Computer Aided Verification 30th International Conference, CAV 2018, Held As Part of the Federated Logic Conference, FloC 2018, Oxford, UK, July 14-17, 2018, Proceedings, Part II

Uložené v:
Podrobná bibliografia
Hlavní autori: Chockler, Hana, Weissenbacher, Georg
Médium: E-kniha
Jazyk:English
Vydavateľské údaje: Cham Springer International Publishing AG 2018
Vydanie:1
ISBN:9783319961415, 3319961411
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Obsah:
  • 6.2 Evaluation Benchmarks -- 6.3 IFC-CEGAR Results -- 6.4 IFC-BMC Results -- 7 Related Work -- 8 Conclusions and Future Work -- References -- SCINFER: Refinement-Based Verification of Software Countermeasures Against Side-Channel Attacks -- 1 Introduction -- 2 Preliminaries -- 2.1 Probabilistic Boolean Programs -- 2.2 Side-Channel Attacks and Masking -- 3 The Semantic Type Inference System -- 3.1 The Type System -- 3.2 Checking Semantic Independence -- 3.3 Verifying Higher-Order Masking -- 4 The Gradual Refinement Approach -- 4.1 SMT-Based Approach -- 4.2 Feeding SMT-Based Analysis Results Back to Type System -- 4.3 The Overall Algorithm -- 5 Experiments -- 5.1 Benchmarks -- 5.2 Experimental Results -- 5.3 Detailed Statistics -- 6 Related Work -- 7 Conclusions and Future Work -- References -- Symbolic Algorithms for Graphs and Markov Decision Processes with Fairness Objectives -- 1 Introduction -- 2 Definitions -- 2.1 Basic Problem Definitions -- 2.2 Basic Concepts Related to Algorithmic Solution -- 3 Symbolic Divide-and-Conquer with Lock-Step Search -- 4 Graphs with Streett Objectives -- 5 Symbolic MEC Decomposition -- 6 MDPs with Streett Objectives -- 7 Experiments -- 8 Conclusion -- References -- Attracting Tangles to Solve Parity Games -- 1 Introduction -- 2 Preliminaries -- 3 Tangles -- 4 Solving by Learning Tangles -- 4.1 Attracting Tangles -- 4.2 The solve Algorithm -- 4.3 The search Algorithm -- 4.4 Extracting Tangles from a Region -- 4.5 Tangle Learning Solves Parity Games -- 4.6 Variations of Tangle Learning -- 5 Complexity -- 6 Implementation -- 7 Empirical Evaluation -- 7.1 Overall Results -- 7.2 Model Checking and Equivalence Checking Games -- 7.3 Random Games -- 8 Tangles in Other Algorithms -- 8.1 Small Progress Measures -- 8.2 Quasi-polynomial Time Progress Measures -- 8.3 Strategy Improvement -- 8.4 Priority Promotion
  • 5.3 Resolution over LA: A Theory of Linear Arithmetic -- 6 Lazy vs. Eager Reductions and the Exponential Time Hypothesis -- 7 Conclusion -- References -- Model Generation for Quantified Formulas: A Taint-Based Approach -- 1 Introduction -- 2 Motivation -- 3 Notations -- 4 Musing with Independence -- 4.1 Independent Interpretations, Terms and Formulas -- 4.2 Independence Conditions -- 5 Generic Framework for SIC-Based Model Generation -- 5.1 SIC-Based Model Generation -- 5.2 Taint-Based SIC Inference -- 5.3 Complexity and Efficiency -- 5.4 Discussions -- 6 Theory-Dependent SIC Refinements -- 6.1 Refinement on Theories -- 6.2 R-Absorbing Functions -- 7 Experimental Evaluation -- 7.1 Implementation -- 7.2 Evaluation -- 8 Related Work -- 9 Conclusion -- References -- Concurrency -- Partial Order Aware Concurrency Sampling -- 1 Introduction -- 2 Running Example -- 3 Preliminary -- 4 POS - Algorithm and Analysis -- 4.1 BasicPOS -- 4.2 POS -- 4.3 Probability Guarantee of POS on General Programs -- 5 Implementation -- 6 Evaluation -- 6.1 Micro Benchmark -- 6.2 Macro Benchmark -- 7 Conclusion -- References -- Reasoning About TSO Programs Using Reduction and Abstraction -- 1 Introduction -- 2 Overview -- 3 TSO Robustness -- 4 A Reduction Theory for Checking Robustness -- 5 Abstractions and Verifying Non-robust Programs -- 6 Experimental Evaluation -- 7 Related Work -- References -- Quasi-Optimal Partial Order Reduction -- 1 Introduction -- 2 Preliminaries -- 3 Unfolding-Based DPOR -- 4 Complexity -- 5 New Algorithm for Computing Alternatives -- 5.1 Computing Causality and Conflict for PES Events -- 5.2 Computing Causality and Conflict for Tree Nodes -- 5.3 Computing Conflicting Extensions -- 6 Experimental Evaluation -- 6.1 Comparison to SDPOR -- 6.2 Evaluation of the Tree-Based Algorithms -- 6.3 Evaluation Against the State-of-the-Art on System Code
  • 6.4 Profiling a Stateless POR
  • 8.5 Zielonka's Recursive Algorithm -- 9 Conclusions -- References -- SAT, SMT and Decision Procedures -- Delta-Decision Procedures for Exists-Forall Problems over the Reals -- 1 Introduction -- 2 Preliminaries -- 2.1 Delta-Decisions and CNF-Formulas -- 2.2 The Branch-and-Prune Framework -- 3 Algorithm -- 3.1 -Clauses as Pruning Operators -- 3.2 Double-Sided Error Control -- 3.3 Locally-Optimized Counterexamples -- 4 -Completeness -- 5 Evaluation -- 5.1 Nonlinear Global Optimization -- 5.2 Synthesizing Lyapunov Function for Dynamical System -- 6 Conclusion -- References -- Solving Quantified Bit-Vectors Using Invertibility Conditions -- 1 Introduction -- 2 Preliminaries -- 3 Invertibility Conditions for Bit-Vector Constraints -- 3.1 Synthesizing Invertibility Conditions -- 3.2 Verifying Invertibility Conditions -- 4 Counterexample-Guided Instantiation for Bit-Vectors -- 4.1 Selection Functions for Bit-Vectors -- 4.2 Implementation -- 5 Evaluation -- 6 Conclusion -- References -- Understanding and Extending Incremental Determinization for 2QBF -- 1 Introduction -- 2 Preliminaries -- 2.1 Unique Skolem Functions -- 3 Inference Rules for Incremental Determinization -- 3.1 True QBF -- 3.2 False QBF -- 3.3 Example -- 3.4 Termination -- 3.5 Pure Literals -- 3.6 Relation of ID and CDCL -- 4 Inductive Reasoning -- 5 Expansion -- 6 Experimental Evaluation -- 7 Conclusion -- References -- The Proof Complexity of SMT Solvers -- 1 Introduction -- 1.1 Our Contributions -- 1.2 Previous Work -- 2 Preliminaries -- 2.1 Propositional Proof Systems -- 2.2 First-Order Theories -- 3 Res(T): Resolution Modulo Theories -- 4 Lazy SMT Solvers and Res(T) -- 4.1 DPLL(T) and Res(T) -- 5 Case Studies: Resolution Modulo Common Theories -- 5.1 Resolution over E: A Theory of Equality -- 5.2 Resolution over EUF: Equality with Uninterpreted Functions
  • Program Analysis Is Harder Than Verification: A Computability Perspective -- 1 Introduction -- 2 Background -- 3 Abstract Domains -- 3.1 Abstract Domains in Abstract Interpretation -- 4 Program Analysers and Verifiers -- 5 Rice's Theorem for Static Program Analysis and Verification -- 6 Comparing Analysers and Verifiers -- 6.1 Optimal and Best Analysers and Verifiers -- 7 Reducing Verification to Analysis and Back -- 7.1 Reducing Verification to Analysis -- 7.2 Reducing Analysis to Verification -- 8 Conclusion and Future Work -- References -- Theory and Security -- Automata vs Linear-Programming Discounted-Sum Inclusion -- 1 Introduction -- 2 Preliminaries -- 3 Prior Work -- 3.1 DetLP: DS-determinization and LP-based -- 3.2 BCV: Comparator-based approach -- 4 QuIP: BCV-based Solver for DS-inclusion -- 4.1 Analysis of BCV -- 4.2 Baseline Automata: An Optimized Comparator -- 4.3 QuIP: Algorithm Description -- 5 Experimental Evaluation -- 5.1 Implementation Details -- 5.2 Benchmarks -- 5.3 Design and Setup for Experimental Evaluation -- 5.4 Observations -- 6 Concluding Remarks and Future Directions -- References -- Model Checking Indistinguishability of Randomized Security Protocols -- 1 Introduction -- 2 Preliminaries -- 3 POMDP Indistinguishability -- 4 Randomized Security Protocols -- 4.1 Terms, Equational Theories and Frames -- 4.2 Process Syntax -- 4.3 Process Semantics -- 4.4 Indistinguishability in Randomized Cryptographic Protocols -- 5 Implementation and Evaluation -- 6 Conclusion -- References -- Lazy Self-composition for Security Verification -- 1 Introduction -- 2 Motivating Example -- 3 Preliminaries -- 4 Information Flow Analysis -- 4.1 Symbolic Taint Analysis -- 4.2 Self-composition -- 5 Lazy Self-composition for Information Flow Analysis -- 5.1 IFC-CEGAR -- 5.2 IFC-BMC -- 6 Implementation and Experiments -- 6.1 Implementation Details
  • Intro -- Preface -- Organization -- Contents -- Part II -- Contents - Part I -- Tools -- Let this Graph Be Your Witness! -- 1 Introduction -- 2 The Attestor Tool -- 2.1 Input -- 2.2 Phases -- 2.3 Abstract State Space Generation -- 2.4 Output -- 2.5 Frontend -- 3 Evaluation -- References -- MaxSMT-Based Type Inference for Python 3 -- 1 Introduction -- 2 Constraint Generation -- 3 Constraint Solving -- 4 Experimental Evaluation -- 5 Related and Future Work -- References -- The JKIND Model Checker -- 1 Introduction -- 2 Functionality and Main Features -- 2.1 Post Processing and Re-verification -- 3 Experimental Evaluation -- 4 Integration and Applications -- 5 Related Work -- 6 Conclusion -- References -- The DEEPSEC Prover -- 1 Introduction -- 2 Description of the Tool -- 2.1 Example: The Helios Voting Protocol -- 2.2 The Underlying Theory -- 2.3 Implementation -- 3 Experimental Evaluation -- References -- SimpleCAR: An Efficient Bug-Finding Tool Based on Approximate Reachability -- 1 Introduction -- 2 Algorithms and Implementation -- 2.1 High-Level Description of Backward-CAR -- 2.2 Tool Implementation -- 3 Experimental Analysis -- 3.1 Strategies -- 3.2 Results -- 4 Summary -- References -- StringFuzz: A Fuzzer for String Solvers -- 1 Introduction -- 2 StringFuzz -- 3 Instance Suites -- 4 Experimental Results and Analysis -- 5 Related Work -- References -- Static Analysis -- Permission Inference for Array Programs -- 1 Introduction -- 2 Programming Language -- 3 Permission Inference for Loop-Free Code -- 4 Handling Loops via Maximum Expressions -- 4.1 Sufficient Permission Preconditions for Loops -- 4.2 Permission Inference for Loops -- 5 A Maximum Elimination Algorithm -- 5.1 Background: Quantifier Elimination -- 5.2 Maximum Elimination -- 6 Implementation and Experimental Evaluation -- 7 Related Work -- 8 Conclusion and Future Work -- References