Skip to main content
Log in

An extension of lazy abstraction with interpolation for programs with arrays

Formal Methods in System Design Aims and scope Submit manuscript

Abstract

Lazy abstraction with interpolation-based refinement has been shown to be a powerful technique for verifying imperative programs. In presence of arrays, however, the method suffers from an intrinsic limitation, due to the fact that invariants needed for verification usually contain universally quantified variables, which are not present in program specifications. In this work we present an extension of the interpolation-based lazy abstraction framework in which arrays of unknown length can be handled in a natural manner. In particular, we exploit the Model Checking Modulo Theories framework to derive a backward reachability version of lazy abstraction that supports reasoning about arrays. The new approach has been implemented in a tool, called safari, which has been validated on a wide range of benchmarks. We show by means of experiments that our approach can synthesize and prove universally quantified properties over arrays in a completely automatic fashion.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Notes

  1. Available at http://verify.inf.usi.ch/content/safari.

  2. These sentences can be used to axiomatize the set of sentences true in the integers [39].

  3. For simplicity, in this example we omit identical updates.

  4. For a general framework covering all these transformations, the reader is pointed to [20].

  5. In practice, this might result in a large combinatorial blow-up. Practical optimizations for the scalability of this procedure are described in Sect. 7.4.

  6. In a many-sorted context, the support of \(\mathcal M\) is taken to be the disjoint union of the sets \(S^\mathcal M\), varying \(S\) over the sorts of \(\Sigma \).

  7. http://research.microsoft.com/en-us/projects/boogie/.

  8. http://proval.lri.fr/.

  9. n = 0 means that the program does not have nested loops, n = 1 identifies programs with at least one nested loop, etc.

  10. Notice that cbmc and CPAchecker won the first and second place, respectively, of the overall category in the 3rd International Competition on Software Verification (SV-COMP’14), http://sv-comp.sosy-lab.org/2014/results/index.php.

  11. We run cbmc v4.3 with the option –unwind \(N\) +1.

  12. We would like to thank Dirk Beyer and its group for their support in running CPAchecker.

  13. We were not able to retrieve the version of Clousot invoked by the web interface. We assume it to be the last available version, i.e. 1.5.60502.11.

  14. http://research.microsoft.com/projects/contracts.

References

  1. Abdulla PA, Jonsson B (1996) Verifying programs with unreliable channels. Inf Comput 127(2):91–101

    Article  MATH  MathSciNet  Google Scholar 

  2. Aho AV, Lam MS, Sethi R, Ullman JD (2007) Compilers: principles, techniques, and tools, 2nd edn. Pearson-Addison Wesley.

  3. Albarghouthi A, Gurfinkel A, Chechik M (2012) Craig interpretation. In: Miné A, Schmidt D (eds) SAS. Springer, Lecture Notes in Computer Science, pp 300–316

    Google Scholar 

  4. Alberti F, Bruttomesso R, Ghilardi S, Ranise S, Sharygina N (2012) Lazy abstraction with interpolants for arrays. In: Bjørner N, Voronkov A (eds) LPAR, Lecture Notes in Computer Science, vol 7180, pp 46–61. Springer.

  5. Alberti F, Bruttomesso R, Ghilardi S, Ranise S, Sharygina N (2012) SAFARI: SMT-based abstraction for arrays with interpolants. In: Madhusudan P, Seshia SA (eds) CAV., Lecture Notes in Computer Science, vol 7358, Springer, Berlin, pp 679–685

  6. Alberti F, Ghilardi S, Pagani E, Ranise S, Rossi GP (2010). Automated support for the design and validation of fault tolerant parameterized systems: a case study. ECEASST, p 35.

  7. Alberti F, Ghilardi S, Pagani E, Ranise S, Rossi GP (2012) Universal guards, relativization of quantifiers, and failure models in Model Checking Modulo theories. JSAT 8(1/2):29–61

    MathSciNet  Google Scholar 

  8. Armando A, Benerecetti M, Carotenuto D, Mantovani J, Spica P (2007) The Eureka tool for software model checking. In Stirewalt REK, Egyed A, Fischer B (eds), ASE. ACM, pp 541–542.

  9. Armando A, Benerecetti M, Mantovani J (2007). Abstraction refinement of linear programs with arrays. In: Grumberg O, Huth M (eds) TACAS, Lecture Notes in Computer Science, vol 4424. Springer, pp 373–388.

  10. Franz Baader, Silvio Ghilardi (2007) Connecting many-sorted theories. J Symb Logic 72:535–583

    Article  MATH  Google Scholar 

  11. Ball T, Rajamani SK (2002) The SLAM project: debugging system software via static analysis. In: Launchbury and Mitchell (eds) Conference record of POPL 2002: The 29th SIGPLAN-SIGACT symposium on principles of programming languages, Portland, OR, USA, January 16–18, 2002. ACM, pp 1–3.

  12. Beyer D (2013) Second competition on Software Verification–(Summary of SV-COMP 2013). In Piterman N, Smolka SA (eds) Proceedings of the 19th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2013, held as part of the European joint conferences on theory and practice of software, ETAPS 2013, Rome, Italy, March 16–24, 2013. Lecture Notes in Computer Science, vol 7795. Springer, pp 594–609

  13. Beyer D, Henzinger TA, Jhala R, Majumdar R (2007) The software model checker blast. STTT 9(5–6):505–525

  14. Beyer D, Henzinger TA, Jhala R, Majumdar R, Rybalchenko A (2007) Invariant synthesis for combined theories. In Cook B, Podelski A (eds) VMCAI, Lecture Notes in Computer Science, vol 4349. Springer, pp 378–394.

  15. Beyer D, Erkan Keremoglu M (2011) CPAchecker: a tool for configurable software verification. In: Gopalakrishnan G, Qadeer S (eds) Proceedings of the 23rd international conference on computer aided verification, CAV 2011, Snowbird, UT, USA, July 14–20, 2011. Lecture Notes in Computer Science, vol 6806. Springer pp 184–190.

  16. Biere A, Cimatti AA, Clarke EM, Zhu Y (1999) Symbolic model checking without BDDs. In: Cleaveland R (ed) TACAS, Lecture Notes in Computer Science, vol 1579. Springer, pp 193–207.

  17. Blanchet B, Cousot P, Cousot R, Feret J, Mauborgne L, Miné A, Monniaux D, Rival X (2002) Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software. In: Mogensen TÆ, Schmidt DA, Sudborough IH (eds) The essence of computation, Lecture Notes in Computer Science, vol 2566. Springer, pp 85–108.

  18. Brillout A, Kroening, D, Rümmer P, Wahl T (2010) An interpolating sequent calculus for quantifier-free Presburger arithmetic. In: Giesl H (ed) Proceedings of the 5th international joint conference on automated reasoning, IJCAR 2010, Edinburgh, UK, July 16–19, 2010. Lecture Notes in Computer Science, vol 6173. Springer, pp 384–399.

  19. Bruttomesso R, Ghilardi S, Ranise S (2012) From strong amalgamability to modularity of quantifier-free interpolation. In: IJCAR, Lecture Notes in Computer Science. Springer, pp 118–133.

  20. Bruttomesso R, Ghilardi S, Ranise S (2012) Quantifier-free interpolation of a theory of arrays. Logical Methods in Computer Science 8(2)

  21. Bruttomesso R, Pek E, Sharygina N, Tsitovich A (2010) The OpenSMT solver. In: Esparza J, Majumdar R (eds) TACAS, Lecture Notes in Computer Science, vol 6015. Springer, pp 150–153.

  22. Carioni A, Ghilardi S, Ranise S (2011) Automated termination in model checking Modulo theories. In: Delzanno G, Potapov I (eds) RP, Lecture Notes in Computer Science, vol 6945. Springer, pp 110–124.

  23. Chase DR, Wegman MN, Zadeck FK (1990) Analysis of pointers and structures. In: Fischer BN (ed) PLDI. ACM, pp 296–310.

  24. Cimatti A, Griggio A, Schaafsma BJ, Sebastiani R (2013) The MathSAT5 SMT solver. In: Piterman N, Smolka SA (eds) Proceedings of the 19th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2013, held as part of the European joint conferences on theory and practice of software, ETAPS 2013, Rome, Italy, March 16–24, 2013. Lecture Notes in Computer Science, vol 7795. Springer, pp 93–107.

  25. Robert Clarisó, Jordi Cortadella (2007) The octahedron abstract domain. Sci Comput Program 64(1):115–139

    Article  MATH  Google Scholar 

  26. Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2000) Counterexample-guided abstraction refinement. In: Allen Emerson E, Prasad Sistla A (eds) CAV, Lecture Notes in Computer Science, vol 1855. Springer, pp 154–169.

  27. Clarke EM, Kroening D, Lerda F (2004) A tool for checking ANSI-C programs. In Jensen K, Podelski A (eds) TACAS, Lecture Notes in Computer Science, vol 2988. Springer, pp 168–176.

  28. Cousot P, Cousot R (1977) Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Graham RM, Harrison MA, Sethi R (eds) POPL. ACM, pp 238–252

  29. Cousot P, Cousot R, Logozzo F (2011) A parametric segmentation functor for fully automatic and scalable array content analysis. In Ball T, Sagiv M (eds) POPL. ACM, pp 105–118.

  30. Cousot P, Halbwachs N (1978) Automatic discovery of linear restraints among variables of a program. In: Aho Alfred V, Zilles Stephen N, Szymanski Thomas G (eds) POPL. ACM Press, pp 84–96.

  31. Craig W (1957) Three uses of the Herbrand-Gentzen theorem in relating model theory and proof theory. J Symb Log 22(3):269–285

    Article  MATH  MathSciNet  Google Scholar 

  32. Mendonça de Moura L, Bjørner N (2007) Efficient e-matching for SMT solvers. In Pfenning F (ed) CADE, Lecture Notes in Computer Science, vol 4603. Springer, pp 183–198.

  33. Mendonça de Moura L, Bjørner N (2008) Z3: an efficient SMT solver. In: Ramakrishnan CR, Rehof J (eds) Proceedings of the 14th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2008, held as part of the joint European conferences on theory and practice of software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008, Lecture Notes in Computer Science, vol 4963. Springer, pp 337–340.

  34. Delzanno G, Esparza J, Podelski A (1999) Constraint-based analysis of broadcast protocols. Proceedings of CSL, LNCS 1683:50–66

    MathSciNet  Google Scholar 

  35. Dillig I, Dillig T, Alex Aiken T (2010) Fluid updates: beyond strong vs. weak updates. In Gordon AD (ed), ESOP, Lecture Notes in Computer Science, vol 6012. Springer, pp 246–266.

  36. Dimitrova R, Podelski A (2008) Is lazy abstraction a decision procedure for broadcast protocols? In: Logozzo F, Peled D, Zuck LD (eds) VMCAI, Lecture Notes in Computer Science, vol. 4905. Springer, pp 98–111.

  37. Dudka K, Peringer P, Vojnar T (2011) Predator: a practical tool for checking manipulation of dynamic data structures using separation logic. In: Gopalakrishnan G, Qadeer S (eds) Proceedings of the 23rd international conference on computer aided verification, CAV 2011, Snowbird, UT, USA, July 14–20, 2011. Lecture Notes in Computer Science, vol 6806. Springer, pp 372–378.

  38. Dudka K, Peringer P, Vojnar T (2013) Byte-precise verification of low-level list manipulation. In: Logozzo F, Fähndrich M (eds) SAS, Lecture Notes in Computer Science, vol 7935. Springer, pp 215–237.

  39. Enderton HB (2001) A Mathematical introduction to logic. Elsevier Science.

  40. Fähndrich M, Logozzo F (2010) Static contract checking with abstract interpretation. In Beckert B, Marché C (eds) FoVeOOS, Lecture Notes in Computer Science, vol 6528. Springer, pp 10–30.

  41. Flanagan C, Qadeer S (2002) Predicate abstraction for software verification. In: Launchbury J, Mitchell JC (eds) Conference record of POPL 2002: the 29th SIGPLAN-SIGACT symposium on principles of programming languages, Portland, OR, USA, January 16–18, 2002. ACM, pp 191–202.

  42. Furia C.A., Meyer B. (2010). Inferring loop invariants using postconditions. In A. Blass, N. Dershowitz, and W. Reisig (eds), Fields of Logic and Computation, volume 6300 of Lecture Notes in Computer Science, pages 277–300. Springer.

  43. Ge Y, Barrett CW, Tinelli C (2009) Solving quantified verification conditions using Satisfiability Modulo Theories. Ann. Math. Artif. Intell. 55(1–2):101–122

    Article  MATH  MathSciNet  Google Scholar 

  44. Ge Y, Mendonça de Moura L (2009) Complete instantiation for quantified formulas in Satisfiabiliby Modulo Theories. In Bouajjani A, Maler O (eds) CAV, Lecture Notes in Computer Science, vol 5643. Springer, pp 306–320.

  45. Ghilardi S, Ranise S (2009) Model checking Modulo theory at work: the integration of Yices in MCMT. In: AFM.

  46. Ghilardi S, Ranise S (2010) Backward reachability of array-based systems by SMT solving: termination and invariant synthesis. Logical Methods in Computer Science 6(4)

  47. Ghilardi S, Ranise S (2010) Mcmt: a model checker modulo theories. In Giesl J, Hähnle R (eds) Proceedings of the 5th international joint conference on automated reasoning, IJCAR 2010, Edinburgh, UK, July 16–19, 2010. Lecture Notes in Computer Science, vol 6173. Springer, pp 22–29.

  48. Ghilardi S, Ranise S, Valsecchi T (2009) Light-weight SMT-based model checking. Electron Notes Theor Comput Sci 250(2):85–102

    Article  Google Scholar 

  49. Gopan D, Reps TW, Sagiv S (2005) A framework for numeric analysis of array operations. In: Palsberg J, Abadi M (eds) POPL. ACM, pp 338–350.

  50. Graf S, Saïdi H (1997) Construction of abstract state graphs with PVS. In Grumberg O (ed) CAV, Lecture Notes in Computer Science, vol 1254. Springer, pp 72–83.

  51. Gulwani S, Tiwari A (2006) Combining abstract interpreters. In: Schwartzbach MI, Ball T (eds) PLDI. ACM, pp 376–386.

  52. Halbwachs N, Péron M (2008) Discovering properties about arrays in simple programs. In Gupta R, Amarasinghe SP (eds) PLDI. ACM, pp 339–348.

  53. Henzinger TA, Jhala R, Majumdar R, McMillan KL (2004) Abstractions from proofs. In: Jones ND, Leroy X (eds) POPL. ACM, pp 232–244.

  54. Henzinger TA, Jhala R, Majumdar R, Sutre G (2002) Lazy abstraction. In: Launchbury J, Mitchell JC (eds) Conference record of POPL 2002: the 29th SIGPLAN-SIGACT symposium on principles of programming languages, Portland, OR, USA, January 16–18, 2002. ACM, pp 58–70.

  55. Hind M (2001) Pointer analysis: haven’t we solved this problem yet? In: Field J, Snelting G (eds) PASTE. ACM, pp 54–61.

  56. Hoder K, Kovács L, Voronkov A (2010) Interpolation and symbol elimination in Vampire. In: Giesl H (ed) Proceedings of the 5th international joint conference on automated reasoning, IJCAR 2010, Edinburgh, UK, July 16–19, 2010. Lecture Notes in Computer Science, vol 6173. Springer, pp 188–195.

  57. Hodges W (1993) Model theory, volume 42 of encyclopedia of mathematics and its applications. Cambridge University Press, Cambridge.

  58. Jhala R, McMillan KL (2006) A practical and complete approach to predicate refinement. In: Hermanns H, Palsberg J (eds) TACAS, Lecture Notes in Computer Science, vol 3920. Springer, pp 459–473.

  59. Jhala R, McMillan KL (2007) Array abstractions from proofs. In Damm W, Hermanns H (eds) CAV, Lecture Notes in Computer Science, vol 4590. Springer, pp 193–206.

  60. Kapur D, Majumdar R, Zarba CG (2006) Interpolation for data structures. In: Young M, Devanbu PT (eds) SIGSOFT FSE. ACM, pp 105–116.

  61. Kovács L, Voronkov A (2009) Finding loop invariants for programs over arrays using a theorem prover. In Chechik M, Wirsing M (eds) FASE, Lecture Notes in Computer Science, vol 5503. Springer, pp 470–485.

  62. Lahiri SK, Bryant RE (2004) Constructing quantified invariants via predicate abstraction. In Steffen B, Levi G (eds) VMCAI, Lecture Notes in Computer Science, vol 2937. Springer, pp 267–281.

  63. Lahiri SK, Bryant RE (2004) Indexed predicate discovery for unbounded system verification. In Alur R, Peled D (eds) CAV, Lecture Notes in Computer Science, vol. 3114. Springer, pp 135–147.

  64. Larraz D, Rodríguez-Carbonell E, Rubio A (2013) SMT-based array invariant generation. In: Giacobazzi R, Berdine J, Mastroeni I (eds) VMCAI, Lecture Notes in Computer Science, vol 7737. Springer, pp 169–188.

  65. Manna Z, Pnueli A (1992) The temporal logic of reactive and concurrent systems–specification. Springer, Berlin

    Book  Google Scholar 

  66. McCarthy J (1962) Towards a mathematical science of computation. In: IFIP Congress, pp 21–28.

  67. McMillan KL (2006) Lazy abstraction with interpolants. In: Ball T, Jones RB (eds) Proceedings of the 18th international conference on computer aided verification, CAV 2006, Seattle, WA, USA, August 17–20, 2006, Lecture Notes in Computer Science, vol 4144. Springer, pp 123–136.

  68. McMillan KL (2008) Quantified invariant generation using an interpolating saturation prover. In Ramakrishnan CR, Rehof J (eds) Proceedings of the 14th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2008, held as part of the joint European conferences on theory and practice of software, ETAPS 2008, Budapest, Hungary, March–April 6, 2008, Lecture Notes in omputer Science, vol 4963. Springer, pp 413–427.

  69. Antoine Miné (2006) The octagon abstract domain. Higher-Order Symb Comput 19(1):31–100

    Article  MATH  Google Scholar 

  70. Nelson G, Oppen DC (1979) Simplification by Cooperating Decision Procedures. ACM Trans Program Lang Syst 1(2):245–257

    Article  MATH  Google Scholar 

  71. Podelski A, Wies T (2005) Boolean heaps. In Hankin C, Siveroni I (eds) SAS, Lecture Notes in Computer Science, vol 3672. Springer, pp 268–283.

  72. Ranise S, Tinelli C (2006). The satisfiability Modulo theories library (SMT-LIB). http://www.smt-lib.orgwww.SMT-LIB.org

  73. Reynolds JC (2002) Separation logic: a logic for shared mutable data structures. In: LICS. IEEE Computer Society, pp 55–74.

  74. Rümmer P, Subotić P (2013) Exploring interpolants. In: Jobstmann B, Ray S (eds) FMCAD. FMCAD Inc., pp 69–76.

  75. Sagiv S, Reps TW, Reinhard Wilhelm. Parametric shape analysis via 3-valued logic. In: Appel AW, Aiken A (eds) POPL. ACM, pp 105–118 (1999).

  76. Seghir MN, Podelski A, Wies T (2009) Abstraction refinement for quantified array assertions. In: Palsberg J, Su Z (eds) SAS, Lecture Notes in Computer Science, vol 5673. Springer, pp 3–18.

  77. Srivastava S, Gulwani S (2009) Program verification using templates over predicate abstraction. In: Hind M, Diwan A (eds) PLDI. ACM, pp 223–234.

  78. Wirth N (1978) Algorithms + data structures = programs. Prentice-Hall Series in Automatic Computation, Pearson Education

    Google Scholar 

Download references

Acknowledgments

The authors would like to thank the anonymous reviewers for their comments and criticisms that helped to improve the quality of the paper. The work of the first author was supported by the Hasler Foundation under project 09047 and that of the fourth author was partially supported by the “SIAM” project founded by Provincia Autonoma di Trento in the context of the “team 2009—Incoming” COFUND action of the European Commission (FP7). The third author would like to acknowledge the support of the PRIN 2010-2011 project “Logical Methods for Information Management” funded by the Italian Ministry of Education, University and Research (MIUR).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Francesco Alberti.

Additional information

This paper combines and extends materials previously published in [4, 5].

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alberti, F., Bruttomesso, R., Ghilardi, S. et al. An extension of lazy abstraction with interpolation for programs with arrays. Form Methods Syst Des 45, 63–109 (2014). https://doi.org/10.1007/s10703-014-0209-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10703-014-0209-9

Keywords

Navigation