Presentation is loading. Please wait.

Presentation is loading. Please wait.

10.8.2006 SAT-based methods for proving properties in Reynolds/O'Hearn Separation Logic Daniel Kröning (currently visiting CBL) Joint work with B. Cook.

Published byRiley Holden Modified over 10 years ago

Similar presentations

Presentation on theme: "10.8.2006 SAT-based methods for proving properties in Reynolds/O'Hearn Separation Logic Daniel Kröning (currently visiting CBL) Joint work with B. Cook."— Presentation transcript:

1 10.8.2006 SAT-based methods for proving properties in Reynolds/O'Hearn Separation Logic Daniel Kröning (currently visiting CBL) Joint work with B. Cook and J. Berdine

2 10.8.2006 Daniel Kroening 2 Program Verification Goal: Editor that highlights programming errors Not syntax, but semantics

3 10.8.2006 Daniel Kroening 3 Like what?

4 10.8.2006 Daniel Kroening 4 Verification Engines UnwindingAbstraction Bounded Model Checking (BMC) No invariant discovery One very large constraint problem A lot of case-splitting Abstract interpretation Predicate abstraction Attempting invariant discovery Many small constraint problems Little case-splitting

5 10.8.2006 Daniel Kroening 5 Program Analysis: BMC BMC Progra m C ONSTRAINT S OLVER VC Model SAT solver, CVC-Lite, Math-SAT, … CBMC, …

6 10.8.2006 Daniel Kroening 6 BMC Overview ANSI-C Program unwind parsing + * = Parse tree + * = Constraint Problem CNF SAT Solver

7 10.8.2006 Daniel Kroening 7 ANSI-C Transformation 1.Preparation Side effect removal continue, break replaced by goto for, do while replaced by while 2.Unwinding Loops are unwound Same for backward goto jumps and recursive functions

8 10.8.2006 Daniel Kroening 8 Implementation 3.Transformation into Equation After unwinding: Transform into SSA Example: Generate constraints by simply conjoining equations resulting from assignments For arrays, use simple lambda notation

9 10.8.2006 Daniel Kroening 9 Example

10 10.8.2006 Daniel Kroening 10 Required Theories Bit vector Arrays Pointers (pair of object/offset) Floating Point If contained in assertion: Quantifiers Data type predicates (lists, trees, …)

11 10.8.2006 Daniel Kroening 11 int *p, x, y; int main() { int z; y=z; p=&y; x=*p; assert(x==z); } cbmc test.c –cvc –outfile test Example

12 10.8.2006 Daniel Kroening 12 p0: [# object: INT, offset: BITVECTOR(32) #] = (# object:=0, offset:=0bin00000000000000000000000000000000 #); x0: BITVECTOR(32) = 0bin00000000000000000000000000000000; y0: BITVECTOR(32) = 0bin00000000000000000000000000000000; z1: BITVECTOR(32); z0: BITVECTOR(32); y1: BITVECTOR(32) = z0; p1: [# object: INT, offset: BITVECTOR(32) #] = (# object:=3, offset:=0bin00000000000000000000000000000000 #); x1: BITVECTOR(32) = y1; l1: BOOLEAN; ASSERT l1 (x1=z0); ASSERT (NOT l1); QUERY FALSE; Download me! We have ~300 MB of benchmark files available Soon: SMT-Lib format

13 10.8.2006 Daniel Kroening 13 Program Analysis: Abstraction P ROGRAM A NALYSIS E NGINE Progra m C ONSTRAINT S OLVER VCs Model W IDENING T Simplify, Zapato, Cogent, CPLEX, … Pre-, Post-, Proof-based, … SLAM, …

14 10.8.2006 Daniel Kroening 14 Existing Tools Implement Fragments of linear arithmetic, Maybe arrays, maybe pointers Sometimes float

15 10.8.2006 Daniel Kroening 15 Extending the Assertion Logic P ROGRAM A NALYSIS E NGINE Progra m C ONSTRAINT S OLVER VCCs Model W IDENING T Linear Arithmetic, Arrays, Float, …

16 10.8.2006 Daniel Kroening 16 Existing Tools Biggest challenge for mass-market: dynamic data structures Fix with choice of assertion logic, e.g., Reynolds Separation Logic E.g., add separating conjunction and predicates for linked list

17 10.8.2006 Daniel Kroening 17 Separation Logic A logic for heap data structures NOT the same as the fragment of linear arithmetic called difference logic Due to Reynolds/OHearn

18 10.8.2006 Daniel Kroening 18 Separation Logic.. Payload next pointer ….. … Main problem: Need to specify that all heap cells are disjoint

19 10.8.2006 Daniel Kroening 19 Separation Logic In general, one needs to express constraints that a data structure does not share cells with any other data structure Key idea: new logical operator P * Q Separating Conjunction

20 10.8.2006 Daniel Kroening 20 Separation Logic Semantics of expressions defined over valuations of heaps (maps from addresses to values) Obvious meaning for StateHeapPointerValue

21 10.8.2006 Daniel Kroening 21 Separation Logic Define disjoint heaps: Separating conjunction:

22 10.8.2006 Daniel Kroening 22 Separation Logic: Lists Notation for sequences : empty sequence x ¢ : concatenation Define list:

23 10.8.2006 Daniel Kroening 23 Extending the Assertion Logic P ROGRAM A NALYSIS E NGINE Progra m C ONSTRAINT S OLVER VCCs Model W IDENING T Linear Arithmetic, Arrays, Float, … +Separation Logic

24 10.8.2006 Daniel Kroening 24 Who does the assertions? Manual annotations Automatic discovery Standard Template Library Data in containers is implicitly in separate heap cells typedef std::hash_map symbolst;... typedef std::vector nodest;

25 10.8.2006 Daniel Kroening 25 Requirements for Constraint Solvers Constraint solver must support very rich logic Data types might even be application-specific But most queries are simple! Extending custom-made constraint solver is tedious

26 10.8.2006 Daniel Kroening 26 Proposed Solution Assumption: we have a (partial) axiomatization of all logics Goal: high performance constraint solver 1 st step: define language for axioms

27 10.8.2006 Daniel Kroening 27 Example: Equality Logic equality_transitivity: A "=" B, B "=" C -> A "=" C; emp: rewrite h"|=""emp" h"="["semp""**""semp"]; equality_commutativity: A "=" B B "=" A; equality: A "=" A; disequality: A "!=" B NOT A "=" B;

28 10.8.2006 Daniel Kroening 28 Build a Compiler! 2 nd step: build a compiler Axioms g++ codegen C++ code Binary VCC SAT/UNSAT

29 10.8.2006 Daniel Kroening 29 Multiple Theories Note that one can combine multiple theories Interfacing through arbitrary propositions, not just equalities Convexity requirement?

30 10.8.2006 Daniel Kroening 30 What about OR? We could build case-splitting into the generated code However, we will never be able to implement Proper decision heuristics Non-chronological back-tracking Learning

31 10.8.2006 Daniel Kroening 31 What about OR? Alternative: produce reduction to propositional logic Generate CNF, and pass formula to SAT solver The formula is unsatisfiable iff there exists a deduction that shows a contradiction

32 10.8.2006 Daniel Kroening 32 What about OR? 3 nd step: add SAT solver Axioms g++ codegen C++ code Binary VCC CNF SAT Solver This is the eager version – lazy version straight-forward.

33 10.8.2006 Daniel Kroening 33 What about OR? emp: rewrite h"|=""emp" h"="["semp""**""semp"]; 1.Maintain truth value with each fact: 2.Set new facts to unknown 3.Assign a literal to each fact that has truth value unknown 4.For each deduction step, generate constraint

34 10.8.2006 Daniel Kroening 34 Separation Logic disjoint_not_self: h != emp -> not [h "# h]; not: h "|=" ["!" P] not [h "|=" P]; and: h "|=" [P "^" Q] h "|=" P, h "|=" Q; conditional: h "|=" [P "?" Q ":" R] (h "|=" P -> h "|=" Q), (h "|=" "!" P -> h "|=" R);

35 10.8.2006 Daniel Kroening 35 Separation Logic emp: rewrite h"|=""emp" h"="["semp""**""semp"]; star: h "|=" [P "*" Q] NEW h0 "|=" P, NEW h1 "|=" Q, h "=" [NEW h0 "**" NEW h1], NEW h0 "#" NEW h1;

36 10.8.2006 Daniel Kroening 36 Obtaining Invariants Again, could be custom-made Instead: inspect proofs of failed refutation-attempts Paper available on doing this for bit-vectors E.g., for constructing interpolants

37 10.8.2006 Daniel Kroening 37 Conclusion Generic constraint solver with propositional SAT as backend Especially for complicated logics Extensions of logic are easy All case-splitting is pushed into propositional SAT solver

38 10.8.2006 Daniel Kroening 38 Cross-Advertising TACAS: this can be used for –quantification over predicates CAV: Predicate abstraction for deep loops PDPAR: Completeness How to tell for sure that no proof exists?

Download ppt "10.8.2006 SAT-based methods for proving properties in Reynolds/O'Hearn Separation Logic Daniel Kröning (currently visiting CBL) Joint work with B. Cook."

Similar presentations

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,
Copyright © Cengage Learning. All rights reserved.

Copyright © Cengage Learning. All rights reserved.
Adders Used to perform addition, subtraction, multiplication, and division (sometimes) Half-adder adds rightmost (least significant) bit Full-adder.

Adders Used to perform addition, subtraction, multiplication, and division (sometimes) Half-adder adds rightmost (least significant) bit Full-adder.
Chapter 7 Constructors and Other Tools. Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 7-2 Learning Objectives Constructors Definitions.

Chapter 7 Constructors and Other Tools. Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 7-2 Learning Objectives Constructors Definitions.
© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.

© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley

Author: Julia Richards and R. Scott Hawley
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
8 Copyright © 2005, Oracle. All rights reserved. Creating the Web Tier: JavaServer Pages.

8 Copyright © 2005, Oracle. All rights reserved. Creating the Web Tier: JavaServer Pages.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.

1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×

Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.

Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.

Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Solve Multi-step Equations

Solve Multi-step Equations
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.

REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
Factoring Quadratics — ax² + bx + c Topic 6.6.2.

Factoring Quadratics — ax² + bx + c Topic

Similar presentations

Ads by Google