Skip to main content
SpringerLink
Log in
Book cover

NASA Formal Methods Symposium

NFM 2017: NASA Formal Methods pp 131–138Cite as

Model-Counting Approaches for Nonlinear Numerical Constraints

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10227))

Abstract

Model counting is of central importance in quantitative reasoning about systems. Examples include computing the probability that a system successfully accomplishes its task without errors, and measuring the number of bits leaked by a system to an adversary in Shannon entropy. Most previous work in those areas demonstrated their analysis on programs with linear constraints, in which cases model counting is polynomial time. Model counting for nonlinear constraints is notoriously hard, and thus programs with nonlinear constraints are not well-studied. This paper surveys state-of-the-art techniques and tools for model counting with respect to SMT constraints, modulo the bitvector theory, since this theory is decidable, and it can express nonlinear constraints that arise from the analysis of computer programs. We integrate these techniques within the Symbolic Pathfinder platform and evaluate them on difficult nonlinear constraints generated from the analysis of cryptographic functions.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. ISSTAC: Integrated Symbolic Execution for Space-Time Analysis of Code. http://www.cmu.edu/silicon-valley/research/isstac

  2. Backes, M., Kopf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: SP 2009, pp. 141–153 (2009)

    Google Scholar 

  3. Bang, L., Aydin, A., Phan, Q.S., Păsăreanu, C.S., Bultan, T.: String analysis for side channels with segmented oracles. In: FSE 2016, pp. 193–204. ACM (2016)

    Google Scholar 

  4. Borges, M., Filieri, A., d’Amorim, M., Păsăreanu, C.S., Visser, W.: Compositional solution space quantification for probabilistic software analysis. In: PLDI, pp. 123–132. ACM (2014)

    Google Scholar 

  5. Brickenstein, M., Dreyer, A.: PolyBoRi: a framework for gröbner-basis computations with boolean polynomials. J. Symb. Comput. 44(9), 1326–1345 (2009)

    Article  MATH  Google Scholar 

  6. Brumley, D., Boneh, D.: Remote timing attacks are practical. In: SSYM 2003, pp. 1–1. USENIX Association (2003)

    Google Scholar 

  7. Chakraborty, S., Meel, K.S., Mistry, R., Vardi, M.Y.: Approximate probabilistic inference via word-level counting. In: AAAI 2016, pp. 3218–3224 (2016)

    Google Scholar 

  8. Chistikov, D., Dimitrova, R., Majumdar, R.: Approximate counting in SMT and value estimation for probabilistic programs. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 320–334. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46681-0_26

    Google Scholar 

  9. Cimatti, A., Griggio, A., Schaafsma, B.J., Sebastiani, R.: The MathSAT5 SMT solver. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013. LNCS, vol. 7795, pp. 93–107. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36742-7_7

    Chapter  Google Scholar 

  10. Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78800-3_24

    Chapter  Google Scholar 

  11. Filieri, A., Păsăreanu, C.S., Visser, W.: Reliability analysis in symbolic pathfinder. In: ICSE, pp. 622–631. IEEE Press (2013)

    Google Scholar 

  12. Gao, S.: Counting zeros over finite fields using Gröbner bases. Master’s thesis, Carnegie Mellon University (2009)

    Google Scholar 

  13. Grumberg, O., Schuster, A., Yadgar, A.: Memory efficient all-solutions SAT solver and its application for reachability analysis. In: Hu, A.J., Martin, A.K. (eds.) FMCAD 2004. LNCS, vol. 3312, pp. 275–289. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30494-4_20

    Chapter  Google Scholar 

  14. King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  15. Klebanov, V., Manthey, N., Muise, C.: SAT-based analysis and quantification of information flow in programs. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 177–192. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40196-1_16

    Chapter  Google Scholar 

  16. Klebanov, V., Weigl, A., Weisbarth, J.: Sound probabilistic #SAT with projection. In: QAPL 2016, pp. 15–29 (2016)

    Google Scholar 

  17. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). doi:10.1007/3-540-68697-5_9

    Google Scholar 

  18. Loera, J.A.D., Hemmecke, R., Tauzer, J., Yoshida, R.: Effective lattice point counting in rational convex polytopes. J. Symb. Comput. 38(4), 1273–1302 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  19. Malacaria, P.: Algebraic foundations for quantitative information flow. Math. Struct. Comput. Sci. 25, 404–428 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  20. Muise, C., McIlraith, S.A., Beck, J.C., Hsu, E.I.: Dsharp: fast d-DNNF compilation with sharpSAT. In: Kosseim, L., Inkpen, D. (eds.) AI 2012. LNCS (LNAI), vol. 7310, pp. 356–361. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30353-1_36

    Chapter  Google Scholar 

  21. Phan, Q.S.: Model counting modulo theories. Ph.D. thesis, Queen Mary University of London (2015)

    Google Scholar 

  22. Phan, Q.S., Malacaria, P.: All-solution satisfiability modulo theories: applications, algorithms and benchmarks. In: ARES 2015, pp. 100–109 (2015)

    Google Scholar 

  23. Phan, Q.S., Malacaria, P., Păsăreanu, C.S., d’Amorim, M.: Quantifying information leaks using reliability analysis. In: SPIN 2014, pp. 105–108. ACM (2014)

    Google Scholar 

  24. Păsăreanu, C.S., Phan, Q.S., Malacaria, P.: Multi-run side-channel analysis using Symbolic Execution and Max-SMT. In: CSF 2016, pp. 387–400, June 2016

    Google Scholar 

  25. Păsăreanu, C.S., Visser, W., Bushnell, D., Geldenhuys, J., Mehlitz, P., Rungta, N.: Symbolic PathFinder: integrating symbolic execution with model checking for Java bytecode analysis. Autom. Softw. Eng. 20, 1–35 (2013)

    Article  Google Scholar 

  26. Rubinstein, R.: Stochastic enumeration method for counting NP-hard problems. Methodol. Comput. Appl. Probab. 15(2), 249–291 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  27. Somenzi, F.: CUDD: CU decision diagram package release 3.0.0 (2015)

    Google Scholar 

  28. Thurley, M.: sharpSAT – Counting models with advanced component caching and implicit BCP. In: Biere, A., Gomes, C.P. (eds.) SAT 2006. LNCS, vol. 4121, pp. 424–429. Springer, Heidelberg (2006). doi:10.1007/11814948_38

    Chapter  Google Scholar 

  29. Tran, Q., Vardi, M.Y.: Groebner bases computation in boolean rings for symbolic model checking. In: MOAS, pp. 440–445. ACTA Press (2007)

    Google Scholar 

  30. Tseitin, G.S.: On the complexity of derivation in propositional calculus. In: Siekmann, J.H., Wrightson, G. (eds.) Automation of Reasoning: 2: Classical Papers on Computational Logic, pp. 466–483. Springer, Heidelberg (1983)

    Chapter  Google Scholar 

  31. Wei, W., Selman, B.: A new approach to model counting. In: Bacchus, F., Walsh, T. (eds.) SAT 2005. LNCS, vol. 3569, pp. 324–339. Springer, Heidelberg (2005). doi:10.1007/11499107_24

    Chapter  Google Scholar 

Download references

Acknowledgement

This work was funded in part by the National Science Foundation (NSF Grant Nos. CCF-1319858, CCF-1549161) and also by DARPA under agreement number FA8750-15-2-0087. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. Mateus Borges is funded by an Imperial College PhD Scholarship.

Author information

Authors and Affiliations

  1. Imperial College London, London, UK

    Mateus Borges & Antonio Filieri

  2. Carnegie Mellon University Silicon Valley, Mountain View, USA

    Quoc-Sang Phan & Corina S. Păsăreanu

  3. NASA Ames, Mountain View, USA

    Corina S. Păsăreanu

Authors
  1. Mateus Borges
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Quoc-Sang Phan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Antonio Filieri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Corina S. Păsăreanu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mateus Borges .

Editor information

Editors and Affiliations

  1. Stanford University, Palo Alto, California, USA

    Clark Barrett

  2. NASA Ames Research Center, Moffett Field, California, USA

    Misty Davies

  3. NASA Ames Research Center, Moffett Field, California, USA

    Temesghen Kahsai

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Borges, M., Phan, QS., Filieri, A., Păsăreanu, C.S. (2017). Model-Counting Approaches for Nonlinear Numerical Constraints. In: Barrett, C., Davies, M., Kahsai, T. (eds) NASA Formal Methods. NFM 2017. Lecture Notes in Computer Science(), vol 10227. Springer, Cham. https://doi.org/10.1007/978-3-319-57288-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-57288-8_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-57287-1

  • Online ISBN: 978-3-319-57288-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation