss a generalization of this approach that allows predictors to be defined independently of the value of n, and a tabling approach for the practical use of predictors on reaction systems models. As an application, we use predictors, generalization and tabling to give theoretical grounds to previously obtained results on a model of gene regulation
In this paper we apply the Abstract Interpretation approach [8,9] for approximating the behavior of biological systems, modeled specifically using the Chemical Ground Form calculus [4], a new stochastic calculus rich enough to model the dynamics of biochemical reactions. Our analysis computes an Interval Markov Chain (IMC) that safely approximates the Discrete-Time Markov Chain, describing the probabilistic behavior of the system, and reports both lower and upper bounds for probabilistic temporal properties. Our analysis has several advantages: (i) the method is effective (even for infinite state systems) and allows us to systematically derive an IMC from an abstract labeled transition system; (ii) using intervals for abstracting the multiplicity of reagents allows us to achieve conservative bounds for the concrete probabilities of a set of concrete experiments which differs only for initial concentrations.
We introduce the notion of local completeness in abstract interpretation and define a logic for proving both the correctness and incorrectness of some program specification. Abstract interpretation is extensively used to design sound-byconstruction program analyses that over-approximate program behaviours. Completeness of an abstract interpretation A for all possible programs and inputs would be an ideal situation for verifying correctness specifications, because the analysis can be done compositionally and no false alert will arise. Our first result shows that the class of programs whose abstract analysis on A is complete for all inputs has a severely limited expressiveness. A novel notion of local completeness weakens the above requirements by considering only some specific, rather than all, program inputs and thus finds wider applicability. In fact, our main contribution is the design of a proof system, parameterized by an abstraction A, that, for the first time, combines over-and under-approximations of program behaviours. Thanks to local completeness, in a provable tripleThis means that Q is never too coarse, namely, under mild assumptions, the abstract interpretation of c does not yield false alerts for the input P iff Q has no alert. Thus, A [P ] c [Q] not only ensures that all the alerts raised in Q are true ones, but also that if Q does not raise alerts then c is correct. analysis turns out to be credible, when few, ideally zero, false alerts are reported to the user [9]. The dual perspective has been recently tackled by incorrectness logic [24]: exploiting under-approximations, any violation exposed by the analysis is a true alert. This makes IL a credible support for code-review, but Spec may be violated even when no alert is reported.Abstract interpretation [6]-[8] is a well-established framework for designing sound-by-construction over-approximations of the program behaviour. Given an abstraction A, instead of verifying whether the strongest post-condition post[c](P ) for a program c and a pre-condition P (also written c P ) satisfies a correctness specification Spec, a (sound) abstract over-approximation A(post[c](P )) is considered. While it is obvious that if A(post[c](P )) satisfies Spec then the program is correct, it may happen that A(post[c](P )) does not satisfy Spec even if the program is correct, because A introduced false alerts. Once the specification Spec and its abstract approximation in A coincide, the ideal program analysis is achieved by assuring that a sound analysis is also complete, so that no false alert is ever raised.Technically, in a domain A of abstract program stores, with abstraction and concretization maps α and γ resp., any store property P is, in general, over-approximated by A(P ) = γα(P ) ⊇ P . Assuming that Spec is expressible in A means that Spec = A(Spec) holds. For instance, in the abstract domain of intervals Int (see Example III.5) the property x ≥ 0 is expressible by the infinite interval [0, +∞]. By contrast, x = 0 is not expressible in Int, since the least ove...
Gene Regulatory Networks (GRNs) represent the interactions among genes regulating the activation of specific cell functionalities, such as reception of (chemical) signals or reaction to environmental changes. Studying and understanding these processes is crucial: they are the fundamental mechanism at the basis of cell functioning, and many diseases are based on perturbations or malfunctioning of some gene regulation activities. In this paper, we provide an overview on computational approaches to GRN modelling and analysis. We start from the biological and quantitative modelling background notions, recalling differential equations and the Gillespie’s algorithm. Then, we describe more in depth qualitative approaches such as Boolean networks and some computer science formalisms, including Petri nets, P systems and reaction systems. Our aim is to introduce the reader to the problem of GRN modelling and to guide her/him along the path that goes from classical quantitative methods, through qualitative methods based on Boolean network, up to some of the most relevant qualitative computational methods to understand the advantages and limitations of the different approaches.
Floating-point computations are quickly finding their way in the design of safety-and mission-critical systems, despite the fact that designing floating-point algorithms is significantly more difficult than designing integer algorithms. For this reason, verification and validation of floating-point computations is a hot research topic. An important verification technique, especially in some industrial sectors, is testing. However, generating test data for floating-point intensive programs proved to be a challenging problem. Existing approaches usually resort to random or search-based test data generation, but without symbolic reasoning it is almost impossible to generate test inputs that execute complex paths controlled by floating-point computations.Moreover, as constraint solvers over the reals or the rationals do not natively support the handling of rounding errors, the need arises for efficient constraint solvers over floating-point domains. In this paper, we present and fully justify improved algorithms for the propagation of arithmetic IEEE 754 binary floating-point constraints. The key point of these algorithms is a generalization of an idea by B. Marre and C. Michel that exploits a property of the representation of floating-point numbers.
In this paper we generalise the notion of extensional (functional) equivalence of programs to abstract equivalences induced by abstract interpretations . The standard notion of extensional equivalence is recovered as the special case, induced by the concrete interpretation. Some properties of the extensional equivalence, such as the one spelled out in Rice’s theorem, lift to the abstract equivalences in suitably generalised forms. On the other hand, the generalised framework gives rise to interesting and important new properties, and allows refined, non-extensional analyses. In particular, since programs turn out to be extensionally equivalent if and only if they are equivalent just for the concrete interpretation, it follows that any non-trivial abstract interpretation uncovers some intensional aspect of programs. This striking result is also effective, in the sense that it allows constructing, for any non-trivial abstraction, a pair of programs that are extensionally equivalent, but have different abstract semantics. The construction is based on the fact that abstract interpretations are always sound, but that they can be made incomplete through suitable code transformations. To construct these transformations, we introduce a novel technique for building incompleteness cliques of extensionally equivalent yet abstractly distinguishable programs: They are built together with abstract interpretations that produce false alarms. While programs are forced into incompleteness cliques using both control-flow and data-flow transformations, the main result follows from limitations of data-flow transformations with respect to control-flow ones. A further consequence is that the class of incomplete programs for a non-trivial abstraction is Turing complete. The obtained results also shed a new light on the relation between the techniques of code obfuscation and the precision in program analysis.
Reaction systems are a qualitative formalism for modeling systems of biochemical reactions characterized by the non-permanency of the elements: molecules disappear if not produced by any enabled reaction. Reaction systems execute in an environment that provides new molecules at each step. Brijder, Ehrenfeucht and Rozemberg introduced the idea of predictors. A predictor of a molecule s, for a given n, is the set of molecules to be observed in the environment to determine whether s is produced or not at step n by the system. We introduced the notion of formula based predictor, that is a propositional logic formula that precisely characterizes environments that lead to the production of s after n steps. In this paper we revise the notion of formula based predictor by defining a specialized version that assumes the environment to provide molecules according to what expressed by a temporal logic formula. As an application, we use specialized formula based predictors to give theoretical grounds to previously obtained results on a model of gene regulation
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.