HiFrog: Interpolation-based Software Verification using Theory - - PowerPoint PPT Presentation

▶

Jan 30, 2023 456 likes •644 views

HiFrog: Interpolation-based Software Verification using Theory Refinement Sepideh Asadi joint work with Karine Even Mendoza, Grigory Fedyukovich, AnM Hyvrinen, Hana Chockler, Natasha Sharygina Formal Verification and Security Lab University

SLIDE 1

HiFrog: Interpolation-based Software Verification using Theory Refinement

Formal Verification and Security Lab University of Lugano (USI), Switzerland

Sepideh Asadi

joint work with Karine Even Mendoza, Grigory Fedyukovich, AnM Hyvärinen, Hana Chockler, Natasha Sharygina

FMCAD 2017

SLIDE 2

What is HiFrog?

▪ An SMT-based bounded model checker for C ▪ Computes and reuses FuncSon Summaries

Based on Craig interpolaSon

SLIDE 3

What is HiFrog?

▪ An SMT-based bounded model checker for C ▪ Computes and reuses FuncSon Summaries

Compact and readable summaries
Flexible in Size & Strength

▪ Controllable interpolaSon system for SMT

Based on Craig interpolaSon

SLIDE 4

What is HiFrog?

▪ An SMT-based bounded model checker for C ▪ Computes and reuses FuncSon Summaries

Compact and readable summaries
Flexible in Size & Strength

▪ Controllable interpolaSon system for SMT

Based on Craig interpolaSon

▪ AutomaSc adjustment of abstracSon using different theories

Theory Refinement

SLIDE 5

HiFrog and Function Summarization

summary refiner

symbolic execution SSA slicing

SMT encoder

BV BOOL

parser

Function Summaries

sources + assertions

assertion holds! assertion violated

& error trace UNSAT

EUF LRA BOOL

interpolation- based summaries

assertions

ptimizer

Interpolating SMT solver

theory solvers proof compressor itp for EUF itp for BOOL itp for LRA proof

SAT

EUF LRA

SLIDE 6

HiFrog and Function Summarization

summary refiner

symbolic execution SSA slicing

SMT encoder

BV BOOL

parser

Function Summaries

sources + assertions

assertion holds! assertion violated

& error trace UNSAT

EUF LRA BOOL

interpolation- based summaries

assertions

ptimizer

Interpolating SMT solver

theory solvers proof compressor itp for EUF itp for BOOL itp for LRA proof

SAT

EUF LRA

theory refiner

SLIDE 7

HiFrog and Theory Refinement

SLIDE 8

Symbolic Encoding

Program + AsserSons

HiFrog and Theory Refinement

SLIDE 9

Symbolic Encoding

Program + AsserSons

HiFrog and Theory Refinement

initial entire encoding

1

OpenSMT

less precise theory

SLIDE 10

2

Safe

UNSAT

Symbolic Encoding

Program + AsserSons

HiFrog and Theory Refinement

initial entire encoding

1

OpenSMT

less precise theory

SLIDE 11

SAT + model

2 2

Safe

UNSAT

Symbolic Encoding

Program + AsserSons

HiFrog and Theory Refinement

initial entire encoding

1

OpenSMT

less precise theory

SLIDE 12

Counter-example validator

sequence

f all terms

3

SAT + model

2 2

Safe

UNSAT

Symbolic Encoding

Program + AsserSons

HiFrog and Theory Refinement

initial entire encoding

1

OpenSMT

less precise theory

SLIDE 13

Counter-example validator

sequence

f all terms

3

SAT + model

2 2

Safe

UNSAT

Symbolic Encoding

Program + AsserSons

HiFrog and Theory Refinement

initial entire encoding

1

OpenSMT

less precise theory

term vs CEX

4

OpenSMT

precise theory

SLIDE 14

Counter-example validator

sequence

f all terms

3

SAT + model

2 2

Safe

UNSAT SAT

Do Nothing!

5

Symbolic Encoding

Program + AsserSons

HiFrog and Theory Refinement

initial entire encoding

1

OpenSMT

less precise theory

term vs CEX

4

OpenSMT

precise theory

SLIDE 15

Counter-example validator

sequence

f all terms

3

SAT + model

2 2

Safe

UNSAT SAT

Do Nothing!

5

term(s)

Refiner

UNSAT

5

Symbolic Encoding

Program + AsserSons

HiFrog and Theory Refinement

initial entire encoding

1

OpenSMT

less precise theory

term vs CEX

4

OpenSMT

precise theory

SLIDE 16

Counter-example validator

sequence

f all terms

3

SAT + model

2 2

Safe

UNSAT SAT

Do Nothing!

5

term(s)

Refiner

UNSAT

5

Symbolic Encoding

Program + AsserSons

HiFrog and Theory Refinement

initial entire encoding

1

OpenSMT

less precise theory

term vs CEX

4

OpenSMT

precise theory

Binding precise theory

local refinements

6

SLIDE 17

Counter-example validator

sequence

f all terms

3

SAT + model

2 2

Safe

UNSAT SAT

Do Nothing!

5

term(s)

Refiner

UNSAT

5

Symbolic Encoding

Program + AsserSons

HiFrog and Theory Refinement

initial entire encoding

1

OpenSMT

less precise theory

term vs CEX

4

OpenSMT

precise theory

nothing to refine

7

Unsafe +

Counter-example

Binding precise theory

local refinements

6

SLIDE 18

HiFrog: Interpolation-based Software Verification using Theory Refinement

Formal Verification and Security Lab University of Lugano (USI), Switzerland

Sepideh Asadi

FMCAD 2017

What is HiFrog?

▪ An SMT-based bounded model checker for C ▪ Computes and reuses FuncSon Summaries

What is HiFrog?

▪ An SMT-based bounded model checker for C ▪ Computes and reuses FuncSon Summaries

▪ Controllable interpolaSon system for SMT

What is HiFrog?

▪ An SMT-based bounded model checker for C ▪ Computes and reuses FuncSon Summaries

▪ Controllable interpolaSon system for SMT

▪ AutomaSc adjustment of abstracSon using different theories

HiFrog and Function Summarization

HiFrog and Function Summarization

HiFrog and Theory Refinement

HiFrog and Theory Refinement

HiFrog and Theory Refinement

1

2

HiFrog and Theory Refinement

1

2 2

HiFrog and Theory Refinement

1

3

2 2

HiFrog and Theory Refinement

1

3

2 2

HiFrog and Theory Refinement

1

4

3

2 2

5

HiFrog and Theory Refinement

1

4

3

2 2

5

5

HiFrog and Theory Refinement

1

4

3

2 2

5

5

HiFrog and Theory Refinement

1

4

6

3

2 2

5

5

HiFrog and Theory Refinement

1

4

7

6

h,p://verify.inf.usi.ch/hifrog/

Looking forward to seeing you at poster sessions!