Advertisement

Small Formulas for Large Programs: On-Line Constraint Simplification in Scalable Static Analysis

  • Isil Dillig
  • Thomas Dillig
  • Alex Aiken
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6337)

Abstract

Static analysis techniques that represent program states as formulas typically generate a large number of redundant formulas that are incrementally constructed from previous formulas. In addition to querying satisfiability and validity, analyses perform other operations on formulas, such as quantifier elimination, substitution, and instantiation, most of which are highly sensitive to formula size. Thus, the scalability of many static analysis techniques requires controlling the size of the generated formulas throughout the analysis. In this paper, we present a practical algorithm for reducing SMT formulas to a simplified form containing no redundant subparts. We present experimental evidence that on-line simplification of formulas dramatically improves scalability.

Keywords

Atomic Formula Original Formula Constraint Logic Programming Equivalent Formula Automatic Test Pattern Generation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Een, N., Sorensson, N.: MiniSat: A SAT solver with conflict-clause minimization. In: Bacchus, F., Walsh, T. (eds.) SAT 2005. LNCS, vol. 3569, Springer, Heidelberg (2005)Google Scholar
  2. 2.
    Kim, J., Silva, J., Savoj, H., Sakallah, K.: RID-GRASP: Redundancy identification and removal using GRASP. In: International Workshop on Logic Synthesis (1997)Google Scholar
  3. 3.
    Malik, S., Zhao, Y., Madigan, C., Zhang, L., Moskewicz, M.: Chaff: Engineering an Efficient SAT Solver. In: DAC, pp. 530–535. ACM, New York (2001)Google Scholar
  4. 4.
    De Moura, L., Bjørner, N.: Z3: An Efficient SMT Solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Dutertre, B., De Moura, L.: The Yices SMT Solver. Technical report, SRI (2006)Google Scholar
  6. 6.
    Bruttomesso, R., Cimatti, A., Franzén, A., Griggio, A., Sebastiani, R.: The MathSAT 4 SMT Solver. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 299–303. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Barrett, C., Tinelli, C.: CVC3. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 298–302. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Bofill, M., Nieuwenhuis, R., Oliveras, A., Rodrıguez-Carbonell, E., Rubio, A.: The Barcelogic SMT Solver. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, p. 294. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. JACM 50(5), 752–794 (2003)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Henzinger, T., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: POPL, pp. 58–70. ACM, New York (2002)Google Scholar
  11. 11.
    Ball, T., Rajamani, S.: The SLAM project: debugging system software via static analysis. In: POPL, NY, USA, pp.1–3 (2002)Google Scholar
  12. 12.
    Das, M., Lerner, S., Seigle, M.: ESP: Path-sensitive program verification in polynomial time. ACM SIGPLAN Notices 37(5), 57–68 (2002)CrossRefGoogle Scholar
  13. 13.
    Xie, Y., Aiken, A.: Scalable error detection using boolean satisfiability. In: POPL, vol. 40, pp. 351–363. ACM, New York (2005)Google Scholar
  14. 14.
    Bugrara, S., Aiken, A.: Verifying the safety of user pointer dereferences. In: IEEE Symposium on Security and Privacy, SP 2008, pp. 325–338 (2008)Google Scholar
  15. 15.
    Lucas, S.: Fundamentals of Contex-Sensitive Rewriting. LNCS, pp. 405–412. Springer, Heidelberg (1995)Google Scholar
  16. 16.
    Armando, A., Ranise, S.: Constraint contextual rewriting. Journal of Symbolic Computation 36(1), 193–216 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Nieuwenhuis, R., Oliveras, A., Tinelli, C.: Solving SAT and SAT Modulo Theories: From an abstract Davis–Putnam–Logemann–Loveland procedure to DPLL (T). Journal of the ACM (JACM) 53(6), 977 (2006)CrossRefMathSciNetGoogle Scholar
  18. 18.
    Dillig, I., Dillig, T., Aiken, A.: Cuts from proofs: A complete and practical technique for solving linear inequalities over integers. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 233–247. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Dillig, I., Dillig, T., Aiken, A.: Fluid Updates: Beyond Strong vs. Weak Updates. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 246–266. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Babić, D., Hu, A.J.: Calysto: Scalable and Precise Extended Static Checking. In: ICSE, pp. 211–220. ACM, New York (May 2008)Google Scholar
  21. 21.
    Faehndrich, M., Foster, J., Su, Z., Aiken, A.: Partial online cycle elimination in inclusion constraint graphs. In: PLDI, p. 96. ACM, New York (1998)Google Scholar
  22. 22.
    Mishchenko, A., Chatterjee, S., Brayton, R.: DAG-aware AIG rewriting: A fresh look at combinational logic synthesis. In: DAC, pp.532–535 (2006)Google Scholar
  23. 23.
    Mishchenko, A., Brayton, R., Jiang, J., Jang, S.: SAT-based logic optimization and resynthesis. In: Proc. IWLS 2007, pp. 358–364 (2007)Google Scholar
  24. 24.
    Kupferman, O., Vardi, M.: Vacuity detection in temporal model checking. International Journal on Software Tools for Technology Transfer 4(2), 224–233 (2003)CrossRefGoogle Scholar
  25. 25.
    Armoni, R., Fix, L., Flaisher, A., Grumberg, O., Piterman, N., Tiemeyer, A., Vardi, M.: Enhanced vacuity detection in linear temporal logic. LNCS, pp. 368–380. Springer, Heidelberg (2003)Google Scholar
  26. 26.
    Bryant, R.: Symbolic Boolean manipulation with ordered binary-decision diagrams. ACM Computing Surveys (CSUR) 24(3), 293–318 (1992)CrossRefGoogle Scholar
  27. 27.
    Bryant, R., Chen, Y.: Verification of arithmetic functions with BMDs (1994)Google Scholar
  28. 28.
    Clarke, E., Fujita, M., Zhao, X.: Hybrid decision diagrams overcoming the limitations of MTBDDs and BMDs. In: ICCAD (1995)Google Scholar
  29. 29.
    Cheng, K., Yap, R.: Constrained decision diagrams. In: Proceedings of the National Conference on Artificial Intelligence, vol. 20, p. 366 (2005)Google Scholar
  30. 30.
    Loveland, D., Shostak, R.: Simplifying interpreted formulas. In: Proc. 5th Conf. on Automated Deduction (CADE), vol. 87, pp. 97–109. Springer, Heidelberg (1987)Google Scholar
  31. 31.
    Ganesh, V., Dill, D.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, p. 519. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  32. 32.
    Jha, S., Limaye, R., Seshia, S.: Beaver: Engineering an Efficient SMT Solver for Bit-Vector Arithmetic. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 668–674. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  33. 33.
    Chandra, S., Fink, S.J., Sridharan, M.: Snugglebug: a powerful approach to weakest preconditions. SIGPLAN Not. 44(6), 363–374 (2009)CrossRefGoogle Scholar
  34. 34.
    Kelly, A., Marriott, A., Stuckey, P., Yap, R.: Effectiveness of Optimizing Compilation for CLP (R). In: Proceedings of the 1996 Joint International Conference and Symposium on Logic Programming, p. 37. The MIT Press, Cambridge (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Isil Dillig
    • 1
  • Thomas Dillig
    • 1
  • Alex Aiken
    • 1
  1. 1.Department of Computer ScienceStanford University 

Personalised recommendations