An Alternative to SAT-Based Approaches for Bit-Vectors

Bardin, Sébastien; Herrmann, P.; Perroud, Florian

doi:10.1007/978-3-642-12002-2_7

Cited by 20 publications

(31 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to our knowledge, the approach reported in this paper is the first attempt to certify a CP(FD) constraint solver. CP(FD) solving is currently outside the scope of arithmetic decision procedures, and SMT solvers rely on the BitVectors Theory to handle finitely-encoded integers [5]. We selected the second approach discussed above, to build our certified CP(FD) solver, because unsatisfiability in these solvers is not reported with certificates or proof trees.…”

Section: Related Work and Discussionmentioning

confidence: 99%

“…In this context, finite domains mean finite sets of labels or possible values associated to each variable of the program. Existing results show that CP(FD) is a complementary approach to SMT for certain classes of verification problems [5,3].…”

Section: Introductionmentioning

confidence: 99%

“…For example, formal verification involves showing that a formula embedding the negation of a property is unsatisfiable, i.e., the formula has no model or solution. While most verification techniques are based on SAT and SMT (Satisfiability Modulo Theory), tools built over Constraint Programming over Finite Domains, noted CP(FD) [14], become more and more competitive e.g., CPBPV [11], or OSMOSE [5,4]. In this context, finite domains mean finite sets of labels or possible values associated to each variable of the program.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Certified Constraint Solver over Finite Domains

Carlier

Dubois

Gotlieb

2012

FM 2012: Formal Methods

View full text Add to dashboard Cite

Abstract. Constraint programs such as those written in modern Constraint Programming languages and platforms aim at solving problems coming from optimization, scheduling, planning, etc. Recently CP programs have been used in business-critical or safety-critical areas as well, e.g., e-Commerce, air-traffic control applications, or software verification. This implies a more skeptical regard on the implementation of constraint solvers, especially when the result is that a constraint problem has no solution, i.e., unsatisfiability. For example, in software model checking, using an unsafe constraint solver may result in a dramatic wrong answer saying that a safety property is satisfied while there exist counterexamples. In this paper, we present a Coq formalisation of a constraint filtering algorithm -AC3 and one of its variant AC2001 -and a simple labeling procedure. The proof of their soundness and completeness has been completed using Coq. As a result, a formally certified constraint solver written in OCaml has been automatically extracted from the Coq specification of the filtering and labeling algorithms. The solver, yet not as efficient as specialized existing (unsafe) implementations, can be used to formally certify that a constraint system is unsatisfiable.

show abstract

Section: Related Work and Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Certified Constraint Solver over Finite Domains

Carlier

Dubois

Gotlieb

2012

FM 2012: Formal Methods

View full text Add to dashboard Cite

show abstract

“…OSMOSE performs bit-level reasoning through constraints expressed in the theory of bitvectors plus arrays [7]. Memory is modelled as an array of bytes, which is sufficient since safety-critical programs do not perform dynamic memory allocation.…”

Section: Advanced Concernsmentioning

confidence: 99%

Binary-Level Testing of Embedded Programs

Bardin

Baufreton

Cornuet

et al. 2013

2013 13th International Conference on Quality Software

Self Cite

View full text Add to dashboard Cite

Abstract-Dynamic Symbolic Execution (DSE) is a powerful approach to automatic test data generation. It has been heavily used in recent years for finding bugs in desktop programs. In this article, we discuss the use of binary-level DSE for testing safetycritical embedded systems. More especially, we present several innovative features implemented in our DSE tool OSMOSE, and we show through four case-studies how these features can be used in practical situations.

show abstract

“…Another path in the quest of an efficient and expressive solving is the use of Constraint Programming over Finite Domains (FD) [Bardin and Gotlieb, 2012;Bardin and Herrmann, 2008;Charreteur et al, 2009;Marre and Blanc, 2005]. FD has been proved useful for reasoning about complex structures crucial to software verification, such as floating point numbers [Botella et al, 2006], modular arithmetic [Gotlieb et al, 2010] and bitvectors [Bardin et al, 2010]. Multi-theory and verificationoriented FD frameworks are also starting to emerge [Marre and Blanc, 2005].…”

Section: Introductionmentioning

confidence: 99%

Efficient and Complete FD-solving for extended array constraints

Plazar

Acher

Bardin

et al. 2017

Proceedings of the Twenty-Sixth International Joint Conference on Artificial Intelligence

Self Cite

View full text Add to dashboard Cite

Array constraints are essential for handling data structures in automated reasoning and software verification. Unfortunately, the use of a typical finite domain (FD) solver based on local consistencybased filtering has strong limitations when constraints on indexes are combined with constraints on array elements and size. This paper proposes an efficient and complete FD-solving technique for extended constraints over (possibly unbounded) arrays. We describe a simple but particularly powerful transformation for building an equisatisfiable formula that can be efficiently solved using standard FD reasoning over arrays, even in the unbounded case. Experiments show that the proposed solver significantly outperforms FD solvers, and successfully competes with the best SMT-solvers.

show abstract

An Alternative to SAT-Based Approaches for Bit-Vectors

Cited by 20 publications

References 21 publications

A Certified Constraint Solver over Finite Domains

A Certified Constraint Solver over Finite Domains

Binary-Level Testing of Embedded Programs

Efficient and Complete FD-solving for extended array constraints

Contact Info

Product

Resources

About