An overview of the saturn project

Aiken, Alex; Bugrara, Suhabe; Dillig, Işıl; Dillig, Thomas; Hackett, Brian; Hawkins, Peter

doi:10.1145/1251535.1251543

Cited by 89 publications

(57 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Future work includes incorporating the Guess-andCheck algorithm into a mainstream program verification engine [10] that can consume the candidate invariants as relevant predicates for proofs and a bugfinding engine [1] that can use the candidate invariants to abstract loops by their sound under-approximations and obtain better coverage. Since these tools generally work over linear arithmetic, the transformation from algebraic to linear invariants will play a critical role.…”

Section: Resultsmentioning

confidence: 99%

A Data Driven Approach for Algebraic Loop Invariants

Sharma

Gupta

Hariharan

et al. 2013

Programming Languages and Systems

Self Cite

111

View full text Add to dashboard Cite

Abstract. We describe a Guess-and-Check algorithm for computing algebraic equation invariants of the form ∧ifi(x1, . . . , xn) = 0, where each fi is a polynomial over the variables x1, . . . , xn of the program. The "guess" phase is data driven and derives a candidate invariant from data generated from concrete executions of the program. This candidate invariant is subsequently validated in a "check" phase by an off-the-shelf SMT solver. Iterating between the two phases leads to a sound algorithm. Moreover, we are able to prove a bound on the number of decision procedure queries which Guess-and-Check requires to obtain a sound invariant. We show how Guess-and-Check can be extended to generate arbitrary boolean combinations of linear equalities as invariants, which enables us to generate expressive invariants to be consumed by tools that cannot handle non-linear arithmetic. We have evaluated our technique on a number of benchmark programs from recent papers on invariant generation. Our results are encouraging -we are able to efficiently compute algebraic invariants in all cases, with only a few tests.

show abstract

Section: Resultsmentioning

confidence: 99%

A Data Driven Approach for Algebraic Loop Invariants

Sharma

Gupta

Hariharan

et al. 2013

Programming Languages and Systems

Self Cite

111

View full text Add to dashboard Cite

show abstract

“…Saturn [5] is a sophisticated tool for static analysis of programs. It is summary based, analyzing each function in isolation and only utilizing summary information at call sites.…”

Section: Related Workmentioning

confidence: 99%

JSWhiz: Static analysis for JavaScript memory leaks

Pienaar

Hundt

2013

Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)

View full text Add to dashboard Cite

JavaScript is the dominant language for implementing dynamic web pages in browsers. Even though it is standardized, many browsers implement language and browser bindings in different and incompatible ways. As a result, a plethora of web development frameworks were developed to hide cross-browser issues and to ease development of large web applications. An unwelcome side-effect of these frameworks is that they can introduce memory leaks, despite the fact that JavaScript is garbage collected. Memory bloat is a major issue for web applications, as it affects user perceived latency and may even prevent large web applications from running on devices with limited resources.In this paper we present JSWhiz, an extension to the open-source Closure JavaScript compiler. Based on experiences analyzing memory leaks in Gmail, JSWhiz detects five identified common problem patterns. JSWhiz found a total of 89 memory leaks across Google's Gmail, Docs, Spreadsheets, Books, and Closure itself. It contributed significantly in a recent effort to reduce Gmail memory footprint, which resulted in bloat reduction of 75% at the 99th percentile, and by roughly 50% at the median.

show abstract

“…Several bug-finding (non-verifying) efforts have scaled to systems of the size we consider; representative examples include [13,19,3]. Fewer verifiers have been demonstrated to work on million line programs and these have focused on finite-state properties; these systems are subject to the caveat (as is our system) that portions of the analysis may be unsound due to time-outs and other resource limits for a small portion of the analysis [8,14,4].…”

Section: Related Workmentioning

confidence: 99%

Inferring data polymorphism in systems code

Hackett

Aiken

2011

Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering

Self Cite

View full text Add to dashboard Cite

We describe techniques for analyzing data polymorphism in C, and show that understanding data polymorphism is important for statically verifying type casts in the Linux kernel, where our techniques prove the safety of 75% of downcasts to structure types, out of a population of 28767. We also discuss prevalent patterns of data polymorphism in Linux, including code patterns we can handle and those we cannot.

show abstract

An overview of the saturn project

Cited by 89 publications

References 22 publications

A Data Driven Approach for Algebraic Loop Invariants

A Data Driven Approach for Algebraic Loop Invariants

JSWhiz: Static analysis for JavaScript memory leaks

Inferring data polymorphism in systems code

Contact Info

Product

Resources

About