SMT-based model checking for recursive programs
A Komuravelli, A Gurfinkel, S Chaki - Formal Methods in System Design, 2016 - Springer
We present an SMT-based symbolic model checking algorithm for safety verification of
recursive programs. The algorithm is modular and analyzes procedures individually. Unlike …
recursive programs. The algorithm is modular and analyzes procedures individually. Unlike …
Visibly pushdown languages
R Alur, P Madhusudan - Proceedings of the thirty-sixth annual ACM …, 2004 - dl.acm.org
We propose the class of visibly pushdown languages as embeddings of context-free
languages that is rich enough to model program analysis questions and yet is tractable and …
languages that is rich enough to model program analysis questions and yet is tractable and …
Compositional dynamic test generation
P Godefroid - Proceedings of the 34th annual ACM SIGPLAN …, 2007 - dl.acm.org
Dynamic test generation is a form of dynamic program analysis that attempts to compute test
inputs to drive a program along a specific program path. Directed Automated Random …
inputs to drive a program along a specific program path. Directed Automated Random …
Adding nesting structure to words
R Alur, P Madhusudan - Journal of the ACM (JACM), 2009 - dl.acm.org
We propose the model of nested words for representation of data with both a linear ordering
and a hierarchically nested matching of items. Examples of data with such dual linear …
and a hierarchically nested matching of items. Examples of data with such dual linear …
Proofs from tests
NE Beckman, AV Nori, SK Rajamani… - Proceedings of the 2008 …, 2008 - dl.acm.org
We present an algorithm DASH to check if a program P satisfies a safety property phi. The
unique feature of the algorithm is that it uses only test generation operations, and it refines …
unique feature of the algorithm is that it uses only test generation operations, and it refines …
Graspan: A single-machine disk-based graph system for interprocedural static analyses of large-scale systems code
There is more than a decade-long history of using static analysis to find bugs in systems
such as Linux. Most of the existing static analyses developed for these systems are simple …
such as Linux. Most of the existing static analyses developed for these systems are simple …
Recursive Markov chains, stochastic grammars, and monotone systems of nonlinear equations
K Etessami, M Yannakakis - Journal of the ACM (JACM), 2009 - dl.acm.org
We define Recursive Markov Chains (RMCs), a class of finitely presented denumerable
Markov chains, and we study algorithms for their analysis. Informally, an RMC consists of a …
Markov chains, and we study algorithms for their analysis. Informally, an RMC consists of a …
Recursive state machine guided graph folding for context-free language reachability
Context-free language reachability (CFL-reachability) is a fundamental framework for
program analysis. A large variety of static analyses can be formulated as CFL-reachability …
program analysis. A large variety of static analyses can be formulated as CFL-reachability …
Fast algorithms for Dyck-CFL-reachability with applications to alias analysis
The context-free language (CFL) reachability problem is a well-known fundamental
formulation in program analysis. In practice, many program analyses, especially pointer …
formulation in program analysis. In practice, many program analyses, especially pointer …
Taming transitive redundancy for context-free language reachability
Given an edge-labeled graph, context-free language reachability (CFL-reachability)
computes reachable node pairs by deriving new edges and adding them to the graph. The …
computes reachable node pairs by deriving new edges and adding them to the graph. The …