Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Anvesh Komuravelli Spacer Compositional Verification of Procedural Programs using Horn Clauses over Integers and Arrays Anvesh Komuravelli work done.

Similar presentations


Presentation on theme: "© Anvesh Komuravelli Spacer Compositional Verification of Procedural Programs using Horn Clauses over Integers and Arrays Anvesh Komuravelli work done."— Presentation transcript:

1 © Anvesh Komuravelli Spacer Compositional Verification of Procedural Programs using Horn Clauses over Integers and Arrays Anvesh Komuravelli work done at Carnegie Mellon University Joint work with Nikolaj Bjørner, Arie Gurfinkel, and Kenneth McMillan

2 © Anvesh Komuravelli Spacer In essence… 1 Efficiently under-approximating projections, in presence of array quantifiers.

3 © Anvesh Komuravelli Spacer Why projections? 2 Image computation Computing weakest preconditions (e.g., in IC3 style reasoning) Computing must summaries for procedural programs

4 © Anvesh Komuravelli Spacer SAT assignments to x 3 But, Quantifier Elimination is expensive! Under-approximate the Projection! Model-based Projection (MBP)

5 © Anvesh Komuravelli Spacer MBP for Propositional Logic 4 u 1 0 u 2 1 x 1 0 x 2 0 x 3 1 Model M substitute 0/u 1, 1/u 2 (under-approximates)

6 © Anvesh Komuravelli Spacer MBP for Linear (Real) Arithmetic 5 Infinite space of models – Substitution Method does not work! Loos-Weispfenning’s equivalence: Pick a disjunct based on the model

7 © Anvesh Komuravelli Spacer What if we have array variables? 6 Arrays are common for modeling heap memory In presence of procedures, can’t get rid off them easily! Inlining procedure calls and (hopefully) lowering arrays to registers bloats the program size exponentially Recursive procedures cannot be inlined MBP for the (extensional) theory of arrays?

8 © Anvesh Komuravelli Spacer 7 Eliminating Array Quantifiers

9 © Anvesh Komuravelli Spacer Eliminating array quantifiers can introduce quantifiers of index/value sort! 8 (Ackermann Reduction)

10 © Anvesh Komuravelli Spacer ArrayQE basically has 3 steps 9 1.Eliminate Writes 2.Eliminate (Partial) Equalities/Disequalities 3.Eliminate Reads (aka Ackermann Reduction) (the result can have quantifiers of index/value sorts) 1.Eliminate Writes 2.Eliminate (Partial) Equalities/Disequalities 3.Eliminate Reads (aka Ackermann Reduction) (the result can have quantifiers of index/value sorts)

11 © Anvesh Komuravelli Spacer ArrayQE Example 10 Eliminate Writes

12 © Anvesh Komuravelli Spacer ArrayQE Example 11 Eliminate Writes Partial Equality

13 © Anvesh Komuravelli Spacer ArrayQE Example 12 Eliminate Writes  Eliminate Equalities and Disequalities substitute

14 © Anvesh Komuravelli Spacer ArrayQE Example 13 Eliminate Writes  Eliminate Equalities and Disequalities  Eliminate Reads

15 © Anvesh Komuravelli Spacer 14 MBP for the Theory of Arrays (ARR)

16 © Anvesh Komuravelli Spacer ArrayMBP amounts to picking disjuncts from ArrayQE 15 Eliminate Writes

17 © Anvesh Komuravelli Spacer ArrayMBP Example 16 Eliminate Writes

18 © Anvesh Komuravelli Spacer substitute ArrayMBP Example 17 Eliminate Writes  Eliminate Equalities and Disequalities substitute

19 © Anvesh Komuravelli Spacer ArrayMBP Example 18 Eliminate Writes  Eliminate Equalities and Disequalities  Eliminate Reads

20 © Anvesh Komuravelli Spacer ArrayMBP Example 19 Eliminate Writes  Eliminate Equalities and Disequalities  Eliminate Reads

21 © Anvesh Komuravelli Spacer 20 MBP for the combination LIA + ARR

22 © Anvesh Komuravelli Spacer In 2 steps: 21 1.Eliminate array quantifiers using ArrayMBP ( which can introduce integer quantifiers ) 2.Eliminate integer quantifiers using MBP for LIA 1.Eliminate array quantifiers using ArrayMBP ( which can introduce integer quantifiers ) 2.Eliminate integer quantifiers using MBP for LIA

23 © Anvesh Komuravelli Spacer Caveat: Integer quantifiers cannot always be eliminated! 22 has no equivalent quantifier-free formula! Fall-back to the substitution method

24 © Anvesh Komuravelli Spacer Equality Resolution to avoid the Substitution Method 23

25 © Anvesh Komuravelli Spacer May SummariesMust Summaries Over-approximate QE with Interpolation Under-approximate QE with MBP Ideas are implemented in our tool Spacer 24 IC3-style compositional reasoning for Procedural Programs MBP for under-approximating weakest precondition Two kinds of procedure summaries

26 © Anvesh Komuravelli Spacer Substitution method can lead to diverging interpolants! 25 … … Weakest Precondition Under-approx

27 © Anvesh Komuravelli Spacer Heuristically privilege array (dis-)equalities 26

28 © Anvesh Komuravelli Spacer 27 Experimental Evaluation

29 © Anvesh Komuravelli Spacer Compare Spacer with and without inlining 28 The SeaHorn front-end has an option to inline procedure calls Inlining gets rid off most of the array variables, for Device Drivers category of SV-COMP’15. (Spacer minus ArrayMBP) can only handle a small fraction of the non-inlined programs The SeaHorn front-end has an option to inline procedure calls Inlining gets rid off most of the array variables, for Device Drivers category of SV-COMP’15. (Spacer minus ArrayMBP) can only handle a small fraction of the non-inlined programs

30 © Anvesh Komuravelli Spacer Compare Spacer with and without inlining 29 lots of time-outs

31 © Anvesh Komuravelli Spacer Conclusion 30 Model-based Projection (MBP) for the extensional theory of arrays Quantifiers of index and value sort cannot always be eliminated Heuristics to avoid the model substitution method Practical advantage over SV-COMP’15 benchmarks Adapt the ideas to obtain Quantified Invariants? Model-based Projection (MBP) for the extensional theory of arrays Quantifiers of index and value sort cannot always be eliminated Heuristics to avoid the model substitution method Practical advantage over SV-COMP’15 benchmarks Adapt the ideas to obtain Quantified Invariants?

32

33 © Anvesh Komuravelli Spacer 32 Questions?


Download ppt "© Anvesh Komuravelli Spacer Compositional Verification of Procedural Programs using Horn Clauses over Integers and Arrays Anvesh Komuravelli work done."

Similar presentations


Ads by Google