Compositional may-must program analysis

TL;DR: This paper generalizes IC3 from SAT to Satisfiability Modulo Theories (SMT), thus enabling the direct analysis of programs after an encoding in form of symbolic transition systems, and adapts the "linear" search style of IC3 to a tree-like search.

TL;DR: MintHint as mentioned in this paper performs statistical correlation analysis to identify expressions that are likely to occur in the repaired code and generates, using pattern-matching based synthesis, repair hints from these expressions.

TL;DR: It is demonstrated how many common array usage patterns can be significantly improved with the help of these circuit structures, and how these techniques take advantage of locality and batching to provide amortized costs that scale polylogarithmically in the size of the structure.

TL;DR: Ufo is an algorithm that unifies OD and UD approaches in order to leverage both of their advantages, and is parameterized by the degree to which over- and under-approximations drive the analysis.

TL;DR: In this article, a fully SAT-based method of unbounded symbolic model checking based on computing Craig interpolants was proposed, which is greatly more efficient than BDD-based symbolic model-checking.

TL;DR: This paper presents a new algorithm for partial program verification that runs in polynomial time and space, and shows that property simulation scales to large programs and is accurate enough to verify meaningful properties.

TL;DR: It is shown how static and dynamic type checking can be extended with active type checking and results of experiments with media playing applications on Windows are discussed, where active property checking was able to detect several new security-related bugs.

TL;DR: This paper proposes a method to search for counterexamples to termination, and illustrates the utility of the nontermination prover, called TNT, on several nontrivial examples, some of which require bit-level reasoning about integer representations.