Definability of Accelerated Relations in a Theory of Arrays and its - - PowerPoint PPT Presentation

Definability of Accelerated Relations in a Theory of Arrays and its Applications

• F. Alberti1, S. Ghilardi2, N. Sharygina1

1University of Lugano, Switzerland 2 University of Milan, Italy

9th International Symposium on Frontiers of Combining Systems September 18, 2013

Context: Reachability analysis

ST = ( v , I(v) , τ(v, v′) )

Ingredients: transition system ST and a safety property P(v) Reachability analysis: establish if it is possible to reach ¬P(v)

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 1 / 24

Context: Reachability analysis

ST = ( v , I(v) , τ(v, v′) )

Ingredients: transition system ST and a safety property P(v) Reachability analysis: establish if it is possible to reach ¬P(v) ⇒ T is Presburger arithmetic enriched with free function symbols satisfiability and validity with respect to structures having the standard structure of natural numbers as reduct v contains free unary function symbols (a) and free constants (c)

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 1 / 24

Context: Reachability analysis

Backward search

We iteratively compute the preimage of ¬P applying backward τ ¬P I

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 2 / 24

Context: Reachability analysis

Backward search

We iteratively compute the preimage of ¬P applying backward τ R1 ¬P I

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 2 / 24

Context: Reachability analysis

Backward search

We iteratively compute the preimage of ¬P applying backward τ R2 R1 ¬P I

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 2 / 24

Context: Reachability analysis

Backward search

We iteratively compute the preimage of ¬P applying backward τ Rn R2 R1 ¬P I

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 2 / 24

Context: Reachability analysis

Backward search

We iteratively compute the preimage of ¬P applying backward τ ... until we find an intersection with the set of initial states... Rn R2 R1 ¬P I

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 2 / 24

Context: Reachability analysis

Backward search

We iteratively compute the preimage of ¬P applying backward τ ... until we find an intersection with the set of initial states... ... or a (global) fix-point. Rn R2 R1 ¬P I

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 2 / 24

Context: Reachability analysis

Backward search

Reduce intersection and fix-point test to SMT problems: Intersection test: is I ∧ Rn T-satisfiable? Rn R2 R1 ¬P I

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 3 / 24

Context: Reachability analysis

Backward search

Reduce intersection and fix-point test to SMT problems: Intersection test: is I ∧ Rn T-satisfiable? Fix-point test: is Rn+1 → Rn T-valid? ...or dually: is Rn+1 ∧ ¬Rn T-unsatisfiable? Rn R2 R1 ¬P I

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 3 / 24

Context: Reachability analysis

Backward search - divergence

Precise reachability analysis (usually) diverges on infinite-state systems

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 4 / 24

Context: Reachability analysis

Backward search - divergence

Precise reachability analysis (usually) diverges on infinite-state systems Common experience with verification of annotated code

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 4 / 24

Context: Reachability analysis

Backward search - divergence

Precise reachability analysis (usually) diverges on infinite-state systems Common experience with verification of annotated code ⇒ Acceleration can help in limiting divergence!

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 4 / 24

Acceleration

Example1

procedure Find( int e ) { lI i = 0; lL while ( i < L ∧ a[i] = e ) { i = i + 1; } lF assert ( ∀x.(0 ≤ x < i) → a[x] = e ); }

1Assume we exit the loop because we reach the end of the array.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 5 / 24

Acceleration

Example1

procedure Find( int e ) { lI i = 0; lL while ( i < L ∧ a[i] = e ) { i = i + 1; } lF assert ( ∀x.(0 ≤ x < i) → a[x] = e ); }

τ1 := pc = lL ∧ i < L ∧ a[i] = e

• guard

∧ i′ = i + 1

• update

1Assume we exit the loop because we reach the end of the array.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 5 / 24

Acceleration

Example1

τ1 := pc = lL ∧ i < L ∧ a[i] = e

• guard

∧ i′ = i + 1

• update

1Assume we exit the loop because we reach the end of the array.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 5 / 24

Acceleration

Example1

x i a · · · e · · ·

∃x.0 ≤ x ∧ x < i ∧ a[x] = e ∧ i ≥ L τ1 := pc = lL ∧ i < L ∧ a[i] = e

• guard

∧ i′ = i + 1

• update

1Assume we exit the loop because we reach the end of the array.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 5 / 24

Acceleration

Example1

x i × a · · · e · · ·

∃x.0 ≤ x ∧ x < i + 1 ∧ a[x] = e ∧ i + 1 = L ∧ a[i] = e τ1 := pc = lL ∧ i < L ∧ a[i] = e

• guard

∧ i′ = i + 1

• update

1Assume we exit the loop because we reach the end of the array.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 5 / 24

Acceleration

Example1

x × × i a · · · e · · ·

∃x.0 ≤ x ∧ x < i + 2 ∧ a[x] = e ∧ i + 2 = L ∧ a[i] = e ∧ a[i + 1] = e τ1 := pc = lL ∧ i < L ∧ a[i] = e

• guard

∧ i′ = i + 1

• update

1Assume we exit the loop because we reach the end of the array.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 5 / 24

Acceleration

Example1

x × × × i a · · · e · · ·

∃x.0 ≤ x ∧ x < i + 3 ∧ a[x] = e ∧ i + 3 = L ∧ a[i] = e ∧ a[i + 1] = e ∧ a[i + 2] = e τ1 := pc = lL ∧ i < L ∧ a[i] = e

• guard

∧ i′ = i + 1

• update

1Assume we exit the loop because we reach the end of the array.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 5 / 24

Acceleration

Example1

x × × × · · · i a · · · e · · ·

∃x.0 ≤ x ∧ x < i + n ∧ a[x] = e ∧ i + n = L ∧

n−1

• k=0

a[i + k] = e τ1 := pc = lL ∧ i < L ∧ a[i] = e

• guard

∧ i′ = i + 1

• update

1Assume we exit the loop because we reach the end of the array.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 5 / 24

Acceleration

Preventing divergence Find control-flow graph:

I l1 ¯ P τ0 τ1 τ2

Precise backward reachability

¯ P v1 ⊥ v2 ⊥ v3 ⊥

τ2 τ0 τ1 τ0 τ1 τ0 τ1

With accelerated transitions (desired behavior)

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 6 / 24

Acceleration

Preventing divergence Find control-flow graph:

I l1 ¯ P τ0 τ1 τ2

Precise backward reachability

¯ P v1 ⊥ v2 ⊥ v3 ⊥

τ2 τ0 τ1 τ0 τ1 τ0 τ1

With accelerated transitions (desired behavior)

¯ P v1 v2 v+

2

v3 v+

3

v1 ⊥

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 6 / 24

Acceleration

Preventing divergence Find control-flow graph:

I l1 ¯ P τ0 τ1 τ2

Precise backward reachability

¯ P v1 ⊥ v2 ⊥ v3 ⊥

τ2 τ0 τ1 τ0 τ1 τ0 τ1

With accelerated transitions (desired behavior)

¯ P v1 v2 v+

2

v3 v+

3

v1 ⊥

τ2

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 6 / 24

Acceleration

Preventing divergence Find control-flow graph:

I l1 ¯ P τ0 τ1 τ2

Precise backward reachability

¯ P v1 ⊥ v2 ⊥ v3 ⊥

τ2 τ0 τ1 τ0 τ1 τ0 τ1

With accelerated transitions (desired behavior)

¯ P v1 v2 v+

2

v3 v+

3

⊥ ⊥

τ2 τ0

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 6 / 24

Acceleration

Preventing divergence Find control-flow graph:

I l1 ¯ P τ0 τ1 τ2

Precise backward reachability

¯ P v1 ⊥ v2 ⊥ v3 ⊥

τ2 τ0 τ1 τ0 τ1 τ0 τ1

With accelerated transitions (desired behavior)

¯ P v1 v2 v+

2

v3 v+

3

⊥ ⊥

τ2 τ1 τ0

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 6 / 24

Acceleration

Preventing divergence Find control-flow graph:

I l1 ¯ P τ0 τ1 τ2

Precise backward reachability

¯ P v1 ⊥ v2 ⊥ v3 ⊥

τ2 τ0 τ1 τ0 τ1 τ0 τ1

With accelerated transitions (desired behavior)

¯ P v1 v2 v+

2

v3 v+

3

⊥ ⊥

τ2 τ1 τ +

1

τ0

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 6 / 24

Acceleration

Preventing divergence Find control-flow graph:

I l1 ¯ P τ0 τ1 τ2

Precise backward reachability

¯ P v1 ⊥ v2 ⊥ v3 ⊥

τ2 τ0 τ1 τ0 τ1 τ0 τ1

With accelerated transitions (desired behavior)

¯ P v1 v2 v+

2

v3 v+

3

⊥ ⊥

τ2 τ1 τ +

1

τ0

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 6 / 24

Acceleration

Preventing divergence Find control-flow graph:

I l1 ¯ P τ0 τ1 τ2

Precise backward reachability

¯ P v1 ⊥ v2 ⊥ v3 ⊥

τ2 τ0 τ1 τ0 τ1 τ0 τ1

With accelerated transitions (desired behavior)

¯ P v1 v2 v+

2

v3 v+

3

⊥ ⊥

τ2 τ1 τ +

1

τ0 τ0

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 6 / 24

Acceleration

Preventing divergence Find control-flow graph:

I l1 ¯ P τ0 τ1 τ2

Precise backward reachability

¯ P v1 ⊥ v2 ⊥ v3 ⊥

τ2 τ0 τ1 τ0 τ1 τ0 τ1

With accelerated transitions (desired behavior)

¯ P v1 v2 v+

2

v3 v+

3

⊥ ⊥

τ2 τ1 τ +

1

τ1 τ0 τ0

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 6 / 24

Acceleration

Preventing divergence Find control-flow graph:

I l1 ¯ P τ0 τ1 τ2

Precise backward reachability

¯ P v1 ⊥ v2 ⊥ v3 ⊥

τ2 τ0 τ1 τ0 τ1 τ0 τ1

With accelerated transitions (desired behavior)

¯ P v1 v2 v+

2

v3 v+

3

⊥ ⊥

τ2 τ1 τ +

1

τ1 τ0 τ0

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 6 / 24

Acceleration

Preventing divergence Find control-flow graph:

I l1 ¯ P τ0 τ1 τ2

Precise backward reachability

¯ P v1 ⊥ v2 ⊥ v3 ⊥

τ2 τ0 τ1 τ0 τ1 τ0 τ1

With accelerated transitions (desired behavior)

¯ P v1 v2 v+

2

v3 v+

3

⊥ ⊥

τ2 τ1 τ +

1

τ1 τ +

1

τ0 τ0

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 6 / 24

Acceleration

Preventing divergence Find control-flow graph:

I l1 ¯ P τ0 τ1 τ2

Precise backward reachability

¯ P v1 ⊥ v2 ⊥ v3 ⊥

τ2 τ0 τ1 τ0 τ1 τ0 τ1

With accelerated transitions (desired behavior)

¯ P v1 v2 v+

2

v3 v+

3

⊥ ⊥

τ2 τ1 τ +

1

τ1 τ +

1

τ0 τ0

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 6 / 24

Acceleration

State of the art

Acceleration: Transitive closure τ + of transitions τ encoding cyclic actions

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 7 / 24

Acceleration

State of the art

Acceleration: Transitive closure τ + of transitions τ encoding cyclic actions Challenges: In general transitive closure cannot be expressed in FOL

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 7 / 24

Acceleration

State of the art

Acceleration: Transitive closure τ + of transitions τ encoding cyclic actions Challenges: In general transitive closure cannot be expressed in FOL Only some (important) classes of τ’s allow the definability of τ +

Polling-based systems [BBD+02] Imperative programs over integers [BIK10]

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 7 / 24

Acceleration

State of the art

Acceleration: Transitive closure τ + of transitions τ encoding cyclic actions Challenges: In general transitive closure cannot be expressed in FOL Only some (important) classes of τ’s allow the definability of τ +

Polling-based systems [BBD+02] Imperative programs over integers [BIK10]

What about arrays?

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 7 / 24

Acceleration for arrays

Contributions

In theory: Identification of classes of transitions τ over arrays admitting definable acceleration

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 8 / 24

Acceleration for arrays

Contributions

In theory: Identification of classes of transitions τ over arrays admitting definable acceleration Determine the price to pay for expressing τ +

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 8 / 24

Acceleration for arrays

Contributions

In theory: Identification of classes of transitions τ over arrays admitting definable acceleration Determine the price to pay for expressing τ + In practice: Template-based solution

✔ High degree of automation ✔ Computationally cheap

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 8 / 24

Acceleration for arrays

Contributions

In theory: Identification of classes of transitions τ over arrays admitting definable acceleration Determine the price to pay for expressing τ + In practice: Template-based solution

✔ High degree of automation ✔ Computationally cheap

Combination with abstraction-based frameworks

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 8 / 24

Acceleration for arrays

Example

τ1 := pc = lL ∧ i < L ∧ a[i] = e

• guard

∧ i′ = i + 1

• update
• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 9 / 24

Acceleration for arrays

Example

τ1 := pc = lL ∧ i < L ∧ a[i] = e

• guard

∧ i′ = i + 1

• update

⇓

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 9 / 24

Acceleration for arrays

Example

τ1 := pc = lL ∧ i < L ∧ a[i] = e

• guard

∧ i′ = i + 1

• update

⇓ τ +

1 := ∃y.

   y > 0 ∧ pc = lL ∧ ∀j.( i ≤ j < i + y → j < L ∧ a[j] = e ) i′ = i + y   

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 9 / 24

Acceleration for arrays

Example

τ1 := pc = lL ∧ i < L ∧ a[i] = e

• guard

∧ i′ = i + 1

• update

⇓ τ +

1 := ∃y.

   y > 0 ∧ pc = lL ∧ ∀j.( i ≤ j < i + y → j < L ∧ a[j] = e ) i′ = i + y   

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 9 / 24

The formal framework

Iterators

Definition (Iterators)

A tuple of m-ary terms u(x) is said to be an iterator iff there exists an m-tuple of m + 1-ary terms u∗(x, y) such that for any natural number n it happens that the formula un(x) = u∗(x, ¯ n) is valid.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 10 / 24

The formal framework

Iterators

Definition (Iterators)

A tuple of m-ary terms u(x) is said to be an iterator iff there exists an m-tuple of m + 1-ary terms u∗(x, y) such that for any natural number n it happens that the formula un(x) = u∗(x, ¯ n) is valid.

Example

u(x) := x + 1

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 10 / 24

The formal framework

Iterators

Definition (Iterators)

A tuple of m-ary terms u(x) is said to be an iterator iff there exists an m-tuple of m + 1-ary terms u∗(x, y) such that for any natural number n it happens that the formula un(x) = u∗(x, ¯ n) is valid.

Example

u(x) := x + 1 u∗(x, y) := x + y

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 10 / 24

The formal framework

Selectors

Definition (Selectors)

Given an iterator u(x), an m-ary term κ(x1, . . . , xm) is a selector for u(x) iff there is an m + 1-ary term ι(x1, . . . , xm, y) yielding the validity

• f the formula

z = κ(u∗(x, y)) → y = ι(x, z)

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 11 / 24

The formal framework

Selectors

Definition (Selectors)

Given an iterator u(x), an m-ary term κ(x1, . . . , xm) is a selector for u(x) iff there is an m + 1-ary term ι(x1, . . . , xm, y) yielding the validity

• f the formula

z = κ(u∗(x, y)) → y = ι(x, z) Most likely κ is a projection

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 11 / 24

The formal framework

Selectors

Definition (Selectors)

Given an iterator u(x), an m-ary term κ(x1, . . . , xm) is a selector for u(x) iff there is an m + 1-ary term ι(x1, . . . , xm, y) yielding the validity

• f the formula

z = κ(u∗(x, y)) → y = ι(x, z) Most likely κ is a projection Can a cell z be reached in m iterations? The number ι(x, z) gives “the only possible candidate” y number

• f iterations

z = κ(u∗(x, y)) checks if the candidate y is correct

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 11 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; }

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations?

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations? ι(i, z) = 7−3

2

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations? ι(i, z) = 7−3

2

• = 2
• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations? ι(i, z) = 7−3

2

• = 2

✔

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations? ι(i, z) = 7−3

2

• = 2

✔ u∗(i, 2) = 3 + 2 · 2 = 7

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations? ι(i, z) = 7−3

2

• = 2

✔ u∗(i, 2) = 3 + 2 · 2 = 7 ✔

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations? ι(i, z) = 7−3

2

• = 2

✔ u∗(i, 2) = 3 + 2 · 2 = 7 ✔ i = 3

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations? ι(i, z) = 7−3

2

• = 2

✔ u∗(i, 2) = 3 + 2 · 2 = 7 ✔ i = 3 a[6] in 3 iterations?

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations? ι(i, z) = 7−3

2

• = 2

✔ u∗(i, 2) = 3 + 2 · 2 = 7 ✔ i = 3 a[6] in 3 iterations? ι(i, z) = 6−3

2

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations? ι(i, z) = 7−3

2

• = 2

✔ u∗(i, 2) = 3 + 2 · 2 = 7 ✔ i = 3 a[6] in 3 iterations? ι(i, z) = 6−3

2

• = 1
• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations? ι(i, z) = 7−3

2

• = 2

✔ u∗(i, 2) = 3 + 2 · 2 = 7 ✔ i = 3 a[6] in 3 iterations? ι(i, z) = 6−3

2

• = 1

✔

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations? ι(i, z) = 7−3

2

• = 2

✔ u∗(i, 2) = 3 + 2 · 2 = 7 ✔ i = 3 a[6] in 3 iterations? ι(i, z) = 6−3

2

• = 1

✔ u∗(i, 1) = 3 + 2 · 1 = 5

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Example

while ( true ) { a[i] = 0; i = i + 2; } iterator: u(i) := i + 2 u∗(i, y) = i + 2y κ(x) := x ι(i, z) := z−i

2

• Example

i = 3 a[7] in 3 iterations? ι(i, z) = 7−3

2

• = 2

✔ u∗(i, 2) = 3 + 2 · 2 = 7 ✔ i = 3 a[6] in 3 iterations? ι(i, z) = 6−3

2

• = 1

✔ u∗(i, 1) = 3 + 2 · 1 = 5 ✘

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 12 / 24

The formal framework

Local ground assignments

Definition (Local ground assignment)

A local ground assignment is a ground assignment of the form pc = l ∧ φL(a, c) ∧ pc′ = l ∧ a′ = wr(a, κ(˜ c), t(a, c)) ∧ ˜ c′ = u(˜ c) ∧ d′ = d

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 13 / 24

The formal framework

Local ground assignments

Definition (Local ground assignment)

A local ground assignment is a ground assignment of the form pc = l ∧ φL(a, c) ∧ pc′ = l ∧ a′ = wr(a, κ(˜ c), t(a, c)) ∧ ˜ c′ = u(˜ c) ∧ d′ = d where (i) c = ˜ c, d;

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 13 / 24

The formal framework

Local ground assignments

Definition (Local ground assignment)

A local ground assignment is a ground assignment of the form pc = l ∧ φL(a, c) ∧ pc′ = l ∧ a′ = wr(a, κ(˜ c), t(a, c)) ∧ ˜ c′ = u(˜ c) ∧ d′ = d where (i) c = ˜ c, d; (ii) u = u1, . . . , u|˜

c| is an iterator;

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 13 / 24

The formal framework

Local ground assignments

Definition (Local ground assignment)

A local ground assignment is a ground assignment of the form pc = l ∧ φL(a, c) ∧ pc′ = l ∧ a′ = wr(a, κ(˜ c), t(a, c)) ∧ ˜ c′ = u(˜ c) ∧ d′ = d where (i) c = ˜ c, d; (ii) u = u1, . . . , u|˜

c| is an iterator;

(iii) the terms κ are a selector assignment for a relative to u;

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 13 / 24

The formal framework

Local ground assignments

Definition (Local ground assignment)

A local ground assignment is a ground assignment of the form pc = l ∧ φL(a, c) ∧ pc′ = l ∧ a′ = wr(a, κ(˜ c), t(a, c)) ∧ ˜ c′ = u(˜ c) ∧ d′ = d where (i) c = ˜ c, d; (ii) u = u1, . . . , u|˜

c| is an iterator;

(iii) the terms κ are a selector assignment for a relative to u; (iv) the formula φL(a, c) and the terms t(a, c) are purely arithmetical

• ver the set of terms {c, a(κ(˜

c))} ∪ {ai(dj)}1≤i≤s,1≤j≤|d|;

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 13 / 24

The formal framework

Local ground assignments

Definition (Local ground assignment)

A local ground assignment is a ground assignment of the form pc = l ∧ φL(a, c) ∧ pc′ = l ∧ a′ = wr(a, κ(˜ c), t(a, c)) ∧ ˜ c′ = u(˜ c) ∧ d′ = d where (i) c = ˜ c, d; (ii) u = u1, . . . , u|˜

c| is an iterator;

(iii) the terms κ are a selector assignment for a relative to u; (iv) the formula φL(a, c) and the terms t(a, c) are purely arithmetical

• ver the set of terms {c, a(κ(˜

c))} ∪ {ai(dj)}1≤i≤s,1≤j≤|d|; (v) the guard φL contains the conjuncts κi(˜ c) = dj, for 1 ≤ i ≤ s and 1 ≤ j ≤ |d|.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 13 / 24

The formal framework

Contribution

Theorem

If τ is a local ground assignment, then τ + is a Σ0

2-assignment.

Francesco Alberti, Silvio Ghilardi, and Natasha Sharygina. Tackling divergence: abstraction and acceleration in array programs. Technical Report 2012/01, University of Lugano, oct 2012.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 14 / 24

The formal framework

Contribution

Theorem

If τ is a local ground assignment, then τ + is a Σ0

2-assignment.

Francesco Alberti, Silvio Ghilardi, and Natasha Sharygina. Tackling divergence: abstraction and acceleration in array programs. Technical Report 2012/01, University of Lugano, oct 2012. The proof of the theorem shows the “template” for τ +

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 14 / 24

The formal framework

Contribution

Theorem

If τ is a local ground assignment, then τ + is a Σ0

2-assignment.

Francesco Alberti, Silvio Ghilardi, and Natasha Sharygina. Tackling divergence: abstraction and acceleration in array programs. Technical Report 2012/01, University of Lugano, oct 2012. The proof of the theorem shows the “template” for τ + The template is parametric with respect to

iterators selectors

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 14 / 24

Tool architecture

ST = v, I(v), τ(v, v′) I1, I2, . . ., S1, S2, . . . Loop identification Acceleration Model Checker ✔ ? ✘

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 15 / 24

Acceleration for arrays

Practical issue - classification of formulas

Different kind of formulas2 representing the (backward reachable) state-space: ground – formulas of the kind φ(v)

2In all the formulas we admit the term a(t) only if t is a variable or a constant.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 16 / 24

Acceleration for arrays

Practical issue - classification of formulas

Different kind of formulas2 representing the (backward reachable) state-space: ground – formulas of the kind φ(v) Σ0

1 – formulas of the kind ∃i.φ(i, v)

2In all the formulas we admit the term a(t) only if t is a variable or a constant.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 16 / 24

Acceleration for arrays

Practical issue - classification of formulas

Different kind of formulas2 representing the (backward reachable) state-space: ground – formulas of the kind φ(v) Σ0

1 – formulas of the kind ∃i.φ(i, v)

Σ0

2 – formulas of the kind ∃i∀j.φ(i, j, v)

2In all the formulas we admit the term a(t) only if t is a variable or a constant.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 16 / 24

Acceleration for arrays

Practical issue - classification of formulas

Different kind of formulas2 representing the (backward reachable) state-space: ground – formulas of the kind φ(v) Σ0

1 – formulas of the kind ∃i.φ(i, v)

Σ0

2 – formulas of the kind ∃i∀j.φ(i, j, v)

Σ0

2-formulas might not fall in any known decidable fragment

[BMS06, GdM09]

2In all the formulas we admit the term a(t) only if t is a variable or a constant.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 16 / 24

Acceleration for arrays

Practical issue - classification of transitions

Transition formulas can be: ground assignment – transitions of the kind τ(v, v′) Σ0

1-assignment – transitions of the kind ∃i.τ(i, v, v′)

Σ0

2-assignment – transitions of the kind ∃i∀j.τ(i, j, v, v′)

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 17 / 24

Acceleration for arrays

Practical issue - classification of transitions

Transition formulas can be: ground assignment – transitions of the kind τ(v, v′) Σ0

1-assignment – transitions of the kind ∃i.τ(i, v, v′)

Σ0

2-assignment – transitions of the kind ∃i∀j.τ(i, j, v, v′)

Preimages with respect to a Σ0

2-assignment are Σ0 2-formulas

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 17 / 24

Acceleration for arrays

Practical issue - classification of transitions

Transition formulas can be: ground assignment – transitions of the kind τ(v, v′) Σ0

1-assignment – transitions of the kind ∃i.τ(i, v, v′)

Σ0

2-assignment – transitions of the kind ∃i∀j.τ(i, j, v, v′)

Preimages with respect to a Σ0

2-assignment are Σ0 2-formulas

This prevents the practical application of the theoretical result!

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 17 / 24

Acceleration for arrays

Practical issue - classification of transitions

Transition formulas can be: ground assignment – transitions of the kind τ(v, v′) Σ0

1-assignment – transitions of the kind ∃i.τ(i, v, v′)

Σ0

2-assignment – transitions of the kind ∃i∀j.τ(i, j, v, v′)

Preimages with respect to a Σ0

2-assignment are Σ0 2-formulas

This prevents the practical application of the theoretical result! Solution: over-approximate problematic Σ0

2-formulas with their

monotonic abstraction [AGP+12]

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 17 / 24

Acceleration for arrays

Example

I l1 ¯ P τ0 τ1 τ2 ¯ P v1 v2 v+

2

v3 v+

3

⊥ ⊥

τ2 τ1 τ +

1

τ0

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 18 / 24

Acceleration for arrays

Example

I l1 ¯ P τ0 τ1 τ2 ¯ P v1 v2 v+

2

v3 v+

3

⊥ ⊥

τ2 τ1 τ +

1

τ0

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 18 / 24

Acceleration for arrays

Example

v1 v+

2

v+

2

v2 τ +

1

τ1

Instantiate ∀j over ∃i Might produce spurious counterexamples

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 19 / 24

Acceleration for arrays

Example

v1 v+

2

v+

2

v2 τ +

1

τ1

Instantiate ∀j over ∃i This is a Σ0

2-formula

Might produce spurious counterexamples

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 19 / 24

Acceleration for arrays

Example

v1 v+

2

v+

2

v2 τ +

1

τ1

Instantiate ∀j over ∃i This is a Σ0

2-formula

Might produce spurious counterexamples ∃x, y ∀j.    pc = lL ∧ y > 0 ∧ (i ≤ j < i + y → j < L ∧ a[j] = e) ∧ 0 ≤ x < i ∧ a[x] = e ∧ i + y ≥ L   

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 19 / 24

Acceleration for arrays

Example

v1 v+

2

v+

2

v2 τ +

1

τ1

Instantiation pushes it back to Σ0

1

Instantiate j over {x, y, i, i + y, . . .} Might produce spurious counterexamples ∃x, y ∀j.    pc = lL ∧ y > 0 ∧ (i ≤ j < i + y → j < L ∧ a[j] = e) ∧ 0 ≤ x < i ∧ a[x] = e ∧ i + y ≥ L   

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 19 / 24

Acceleration for arrays

Example

v1 v+

2

v+

2

v+

2

v2 τ +

1

τ1

Instantiate ∀j over ∃i Might produce spurious counterexamples

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 19 / 24

Acceleration for arrays

Example

v1 v+

2

v+

2

v+

2

v2 τ +

1

τ1

Instantiate ∀j over ∃i More instantiations (more precise) Might produce spurious counterexamples

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 19 / 24

Acceleration for arrays

Example

v1 v+

2

v+

2

v+

2

v2 τ +

1

τ1

Instantiate ∀j over ∃i More instantiations (more precise) Less instantiations (less precise) Might produce spurious counterexamples

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 19 / 24

Acceleration for arrays

Example

v1 v+

2

v+

2

v+

2

v2 τ +

1

τ1

Instantiate ∀j over ∃i Might produce spurious counterexamples

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 19 / 24

Acceleration for arrays

Ad-hoc refinement for monotonic abstraction

¬P J K+ K I τ +

i

τi

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 20 / 24

Acceleration for arrays

Ad-hoc refinement for monotonic abstraction

¬P J K τi

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 20 / 24

Acceleration for arrays

Experiments

Implemented in the mcmt model checker

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 21 / 24

Acceleration for arrays

Experiments

Implemented in the mcmt model checker Tested on 55 challenging benchmarks on arrays

initializing searching sorting etc.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 21 / 24

Acceleration for arrays

Experiments

function allDiff ( int a[N] ) : 1 r = true; 2 for (i = 1; i < N ∧ r; i++) 3 for (j = i-1; j ≥ 0 ∧ r; j--) 4 if (a[i] = a[j]) r = false; 5 assert (r → (∀x, y(0 ≤ x < y < N) → (a[x] = a[y])))

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 22 / 24

Acceleration for arrays

Experiments

function allDiff ( int a[N] ) : 1 r = true; 2 for (i = 1; i < N ∧ r; i++) 3 for (j = i-1; j ≥ 0 ∧ r; j--) 4 if (a[i] = a[j]) r = false; 5 assert (r → (∀x, y(0 ≤ x < y < N) → (a[x] = a[y])))

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 22 / 24

Acceleration for arrays

Experiments

0.01 0.1 1 10 0.01 0.1 1 10 Acceleration Abstraction

mcmt running time

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 23 / 24

Acceleration for arrays

Experiments

0.01 0.1 1 10 0.01 0.1 1 10

• Accel. + Abstr.

Abstraction

mcmt running time

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 23 / 24

Acceleration for arrays

Experiments

0.01 0.1 1 10 0.01 0.1 1 10

• Accel. + Abstr.

Acceleration

mcmt running time

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 23 / 24

Conclusion

Accelerations of local ground assignments are Σ0

2-assignments

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 24 / 24

Conclusion

Accelerations of local ground assignments are Σ0

2-assignments

Template-based computation of τ +

High degree of automation Computationally cheap

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 24 / 24

Conclusion

Accelerations of local ground assignments are Σ0

2-assignments

Template-based computation of τ +

High degree of automation Computationally cheap

monotonic abstraction to over-approximate problematic preimages with respect to accelerated transitions

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 24 / 24

Conclusion

Accelerations of local ground assignments are Σ0

2-assignments

Template-based computation of τ +

High degree of automation Computationally cheap

monotonic abstraction to over-approximate problematic preimages with respect to accelerated transitions Experimental evidence that acceleration and abstraction are mutually beneficial

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 24 / 24

Conclusion

Accelerations of local ground assignments are Σ0

2-assignments

Template-based computation of τ +

High degree of automation Computationally cheap

monotonic abstraction to over-approximate problematic preimages with respect to accelerated transitions Experimental evidence that acceleration and abstraction are mutually beneficial

Thank you! Questions?

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 24 / 24

References I

Francesco Alberti, Silvio Ghilardi, Elena Pagani, Silvio Ranise, and Gian Paolo Rossi. Universal guards, relativization of quantifiers, and failure models in Model Checking Modulo Theories. JSAT, 8(1/2):29–61, 2012. Francesco Alberti, Silvio Ghilardi, and Natasha Sharygina. Tackling divergence: abstraction and acceleration in array programs. Technical Report 2012/01, University of Lugano, oct 2012.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 25 / 24

References II

Gerd Behrmann, Johan Bengtsson, Alexandre David, Kim G. Larsen, Paul Pettersson, and Wang Yi. UPPAAL implementation secrets. In Werner Damm and Ernst-R¨ udiger Olderog, editors, FTRTFT, volume 2469 of Lecture Notes in Computer Science, pages 3–22. Springer, 2002. Marius Bozga, Radu Iosif, and Filip Konecn´ y. Fast acceleration of ultimately periodic relations. In Tayssir Touili, Byron Cook, and Paul Jackson, editors, CAV, volume 6174 of Lecture Notes in Computer Science, pages 227–242. Springer, 2010.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 26 / 24

References III

Aaron R. Bradley, Zohar Manna, and Henny B. Sipma. What’s decidable about arrays? In E. Allen Emerson and Kedar S. Namjoshi, editors, VMCAI, volume 3855 of Lecture Notes in Computer Science, pages 427–442. Springer, 2006. Yeting Ge and Leonardo M. de Moura. Complete instantiation for quantified formulas in satisfiabiliby modulo theories. In Ahmed Bouajjani and Oded Maler, editors, CAV, volume 5643

• f Lecture Notes in Computer Science, pages 306–320. Springer,

2009.

• F. Alberti

Definability of Accelerated Relations in a Theory of Arrays . . . 27 / 24