© Anvesh Komuravelli Spacer Compositional Verification of Procedural Programs using Horn Clauses over Integers and Arrays Anvesh Komuravelli work done.

Slides:



Advertisements
Similar presentations
Model Checking Base on Interoplation
Advertisements

Assertion Checking over Combined Abstraction of Linear Arithmetic and Uninterpreted Functions Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.
A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,
SMELS: Sat Modulo Equality with Lazy Superposition Christopher Lynch – Clarkson Duc-Khanh Tran - MPI.
A practical and complete approach to predicate abstraction Ranjit Jhala UCSD Ken McMillan Cadence Berkeley Labs.
Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
Consequence Generation, Interpolants, and Invariant Discovery Ken McMillan Cadence Berkeley Labs.
Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
Satisfiability modulo the Theory of Bit Vectors
Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”
Propositional and First Order Reasoning. Terminology Propositional variable: boolean variable (p) Literal: propositional variable or its negation p 
On Solving Presburger and Linear Arithmetic with SAT Ofer Strichman Carnegie Mellon University.
© Anvesh Komuravelli Spacer Automatic Abstraction in SMT-Based Unbounded Software Model Checking Anvesh Komuravelli Carnegie Mellon University Joint work.
Methods of Proof Chapter 7, second half.. Proof methods Proof methods divide into (roughly) two kinds: Application of inference rules: Legitimate (sound)
© Anvesh Komuravelli Quantified Invariants in Rich Domains using Model Checking and Abstract Interpretation Anvesh Komuravelli, CMU Joint work with Ken.
Methods of Proof Chapter 7, Part II. Proof methods Proof methods divide into (roughly) two kinds: Application of inference rules: Legitimate (sound) generation.
Logic.
Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
© Anvesh Komuravelli IC3/PDR Overview of IC3/PDR Anvesh Komuravelli Carnegie Mellon University.
1 Cover Algorithms and Their Combination Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond.
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
Leonardo de Moura and Nikolaj Bjørner Microsoft Research.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Lifting Abstract Interpreters to Quantified Logical Domains Sumit Gulwani, MSR Bill McCloskey, UCB Ashish Tiwari, SRI 1.
Assertion Checking Unified Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.
Logic in general Logics are formal languages for representing information such that conclusions can be drawn Syntax defines the sentences in the language.
Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
Interpolants [Craig 1957] G(y,z) F(x,y)
1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University.
Ryan Kinworthy 2/26/20031 Chapter 7- Local Search part 1 Ryan Kinworthy CSCE Advanced Constraint Processing.
1 Quantified Formulas Acknowledgement: QBF slides borrowed from S. Malik.
Sanjit A. Seshia and Randal E. Bryant Computer Science Department
Methods of Proof Chapter 7, second half.
Taylor Expansion Diagrams (TED): Verification EC667: Synthesis and Verification of Digital Systems Spring 2011 Presented by: Sudhan.
Quantifier Elimination Procedures in Z3 Support for Non-linear arithmetic Fixed-points – features and a preview.
1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University.
Invisible Invariants: Underapproximating to Overapproximate Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
On Solving Presburger and Linear Arithmetic with SAT Ofer Strichman Carnegie Mellon University.
1/25 Pointer Logic Changki PSWLAB Pointer Logic Daniel Kroening and Ofer Strichman Decision Procedure.
Leonardo de Moura Microsoft Research. Many approaches Graph-based for difference logic: a – b  3 Fourier-Motzkin elimination: Standard Simplex General.
1 Decision Procedures for Linear Arithmetic Presented By Omer Katz 01/04/14 Based on slides by Ofer Strichman.
Boolean Satisfiability and SAT Solvers
SAT and SMT solvers Ayrat Khalimov (based on Georg Hofferek‘s slides) AKDV 2014.
Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball
CHAPTERS 7, 8 Oliver Schulte Logical Inference: Through Proof to Truth.
1 Inference Rules and Proofs (Z); Program Specification and Verification Inference Rules and Proofs (Z); Program Specification and Verification.
Major objective of this course is: Design and analysis of modern algorithms Different variants Accuracy Efficiency Comparing efficiencies Motivation thinking.
Lazy Annotation for Program Testing and Verification Speaker: Chen-Hsuan Adonis Lin Advisor: Jie-Hong Roland Jiang November 26,
Institute for Applied Information Processing and Communications (IAIK) – Secure & Correct Systems 1 Georg Hofferek and Roderick Bloem Institute for Applied.
Decision methods for arithmetic Third summer school on formal methods Leonardo de Moura Microsoft Research.
Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015Information Security, CS 5261.
© Copyright 2008 STI INNSBRUCK Intelligent Systems Propositional Logic.
Nikolaj Bjørner Microsoft Research DTU Winter course January 2 nd 2012 Organized by Flemming Nielson & Hanne Riis Nielson.
© 2015 Carnegie Mellon University Parametric Symbolic Reachability Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie.
CS357 Lecture 13: Symbolic model checking without BDDs Alex Aiken David Dill 1.
Logical Agents Chapter 7. Outline Knowledge-based agents Propositional (Boolean) logic Equivalence, validity, satisfiability Inference rules and theorem.
Selected Decision Procedures and Techniques for SMT More on combination – theories sharing sets – convex theory Un-interpreted function symbols (quantifier-free.
2009/6/30 CAV Quantifier Elimination via Functional Composition Jie-Hong Roland Jiang Dept. of Electrical Eng. / Grad. Inst. of Electronics Eng.
© Anvesh Komuravelli Spacer Model Checking with Proofs and Counterexamples Anvesh Komuravelli Carnegie Mellon University Joint work with Arie Gurfinkel,
Certifying and Synthesizing Membership Equational Proofs Patrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu.
Algebra 2 Solving Systems Algebraically Lesson 3-2 Part 2.
Inference and search for the propositional satisfiability problem
Solving Constrained Horn Clauses by Property Directed Reachability
SMT-Based Verification of Parameterized Systems
Parametric Symbolic Reachability
Automating Induction for Solving Horn Clauses
Arithmetic Constraints and Automata
Lifting Propositional Interpolants to the Word-Level
Objective of This Course
Part II General Integer Programming
Presentation transcript:

© Anvesh Komuravelli Spacer Compositional Verification of Procedural Programs using Horn Clauses over Integers and Arrays Anvesh Komuravelli work done at Carnegie Mellon University Joint work with Nikolaj Bjørner, Arie Gurfinkel, and Kenneth McMillan

© Anvesh Komuravelli Spacer In essence… 1 Efficiently under-approximating projections, in presence of array quantifiers.

© Anvesh Komuravelli Spacer Why projections? 2 Image computation Computing weakest preconditions (e.g., in IC3 style reasoning) Computing must summaries for procedural programs

© Anvesh Komuravelli Spacer SAT assignments to x 3 But, Quantifier Elimination is expensive! Under-approximate the Projection! Model-based Projection (MBP)

© Anvesh Komuravelli Spacer MBP for Propositional Logic 4 u 1 0 u 2 1 x 1 0 x 2 0 x 3 1 Model M substitute 0/u 1, 1/u 2 (under-approximates)

© Anvesh Komuravelli Spacer MBP for Linear (Real) Arithmetic 5 Infinite space of models – Substitution Method does not work! Loos-Weispfenning’s equivalence: Pick a disjunct based on the model

© Anvesh Komuravelli Spacer What if we have array variables? 6 Arrays are common for modeling heap memory In presence of procedures, can’t get rid off them easily! Inlining procedure calls and (hopefully) lowering arrays to registers bloats the program size exponentially Recursive procedures cannot be inlined MBP for the (extensional) theory of arrays?

© Anvesh Komuravelli Spacer 7 Eliminating Array Quantifiers

© Anvesh Komuravelli Spacer Eliminating array quantifiers can introduce quantifiers of index/value sort! 8 (Ackermann Reduction)

© Anvesh Komuravelli Spacer ArrayQE basically has 3 steps 9 1.Eliminate Writes 2.Eliminate (Partial) Equalities/Disequalities 3.Eliminate Reads (aka Ackermann Reduction) (the result can have quantifiers of index/value sorts) 1.Eliminate Writes 2.Eliminate (Partial) Equalities/Disequalities 3.Eliminate Reads (aka Ackermann Reduction) (the result can have quantifiers of index/value sorts)

© Anvesh Komuravelli Spacer ArrayQE Example 10 Eliminate Writes

© Anvesh Komuravelli Spacer ArrayQE Example 11 Eliminate Writes Partial Equality

© Anvesh Komuravelli Spacer ArrayQE Example 12 Eliminate Writes  Eliminate Equalities and Disequalities substitute

© Anvesh Komuravelli Spacer ArrayQE Example 13 Eliminate Writes  Eliminate Equalities and Disequalities  Eliminate Reads

© Anvesh Komuravelli Spacer 14 MBP for the Theory of Arrays (ARR)

© Anvesh Komuravelli Spacer ArrayMBP amounts to picking disjuncts from ArrayQE 15 Eliminate Writes

© Anvesh Komuravelli Spacer ArrayMBP Example 16 Eliminate Writes

© Anvesh Komuravelli Spacer substitute ArrayMBP Example 17 Eliminate Writes  Eliminate Equalities and Disequalities substitute

© Anvesh Komuravelli Spacer ArrayMBP Example 18 Eliminate Writes  Eliminate Equalities and Disequalities  Eliminate Reads

© Anvesh Komuravelli Spacer ArrayMBP Example 19 Eliminate Writes  Eliminate Equalities and Disequalities  Eliminate Reads

© Anvesh Komuravelli Spacer 20 MBP for the combination LIA + ARR

© Anvesh Komuravelli Spacer In 2 steps: 21 1.Eliminate array quantifiers using ArrayMBP ( which can introduce integer quantifiers ) 2.Eliminate integer quantifiers using MBP for LIA 1.Eliminate array quantifiers using ArrayMBP ( which can introduce integer quantifiers ) 2.Eliminate integer quantifiers using MBP for LIA

© Anvesh Komuravelli Spacer Caveat: Integer quantifiers cannot always be eliminated! 22 has no equivalent quantifier-free formula! Fall-back to the substitution method

© Anvesh Komuravelli Spacer Equality Resolution to avoid the Substitution Method 23

© Anvesh Komuravelli Spacer May SummariesMust Summaries Over-approximate QE with Interpolation Under-approximate QE with MBP Ideas are implemented in our tool Spacer 24 IC3-style compositional reasoning for Procedural Programs MBP for under-approximating weakest precondition Two kinds of procedure summaries

© Anvesh Komuravelli Spacer Substitution method can lead to diverging interpolants! 25 … … Weakest Precondition Under-approx

© Anvesh Komuravelli Spacer Heuristically privilege array (dis-)equalities 26

© Anvesh Komuravelli Spacer 27 Experimental Evaluation

© Anvesh Komuravelli Spacer Compare Spacer with and without inlining 28 The SeaHorn front-end has an option to inline procedure calls Inlining gets rid off most of the array variables, for Device Drivers category of SV-COMP’15. (Spacer minus ArrayMBP) can only handle a small fraction of the non-inlined programs The SeaHorn front-end has an option to inline procedure calls Inlining gets rid off most of the array variables, for Device Drivers category of SV-COMP’15. (Spacer minus ArrayMBP) can only handle a small fraction of the non-inlined programs

© Anvesh Komuravelli Spacer Compare Spacer with and without inlining 29 lots of time-outs

© Anvesh Komuravelli Spacer Conclusion 30 Model-based Projection (MBP) for the extensional theory of arrays Quantifiers of index and value sort cannot always be eliminated Heuristics to avoid the model substitution method Practical advantage over SV-COMP’15 benchmarks Adapt the ideas to obtain Quantified Invariants? Model-based Projection (MBP) for the extensional theory of arrays Quantifiers of index and value sort cannot always be eliminated Heuristics to avoid the model substitution method Practical advantage over SV-COMP’15 benchmarks Adapt the ideas to obtain Quantified Invariants?

© Anvesh Komuravelli Spacer 32 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.