Decision Procedures for Flat Array Properties F. Alberti 1 , 3 , S. - - PowerPoint PPT Presentation

decision procedures for flat array properties
SMART_READER_LITE
LIVE PREVIEW

Decision Procedures for Flat Array Properties F. Alberti 1 , 3 , S. - - PowerPoint PPT Presentation

Nov 01, 2022 415 likes •930 views

Decision Procedures for Flat Array Properties F. Alberti 1 , 3 , S. Ghilardi 2 , N. Sharygina 1 1 University of Lugano, Switzerland 2 University of Milan, Italy 3 Verimag, Grenoble, France SMT July 17, 2014 Talk based on the paper published at

slide-1
SLIDE 1

Decision Procedures for Flat Array Properties

  • F. Alberti1,3, S. Ghilardi2, N. Sharygina1

1University of Lugano, Switzerland 2 University of Milan, Italy 3 Verimag, Grenoble, France

SMT July 17, 2014

Talk based on the paper published at TACAS, 2014.

slide-2
SLIDE 2

Context: quantified fragments of array theories

Many applications: Properties of the heap Checking user provided assertions Parameterized systems ⇒ Verifying array programs:

CEGAR-based approaches for array programs [AlbertiBG+12] Accelerations of relations over arrays [AlbertiGS13]

  • F. Alberti

Decision Procedures for Flat Array Properties 1 / 21

slide-3
SLIDE 3

Accelerations of relations over arrays

lI lL lE τ0 τ1 τ2

Acceleration

lI lL lL lE τ0 τ +

1

τ2 τ2

Decision Procedure

✔ ✘

  • F. Alberti

Decision Procedures for Flat Array Properties 2 / 21

slide-4
SLIDE 4

Accelerations of relations over arrays

lI lL lE τ0 τ1 τ2

Acceleration

lI lL lL lE τ0 τ +

1

τ2 τ2

Decision Procedure

✔ ✘

✔ Accelerations of a class of relation over arrays is definable via ∃∗∀∗-formulæ [AlbertiGS13] Accelerations might be outside known decidable fragments [BradleyMS06, HabermehlIV08, GedM09].

  • F. Alberti

Decision Procedures for Flat Array Properties 2 / 21

slide-5
SLIDE 5

Accelerations of relations over arrays

τ := G(i, a[i]) ∧ i′ = i + ¯ k ∧ a′ = store(a, i, t(a[i])) ⇓ τ + := ∃y > 0.    ∀j.

  • i ≤ j < i + ¯

k · y ∧ D¯

k(j − i)

→ G( j, a(j) )

i′ = i + ¯ k · y ∧ ∀j.

  • a′(j) = U( i, j, y, a(j) )

 

  • F. Alberti

Decision Procedures for Flat Array Properties 3 / 21

slide-6
SLIDE 6

Quantified fragments of array theories

Related work

Theory of arrays: “base” theory T + free functions a Fragment of interest: ϕ := ∃c ∀i ψ( c , i , a(t) )

  • F. Alberti

Decision Procedures for Flat Array Properties 4 / 21

slide-7
SLIDE 7

Quantified fragments of array theories

Related work

Theory of arrays: “base” theory T + free functions a Fragment of interest: ϕ := ∃c ∀i ψ( c , i , a(t) ) In general, undecidable If constrained, two main strategies to show decidability:

1 Instantiation-based 2 Automata-based

  • F. Alberti

Decision Procedures for Flat Array Properties 4 / 21

slide-8
SLIDE 8

Quantified fragments of array theories

Related work

Bradley et al. “What’s decidable about arrays?”, VMCAI 2006. Array property: ϕ := ∀i.F(i) → G( a(i) )

F(i) is a conjunction of atoms of the kind i ≤ j , i ≤ t , t ≤ i

  • I. Identify an index set I
  • II. Instantiate i over I to obtain a quantifier-free ψ1 ∧ · · · ∧ ψn
  • III. Standard theory-combination approaches on ψ1 ∧ · · · ∧ ψn

Complexity: NExpTime (NP if we fix the number of index variables)

  • F. Alberti

Decision Procedures for Flat Array Properties 5 / 21

slide-9
SLIDE 9

Quantified fragments of array theories

Related work

Habermehl et al. “A Logic of Singly Indexed Arrays”, LPAR 2008. ϕ := ∀i.F(i) → G(i, a(i + ¯ k))

No disjunctions in G Atoms are difference logic constraints (with equations modulo ¯ k)

  • I. Translate ϕ into a FCADBM1 Aϕ
  • II. Check the emptiness of L(Aϕ)

Complexity: unknown

1Deterministic flat counter automata with difference bound transition rules

  • F. Alberti

Decision Procedures for Flat Array Properties 6 / 21

slide-10
SLIDE 10

Quantified fragments of array theories

Our contribution wrt related work

APF SIL

slide-11
SLIDE 11

Quantified fragments of array theories

Our contribution wrt related work

APF SIL Presburger

slide-12
SLIDE 12

Quantified fragments of array theories

Our contribution wrt related work

APF SIL Presburger Presburger + exp Real Arithmetic

slide-13
SLIDE 13

Quantified fragments of array theories

Our contribution wrt related work

APF SIL Presburger Presburger + exp Real Arithmetic Flat Array Properties

  • F. Alberti

Decision Procedures for Flat Array Properties 7 / 21

slide-14
SLIDE 14

Our contribution

Flat Array Properties

ϕ := ∃c ∀i.ψ( i , a(i) , c , a(c) )

a(t) allowed only if t is a variable

  • F. Alberti

Decision Procedures for Flat Array Properties 8 / 21

slide-15
SLIDE 15

Our contribution

Flat Array Properties

ϕ := ∃c ∀i.ψ( i , a(i) , c , a(c) )

a(t) allowed only if t is a variable

Mono-sorted theory: T ∪ {a1, . . . , an}

|i| = 1 Requirement: T-decidability of ∃∗∀∃∗-formulæ Complexity: quadratic instance of a ∃∗∀∃∗ T-satisfiability problem

  • F. Alberti

Decision Procedures for Flat Array Properties 8 / 21

slide-16
SLIDE 16

Our contribution

Flat Array Properties

ϕ := ∃c ∀i.ψ( i , a(i) , c , a(c) )

a(t) allowed only if t is a variable

Mono-sorted theory: T ∪ {a1, . . . , an}

|i| = 1 Requirement: T-decidability of ∃∗∀∃∗-formulæ Complexity: quadratic instance of a ∃∗∀∃∗ T-satisfiability problem

Multi-sorted theory: TI ∪ TE ∪ {a1, . . . , an}

INDEX atoms with at most one universally quantified variable Requirement: TI-decidability of ∃∗∀-formulæ Requirement: TE-decidability of quantifier-free formulæ Complexity if TI, TE are P+: NExpTime-complete

  • F. Alberti

Decision Procedures for Flat Array Properties 8 / 21

slide-17
SLIDE 17

Decision Procedure for the multi-sorted case

F := ∃c ∀i .ψ( i, a(i), c, a(c) ) M | = F

  • F. Alberti

Decision Procedures for Flat Array Properties 9 / 21

slide-18
SLIDE 18

Decision Procedure for the multi-sorted case

F := ∃c ∀i .ψ( i, a(i), c, a(c) ) M | = F aM

INDEXM ELEMM

  • F. Alberti

Decision Procedures for Flat Array Properties 9 / 21

slide-19
SLIDE 19

Decision Procedure for the multi-sorted case

F := ∃c ∀i .ψ( i, a(i), c, a(c) ) M | = F aM

INDEXM ELEMM

aM is a total function from INDEXM to ELEMM

  • F. Alberti

Decision Procedures for Flat Array Properties 9 / 21

slide-20
SLIDE 20

Decision Procedure for the multi-sorted case

F := ∃c ∀i .ψ( i, a(i), c, a(c) ) Step I. Guess the set of INDEX types

INDEXM ELEMM

  • F. Alberti

Decision Procedures for Flat Array Properties 10 / 21

slide-21
SLIDE 21

Decision Procedure for the multi-sorted case

F := ∃c ∀i .ψ( i, a(i), c, a(c) ) Step I. Guess the set of INDEX types

INDEXM ELEMM

  • F. Alberti

Decision Procedures for Flat Array Properties 10 / 21

slide-22
SLIDE 22

Decision Procedure for the multi-sorted case

F := ∃c ∀i .ψ( i, a(i), c, a(c) ) Step I. Guess the set of INDEX types Consider the set K of all INDEX atoms in F (plus equalities with the c constants) Let {M1, . . . , Mq} be the the set of maximal and consistent sets of literals built out of K

Each L(x, c) in every Mh is an atom of K or its negation All the Mh’s are mutually exclusive

Every element of INDEXM has to realize a type Mh: MI | = ∀x.  

q

  • j=1
  • L∈Mj

L(x, c)  

  • F. Alberti

Decision Procedures for Flat Array Properties 11 / 21

slide-23
SLIDE 23

Decision Procedure for the multi-sorted case

F := ∃c ∀i .ψ( i, a(i), c, a(c) ) Step II. For each type Mh take a bh ∈ INDEXM realizing it

INDEXM ELEMM

  • F. Alberti

Decision Procedures for Flat Array Properties 12 / 21

slide-24
SLIDE 24

Decision Procedure for the multi-sorted case

F := ∃c ∀i .ψ( i, a(i), c, a(c) ) Step II. For each type Mh take a bh ∈ INDEXM realizing it

INDEXM ELEMM

  • F. Alberti

Decision Procedures for Flat Array Properties 12 / 21

slide-25
SLIDE 25

Decision Procedure for the multi-sorted case

F := ∃c ∀i .ψ( i, a(i), c, a(c) ) Step II. For each type Mh take a bh ∈ INDEXM realizing it

  • 1. Each bh realizes the corresponding type

MI | =

q

  • j=1
  • L∈Mj

L(bj, c)

  • 2. The instantiation
  • σ:i→b

ψ( iσ, a(iσ), c, a(c) ) is consistent

  • F. Alberti

Decision Procedures for Flat Array Properties 13 / 21

slide-26
SLIDE 26

Decision Procedure for ARR2(TI, TE)

F := ∃c ∀i .ψ( i, a(i), c, a(c) ) F1 := ∃b ∃c             ∀x.  

q

  • j=1
  • L∈Mj

L(x, c)   ∧

q

  • j=1
  • L∈Mj

L(bj, c) ∧

  • σ:i→b

ψ(iσ, a(iσ), c, a(c))            

  • F. Alberti

Decision Procedures for Flat Array Properties 14 / 21

slide-27
SLIDE 27

Decision Procedure for the multi-sorted case

Step III. Substitute the tuple a(b) ∗ a(c) with a tuple e of ELEM constants

INDEXM ELEMM

  • F. Alberti

Decision Procedures for Flat Array Properties 15 / 21

slide-28
SLIDE 28

Decision Procedure for the multi-sorted case

Step III. Substitute the tuple a(b) ∗ a(c) with a tuple e of ELEM constants

INDEXM ELEMM

  • F. Alberti

Decision Procedures for Flat Array Properties 15 / 21

slide-29
SLIDE 29

Decision Procedure for the multi-sorted case

F1 := ∃b ∃c   . . . ∧

  • σ:i→b

ψ(iσ, a(iσ), c, a(c))   Step III. Substitute the tuple a(b) ∗ a(c) with a tuple e of ELEM constants

  • F. Alberti

Decision Procedures for Flat Array Properties 16 / 21

slide-30
SLIDE 30

Decision Procedure for the multi-sorted case

F1 := ∃b ∃c   . . . ∧

  • σ:i→b

ψ(iσ, a(iσ), c, a(c))   Step III. Substitute the tuple a(b) ∗ a(c) with a tuple e of ELEM constants F2 := ∃b ∃c       . . . ∧ ¯ ψ(b, c, e) ∧

  • dm,dn∈b∗c

s

  • l=1

(dm = dn → el,m = el,n)      

a(b) ∗ a(c) e

functional consistency

  • F. Alberti

Decision Procedures for Flat Array Properties 16 / 21

slide-31
SLIDE 31

Decision Procedure for the multi-sorted case

Step IV. “Split” the formula F2 in INDEX and ELEM parts

F2 := ∃b ∃c                 ∀x.   

q

  • j=1
  • L∈Mj

L(x, c)    ∧

q

  • j=1
  • L∈Mj

L(bj, c) ∧ ¯ ψ(b, c, e) ∧

  • dm,dn∈b∗c

s

  • l=1

(dm = dn → el,m = el,n)                

  • F. Alberti

Decision Procedures for Flat Array Properties 17 / 21

slide-32
SLIDE 32

Decision Procedure for the multi-sorted case

Step IV. “Split” the formula F2 in INDEX and ELEM parts

F2 := ∃b ∃c                 ∀x.   

q

  • j=1
  • L∈Mj

L(x, c)    ∧

q

  • j=1
  • L∈Mj

L(bj, c) ∧ ¯ ψ(b, c, e) ∧

  • dm,dn∈b∗c

s

  • l=1

(dm = dn → el,m = el,n)                 FI := ∃b ∃c             ∀x.   

q

  • j=1
  • L∈Mj

L(x, c)    ∧

q

  • j=1
  • L∈Mj

L(bj, c) ∧ ¯ ψ(b, c)             FE := ¯ ψ(e)

  • F. Alberti

Decision Procedures for Flat Array Properties 17 / 21

slide-33
SLIDE 33

Decision Procedure for the multi-sorted case

Step IV. “Split” the formula F2 in INDEX and ELEM parts

F2 := ∃b ∃c                 ∀x.   

q

  • j=1
  • L∈Mj

L(x, c)    ∧

q

  • j=1
  • L∈Mj

L(bj, c) ∧ ¯ ψ(b, c, e) ∧

  • dm,dn∈b∗c

s

  • l=1

(dm = dn → el,m = el,n)                 FI := ∃b ∃c             ∀x.   

q

  • j=1
  • L∈Mj

L(x, c)    ∧

q

  • j=1
  • L∈Mj

L(bj, c) ∧ ¯ ψ(b, c)             FE := ¯ ψ(e)

  • F. Alberti

Decision Procedures for Flat Array Properties 17 / 21

slide-34
SLIDE 34

Decision Procedure for the multi-sorted case

Step IV. “Split” the formula F2 in INDEX and ELEM parts

F2 := ∃b ∃c                 ∀x.   

q

  • j=1
  • L∈Mj

L(x, c)    ∧

q

  • j=1
  • L∈Mj

L(bj, c) ∧ ¯ ψ(b, c, e) ∧

  • dm,dn∈b∗c

s

  • l=1

(dm = dn → el,m = el,n)                 FI := ∃b ∃c             ∀x.   

q

  • j=1
  • L∈Mj

L(x, c)    ∧

q

  • j=1
  • L∈Mj

L(bj, c) ∧ ¯ ψ(b, c)             FE := ¯ ψ(e) SAT assignment

  • F. Alberti

Decision Procedures for Flat Array Properties 17 / 21

slide-35
SLIDE 35

Decision Procedure for the multi-sorted case

Step V. Check if FI is TI-sat and if FE is TE-sat

1∗ With divisibility predicates {Dk}k≥2.

  • F. Alberti

Decision Procedures for Flat Array Properties 18 / 21

slide-36
SLIDE 36

Decision Procedure for the multi-sorted case

Step V. Check if FI is TI-sat and if FE is TE-sat

FI := ∃b ∃c             ∀x.   

q

  • j=1
  • L∈Mj

L(x, c)    ∧

q

  • j=1
  • L∈Mj

L(bj, c) ∧ ¯ ψ(b, c)             FE := ¯ ψ(e) 1∗ With divisibility predicates {Dk}k≥2.

  • F. Alberti

Decision Procedures for Flat Array Properties 18 / 21

slide-37
SLIDE 37

Decision Procedure for the multi-sorted case

Step V. Check if FI is TI-sat and if FE is TE-sat

FI := ∃b ∃c             ∀x.   

q

  • j=1
  • L∈Mj

L(x, c)    ∧

q

  • j=1
  • L∈Mj

L(bj, c) ∧ ¯ ψ(b, c)             FE := ¯ ψ(e)

⇒ ∃∗∀-fragment ⇒ Quantifier-free fragment

1∗ With divisibility predicates {Dk}k≥2.

  • F. Alberti

Decision Procedures for Flat Array Properties 18 / 21

slide-38
SLIDE 38

Decision Procedure for the multi-sorted case

Step V. Check if FI is TI-sat and if FE is TE-sat

FI := ∃b ∃c             ∀x.   

q

  • j=1
  • L∈Mj

L(x, c)    ∧

q

  • j=1
  • L∈Mj

L(bj, c) ∧ ¯ ψ(b, c)             FE := ¯ ψ(e)

⇒ ∃∗∀-fragment ✔ Difference Logic∗ ✔ Presburger∗ ✔ Presburger∗ + exp [Sem¨ enov84] ✔ Real Arithmetic ... ⇒ Quantifier-free fragment

1∗ With divisibility predicates {Dk}k≥2.

  • F. Alberti

Decision Procedures for Flat Array Properties 18 / 21

slide-39
SLIDE 39

Application (I) - Deciding the safety of simple0

A-programs

Application: deciding the safety of simple0

A-programs

  • F. Alberti

Decision Procedures for Flat Array Properties 19 / 21

slide-40
SLIDE 40

Application (I) - Deciding the safety of simple0

A-programs

Application: deciding the safety of simple0

A-programs

Flat control-flow structure Every loop τ has a Flat Array Property as acceleration

linit l1 l2 l3 lerror τ1 τ2 τ3 τ4 τ5 τE

  • F. Alberti

Decision Procedures for Flat Array Properties 19 / 21

slide-41
SLIDE 41

Application (I) - Deciding the safety of simple0

A-programs

Application: deciding the safety of simple0

A-programs

Flat control-flow structure Every loop τ has a Flat Array Property as acceleration

linit l1 l2 l3 lerror τ1 τ2 τ3 τ4 τ5 τE

Theorem

The unbounded reachability problem for simple0

A-programs is decidable.

  • F. Alberti

Decision Procedures for Flat Array Properties 19 / 21

slide-42
SLIDE 42

Application (II) - Booster

An acceleration-based software model-checker

Program with assertions

Preprocessing Parsing

AST

CFG gen. Inlining

CFG

CG generation Analysis BMC Acceleration (1) SMT-solver

Proof obligations Flat Array Properties Cutpoint graph

Fixpoint Engines Interface

unknown unsafe/ safe/unsafe/unknown

Analysis of results

Result of the verification mcmt Flat.

  • Acc. (2)

LAWI SMT-solver mcmt Flat.

  • Acc. (2)

LAWI SMT-solver . . . mcmt Flat.

  • Acc. (2)

LAWI SMT-solver

  • F. Alberti, S. Ghilardi, and N. Sharygina.

Booster: an acceleration-based verification framework for array programs In ATVA, Springer, 2014. To appear.

  • F. Alberti

Decision Procedures for Flat Array Properties 20 / 21

slide-43
SLIDE 43

Application (II) - Booster

An acceleration-based software model-checker

0.01 0.1 1 10 100 0.01 0.1 1 10 100 LAWI (for arrays) Booster Safe Unsafe

  • F. Alberti

Decision Procedures for Flat Array Properties 20 / 21

slide-44
SLIDE 44

Conclusion

  • 1. New decidability results for quantified fragments of theories of

arrays

Fully declarative Parametric in the theories of indexes and elements

  • F. Alberti

Decision Procedures for Flat Array Properties 21 / 21

slide-45
SLIDE 45

Conclusion

  • 1. New decidability results for quantified fragments of theories of

arrays

Fully declarative Parametric in the theories of indexes and elements

  • 2. Full decidability result for checking the safety of a class of array

programs

  • F. Alberti

Decision Procedures for Flat Array Properties 21 / 21

slide-46
SLIDE 46

Conclusion

  • 1. New decidability results for quantified fragments of theories of

arrays

Fully declarative Parametric in the theories of indexes and elements

  • 2. Full decidability result for checking the safety of a class of array

programs

  • 3. Application in software model-checking

☞ Booster – inf.usi.ch/phd/alberti/prj/booster

  • F. Alberti

Decision Procedures for Flat Array Properties 21 / 21

slide-47
SLIDE 47

Conclusion

  • 1. New decidability results for quantified fragments of theories of

arrays

Fully declarative Parametric in the theories of indexes and elements

  • 2. Full decidability result for checking the safety of a class of array

programs

  • 3. Application in software model-checking

☞ Booster – inf.usi.ch/phd/alberti/prj/booster

Thank you! Questions?

  • F. Alberti

Decision Procedures for Flat Array Properties 21 / 21

slide-48
SLIDE 48

References I

Francesco Alberti, Roberto Bruttomesso, Silvio Ghilardi, Silvio Ranise, and Natasha Sharygina. Lazy abstraction with interpolants for arrays. In Nikolaj Bjørner and Andrei Voronkov, editors, LPAR, volume 7180 of Lecture Notes in Computer Science, pages 46–61. Springer, 2012. Francesco Alberti, Silvio Ghilardi, and Natasha Sharygina. Definability of accelerated relations in a theory of arrays and its applications. In FroCos, pages 23–39, 2013.

  • F. Alberti

Decision Procedures for Flat Array Properties 22 / 21

slide-49
SLIDE 49

References II

Aaron R. Bradley, Zohar Manna, and Henny B. Sipma. What’s decidable about arrays? In E. Allen Emerson and Kedar S. Namjoshi, editors, VMCAI, volume 3855 of Lecture Notes in Computer Science, pages 427–442. Springer, 2006. Yeting Ge and Leonardo M. de Moura. Complete instantiation for quantified formulas in satisfiability modulo theories. In Ahmed Bouajjani and Oded Maler, editors, CAV, volume 5643

  • f Lecture Notes in Computer Science, pages 306–320. Springer,

2009.

  • F. Alberti

Decision Procedures for Flat Array Properties 23 / 21

slide-50
SLIDE 50

References III

Peter Habermehl, Radu Iosif, and Tom´ as Vojnar. A logic of singly indexed arrays. In Iliano Cervesato, Helmut Veith, and Andrei Voronkov, editors, LPAR, volume 5330 of Lecture Notes in Computer Science, pages 558–573. Springer, 2008. A.L. Sem¨ enov. Logical theories of one-place functions on the set of natural numbers. Izvestiya: Mathematics, 22:587–618, 1984.

  • F. Alberti

Decision Procedures for Flat Array Properties 24 / 21