Formal Methods in System Design

, Volume 45, Issue 1, pp 63–109 | Cite as

An extension of lazy abstraction with interpolation for programs with arrays

  • Francesco Alberti
  • Roberto Bruttomesso
  • Silvio Ghilardi
  • Silvio Ranise
  • Natasha Sharygina
Article

Abstract

Lazy abstraction with interpolation-based refinement has been shown to be a powerful technique for verifying imperative programs. In presence of arrays, however, the method suffers from an intrinsic limitation, due to the fact that invariants needed for verification usually contain universally quantified variables, which are not present in program specifications. In this work we present an extension of the interpolation-based lazy abstraction framework in which arrays of unknown length can be handled in a natural manner. In particular, we exploit the Model Checking Modulo Theories framework to derive a backward reachability version of lazy abstraction that supports reasoning about arrays. The new approach has been implemented in a tool, called safari, which has been validated on a wide range of benchmarks. We show by means of experiments that our approach can synthesize and prove universally quantified properties over arrays in a completely automatic fashion.

Keywords

SMT Model checking Lazy abstraction Array programs 

Notes

Acknowledgments

The authors would like to thank the anonymous reviewers for their comments and criticisms that helped to improve the quality of the paper. The work of the first author was supported by the Hasler Foundation under project 09047 and that of the fourth author was partially supported by the “SIAM” project founded by Provincia Autonoma di Trento in the context of the “team 2009—Incoming” COFUND action of the European Commission (FP7). The third author would like to acknowledge the support of the PRIN 2010-2011 project “Logical Methods for Information Management” funded by the Italian Ministry of Education, University and Research (MIUR).

References

  1. 1.
    Abdulla PA, Jonsson B (1996) Verifying programs with unreliable channels. Inf Comput 127(2):91–101CrossRefMATHMathSciNetGoogle Scholar
  2. 2.
    Aho AV, Lam MS, Sethi R, Ullman JD (2007) Compilers: principles, techniques, and tools, 2nd edn. Pearson-Addison Wesley.Google Scholar
  3. 3.
    Albarghouthi A, Gurfinkel A, Chechik M (2012) Craig interpretation. In: Miné A, Schmidt D (eds) SAS. Springer, Lecture Notes in Computer Science, pp 300–316Google Scholar
  4. 4.
    Alberti F, Bruttomesso R, Ghilardi S, Ranise S, Sharygina N (2012) Lazy abstraction with interpolants for arrays. In: Bjørner N, Voronkov A (eds) LPAR, Lecture Notes in Computer Science, vol 7180, pp 46–61. Springer.Google Scholar
  5. 5.
    Alberti F, Bruttomesso R, Ghilardi S, Ranise S, Sharygina N (2012) SAFARI: SMT-based abstraction for arrays with interpolants. In: Madhusudan P, Seshia SA (eds) CAV., Lecture Notes in Computer Science, vol 7358, Springer, Berlin, pp 679–685Google Scholar
  6. 6.
    Alberti F, Ghilardi S, Pagani E, Ranise S, Rossi GP (2010). Automated support for the design and validation of fault tolerant parameterized systems: a case study. ECEASST, p 35.Google Scholar
  7. 7.
    Alberti F, Ghilardi S, Pagani E, Ranise S, Rossi GP (2012) Universal guards, relativization of quantifiers, and failure models in Model Checking Modulo theories. JSAT 8(1/2):29–61MathSciNetGoogle Scholar
  8. 8.
    Armando A, Benerecetti M, Carotenuto D, Mantovani J, Spica P (2007) The Eureka tool for software model checking. In Stirewalt REK, Egyed A, Fischer B (eds), ASE. ACM, pp 541–542.Google Scholar
  9. 9.
    Armando A, Benerecetti M, Mantovani J (2007). Abstraction refinement of linear programs with arrays. In: Grumberg O, Huth M (eds) TACAS, Lecture Notes in Computer Science, vol 4424. Springer, pp 373–388.Google Scholar
  10. 10.
    Franz Baader, Silvio Ghilardi (2007) Connecting many-sorted theories. J Symb Logic 72:535–583CrossRefMATHGoogle Scholar
  11. 11.
    Ball T, Rajamani SK (2002) The SLAM project: debugging system software via static analysis. In: Launchbury and Mitchell (eds) Conference record of POPL 2002: The 29th SIGPLAN-SIGACT symposium on principles of programming languages, Portland, OR, USA, January 16–18, 2002. ACM, pp 1–3.Google Scholar
  12. 12.
    Beyer D (2013) Second competition on Software Verification–(Summary of SV-COMP 2013). In Piterman N, Smolka SA (eds) Proceedings of the 19th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2013, held as part of the European joint conferences on theory and practice of software, ETAPS 2013, Rome, Italy, March 16–24, 2013. Lecture Notes in Computer Science, vol 7795. Springer, pp 594–609Google Scholar
  13. 13.
    Beyer D, Henzinger TA, Jhala R, Majumdar R (2007) The software model checker blast. STTT 9(5–6):505–525Google Scholar
  14. 14.
    Beyer D, Henzinger TA, Jhala R, Majumdar R, Rybalchenko A (2007) Invariant synthesis for combined theories. In Cook B, Podelski A (eds) VMCAI, Lecture Notes in Computer Science, vol 4349. Springer, pp 378–394.Google Scholar
  15. 15.
    Beyer D, Erkan Keremoglu M (2011) CPAchecker: a tool for configurable software verification. In: Gopalakrishnan G, Qadeer S (eds) Proceedings of the 23rd international conference on computer aided verification, CAV 2011, Snowbird, UT, USA, July 14–20, 2011. Lecture Notes in Computer Science, vol 6806. Springer pp 184–190.Google Scholar
  16. 16.
    Biere A, Cimatti AA, Clarke EM, Zhu Y (1999) Symbolic model checking without BDDs. In: Cleaveland R (ed) TACAS, Lecture Notes in Computer Science, vol 1579. Springer, pp 193–207.Google Scholar
  17. 17.
    Blanchet B, Cousot P, Cousot R, Feret J, Mauborgne L, Miné A, Monniaux D, Rival X (2002) Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software. In: Mogensen TÆ, Schmidt DA, Sudborough IH (eds) The essence of computation, Lecture Notes in Computer Science, vol 2566. Springer, pp 85–108.Google Scholar
  18. 18.
    Brillout A, Kroening, D, Rümmer P, Wahl T (2010) An interpolating sequent calculus for quantifier-free Presburger arithmetic. In: Giesl H (ed) Proceedings of the 5th international joint conference on automated reasoning, IJCAR 2010, Edinburgh, UK, July 16–19, 2010. Lecture Notes in Computer Science, vol 6173. Springer, pp 384–399.Google Scholar
  19. 19.
    Bruttomesso R, Ghilardi S, Ranise S (2012) From strong amalgamability to modularity of quantifier-free interpolation. In: IJCAR, Lecture Notes in Computer Science. Springer, pp 118–133.Google Scholar
  20. 20.
    Bruttomesso R, Ghilardi S, Ranise S (2012) Quantifier-free interpolation of a theory of arrays. Logical Methods in Computer Science 8(2)Google Scholar
  21. 21.
    Bruttomesso R, Pek E, Sharygina N, Tsitovich A (2010) The OpenSMT solver. In: Esparza J, Majumdar R (eds) TACAS, Lecture Notes in Computer Science, vol 6015. Springer, pp 150–153.Google Scholar
  22. 22.
    Carioni A, Ghilardi S, Ranise S (2011) Automated termination in model checking Modulo theories. In: Delzanno G, Potapov I (eds) RP, Lecture Notes in Computer Science, vol 6945. Springer, pp 110–124.Google Scholar
  23. 23.
    Chase DR, Wegman MN, Zadeck FK (1990) Analysis of pointers and structures. In: Fischer BN (ed) PLDI. ACM, pp 296–310.Google Scholar
  24. 24.
    Cimatti A, Griggio A, Schaafsma BJ, Sebastiani R (2013) The MathSAT5 SMT solver. In: Piterman N, Smolka SA (eds) Proceedings of the 19th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2013, held as part of the European joint conferences on theory and practice of software, ETAPS 2013, Rome, Italy, March 16–24, 2013. Lecture Notes in Computer Science, vol 7795. Springer, pp 93–107.Google Scholar
  25. 25.
    Robert Clarisó, Jordi Cortadella (2007) The octahedron abstract domain. Sci Comput Program 64(1):115–139CrossRefMATHGoogle Scholar
  26. 26.
    Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2000) Counterexample-guided abstraction refinement. In: Allen Emerson E, Prasad Sistla A (eds) CAV, Lecture Notes in Computer Science, vol 1855. Springer, pp 154–169.Google Scholar
  27. 27.
    Clarke EM, Kroening D, Lerda F (2004) A tool for checking ANSI-C programs. In Jensen K, Podelski A (eds) TACAS, Lecture Notes in Computer Science, vol 2988. Springer, pp 168–176.Google Scholar
  28. 28.
    Cousot P, Cousot R (1977) Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Graham RM, Harrison MA, Sethi R (eds) POPL. ACM, pp 238–252Google Scholar
  29. 29.
    Cousot P, Cousot R, Logozzo F (2011) A parametric segmentation functor for fully automatic and scalable array content analysis. In Ball T, Sagiv M (eds) POPL. ACM, pp 105–118.Google Scholar
  30. 30.
    Cousot P, Halbwachs N (1978) Automatic discovery of linear restraints among variables of a program. In: Aho Alfred V, Zilles Stephen N, Szymanski Thomas G (eds) POPL. ACM Press, pp 84–96.Google Scholar
  31. 31.
    Craig W (1957) Three uses of the Herbrand-Gentzen theorem in relating model theory and proof theory. J Symb Log 22(3):269–285CrossRefMATHMathSciNetGoogle Scholar
  32. 32.
    Mendonça de Moura L, Bjørner N (2007) Efficient e-matching for SMT solvers. In Pfenning F (ed) CADE, Lecture Notes in Computer Science, vol 4603. Springer, pp 183–198.Google Scholar
  33. 33.
    Mendonça de Moura L, Bjørner N (2008) Z3: an efficient SMT solver. In: Ramakrishnan CR, Rehof J (eds) Proceedings of the 14th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2008, held as part of the joint European conferences on theory and practice of software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008, Lecture Notes in Computer Science, vol 4963. Springer, pp 337–340.Google Scholar
  34. 34.
    Delzanno G, Esparza J, Podelski A (1999) Constraint-based analysis of broadcast protocols. Proceedings of CSL, LNCS 1683:50–66MathSciNetGoogle Scholar
  35. 35.
    Dillig I, Dillig T, Alex Aiken T (2010) Fluid updates: beyond strong vs. weak updates. In Gordon AD (ed), ESOP, Lecture Notes in Computer Science, vol 6012. Springer, pp 246–266.Google Scholar
  36. 36.
    Dimitrova R, Podelski A (2008) Is lazy abstraction a decision procedure for broadcast protocols? In: Logozzo F, Peled D, Zuck LD (eds) VMCAI, Lecture Notes in Computer Science, vol. 4905. Springer, pp 98–111.Google Scholar
  37. 37.
    Dudka K, Peringer P, Vojnar T (2011) Predator: a practical tool for checking manipulation of dynamic data structures using separation logic. In: Gopalakrishnan G, Qadeer S (eds) Proceedings of the 23rd international conference on computer aided verification, CAV 2011, Snowbird, UT, USA, July 14–20, 2011. Lecture Notes in Computer Science, vol 6806. Springer, pp 372–378.Google Scholar
  38. 38.
    Dudka K, Peringer P, Vojnar T (2013) Byte-precise verification of low-level list manipulation. In: Logozzo F, Fähndrich M (eds) SAS, Lecture Notes in Computer Science, vol 7935. Springer, pp 215–237.Google Scholar
  39. 39.
    Enderton HB (2001) A Mathematical introduction to logic. Elsevier Science.Google Scholar
  40. 40.
    Fähndrich M, Logozzo F (2010) Static contract checking with abstract interpretation. In Beckert B, Marché C (eds) FoVeOOS, Lecture Notes in Computer Science, vol 6528. Springer, pp 10–30.Google Scholar
  41. 41.
    Flanagan C, Qadeer S (2002) Predicate abstraction for software verification. In: Launchbury J, Mitchell JC (eds) Conference record of POPL 2002: the 29th SIGPLAN-SIGACT symposium on principles of programming languages, Portland, OR, USA, January 16–18, 2002. ACM, pp 191–202.Google Scholar
  42. 42.
    Furia C.A., Meyer B. (2010). Inferring loop invariants using postconditions. In A. Blass, N. Dershowitz, and W. Reisig (eds), Fields of Logic and Computation, volume 6300 of Lecture Notes in Computer Science, pages 277–300. Springer.Google Scholar
  43. 43.
    Ge Y, Barrett CW, Tinelli C (2009) Solving quantified verification conditions using Satisfiability Modulo Theories. Ann. Math. Artif. Intell. 55(1–2):101–122CrossRefMATHMathSciNetGoogle Scholar
  44. 44.
    Ge Y, Mendonça de Moura L (2009) Complete instantiation for quantified formulas in Satisfiabiliby Modulo Theories. In Bouajjani A, Maler O (eds) CAV, Lecture Notes in Computer Science, vol 5643. Springer, pp 306–320.Google Scholar
  45. 45.
    Ghilardi S, Ranise S (2009) Model checking Modulo theory at work: the integration of Yices in MCMT. In: AFM.Google Scholar
  46. 46.
    Ghilardi S, Ranise S (2010) Backward reachability of array-based systems by SMT solving: termination and invariant synthesis. Logical Methods in Computer Science 6(4)Google Scholar
  47. 47.
    Ghilardi S, Ranise S (2010) Mcmt: a model checker modulo theories. In Giesl J, Hähnle R (eds) Proceedings of the 5th international joint conference on automated reasoning, IJCAR 2010, Edinburgh, UK, July 16–19, 2010. Lecture Notes in Computer Science, vol 6173. Springer, pp 22–29.Google Scholar
  48. 48.
    Ghilardi S, Ranise S, Valsecchi T (2009) Light-weight SMT-based model checking. Electron Notes Theor Comput Sci 250(2):85–102CrossRefGoogle Scholar
  49. 49.
    Gopan D, Reps TW, Sagiv S (2005) A framework for numeric analysis of array operations. In: Palsberg J, Abadi M (eds) POPL. ACM, pp 338–350.Google Scholar
  50. 50.
    Graf S, Saïdi H (1997) Construction of abstract state graphs with PVS. In Grumberg O (ed) CAV, Lecture Notes in Computer Science, vol 1254. Springer, pp 72–83.Google Scholar
  51. 51.
    Gulwani S, Tiwari A (2006) Combining abstract interpreters. In: Schwartzbach MI, Ball T (eds) PLDI. ACM, pp 376–386.Google Scholar
  52. 52.
    Halbwachs N, Péron M (2008) Discovering properties about arrays in simple programs. In Gupta R, Amarasinghe SP (eds) PLDI. ACM, pp 339–348.Google Scholar
  53. 53.
    Henzinger TA, Jhala R, Majumdar R, McMillan KL (2004) Abstractions from proofs. In: Jones ND, Leroy X (eds) POPL. ACM, pp 232–244.Google Scholar
  54. 54.
    Henzinger TA, Jhala R, Majumdar R, Sutre G (2002) Lazy abstraction. In: Launchbury J, Mitchell JC (eds) Conference record of POPL 2002: the 29th SIGPLAN-SIGACT symposium on principles of programming languages, Portland, OR, USA, January 16–18, 2002. ACM, pp 58–70.Google Scholar
  55. 55.
    Hind M (2001) Pointer analysis: haven’t we solved this problem yet? In: Field J, Snelting G (eds) PASTE. ACM, pp 54–61.Google Scholar
  56. 56.
    Hoder K, Kovács L, Voronkov A (2010) Interpolation and symbol elimination in Vampire. In: Giesl H (ed) Proceedings of the 5th international joint conference on automated reasoning, IJCAR 2010, Edinburgh, UK, July 16–19, 2010. Lecture Notes in Computer Science, vol 6173. Springer, pp 188–195.Google Scholar
  57. 57.
    Hodges W (1993) Model theory, volume 42 of encyclopedia of mathematics and its applications. Cambridge University Press, Cambridge.Google Scholar
  58. 58.
    Jhala R, McMillan KL (2006) A practical and complete approach to predicate refinement. In: Hermanns H, Palsberg J (eds) TACAS, Lecture Notes in Computer Science, vol 3920. Springer, pp 459–473.Google Scholar
  59. 59.
    Jhala R, McMillan KL (2007) Array abstractions from proofs. In Damm W, Hermanns H (eds) CAV, Lecture Notes in Computer Science, vol 4590. Springer, pp 193–206.Google Scholar
  60. 60.
    Kapur D, Majumdar R, Zarba CG (2006) Interpolation for data structures. In: Young M, Devanbu PT (eds) SIGSOFT FSE. ACM, pp 105–116.Google Scholar
  61. 61.
    Kovács L, Voronkov A (2009) Finding loop invariants for programs over arrays using a theorem prover. In Chechik M, Wirsing M (eds) FASE, Lecture Notes in Computer Science, vol 5503. Springer, pp 470–485.Google Scholar
  62. 62.
    Lahiri SK, Bryant RE (2004) Constructing quantified invariants via predicate abstraction. In Steffen B, Levi G (eds) VMCAI, Lecture Notes in Computer Science, vol 2937. Springer, pp 267–281.Google Scholar
  63. 63.
    Lahiri SK, Bryant RE (2004) Indexed predicate discovery for unbounded system verification. In Alur R, Peled D (eds) CAV, Lecture Notes in Computer Science, vol. 3114. Springer, pp 135–147.Google Scholar
  64. 64.
    Larraz D, Rodríguez-Carbonell E, Rubio A (2013) SMT-based array invariant generation. In: Giacobazzi R, Berdine J, Mastroeni I (eds) VMCAI, Lecture Notes in Computer Science, vol 7737. Springer, pp 169–188.Google Scholar
  65. 65.
    Manna Z, Pnueli A (1992) The temporal logic of reactive and concurrent systems–specification. Springer, BerlinCrossRefGoogle Scholar
  66. 66.
    McCarthy J (1962) Towards a mathematical science of computation. In: IFIP Congress, pp 21–28.Google Scholar
  67. 67.
    McMillan KL (2006) Lazy abstraction with interpolants. In: Ball T, Jones RB (eds) Proceedings of the 18th international conference on computer aided verification, CAV 2006, Seattle, WA, USA, August 17–20, 2006, Lecture Notes in Computer Science, vol 4144. Springer, pp 123–136.Google Scholar
  68. 68.
    McMillan KL (2008) Quantified invariant generation using an interpolating saturation prover. In Ramakrishnan CR, Rehof J (eds) Proceedings of the 14th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2008, held as part of the joint European conferences on theory and practice of software, ETAPS 2008, Budapest, Hungary, March–April 6, 2008, Lecture Notes in omputer Science, vol 4963. Springer, pp 413–427.Google Scholar
  69. 69.
    Antoine Miné (2006) The octagon abstract domain. Higher-Order Symb Comput 19(1):31–100CrossRefMATHGoogle Scholar
  70. 70.
    Nelson G, Oppen DC (1979) Simplification by Cooperating Decision Procedures. ACM Trans Program Lang Syst 1(2):245–257CrossRefMATHGoogle Scholar
  71. 71.
    Podelski A, Wies T (2005) Boolean heaps. In Hankin C, Siveroni I (eds) SAS, Lecture Notes in Computer Science, vol 3672. Springer, pp 268–283.Google Scholar
  72. 72.
    Ranise S, Tinelli C (2006). The satisfiability Modulo theories library (SMT-LIB). http://www.smt-lib.orgwww.SMT-LIB.org
  73. 73.
    Reynolds JC (2002) Separation logic: a logic for shared mutable data structures. In: LICS. IEEE Computer Society, pp 55–74.Google Scholar
  74. 74.
    Rümmer P, Subotić P (2013) Exploring interpolants. In: Jobstmann B, Ray S (eds) FMCAD. FMCAD Inc., pp 69–76.Google Scholar
  75. 75.
    Sagiv S, Reps TW, Reinhard Wilhelm. Parametric shape analysis via 3-valued logic. In: Appel AW, Aiken A (eds) POPL. ACM, pp 105–118 (1999).Google Scholar
  76. 76.
    Seghir MN, Podelski A, Wies T (2009) Abstraction refinement for quantified array assertions. In: Palsberg J, Su Z (eds) SAS, Lecture Notes in Computer Science, vol 5673. Springer, pp 3–18.Google Scholar
  77. 77.
    Srivastava S, Gulwani S (2009) Program verification using templates over predicate abstraction. In: Hind M, Diwan A (eds) PLDI. ACM, pp 223–234.Google Scholar
  78. 78.
    Wirth N (1978) Algorithms + data structures = programs. Prentice-Hall Series in Automatic Computation, Pearson EducationGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Francesco Alberti
    • 1
  • Roberto Bruttomesso
    • 2
  • Silvio Ghilardi
    • 3
  • Silvio Ranise
    • 4
  • Natasha Sharygina
    • 1
  1. 1.Faculty of InformaticsUniversity of LuganoLuganoSwitzerland
  2. 2.Atrenta Advanced R&D of GrenobleGrenobleFrance
  3. 3.Department of MathematicsUniversità degli Studi di MilanoMilanItaly
  4. 4.Security and Trust Unit, Fondazione Bruno KesslerTrentoItaly

Personalised recommendations