Lecture Notes in Computer Science 9206

Commenced Publication in 1973Founding and Former Series Editors:Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

Editorial Board

David HutchisonLancaster University, Lancaster, UK

Takeo KanadeCarnegie Mellon University, Pittsburgh, PA, USA

Josef KittlerUniversity of Surrey, Guildford, UK

Jon M. KleinbergCornell University, Ithaca, NY, USA

Friedemann MatternETH Zurich, Zürich, Switzerland

John C. MitchellStanford University, Stanford, CA, USA

Moni NaorWeizmann Institute of Science, Rehovot, Israel

C. Pandu RanganIndian Institute of Technology, Madras, India

Bernhard SteffenTU Dortmund University, Dortmund, Germany

Demetri TerzopoulosUniversity of California, Los Angeles, CA, USA

Doug TygarUniversity of California, Berkeley, CA, USA

Gerhard WeikumMax Planck Institute for Informatics, Saarbrücken, Germany

More information about this series at http://www.springer.com/series/7407

Daniel Kroening • Corina S. Păsăreanu (Eds.)

Computer AidedVerification27th International Conference, CAV 2015San Francisco, CA, USA, July 18–24, 2015Proceedings, Part I

123

EditorsDaniel KroeningUniversity of OxfordOxfordUK

Corina S. PăsăreanuCarnegie Mellon UniversityMoffett Field, CAUSA

ISSN 0302-9743 ISSN 1611-3349 (electronic)Lecture Notes in Computer ScienceISBN 978-3-319-21689-8 ISBN 978-3-319-21690-4 (eBook)DOI 10.1007/978-3-319-21690-4

Library of Congress Control Number: 2015943799

LNCS Sublibrary: SL1 – Theoretical Computer Science and General Issues

Springer Cham Heidelberg New York Dordrecht London© Springer International Publishing Switzerland 2015This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of thematerial is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,broadcasting, reproduction on microfilms or in any other physical way, and transmission or informationstorage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology nowknown or hereafter developed.The use of general descriptive names, registered names, trademarks, service marks, etc. in this publicationdoes not imply, even in the absence of a specific statement, that such names are exempt from the relevantprotective laws and regulations and therefore free for general use.The publisher, the authors and the editors are safe to assume that the advice and information in this book arebelieved to be true and accurate at the date of publication. Neither the publisher nor the authors or the editorsgive a warranty, express or implied, with respect to the material contained herein or for any errors oromissions that may have been made.

Printed on acid-free paper

Springer International Publishing AG Switzerland is part of Springer Science+Business Media(www.springer.com)

Preface

It is our great pleasure to welcome you to CAV 2015, the 27th International Confer-ence on Computer-Aided Verification, held in San Francisco, California, during July18–24, 2015.

The CAV conference series is dedicated to the advancement of the theory andpractice of computer-aided formal analysis methods for hardware and software sys-tems. The conference covers the spectrum from theoretical results to concrete appli-cations, with an emphasis on practical verification tools and the algorithms andtechniques that are needed for their implementation. CAV considers it vital to continuespurring advances in hardware and software verification while expanding to newdomains such as biological systems and computer security.

The CAV 2015 program included five keynotes, technical papers (58 long and 11short papers accepted out of 252 submissions), 11 co-located events (VSTTE – VerifiedSoftware: Theories, Tools, and Experiments; SMT – Satisfiability Modulo Theories,EC2, IPRA – Interpolation: From Proofs to Applications; SYNT – Synthesis; VeriSure –Verification and Assurance; HCVS – Horn Clauses for Verification and Synthe-sis; VMW – Verification Mentoring Workshop, REORDER, SNR – Symbolic andNumerical Methods for Reachability Analysis; VEMDP – Verification of EngineeredMolecular Devices and Programs), the Artifact Evaluation as well as briefings from theSMT and Synthesis competitions.

The invited keynote speakers were Philippa Gardner (Imperial College London),Leslie Lamport (Microsoft Research), Bob Kurshan (Cadence), William Hung (Syn-opsys), and Peter O’Hearn (University College London and Facebook).

Many people worked hard to make CAV 2015 a success. We thank the authors andthe keynote speakers for providing the excellent technical material, the ProgramCommittee for their thorough reviews and the time spent on evaluating all the sub-missions and discussing them during the on-line discussion period, and the SteeringCommittee for their guidance throughout the planning for CAV 2015.

We also thank Temesghen Kahsai, Local Chair, for his dedication and help withCAV 2015 planning and Hana Chockler, Sponsorship Chair, for helping to bring muchneeded financial support to the conference; Dirk Beyer, Workshop Chair, and all theorganizers of the co-located events for bringing their events to the CAV week; Eliz-abeth Polgreen for the program and proceedings; Arie Gurfinkel, Temesghen Kahsai,Michael Tautschnig, and the Artifact Evaluation Committee for their work on evalu-ating the artifacts submitted.

We gratefully acknowledge NSF for providing financial support for student par-ticipants. We sincerely thank the CAV sponsors for their generous contributions:

– Google (Platinum sponsor)– NASA, Fujitsu, SGT, Facebook, Microsoft (Gold sponsors)– IBM, Cadence (Silver sponsors)– Intel, Samsung (Bronze sponsors)

We also thank Carnegie Mellon University Silicon Valley and the University ofOxford for their support.

Finally, we hope you find the proceedings of CAV 2015 intellectually stimulatingand practically valuable.

May 2015 Corina S. PăsăreanuDaniel Kroening

VI Preface

Organization

Program Committee

Aws Albarghouthi University of Toronto, CanadaJade Alglave University College London, UKDomagoj Babic GoogleArmin Biere Johannes Kepler University, AustriaRoderick Bloem Graz University of Technology, AustriaAhmed Bouajjani LIAFA, University of Paris Diderot, FranceMarius Bozga Verimag/CNRS, FranceAaron Bradley Mentor GraphicsDavid Brumley Carnegie Mellon University, USATevfik Bultan University of California at Santa Barbara, USAKrishnendu Chatterjee Institute of Science and Technology (IST)Swarat Chaudhuri Rice University, USAMarsha Chechik University of Toronto, CanadaHana Chockler King’s College London, UKByron Cook Microsoft ResearchIsil Dillig Stanford University, USADino Distefano FacebookAlastair Donaldson Imperial College London, UKAzadeh Farzan University of Toronto, CanadaAntonio Filieri University of Stuttgart, GermanyJasmin Fisher Microsoft ResearchIndradeep Ghosh Fujitsu Labs of AmericaPatrice Godefroid Microsoft ResearchAarti Gupta Princeton University, USAArie Gurfinkel Software Engineering Institute, CMU, USAGerard Holzmann NASA/JPL, USAWarren Hunt University of Texas, USARanjit Jhala University of California San Diego, USABarbara Jobstmann EPFL, Jasper DA, and CNRS-Verimag,

Switzerland/FranceJoost-Pieter Katoen RWTH Aachen University, GermanyDaniel Kroening University of Oxford, UKMarta Kwiatkowska University of Oxford, UKAkash Lal Microsoft Research, IndiaDarko Marinov University of Illinois at Urbana-Champaign, USAKen McMillan Microsoft ResearchKedar Namjoshi Bell Labs

David Parker University of Birmingham, UKCorina Pasareanu CMU/NASA Ames Research Center, USAAndré Platzer Carnegie Mellon University, USAZvonimir Rakamaric University of Utah, USAGrigore Rosu University of Illinois at Urbana-Champaign, USAPhilipp Ruemmer Uppsala University, SwedenMooly Sagiv Tel Aviv University, IsraelSriram Sankaranarayanan University of Colorado, Boulder, USAKoushik Sen University of California, Berkeley, USANatarajan Shankar SRI InternationalNatasha Sharygina Università della Svizzera Italiana, ItalySharon Shoham Technion, IsraelNishant Sinha IBM Research LabsFabio Somenzi University of Colorado at Boulder, USAManu Sridharan Samsung Research AmericaOfer Strichman Technion, IsraelZhendong Su UC Davis, USACesare Tinelli The University of Iowa, USAEmina Torlak U.C. Berkeley, USATayssir Touili LIAFA, CNRS and University Paris Diderot, FranceThomas Wahl Northeastern University, USAGeorg Weissenbacher Vienna University of Technology, AustriaEran Yahav Technion, Israel

Additional Reviewers

Abdelkader, KaramAbdullah, Syed Md.

JakariaAbraham, ErikaAiswarya, C.Akshay, S.Alberti, FrancescoAlt, LeonardoAndré, EtienneArechiga, NikosAsarin, EugeneAstefanoaei, LacramioaraAthanasiou, KonstantinosAydin, AbdulbakiBackeman, PeterBalakrishnan, GogulBang, LucasBarbot, BenoitBarrett, Clark

Bartocci, EzioBasset, NicolasBen Sassi,

Mohamed AminBen-David, ShohamBenes, NikolaBerdine, JoshBertrand, NathalieBhatt, DeveshBlackshear, SamBocic, IvanBogomolov, SergiyBornholt, JamesBortz, DavidBrain, MartinBrockschmidt, MarcBrotherston, JamesBruns, GlennBushnell, David

Calcagno, CristianoCeska, MilanChakarov, AleksandarChakravarthy, VenkatChan, May T.M.Chapman, MartinChau, CuongChen, XinChen, YutingCherini, RenatoChiang, Wei-FanChmelik, MartinChoi, WontaeCimatti, AlessandroCiobaca, StefanClancy, KevinCombaz, JacquesCox, ArlenD’Antoni, Loris

VIII Organization

D’Silva, VijayDan, Andrei MarianDang, ThaoDarulova, EvaDavid, CristinaDe Niz, DionisioDegorre, AldricDehnert, ChristianDhok, MonikaDiaz, MarcioDimjasevic, MarkoDor, NuritDoyen, LaurentDragoi, CezaraDutertre, BrunoDutra, RafaelEbtekar, AramEhlers, RüdigerEide, EricEisner, CindyEnea, ConstantinFainekos, GeorgiosFalcone, YliesFedyukovich, GrigoryFeret, JeromeFerrere, ThomasFisman, DanaForejt, VojtechFraer, RananFrehse, GoranFu, XiangFu, ZhoulaiFuhs, CarstenFulton, NathanGao, SicunGarg, PranavGaroche, Pierre-LoicGascon, AdriaGerard, LeonardGhorbal, KhalilGiacobbe, MircoGirard, AntoineGligoric, MilosGoel, ShilpiGong, LiangGordon, Colin S.

Gotsman, AlexeyGretz, FriedrichGriesmayer, AndreasGrinchtein, OlgaGrumberg, OrnaGu, YijiaGuck, DennisGupta, AshutoshGvero, TihomirGyori, AlexGünther, HenningHaase, ChristophHadarean, LianaHahn, Ernst MoritzHall, BenHall, BenjaminHallé, SylvainHamza, JadHe, ShaoboHeizmann, MatthiasHenriques, DavidHenry, JulienHeule, MarijnHofferek, GeorgHorn, AlexanderHyvärinen, AnttiIvancic, FranjoIvrii, AlexanderJain, MiteshJansen, NilsJeannin, Jean-BaptisteJi, RanJovanovic, AleksandraJovanović, DejanKafle, BishoksanKahsai, TemesghenKahveci, TubaKaminski, Benjamin

LucienKannan, JayanthkumarKapinski, JamesKarbyshev, AleksandrKarimi, DerrickKeidar-Barner, SharonKeller, ChantalKennedy, Andrew

Khalimov, AyratKhlaaf, HeidyKiefer, StefanKim, Chang Hwan PeterKincaid, ZacharyKing, AndyKing, TimKini, KeshavKoenighofer, RobertKomuravelli, AnveshKonnov, IgorKoskinen, EricKretinsky, JanKugler, HillelKuncak, ViktorLaarman, AlfonsLahav, OriLahiri, ShuvenduLampka, KaiLange, MartinLano, KevinLawford, MarkLe, VuLegay, AxelLi, GoudongLi, GuodongLi, PengLi, WenchaoLi, YiLiang, TianyiLin, YuLiu, PeizunLoos, SarahLuo, QingzhouMaler, OdedMarescotti, MatteoMartins, João G.Martins, RubenMeel, KuldeepMehne, BenMeller, YaelMereacre, AlexandruMeshman, YuriMiné, AntoineMisailovic, SasaMitra, Sayan

Organization IX

Mitsch, StefanMoore, BrandonMoses, YoramMover, SergioMoy, MatthieuMukherjee, RajdeepMukherjee, SuvamMusuvathi, MadanlalMüller, AndreasNadel, AlexanderNaiman, LevNatraj, AshutoshNavas, Jorge A.Neider, DanielNellen, JohannaNguyen, Huu VuNickovic, DejanNimal, VincentNori, AdityaNorman, GethinO’Hearn, PeterOber, IulianOehlerking, JensOlivo, OswaldoOlmedo, FedericoOng, LukeOtop, JanOuaknine, JoelOwre, SamPadon, OdedPalikareva, HristinaPaoletti, NicolaPapavasileiou, VasilisPark, DaejunPartush, NimrodPek, EdgarPeleg, HilaPiterman, NirPodelski, AndreasPommellet, AdrienPous, DamienPrasad, MukulPrähofer, HerbertPuggelli, Alberto

Qian, XuehaiQiu, XiaokangQuesel, Jan-DavidRadoi, CosminRamachandran, JaideepRatschan, StefanRay, SayakRinetzky, NoamRodríguez Carbonell,

EnricRoeck, FranzRungta, NehaRyvchin, VadimSafránek, DavidSalay, RickSawaya, GeofSchewe, SvenSchlaipfer, MatthiasScholl, ChristophSchrammel, PeterSchäf, MartinSchäfer, AndreasSee, AbigailSeidl, MartinaSelfridge, BenSerbanuta, Traian FlorinSethi, DivjyotSharma, RahulSheinvald, SaraiShi, AugustShmulevich, IlyaSinz, CarstenSlivovsky, FriedrichSogokon, AndrewSolovyev, AlexeySousa Pinto, JoaoSrivathsan, B.Stefanescu, AndreiStefanescu, GheorgheSticksel, ChristophSuda, MartinSun, ChengnianSun, YutianSzekeres, Laszlo

Taghdiri, ManaTautschnig, MichaelThakur, AdityaTiwari, AshishTonetta, StefanoTopcu, UfukTracol, MathieuTsiskaridze, NestanTzoref-Brill, RachelUlbrich, MattiasUrban, CaterinaUrban, ChristianVafeiadis, ViktorVeitsman, MaorVelner, YaronVizel, YakirVoelzer, HagenVon Essen, ChristianVölp, MarcusWachter, BjörnWang, ZilongWehrman, IanWei, OuWetzler, NathanWhalen, MikeWickerson, JohnWiltsche, ClemensWintersteiger, ChristophWolf, KarstenWolf, VerenaWu, ZhilinYorav, KarenYorsh, GretaYoshida, HiroakiYounes, Håkan L.S.Yu, FangZawadzki, ErikZeljić, AleksandarZhang, QirunZhang, YiZheng, YunhuiZutshi, Aditya

X Organization

Abstracts of Invited Talks

A Trusted Mechanised Specificationof JavaScript: One Year On

Philippa Gardner, Gareth Smith, Conrad Watt, and Thomas Wood

Imperial College London{pg,gds,cw2312,tw1509}@ic.ac.uk

http://jscert.org

Abstract. The JSCert project provides a Coq mechanised specification of thecore JavaScript language. A key part of the project was to develop a method-ology for establishing trust, by designing JSCert in such a way as to provide astrong connection with the JavaScript standard, and by developing JSRef, areference interpreter which was proved correct with respect to JSCert and testedusing the standard Test262 test suite. In this paper, we assess the previous stateof the project at POPL’14 and the current state of the project at CAV’15. Weevaluate the work of POPL’14, providing an analysis of the methodology as awhole and a more detailed analysis of the tests. We also describe recent work onextending JSRef to include Google’s V8 Array library, enabling us to covermore of the language and to pass more tests.

CAV: An Industrial Perspective

Robert Kurshan

The theory of computer-aided verification happily, in the past decade,has spawned a robust industrial utilization. This, after previous dec-ades of wandering in a desert amply populated with disbelievers.

I recite some of the history of how this came about, review whereit is today, together with some of the currently most pressing theo-retical challenges that seem amenable to resolution, including memorysystems, full systems and some significant tool enhancements left onthe table, readily providable through current technology. (Inevitably),I speculate on where computer-aided verification may be headed.

Effective and Scalable Verification: BridgingResearch and Industry

William N.N. Hung

Synopsys Inc., Mountain View CA 94043, USAWilliam.Hung@synopsys.com

Five decades ago, Moores law predicted the exponential growth of the semiconductorindustry. Over the years, the increasing design complexity has called for effective andcomprehensive verification of hardware and embedded systems. Functional verificationhas become a key concern in hardware and software system development. It is gen-erally believed the majority of design effort is spent in functional verification, whosecomplexity explodes as the size of the design increases. The increasing adoption ofhigh-level synthesis brings the consistency of C++ / System C / high-level model andregister-transfer-level model into the picture. With the emergence of embedded system,functional verification of embedded software also becomes a key concern for theindustry.

There are many approaches for functional verification: formal verification, dynamicverification, hardware emulation, hardware prototyping, etc. At present,constraint-based dynamic verification is still the mainstream approach in industry,especially for large complex designs. Dynamic verification is conducted by feedinginput patterns to the design and simulating its behavior against a specification checker.The exponential nature of input patterns means, however, only a small subset of themcan be sampled for dynamic verification. To quantify the extensiveness of dynamicverification, functional coverage is a criterion widely used. How to improve functionalcoverage is a key challenge to the industry.

In this talk, we will survey industrial standards, tools and methodologies to tacklethe above verification problems, including the industry wide shift-left campaign, fromsoftware to hardware, formal, semi-formal, and constraint-based verification, acceler-ations, new ways of debugging and tackling complexity issues, ways to improvefunctional coverage, as well as new initiatives in software verification.

Contents – Part I

Invited Paper

A Trusted Mechanised Specification of JavaScript: One Year On . . . . . . . . . 3Philippa Gardner, Gareth Smith, Conrad Watt, and Thomas Wood

Model Checking and Refinements

On Automation of CTL* Verification for Infinite-State Systems . . . . . . . . . . 13Byron Cook, Heidy Khlaaf, and Nir Piterman

Algorithms for Model Checking HyperLTL and HyperCTL� . . . . . . . . . . . . 30Bernd Finkbeiner, Markus N. Rabe, and César Sánchez

Fairness Modulo Theory: A New Approach to LTL SoftwareModel Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Daniel Dietsch, Matthias Heizmann, Vincent Langenfeld,and Andreas Podelski

Model Checking Parameterized Asynchronous Shared-Memory Systems . . . . 67Antoine Durand-Gasselin, Javier Esparza, Pierre Ganty,and Rupak Majumdar

SMT and POR Beat Counter Abstraction: Parameterized Model Checkingof Threshold-Based Distributed Algorithms . . . . . . . . . . . . . . . . . . . . . . . . 85

Igor Konnov, Helmut Veith, and Josef Widder

Skipping Refinement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103Mitesh Jain and Panagiotis Manolios

Quantitative Reasoning

Percentile Queries in Multi-dimensional Markov Decision Processes . . . . . . . 123Mickael Randour, Jean-François Raskin, and Ocan Sankur

Faster Algorithms for Quantitative Verification in ConstantTreewidth Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Krishnendu Chatterjee, Rasmus Ibsen-Jensen,and Andreas Pavlogiannis

Counterexample Explanation by Learning Small Strategies in MarkovDecision Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Tomáš Brázdil, Krishnendu Chatterjee, Martin Chmelík,Andreas Fellner, and Jan Křetínský

Symbolic Polytopes for Quantitative Interpolation and Verification . . . . . . . . 178Klaus von Gleissenthall, Boris Köpf, and Andrey Rybalchenko

Adaptive Aggregation of Markov Chains: Quantitative Analysisof Chemical Reaction Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Alessandro Abate, Luboš Brim, Milan Češka, and Marta Kwiatkowska

PROPhESY: A PRObabilistic ParamEter SYnthesis Tool . . . . . . . . . . . . . . . 214Christian Dehnert, Sebastian Junges, Nils Jansen, Florian Corzilius,Matthias Volk, Harold Bruintjes, Joost- Pieter Katoen,and Erika Ábrahám

Software Analysis

Effective Search-Space Pruning for Solvers of String Equations,Regular Expressions and Length Constraints. . . . . . . . . . . . . . . . . . . . . . . . 235

Yunhui Zheng, Vijay Ganesh, Sanu Subramanian, Omer Tripp,Julian Dolby, and Xiangyu Zhang

Automata-Based Model Counting for String Constraints. . . . . . . . . . . . . . . . 255Abdulbaki Aydin, Lucas Bang, and Tevfik Bultan

OpenJDK’s Java.utils.Collection.sort() Is Broken: The Good, the Badand the Worst Case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Stijn de Gouw, Jurriaan Rot, Frank S. de Boer, Richard Bubel,and Reiner Hähnle

Tree Buffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290Radu Grigore and Stefan Kiefer

Learning Commutativity Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . 307Timon Gehr, Dimitar Dimitrov, and Martin Vechev

Angelic Verification: Precise Verification Modulo Unknowns . . . . . . . . . . . . 324Ankush Das, Shuvendu K. Lahiri, Akash Lal, and Yi Li

The SeaHorn Verification Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343Arie Gurfinkel, Temesghen Kahsai, Anvesh Komuravelli,and Jorge A. Navas

Automatic Rootcausing for Program Equivalence Failures in Binaries . . . . . . 362Shuvendu K. Lahiri, Rohit Sinha, and Chris Hawblitzel

Fine-Grained Caching of Verification Results . . . . . . . . . . . . . . . . . . . . . . . 380K. Rustan M. Leino and Valentin Wüstholz

Predicting a Correct Program in Programming by Example . . . . . . . . . . . . . 398Rishabh Singh and Sumit Gulwani

XVIII Contents – Part I

Abstract Interpretation with Higher-Dimensional Ellipsoidsand Conic Extrapolation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

Mendes Oulamara and Arnaud J. Venet

Lightning Talks

ADAM: Causality-Based Synthesis of Distributed Systems . . . . . . . . . . . . . . . 433Bernd Finkbeiner, Manuel Gieseking, and Ernst-Rüdiger Olderog

Alchemist: Learning Guarded Affine Functions. . . . . . . . . . . . . . . . . . . . . . 440Shambwaditya Saha, Pranav Garg, and P. Madhusudan

OptiMathSAT: A Tool for Optimization Modulo Theories . . . . . . . . . . . . . . 447Roberto Sebastiani and Patrick Trentin

Systematic Asynchrony Bug Exploration for Android Apps . . . . . . . . . . . . . 455Burcu Kulahcioglu Ozkan, Michael Emmi, and Serdar Tasiran

Norn: An SMT Solver for String Constraints . . . . . . . . . . . . . . . . . . . . . . . 462Parosh Aziz Abdulla, Mohamed Faouzi Atig, Yu-Fang Chen,Lukáš Holík, Ahmed Rezine, Philipp Rümmer, and Jari Stenman

PVSio-web 2.0: Joining PVS to HCI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470Paolo Masci, Patrick Oladimeji, Yi Zhang, Paul Jones, Paul Curzon,and Harold Thimbleby

The Hanoi Omega-Automata Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479Tomáš Babiak, František Blahoudek, Alexandre Duret-Lutz,Joachim Klein, Jan Křetínský, David Müller, David Parker,and Jan Strejček

The Open-Source LearnLib: A Framework for Active Automata Learning . . . 487Malte Isberner, Falk Howar, and Bernhard Steffen

BBS: A Phase-Bounded Model Checker for Asynchronous Programs . . . . . . . 496Rupak Majumdar and Zilong Wang

Time-Aware Abstractions in HybridSal . . . . . . . . . . . . . . . . . . . . . . . . . . . 504Ashish Tiwari

A Type-Directed Approach to Program Repair . . . . . . . . . . . . . . . . . . . . . . 511Alex Reinking and Ruzica Piskac

Formal Design and Safety Analysis of AIR6110 Wheel Brake System. . . . . . 518M. Bozzano, A. Cimatti, A. Fernandes Pires, D. Jones, G. Kimberly,T. Petri, R. Robinson, and S. Tonetta

Contents – Part I XIX

Meeting a Powertrain Verification Challenge . . . . . . . . . . . . . . . . . . . . . . . 536Parasara Sridhar Duggirala, Chuchu Fan, Sayan Mitra,and Mahesh Viswanathan

Synthesising Executable Gene Regulatory Networks from Single-CellGene Expression Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544

Jasmin Fisher, Ali Sinan Köksal, Nir Piterman, and Steven Woodhouse

Empirical Software Metrics for Benchmarking of Verification Tools . . . . . . . 561Yulia Demyanova, Thomas Pani, Helmut Veith, and Florian Zuleger

Interpolation, IC3/PDR, and Invariants

Property-Directed Inference of Universal Invariants or Proving TheirAbsence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583

A. Karbyshev, N. Bjørner, S. Itzhaky, N. Rinetzky, and S. Shoham

Efficient Anytime Techniques for Model-Based Safety Analysis . . . . . . . . . . 603Marco Bozzano, Alessandro Cimatti, Alberto Griggio,and Cristian Mattarei

Boosting k-Induction with Continuously-Refined Invariants . . . . . . . . . . . . . 622Dirk Beyer, Matthias Dangl, and Philipp Wendler

Fast Interpolating BMC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641Yakir Vizel, Arie Gurfinkel, and Sharad Malik

Counterexample-Guided Polynomial Loop Invariant Generationby Lagrange Interpolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 658

Yu-Fang Chen, Chih-Duo Hong, Bow-Yaw Wang, and Lijun Zhang

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675

XX Contents – Part I

Contents – Part II

SMT Techniques and Applications

POLING: SMT Aided Linearizability Proofs . . . . . . . . . . . . . . . . . . . . . . . . . 3He Zhu, Gustavo Petri, and Suresh Jagannathan

Finding Bounded Path in Graph Using SMT for Automatic Clock Routing . . . 20Amit Erez and Alexander Nadel

Cutting the Mix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Jürgen Christ and Jochen Hoenicke

The Inez Mathematical Programming Modulo Theories Framework . . . . . . . 53Panagiotis Manolios, Jorge Pais, and Vasilis Papavasileiou

Using Minimal Correction Sets to More Efficiently Compute MinimalUnsatisfiable Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Fahiem Bacchus and George Katsirelos

Deciding Local Theory Extensions via E-matching . . . . . . . . . . . . . . . . . . . 87Kshitij Bansal, Andrew Reynolds, Tim King, Clark Barrett,and Thomas Wies

HW Verification

Modular Deductive Verification of Multiprocessor Hardware Designs . . . . . . 109Muralidaran Vijayaraghavan, Adam Chlipala, Arvind, and Nirav Dave

Word-Level Symbolic Trajectory Evaluation. . . . . . . . . . . . . . . . . . . . . . . . 128Supratik Chakraborty, Zurab Khasidashvili, Carl-Johan H. Seger,Rajkumar Gajavelly, Tanmay Haldankar, Dinesh Chhatani,and Rakesh Mistry

Verifying Linearizability of Intel® Software Guard Extensions . . . . . . . . . . . 144Rebekah Leslie-Hurd, Dror Caspi, and Matthew Fernandez

Synthesis

Synthesis Through Unification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163Rajeev Alur, Pavol Černý, and Arjun Radhakrishna

From Non-preemptive to Preemptive SchedulingUsing Synchronization Synthesis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Pavol Černý, Edmund M. Clarke, Thomas A. Henzinger,Arjun Radhakrishna, Leonid Ryzhyk, Roopsha Samanta,and Thorsten Tarrach

Counterexample-Guided Quantifier Instantiation for Synthesis in SMT. . . . . . 198Andrew Reynolds, Morgan Deters, Viktor Kuncak, Cesare Tinelli,and Clark Barrett

Deductive Program Repair . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217Etienne Kneuss, Manos Koukoutos, and Viktor Kuncak

Quantifying Conformance Using the Skorokhod Metric . . . . . . . . . . . . . . . . 234Jyotirmoy V. Deshmukh, Rupak Majumdar, and Vinayak S. Prabhu

Pareto Curves of Multidimensional Mean-Payoff Games . . . . . . . . . . . . . . . 251Romain Brenguier and Jean-François Raskin

Termination

Conflict-Driven Conditional Termination . . . . . . . . . . . . . . . . . . . . . . . . . . 271Vijay D’Silva and Caterina Urban

Predicate Abstraction and CEGAR for Disproving Terminationof Higher-Order Functional Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

Takuya Kuwahara, Ryosuke Sato, Hiroshi Unno, and Naoki Kobayashi

Complexity of Bradley-Manna-Sipma Lexicographic Ranking Functions . . . . 304Amir M. Ben-Amram and Samir Genaim

Measuring with Timed Patterns. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322Thomas Ferrère, Oded Maler, Dejan Ničković, and Dogan Ulus

Automatic Verification of Stability and Safety for Delay DifferentialEquations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Liang Zou, Martin Fränzle, Naijun Zhan, and Peter Nazier Mosaad

Time Robustness in MTL and Expressivity in Hybrid System Falsification. . . 356Takumi Akazaki and Ichiro Hasuo

Concurrency

Adaptive Concretization for Parallel Program Synthesis . . . . . . . . . . . . . . . . 377Jinseong Jeon, Xiaokang Qiu, Armando Solar-Lezama,and Jeffrey S. Foster

XXII Contents – Part II

Automatic Completion of Distributed Protocols with Symmetry . . . . . . . . . . 395Rajeev Alur, Mukund Raghothaman, Christos Stergiou, Stavros Tripakis,and Abhishek Udupa

An Axiomatic Specification for Sequential Memory Models . . . . . . . . . . . . . 413William Mansky, Dmitri Garbuzov, and Steve Zdancewic

Approximate Synchrony: An Abstraction for DistributedAlmost-Synchronous Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429

Ankush Desai, Sanjit A. Seshia, Shaz Qadeer, David Broman,and John C. Eidson

Automated and Modular Refinement Reasoning for Concurrent Programs . . . 449Chris Hawblitzel, Erez Petrank, Shaz Qadeer, and Serdar Tasiran

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Contents – Part II XXIII