Proceedings Article10.1109/SEFM.2003.1236224
Light-weight theorem proving for debugging and verifying units of code
David Déharbe,Silvio Ranise +1 more
- 14 Oct 2003
- pp 220-228
66
TL;DR: Experimental results on formulae extracted from the debugging of C functions manipulating pointers show that an implementation of the techniques can discharge proof obligations which cannot be handled by Simplify (the theorem prover used in the ESC/Java tool) and perform much better on others.
read more
Abstract: Software bugs are very difficult to detect even in small units of code. Several techniques to debug or prove correct such units are based on the generation of a set of formulae whose unsatisfiability reveals the presence of an error. These techniques assume the availability of a theorem prover capable of automatically discharging the resulting proof obligations. Building such a tool is a difficult, long, and error-prone activity. In this paper, we describe techniques to build provers which are highly automatic and flexible by combining state-of-the-art superposition theorem provers and BDDs. We report experimental results on formulae extracted from the debugging of C functions manipulating pointers showing that an implementation of our techniques can discharge proof obligations which cannot be handled by Simplify (the theorem prover used in the ESC/Java tool) and perform much better on others.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Lazy Satisfiability Modulo Theories
TL;DR: An extensive survey of SMT, with particular focus on the lazy approach, survey, classify and analyze from a theory-independent perspective the most effective techniques and optimizations which are of interest for lazy SMT and which have been proposed in various communities.
Expressiveness + automation + soundness: towards combining SMT solvers and interactive proof assistants
Pascal Fontaine,Jean-Yves Marion,Stephan Merz,Leonor Prensa Nieto,Alwen Tiu +4 more
- 25 Mar 2006
TL;DR: A combination of Isabelle/HOL with a proof-producing SMT (Satisfiability Modulo Theories) solver that contains a SAT engine and a decision procedure for quantifier-free first-order logic with equality is described.
Efficient satisfiability modulo theories via delayed theory combination
Marco Bozzano,Roberto Bruttomesso,Alessandro Cimatti,Tommi Junttila,Silvio Ranise,Peter van Rossum,Roberto Sebastiani +6 more
- 06 Jul 2005
TL;DR: A new approach to SMT, called Delayed Theory Combination, is proposed, which does not require a decision procedure for T1∪T2, but only individual decision procedures for T 1 and T2, which are directly integrated into the boolean model enumerator.
•Journal Article
Expressiveness + automation + soundness : Towards combining SMT solvers and interactive proof assistants
TL;DR: In this article, the authors describe a combination of Isabelle/HOL with a proof-producing SMT (Satisfiability Modulo Theories) solver that contains a SAT engine and a decision procedure for quantifier-free first-order logic with equality.
87
Decidability and undecidability results for nelson-oppen and rewrite-based decision procedures
Maria Paola Bonacina,Silvio Ghilardi,Enrica Nicolini,Silvio Ranise,Daniele Zucchelli +4 more
- 17 Aug 2006
TL;DR: The Nelson-Oppen decidability transfer result is strengthened, by showing that it applies to theories over disjoint signatures, whose satisfiability problem, in either arbitrary or infinite models, is decidable.
References
Graph-Based Algorithms for Boolean Function Manipulation
TL;DR: In this paper, the authors present a data structure for representing Boolean functions and an associated set of manipulation algorithms, which have time complexity proportional to the sizes of the graphs being operated on, and hence are quite efficient as long as the graphs do not grow too large.
Symbolic execution and program testing
TL;DR: A particular system called EFFIGY which provides symbolic execution for program testing and debugging is described, which interpretively executes programs written in a simple PL/I style programming language.
•Book
A mathematical introduction to logic
Herbert B. Enderton
- 01 Jan 1972
TL;DR: A comparison of first- and second-order logic in the case of SETs shows that the former is more likely to be correct and the latter is less likely.
2.6K
Extended static checking for Java
Cormac Flanagan,K. Rustan M. Leino,Mark Lillibridge,Greg Nelson,James B. Saxe,Raymie Stata +5 more
- 17 May 2002
TL;DR: The Extended Static Checker for Java (ESC/Java) is introduced, an experimental compile-time program checker that finds common programming errors and provides programmers with a simple annotation language with which programmer design decisions can be expressed formally.
Extended Static Checking for Java
Greg Nelson
- 12 Jul 2004
TL;DR: The talk provides an overview and demonstration of an Extended Static Checker for the Java programming language, a program checker that finds errors statically but has a much more accurate semantic model than existing static checkers like type checkers and data flow analysers.
1.1K