Domain Types: Abstract-Domain Selection Based on Variable Usage

Apel, Sven; Beyer, Dirk; Friedberger, Karlheinz; Raimondi, Franco; Rhein, Alexander von

doi:10.1007/978-3-319-03077-7_18

Cited by 16 publications

(13 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…MUX treats the model checkers as black-boxes and derives a manyto-one selector. In order to obtain the best performance from available tools and strategies, white-box approaches aim at fine-tuning software verification tools [11,4] and some techniques try to derive tool chains of complementary tools [10,3]. Beyer et al [11] vary the precision of "merge" and other abstract operations to improve both scalability and precision of model checkers.…”

Section: Related Workmentioning

confidence: 99%

MUX: algorithm selection for software model checkers

Tulsian

Kanade

Kumar

et al. 2014

Proceedings of the 11th Working Conference on Mining Software Repositories

View full text Add to dashboard Cite

With the growing complexity of modern day software, software model checking has become a critical technology for ensuring correctness of software. As is true with any promising technology, there are a number of tools for software model checking. However, their respective performance trade-offs are difficult to characterize accurately -making it difficult for practitioners to select a suitable tool for the task at hand. This paper proposes a technique called MUX that addresses the problem of selecting the most suitable software model checker for a given input instance. MUX performs machine learning on a repository of software verification instances. The algorithm selector, synthesized through machine learning, uses structural features from an input instance, comprising a program-property pair, at runtime and determines which tool to use.We have implemented MUX for Windows device drivers and evaluated it on a number of drivers and model checkers. Our results are promising in that the algorithm selector not only avoids a significant number of timeouts but also improves the total runtime by a large margin, compared to any individual model checker. It also outperforms a portfolio-based algorithm selector being used in Microsoft at present. Besides, MUX identifies structural features of programs that are key factors in determining performance of model checkers.

show abstract

Section: Related Workmentioning

confidence: 99%

MUX: algorithm selection for software model checkers

Tulsian

Kanade

Kumar

et al. 2014

Proceedings of the 11th Working Conference on Mining Software Repositories

View full text Add to dashboard Cite

show abstract

“…There, the explicit-state model checker SPIN has been used for reachability analysis, with a posteriori reasoning about test-case reuse among product variants, but without any reuse of reachability results among test goals. Applying CPAchecker for product-line verification has been proposed [3], incorporating BDD analysis for reuse of verification results [2]. Reuse of reachability analysis results for different test goals [7,8] has been presented and implemented as CPA/tiger on top of CPAchecker and corresponding reuse concepts have been applied to intermediate verification results [10].…”

Section: Related Workmentioning

confidence: 99%

Facilitating Reuse in Multi-goal Test-Suite Generation for Software Product Lines

Bürdek

Lochau

Bauregger

et al. 2015

Fundamental Approaches to Software Engineering

Self Cite

View full text Add to dashboard Cite

Abstract. Software testing is still the most established and scalable quality-assurance technique in practice. However, generating effective test suites remains computationally expensive, consisting of repetitive reachability analyses for multiple test goals according to a coverage criterion. This situation is even worse when testing entire software product lines, i.e., families of similar program variants, requiring a sufficient coverage of all derivable program variants. Instead of considering every product variant one-by-one, family-based approaches are variabilityaware analysis techniques in that they systematically explore similarities among the different variants. Based on this principle, we present a novel approach for automated product-line test-suite generation incorporating extensive reuse of reachability information among test cases derived for different test goals and/or program variants. We present a tool implementation on top of CPA/tiger which is based on CPAchecker, and provide evaluation results obtained from various experiments, revealing a considerable increase in efficiency compared to existing techniques.

show abstract

“…Picking the right predicates, either upfront or dynamically during analysis [5], is essential in this setting to ensure rapid convergence of a model checker, and is in practice achieved through a combination of "systematic" methods (for CEGAR, in particular through Craig interpolation) and heuristics. For instance, SLAM extracts refinement predicates from counterexamples using domain-specific heuristics [16]; YOGI uses machine learning to choose the default set of heuristics for picking predicates [19]; CPAchecker uses domain types to decide whether to represent variables explicitly or using BDDs [2], and to choose refinement predicates [4]; and Eldarica uses heuristics to guide the process of Craig interpolation [18]. Similar heuristics can be identified in tools based on abstract interpretation, among others.…”

Section: Introductionmentioning

confidence: 99%

Systematic Predicate Abstraction Using Variable Roles

Demyanova

Rümmer

Zuleger

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Heuristics for discovering predicates for abstraction are an essential part of software model checkers. Picking the right predicates affects the runtime of a model checker, or determines if a model checker is able to solve a verification task at all. In this paper we present a method to systematically specify heuristics for generating program-specific abstractions. The heuristics can be used to generate initial abstractions, and to guide abstraction refinement through templates provided for Craig interpolation. We describe the heuristics using variable roles, which allow us to pick domain-specific predicates according to the program under analysis. Variable roles identify typical variable usage patterns and can be computed using lightweight static analysis, for instance with the help of of-the-shelf logical programming engines. We implemented a prototype tool which extracts initial predicates and templates for C programs and passes them to the Eldarica model checker in the form of source code annotations. For evaluation, we defined a set of heuristics, motivated by Eldarica's previous built-in heuristics and typical verification benchmarks from the literature and SV-COMP. We evaluate our approach on a set of more than 500 programs, and observe an overall increase in the number of solved tasks by 11.2%, and significant speedup on certain benchmark families.

show abstract

Domain Types: Abstract-Domain Selection Based on Variable Usage

Cited by 16 publications

References 36 publications

MUX: algorithm selection for software model checkers

MUX: algorithm selection for software model checkers

Facilitating Reuse in Multi-goal Test-Suite Generation for Software Product Lines

Systematic Predicate Abstraction Using Variable Roles

Contact Info

Product

Resources

About