DOCSLIB.ORG

Static Analysis of Functional Programs with an Application to the Frame Problem in Deductive Verification Oana Fabiana Andreescu

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Static analysis of functional programs with an application to the frame problem in deductive verification Oana Fabiana Andreescu To cite this version: Oana Fabiana Andreescu. Static analysis of functional programs with an application to the frame problem in deductive verification. Other [cs.OH]. Université Rennes 1, 2017. English. NNT: 2017REN1S047. tel-01677897v2 HAL Id: tel-01677897 https://tel.archives-ouvertes.fr/tel-01677897v2 Submitted on 12 Jan 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE / UNIVERSITÉ DE RENNES 1 sous le sceau de l’Université Bretagne Loire pour le grade de DOCTEUR DE L’UNIVERSITÉ DE RENNES 1 Mention : Informatique Ecole doctorale Matisse présentée par Oana Fabiana Andreescu préparée à Prove & Run et á l’unité de recherche 6074 – IRISA Institut de Recherche en Informatique et Systemes Aleatoires Thèse soutenue à Rennes le 29 Mai 2017 devant le jury composé de : Sandrine Blazy Static Analysis of Professeure / Présidente Functional Programs Catherine Dubois Professeure / Rapporteuse with an Application to Antoine Miné the Frame Problem in Professeur / Rapporteur Deductive Verification Sylvain Conchon Professeur / Examinateur Thomas Jensen Professeur / Directeur de thèse Stéphane Lescuyer Ingénieur / Co-directeur de thèse ii iii UNIVERSITÉ DE RENNES 1 Abstract Prove & Run École doctorale Matisse DOCTEUR DE L’UNIVERSITÉ DE RENNES 1 Static Analysis of Functional Programs with an Application to the Frame Problem in Deductive Verification by Oana Fabiana Andreescu In the field of software verification, the frame problem refers to establishing the bound- aries within which program elements operate. It has notoriously tedious consequences on the specification of frame properties, which indicate the parts of the program state that an operation is allowed to modify, as well as on their verification, i.e. proving that operations modify only what is specified by their frame properties. In the context of interactive formal verification of complex systems, such as operating systems, much effort is spent addressing these consequences and proving the preservation of the sys- tems’ invariants. However, most operations have a localized effect on the system and impact only a limited number of invariants at the same time. In this thesis we address the issue of identifying those invariants that are unaffected by an operation and we present a solution for automatically inferring their preservation. Our solution is meant to ease the proof burden for the programmer. It is based on static analysis and does not require any additional frame annotations. Our strategy consists in combining a dependency analysis and a correlation analysis. We have designed and implemented both static analyses for a strongly-typed, functional language that handles structures, variants and arrays. The dependency analysis computes a conservative approximation of the input fragments on which functional properties and operations depend. The correlation analysis computes a safe approximation of the parts of an input state to a function that are copied to the output state. It summarizes not only what is modified but also how it is modified and to what extent. By employing these two static analyses and by subsequently reasoning based on their combined results, an interactive theo- rem prover can automate the discharching of proof obligations for unmodified parts of the state. We have applied both of our static analyses to a functional specification of a micro-kernel and the obtained results demonstrate both their precision and their scalability. v Acknowledgements First of all, I would like to express my gratitude to my two PhD advisors, Thomas Jensen and Stéphane Lescuyer, without whom this thesis would have been impossible. I thank them for their patience and dedication in guiding me throughout these years and for all the rigour that they instilled into me, by word and by their own example. Thomas, thank you for helping me put my work into perspective. Thank you for your encouragement when I was overwhelmed by doubts and for your optimism when I had none. Stéphane, thank you for your inspiring advices, for the rigorous proofreading, for the many interesting discussions and for your careful attention to my work. Know that this thank you note was written using Emacs to which I am happy to admit that you converted me. I am in debt to Dominique Bolignano for raising the possibility of this thesis and for creating the frame that allowed me to embark on this interesting journey and to explore the seas of research among an inspiring group of professionals - the Prove & Run team. I am grateful to and would like to wholeheartedly thank Catherine Dubois and Antoine Miné for accepting to review my dissertation. I am honoured to know that my 200+ pages have been read by experts of static analysis and formal verification and I am grateful for their valuable comments and remarks. I would also like to thank Sandrine Blazy and Sylvain Conchon for accepting to be members of the jury. Sylvain Conchon, I am grateful for your keen interest during my defense. Sandrine Blazy, thank you for accepting to chair my defense and for driving it in such a positive manner! For their understanding, their advice and their support during the transition period and the months before my defense, I would like to thank Claire Loiseaux and Carolina Lavatelli. I thank all of my colleagues at Prove & Run for our discussions and their advice during these years. I thank Florence for her warmth, energy and optimism, Erica and Henry for being such great office colleagues, Pauline and François for being friendly, reliable colleagues in the academic trenches. I am in debt to Olivier and Benoit for reviewing my articles and providing valuable remarks. I thank Pascale for smoothing out the stormy waves of administrative work. Though our interactions were briefer, I would like to also thank the Celtique members for their openness and for the inter- esting seminaries. A special thanks goes to Lydie Mabil for helping me deal with the administrative work during these years, and finally, for helping prepare the defense of my dissertation. This academic journey started long ago, even before I was aware, with the help of Marius Minea and Ovidiu Badescu, who unknowingly, motivated me to take this path years later. I warmly thank them and I am grateful to both for paving the first part of my academic path. I would also like to thank my friends, old and new, far and near. Thank you for always being there for me and providing perspective, enthusiasm and breaths of fresh air. Thank you as well for still being my friends despite the long, winded and geeky vi descriptions of my work and the occasionally cancelled plans and absences while I was trying to find my way into the research world. I lack the appropriate words to express the gratitude I feel towards my family for their never-ending love and support. I thank my mother and my sister for being such wonderful examples of women in science. I thank my father for his unwavering belief in me and for his love and respect for well-written sentences, no matter the context, which he instilled into me. I thank my brother-in-law for being the one who ignited early on the sparkle and interest for computers and mathematics, and my two wonderful nieces for always being my rays of light. Last but surely not least, I have only gratitude for Georges, my companion, my pillar of strength, my compass and lighthouse during the darkest moments. To quote Carl Sagan, in the vastness of space and immensity of time, it is my absolute joy to spend a planet and an epoch with you! vii Contents I Résumé étendu en Français xxiii I.1 Le Problème du Frame . xxiii I.2 Objectifs....................................xxiii I.3 Analyse de dépendance . xxiv I.4 Anaylse de corrélation ............................xxv I.5 Procédure de décision ............................xxv I.6 Conclusion . xxvi 1 Introduction 1 1.1 Formal Verification of Software ....................... 1 1.2 The Frame Problem in a Nutshell ...................... 5 1.3 Prove & Run: Objectives and Products ................... 7 1.4 Context and Problem Statement ...................... 9 1.5 Contributions and Structure of the Document . 11 2 The Frame Problem in Software Verification 13 2.1 Specification Languages and Verification Tools . 13 2.2 Manifestations of the Frame Problem .................... 16 2.3 Approaches to Specifying Frame Properties . 17 2.3.1 The Manual Approach ........................ 17 2.3.2 The Exclusive Approach ....................... 19 2.3.3 The Implicit Approach ........................ 21 2.4 Topologies and Effects ............................ 21 2.4.1 Explicit Footprints .......................... 23 2.4.2 Implicit Footprints .......................... 24 2.4.3 Predefined Footprints ........................ 25 2.5 Other Approaches to Reason about Frames . 26 2.6 Other Relevant Work ............................. 27 3 The Smart Language and ProvenTools 29 3.1 The Smart Modeling Language ....................... 29 3.1.1 Smart Predicates
Recommended publications
  • Free Tools Photosynth

    Free Tools Photosynth

    Free Tools Photosynth Making a Photosynth Creating the best synth starts with the right photos. Here are some key tips: • Take overlapping panoramas from different locations • Have lots of overlap between shots to get good matching • Limit the angles between photos (no more than 25 degrees – at least 15 per full rotation) • Pick scenes or objects with lots of detail and texture • Don’t crop your images before synthing • Rotate your photos to be ‘up’ correctly before synthing Once you have signed in, click the Upload button (top right of page) or click on the Create your Synth icon on the home page. (scroll down). If you do not have the software you will be prompted to download it first. Once it is installed you will see the Create a Synth button. You will see a pop-up window with Start a new synth button. Give your synth a name, tags (descriptive words) and description. Click Add Photos, browse to your files add them. Then click on the Synth button at the bottom of the page. Photosynth will do the rest for you. Making a Panorama Many photosynths consist of photos shot from a single location. Our friends in Microsoft Research have developed a free, world class panoramic image stitcher called Microsoft Image Composite Editor (ICE for short.) ICE takes a set of overlapping photographs of a scene shot from a single camera location, and creates a single high-resolution image. Photosynth now has support for uploading, exploring and viewing ICE panoramas alongside normal synths. Here’s how to create a panorama in ICE and upload it to Photosynth: 1.
  • Faktaboks DASK OG REGNECENTRALEN I 50'Erne Var England Og USA for Alvor Begyndt at Eksperimentere Med Elektroniske Datamaskiner

    Faktaboks DASK OG REGNECENTRALEN I 50'Erne Var England Og USA for Alvor Begyndt at Eksperimentere Med Elektroniske Datamaskiner

    PROSAbladet nr. 11 2002 Tekst og foto: Claus Thorhauge Danmarks første systemprogrammør Igennem et langt liv har Jørn Jensen været lykkelig begravet i maskinkode. Allerede inden Danmarks første computer, Dask, var færdigbygget havde den nybagte programmør udviklet og testet de første dele til operativsystemet. Eller kontrolprogrammer, som det hed dengang i 50'erne. Men han var også den første operatør på en dansk computer, ligesom han var ankermanden bag de første Algolcompilere. Og måske den sidste, der i bund og grund kan overskue, hvad der sker inde i en computer. Der er nogen hjemme – i enhver forstand. Det kan godt være, at det kniber med at huske detaljerne for den 77–årige Jørn Jensen, men ellers fejler hverken hovedet under det viltre kridhvide hår eller humøret noget. Selv siger han, at han aldrig har følt et egentligt arbejdspres. – Hele mit arbejdsliv har bestået i leg. Jeg føler mig lykkelig, fordi jeg har lavet noget, jeg synes er sjovt, forklarer Danmarks første nørd. Allerede inden Danmarks første computer, Dask, blev indviet i 1958, havde folkene bag fået øje på Jørn Jensens særlige talent for at programmere – eller kode, som det hed dengang. Dengang hed det heller ikke en computer, men en elektronisk datamaskine. Og Dask var den første, der blev konstrueret og bygget i Danmark. Baseret på radiorør og vandkøling direkte fra vandværket blev Dansk Aritmetisk Sekvens Kalkulator (Dask) installeret i en villa i Valby i slutningen af 50'erne. Monstret vejede tre–et–halvt ton, og gulvet i dagligstuen blev forstærket for at holde til den kraftige maskine, der kunne lægge to tal sammen med den imponerende hastighed af 56 mikrosekunder (1 AT = additionstid) og havde et RAM–lager på fem Kbyte.
  • Well-Founded Functions and Extreme Predicates in Dafny: a Tutorial

    Well-Founded Functions and Extreme Predicates in Dafny: a Tutorial

    EPiC Series in Computing Volume 40, 2016, Pages 52–66 IWIL-2015. 11th International Work- shop on the Implementation of Logics Well-founded Functions and Extreme Predicates in Dafny: A Tutorial K. Rustan M. Leino Microsoft Research [email protected] Abstract A recursive function is well defined if its every recursive call corresponds a decrease in some well-founded order. Such well-founded functions are useful for example in computer programs when computing a value from some input. A boolean function can also be defined as an extreme solution to a recurrence relation, that is, as a least or greatest fixpoint of some functor. Such extreme predicates are useful for example in logic when encoding a set of inductive or coinductive inference rules. The verification-aware programming language Dafny supports both well-founded functions and extreme predicates. This tutorial describes the difference in general terms, and then describes novel syntactic support in Dafny for defining and proving lemmas with extreme predicates. Various examples and considerations are given. Although Dafny’s verifier has at its core a first-order SMT solver, Dafny’s logical encoding makes it possible to reason about fixpoints in an automated way. 0. Introduction Recursive functions are a core part of computer science and mathematics. Roughly speaking, when the definition of such a function spells out a terminating computation from given arguments, we may refer to it as a well-founded function. For example, the common factorial and Fibonacci functions are well-founded functions. There are also other ways to define functions. An important case regards the definition of a boolean function as an extreme solution (that is, a least or greatest solution) to some equation.
  • Mobilizing (Ourselves) for a Critical Digital Archaeology Adam Rabinowitz University of Texas at Austin, Arabinow@Utexas.Edu

    Mobilizing (Ourselves) for a Critical Digital Archaeology Adam Rabinowitz University of Texas at Austin, [email protected]

    University of Wisconsin Milwaukee UWM Digital Commons Mobilizing the Past Art History 10-21-2016 5.2. Response: Mobilizing (Ourselves) for a Critical Digital Archaeology Adam Rabinowitz University of Texas at Austin, [email protected] Follow this and additional works at: https://dc.uwm.edu/arthist_mobilizingthepast Part of the Classical Archaeology and Art History Commons Recommended Citation Rabinowitz, Adam. “Response: Mobilizing (Ourselves) for a Critical Digital Archaeology.” In Mobilizing the Past for a Digital Future: The Potential of Digital Archaeology, edited by Erin Walcek Averett, Jody Michael Gordon, and Derek B. Counts, 493-518. Grand Forks, ND: The Digital Press at the University of North Dakota, 2016. This Book is brought to you for free and open access by UWM Digital Commons. It has been accepted for inclusion in Mobilizing the Past by an authorized administrator of UWM Digital Commons. For more information, please contact [email protected]. MOBILIZING THE PAST FOR A DIGITAL FUTURE MOBILIZING the PAST for a DIGITAL FUTURE The Potential of Digital Archaeology Edited by Erin Walcek Averett Jody Michael Gordon Derek B. Counts The Digital Press @ The University of North Dakota Grand Forks Creative Commons License This work is licensed under a Creative Commons By Attribution 4.0 International License. 2016 The Digital Press @ The University of North Dakota Book Design: Daniel Coslett and William Caraher Cover Design: Daniel Coslett Library of Congress Control Number: 2016917316 The Digital Press at the University of North Dakota, Grand Forks, North Dakota ISBN-13: 978-062790137 ISBN-10: 062790137 Version 1.1 (updated November 5, 2016) Table of Contents Preface & Acknowledgments v How to Use This Book xi Abbreviations xiii Introduction Mobile Computing in Archaeology: Exploring and Interpreting Current Practices 1 Jody Michael Gordon, Erin Walcek Averett, and Derek B.
  • Programming Language Features for Refinement

    Programming Language Features for Refinement

    Programming Language Features for Refinement Jason Koenig K. Rustan M. Leino Stanford University Microsoft Research [email protected] [email protected] Algorithmic and data refinement are well studied topics that provide a mathematically rigorous ap- proach to gradually introducing details in the implementation of software. Program refinements are performed in the context of some programming language, but mainstream languages lack features for recording the sequence of refinement steps in the program text. To experiment with the combination of refinement, automated verification, and language design, refinement features have been added to the verification-aware programming language Dafny. This paper describes those features and reflects on some initial usage thereof. 0. Introduction Two major problems faced by software engineers are the development of software and the maintenance of software. In addition to fixing bugs, maintenance involves adapting the software to new or previously underappreciated scenarios, for example, using new APIs, supporting new hardware, or improving the performance. Software version control systems track the history of software changes, but older versions typically do not play any significant role in understanding or evolving the software further. For exam- ple, when a simple but inefficient data structure is replaced by a more efficient one, the program edits are destructive. Consequently, understanding the new code may be significantly more difficult than un- derstanding the initial version, because the source code will only show how the more complicated data structure is used. The initial development of the software may proceed in a similar way, whereby a software engi- neer first implements the basic functionality and then extends it with additional functionality or more advanced behaviors.
  • Developing Verified Sequential Programs with Event-B

    Developing Verified Sequential Programs with Event-B

    UNIVERSITY OF SOUTHAMPTON Developing Verified Sequential Programs with Event-B by Mohammadsadegh Dalvandi A thesis submitted in partial fulfillment for the degree of Doctor of Philosophy in the Faculty of Physical Sciences and Engineering Electronics and Computer Science April 2018 UNIVERSITY OF SOUTHAMPTON ABSTRACT FACULTY OF PHYSICAL SCIENCES AND ENGINEERING ELECTRONICS AND COMPUTER SCIENCE Doctor of Philosophy by Mohammadsadegh Dalvandi The constructive approach to software correctness aims at formal modelling of the in- tended behaviour and structure of a system in different levels of abstraction and verifying properties of models. The target of analytical approach is to verify properties of the final program code. A high level look at these two approaches suggests that the con- structive and analytical approaches should complement each other well. The aim of this thesis is to build a link between Event-B (constructive approach) and Dafny (analytical approach) for developing sequential verified programs. The first contribution of this the- sis is a tool supported method for transforming Event-B models to simple Dafny code contracts (in the form of method pre- and post-conditions). Transformation of Event-B formal models to Dafny method declarations and code contracts is enabled by a set of transformation rules. Using this set of transformation rules, one can generate code contracts from Event-B models but not implementations. The generated code contracts must be seen as an interface that can be implemented. If there is an implementation that satisfies the generated contracts then it is considered to be a correct implementation of the abstract Event-B model. A tool for automatic transformation of Event-B models to simple Dafny code contracts is presented.
  • Master's Thesis

    Master's Thesis

    FACULTY OF SCIENCE AND TECHNOLOGY MASTER'S THESIS Study programme/specialisation: Computer Science Spring / Autumn semester, 20......19 Open/Confidential Author: ………………………………………… Nicolas Fløysvik (signature of author) Programme coordinator: Hein Meling Supervisor(s): Hein Meling Title of master's thesis: Using domain restricted types to improve code correctness Credits: 30 Keywords: Domain restrictions, Formal specifications, Number of pages: …………………75 symbolic execution, Rolsyn analyzer, + supplemental material/other: …………0 Stavanger,……………………….15/06/2019 date/year Title page for Master's Thesis Faculty of Science and Technology Domain Restricted Types for Improved Code Correctness Nicolas Fløysvik University of Stavanger Supervised by: Professor Hein Meling University of Stavanger June 2019 Abstract ReDi is a new static analysis tool for improving code correctness. It targets the C# language and is a .NET Roslyn live analyzer providing live analysis feedback to the developers using it. ReDi uses principles from formal specification and symbolic execution to implement methods for performing domain restriction on variables, parameters, and return values. A domain restriction is an invariant implemented as a check function, that can be applied to variables utilizing an annotation referring to the check method. ReDi can also help to prevent runtime exceptions caused by null pointers. ReDi can prevent null exceptions by integrating nullability into the domain of the variables, making it feasible for ReDi to statically keep track of null, and de- tecting variables that may be null when used. ReDi shows promising results with finding inconsistencies and faults in some programming projects, the open source CoreWiki project by Jeff Fritz and several web service API projects for services offered by Innovation Norway.
  • Essays on Emotional Well-Being, Health Insurance Disparities and Health Insurance Markets

    Essays on Emotional Well-Being, Health Insurance Disparities and Health Insurance Markets

    University of New Mexico UNM Digital Repository Economics ETDs Electronic Theses and Dissertations Summer 7-15-2020 Essays on Emotional Well-being, Health Insurance Disparities and Health Insurance Markets Disha Shende Follow this and additional works at: https://digitalrepository.unm.edu/econ_etds Part of the Behavioral Economics Commons, Health Economics Commons, and the Public Economics Commons Recommended Citation Shende, Disha. "Essays on Emotional Well-being, Health Insurance Disparities and Health Insurance Markets." (2020). https://digitalrepository.unm.edu/econ_etds/115 This Dissertation is brought to you for free and open access by the Electronic Theses and Dissertations at UNM Digital Repository. It has been accepted for inclusion in Economics ETDs by an authorized administrator of UNM Digital Repository. For more information, please contact [email protected], [email protected], [email protected]. Disha Shende Candidate Economics Department This dissertation is approved, and it is acceptable in quality and form for publication: Approved by the Dissertation Committee: Alok Bohara, Chairperson Richard Santos Sarah Stith Smita Pakhale i Essays on Emotional Well-being, Health Insurance Disparities and Health Insurance Markets DISHA SHENDE B.Tech., Shri Guru Govind Singh Inst. of Engr. and Tech., India, 2010 M.A., Applied Economics, University of Cincinnati, 2015 M.A., Economics, University of New Mexico, 2017 DISSERTATION Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy Economics At the The University of New Mexico Albuquerque, New Mexico July 2020 ii DEDICATION To all the revolutionary figures who fought for my right to education iii ACKNOWLEDGEMENT This has been one of the most important bodies of work in my academic career so far.
  • Dafny: an Automatic Program Verifier for Functional Correctness K

    Dafny: an Automatic Program Verifier for Functional Correctness K

    Dafny: An Automatic Program Verifier for Functional Correctness K. Rustan M. Leino Microsoft Research [email protected] Abstract Traditionally, the full verification of a program’s functional correctness has been obtained with pen and paper or with interactive proof assistants, whereas only reduced verification tasks, such as ex- tended static checking, have enjoyed the automation offered by satisfiability-modulo-theories (SMT) solvers. More recently, powerful SMT solvers and well-designed program verifiers are starting to break that tradition, thus reducing the effort involved in doing full verification. This paper gives a tour of the language and verifier Dafny, which has been used to verify the functional correctness of a number of challenging pointer-based programs. The paper describes the features incorporated in Dafny, illustrating their use by small examples and giving a taste of how they are coded for an SMT solver. As a larger case study, the paper shows the full functional specification of the Schorr-Waite algorithm in Dafny. 0 Introduction Applications of program verification technology fall into a spectrum of assurance levels, at one extreme proving that the program lives up to its functional specification (e.g., [8, 23, 28]), at the other extreme just finding some likely bugs (e.g., [19, 24]). Traditionally, program verifiers at the high end of the spectrum have used interactive proof assistants, which require the user to have a high degree of prover expertise, invoking tactics or guiding the tool through its various symbolic manipulations. Because they limit which program properties they reason about, tools at the low end of the spectrum have been able to take advantage of satisfiability-modulo-theories (SMT) solvers, which offer some fixed set of automatic decision procedures [18, 5].
  • Volume 38, Number 09 (September 1920) James Francis Cooke

    Volume 38, Number 09 (September 1920) James Francis Cooke

    Gardner-Webb University Digital Commons @ Gardner-Webb University The tudeE Magazine: 1883-1957 John R. Dover Memorial Library 9-1-1920 Volume 38, Number 09 (September 1920) James Francis Cooke Follow this and additional works at: https://digitalcommons.gardner-webb.edu/etude Part of the Composition Commons, Ethnomusicology Commons, Fine Arts Commons, History Commons, Liturgy and Worship Commons, Music Education Commons, Musicology Commons, Music Pedagogy Commons, Music Performance Commons, Music Practice Commons, and the Music Theory Commons Recommended Citation Cooke, James Francis. "Volume 38, Number 09 (September 1920)." , (1920). https://digitalcommons.gardner-webb.edu/etude/672 This Book is brought to you for free and open access by the John R. Dover Memorial Library at Digital Commons @ Gardner-Webb University. It has been accepted for inclusion in The tudeE Magazine: 1883-1957 by an authorized administrator of Digital Commons @ Gardner-Webb University. For more information, please contact [email protected]. THE ETUDE Presser’s Musical Magazine MUSIC COMPOSITION FOR WOMEN BY CARRE JACOBS-BOND ULTRA-MODERN MUSIC EXPLAINED BY PROFESSOR CHARLES QUEF KEYBOARD MASTERY BY CONSTANTIN STERNBERG WHY UNDERPAY THE MUSIC TEACHER? BY CHARLES E. WATT HOW HAYDN SUCCEEDED BY COMMENDATORE E. di PIRANI $2.00 A YEAR THE EjTUDE SEPTEMBER 1920 Page 577 This TRADE MARK 'Represenhs Lhe BEST Lhere is in Beautiful Balladv Smil/nThittOUGH ( Sacred - Secular ) Solos - Duets - Quartete r%gj THEY SONGS G;i? C / I* *V>* ' CAN AND MORE 5°*G „ / ARE I/S , BE OtWllTTltBOYQfMlNf S«S£„. &-*£? AT T: °A iJjev*. ri»e* '**». /PLAYED CONG «««** ON A>f 9 ■0 2-4, , PIANO Evening Brings Rest DjARD/ ' G^f„ And you /or ORGAN *e ' 50 Wes Tb*^tefi each like *5'”' / IDEAL FOR THIS IT I^^SSCE?* 'the HOME ACTUAL SIZE / 6 by 9 Inches CONCERT MAUMUSUNfUWaS-fiOOON'OHl SENT /and CHURCH on requeshy IF YOU LOVE A GOOD enclosej BALLAD 5 cents i H°WONETm in stan ( SACRED or SECULAR) .
  • Los Gatos - Saratoga Camera Club Newsletter Vol

    Los Gatos - Saratoga Camera Club Newsletter Vol

    Los Gatos - Saratoga Camera Club Newsletter Vol. 31 Issue 8 August 2009 2009 Calendar August 3 Competition: Color, PJ, and Travel - Slides and Digital Images. Color, PJ, and Monochrome - Prints. 17 NO MEETING (Board Meeting Only: 7PM) ©Julie Kitzenberger September 7 NO MEETING 21 Program: TBD and Post Card Judging JULIE KITZENBERGER PHOTOGRAPHY Fine Art Landscapes - Travel - Events [email protected] 408-348-4199 http://photo.net/photos/JulieKitzenberger ©Julie Kitzenberger A Solo Show: “Captured Landscapes and Abstracts – with a Touch of Us” July 28 – August 23, 2009 Reception/Meet the Photographer: Saturday, August 1, 2009, 5 – 8 pm AEGIS GALLERY OF FINE ART www.Aegisgallery.com/ Gallery hours: 14531 Big Basin Way at 4th Street Sun, Tue, Wed: 11 AM – 7 PM Saratoga , CA 95070 Thu, Fri, Sat: 11 AM – 9 PM (408) 867-0171 Closed Mondays LOS GATOS/SARATOGA CAMERA CLUB EXHIBIT 2009 Theme: Through the Lens: Photographic Moments Sign Ups Begin July 6 It’s time to begin planning for our Club’s seventh annual photography exhibit that is scheduled to run November 12 through January 7, 2010. This exclusive LG/SCC show provides Club members the opportunity to exhibit their work in the “Art in the Council Chambers program sponsored by the Los Gatos Arts Commission and held in the Los Gatos Council Chambers. SIGN-UPS: Beginning at the July 6 meeting, Club sign-ups will run until September 1. At that time the final number of images per person (up to 2 each) will be determined. All exhibit photos must be matted and framed under glass (or plexi) See Club website for complete exhibit timelines and hanging information.
  • Bounded Model Checking of Pointer Programs Revisited?

    Bounded Model Checking of Pointer Programs Revisited?

    Bounded Model Checking of Pointer Programs Revisited? Witold Charatonik1 and Piotr Witkowski2 1 Institute of Computer Science, University of Wroclaw, [email protected] 2 [email protected] Abstract. Bounded model checking of pointer programs is a debugging technique for programs that manipulate dynamically allocated pointer structures on the heap. It is based on the following four observations. First, error conditions like dereference of a dangling pointer, are express- ible in a fragment of first-order logic with two-variables. Second, the fragment is closed under weakest preconditions wrt. finite paths. Third, data structures like trees, lists etc. are expressible by inductive predi- cates defined in a fragment of Datalog. Finally, the combination of the two fragments of the two-variable logic and Datalog is decidable. In this paper we improve this technique by extending the expressivity of the underlying logics. In a sequence of examples we demonstrate that the new logic is capable of modeling more sophisticated data structures with more complex dependencies on heaps and more complex analyses. 1 Introduction Automated verification of programs manipulating dynamically allocated pointer structures is a challenging and important problem. In [11] the authors proposed a bounded model checking (BMC) procedure for imperative programs that manipulate dynamically allocated pointer struc- tures on the heap. Although in this procedure an explicit bound is assumed on the length of the program execution, the size of the initial data structure is not bounded. Therefore, such programs form infinite and infinitely branching transition systems. The procedure is based on the following four observations. First, error conditions like dereference of a dangling pointer, are expressible in a fragment of first-order logic with two-variables.