producing effective interpolants for sat based
play

Producing Effective Interpolants for SAT-based Incremental - PowerPoint PPT Presentation

Nov 07, 2023 •33 likes •843 views

Producing Effective Interpolants for SAT-based Incremental Verification and Upgrade Checking Grigory Fedyukovich Joint work with: Ondrej Sery, Simone Fulvio Rollini, Leonardo Alt, Antti E. J. Hyvrinen, and Natasha Sharygina F ORMAL V ERIFICATION

  1. Producing Effective Interpolants for SAT-based Incremental Verification and Upgrade Checking Grigory Fedyukovich Joint work with: Ondrej Sery, Simone Fulvio Rollini, Leonardo Alt, Antti E. J. Hyvärinen, and Natasha Sharygina F ORMAL V ERIFICATION L AB University of Lugano VSSE 2014, 5 Apr 2014, Grenoble, France

  2. Motivation • Incremental checking of program correctness • One program, several properties • Eliminate redundancy in consequent verification runs • Checking upgrade correctness • Several programs, one property • Localize the verification to the change • Our methods • Use SAT-based Bounded Model Checking • Extracting function summaries by means of Craig Interpolation • Reusing function summaries in both scenarios • Controlling the size and strength of Craig Interpolants • Making the verification more efficient 2

  3. Background Bounded Model Checking [Biere et al. 1999] • Successful technique to prove program safety • Static • Automatic • Gives a concrete counter-example or proof of safety • Loops and recursion unwound • Up to a given bound • Encoding into a BMC formula • Different logics available • Conjoin with the negation of a property • To encode an undesired b е havior • Satisfiability check by a SAT/SMT-solver • UNSAT à System is safe • SAT à Error found • Satisfying assignment identifies an error trace • Problems • Detecting the bound enough for complete checking • Constructing abstractions of the behavior 3

  4. Background Counter-Example-Guided Abstraction Refinement [Ball et al. 2000] Initial Abstract Program Verification Proof Abstraction Model Safe model Checker Refine Counterexample the abstraction Refinement Simulator Bug found Simulation successful Counterexample is spurious 4

  5. Background Abstraction • Over-approximates program behavior • Is used to speed up verification • No precise encoding required • Sound • If it is proven to be safe then the original program is safe • Possibly non-terminating • Every detected bug should be simulated on the real program • After each spurious counter-example the abstraction should be refined • Refinement may not terminate • Random • How to construct better abstraction? 5

  6. Craig Interpolation [Craig et al. 1957] Definition: • Given mutually unsatisfiable formulas A and B, an Interpolant is a formula I such that • A → I • I ∧ B is unsatisfiable • Variables in I are common to both A and B A I B 6

  7. Craig Interpolation [Craig et al. 1957] Definition: • Given mutually unsatisfiable formulas A and B, an Interpolant is a formula I such that • A → I • I ∧ B is unsatisfiable • Variables in I are common to both A and B ∧ B I’ A I B 6

  8. Labeled Interpolation System [D’Silva et al. 2010] • Propositional logic, construction from unsatisfiablity proof • Generation of different interpolants from the same refutation • Interpolants of different size and strength • Generalization of algorithms of: • P by [Pudlak 1997] • M by [McMillan 2003] • M’ by [D’Silva et.al 2010] M P M’ 7

  9. Proof reduction Affects the size of summaries • Eliminate redundancies in the proof DAG • Applied before interpolation • Different methods available: • RecyclePivotsWithIntersection [Bar-Ilan et al. 2008, Fontaine et al. 2010] • LowerUnits [Fontaine et al. 2010] • Structural hashing based approach [Cotton et al. 2010] • Local rewriting rules [Rollini et al. 2010] • Practically, ends up with more compact interpolants • the smaller formula, the faster usage 8

  10. PeRIPLO high level overview 9

  11. PeRIPLO high level overview The first … • set of techniques to obtain Verification Environment interpolants of different strength and size φ φ interp. system; f ᴧ g ᴧ ... distibution configure PBMC formula A ᴧ B • experimentation evidence SAT UNSAT that compact interpolants improve performance in Logic Solver interpolant the context of software A I → B ᴧ I → ⊥ BMC proof of UNSAT Proof Interpolator Transformer • evaluation of the impact of interpolant strength in PeRIPLO Summarization-based BMC 9

  12. Function summaries in Bounded Model Checking • Apply Craig interpolation after SAT-solver returns UNSAT • Iterative procedure over the set of function calls • BMC created in a partitioned way • Each function represented by a separate partition in the BMC formula • Not monolithic as for classical BMC • Function summary • An over-approximation of the real behavior • Contains only the relevant information • Expressed using function’s in/out parameters 10

  13. Summaries substitution During the check of another property of the same code 1) No error is reachable à OK, program is safe 2) Error is reachable A) due to over-approximation of summaries B) real error Solution: Refine the abstraction • Identify candidate summaries • Appeared along the error trace • Replace them by precise representation 11

  14. Summaries substitution During the check of another property of the same code 1) No error is reachable à OK, program is safe 2) Error is reachable Σ A) due to over-approximation of summaries Σ B) real error Refinement of the abstraction: Σ • Identify candidate summaries Σ • Appeared along the error trace • Replace them by precise representation 12

  15. Partitioned BMC main () ¡ φ main UNSAT ¡ call ¡ f () ¡ ∧ ⇔ φ f asser0on ¡holds ¡ call ¡ g () ¡ ∧ φ g ∧ return ¡ φ bug assert(!bug); ¡ return ¡ return ¡ 13

  16. Construction of function summaries main () ¡ φ main B A ¡ ∧ B ¡ ¡ call ¡ f () ¡ ∧ UNSAT ¡ φ f B call ¡ g () ¡ ∧ φ g A ∧ return ¡ φ bug assert(!bug); ¡ return ¡ return ¡ B 13

  17. Construction of function summaries main () ¡ φ main B A ¡ ∧ B ¡ ¡ call ¡ f () ¡ ∧ UNSAT ¡ φ f B call ¡ g () ¡ ∧ proof ¡of ¡UNSAT ¡ φ g A ∧ return ¡ φ bug assert(!bug); ¡ return ¡ return ¡ B 13

  18. Construction of function summaries main () ¡ φ main B call ¡ f () ¡ ∧ φ f B call ¡ g () ¡ ∧ proof ¡of ¡UNSAT ¡ φ g I A ∧ return ¡ I ¡ ∧ B ¡ ¡ A ⇒ I φ bug assert(!bug); ¡ return ¡ return ¡ B UNSAT ¡ 13

  19. Using summary for checking another assertion main () ¡ φ main UNSAT ¡ call ¡ f () ¡ ∧ ⇔ φ f asser0on ¡holds ¡ call ¡ g () ¡ ∧ φ g ∧ return ¡ Subs0tute ¡existent ¡ φ bug' assert(!bug'); ¡ return ¡ return ¡ summary ¡instead ¡of ¡ precise ¡encoding ¡ 14

  20. Using summary for checking another assertion main () ¡ φ main UNSAT ¡ call ¡ f () ¡ ∧ ⇔ φ f asser0on ¡holds ¡ call ¡ g () ¡ ∧ φ g ∧ return ¡ Subs0tute ¡existent ¡ φ bug' assert(!bug'); ¡ return ¡ return ¡ summary ¡instead ¡of ¡ precise ¡encoding ¡ 14

  21. Using summary for checking another assertion main () ¡ φ main SAT ¡ call ¡ f () ¡ ∧ ⇔ φ f bug ¡witness ¡ call ¡ g () ¡ ∧ φ g ∧ return ¡ φ bug φ bug' assert(!bug'); ¡ return ¡ return ¡ The ¡more ¡accurate ¡ summary, ¡the ¡be1er ¡ chance ¡to ¡prove ¡safety! ¡ 14

  22. Interpolation algorithms main () ¡ φ main P by [Pudlak 1997] call ¡ f () ¡ M by [McMillan 2003] ∧ M’ by [D’Silva et al. 2010] φ f call ¡ g () ¡ ∧ φ g M P M’ ∧ return ¡ φ bug' assert(!bug'); ¡ return ¡ return ¡ The ¡stronger ¡interpolant, ¡the ¡ more ¡accurate ¡summary! ¡ 14

  23. sources summaries *.c known new summaries summaries *.h goto binary parser PBMC formula goto-cc φ f ᴧ φ g ᴧ ... UNSAT solver PBMC Correct encoder PeRIPLO initializer SAT eager/lazy refiner Bug CEG/greedy & error trace Σ * * Σ Σ Σ Σ initial subst. scenario refined subst. scenario 15

  24. FunFrog evaluation • 50 C benchmarks • Assertions on different call-tree levels • Checking one assertion at a time • Strength: M, P, M’ • Size: proof compression for interpolants reduction 16

  25. FunFrog evaluation 17

  26. Function-summarization-based Upgrade Checking The eVolCheck algorithm 0) Verification of the base version of the software ( bootstrap ) • function summaries generated and stored 18

  27. Function-summarization-based Upgrade Checking The eVolCheck algorithm 0) Verification of the base version of the software ( bootstrap ) • function summaries generated and stored 1) The user upgrades the software 2) Upgraded version of the software is preprocessed 3) eVolCheck identifies the modified code • by comparing parse trees for both the base and the upgraded version • function per function, in the intermediate program representation 4) eVolCheck attempts to verify the upgraded version 4) by rechecking whether old summaries still over-approximate new code 5) If all old function summaries are still valid then the upgrade is safe 6) If a summary is invalid, eVolCheck propagates 6) The user fixes the reported errors and continues from step 2) 18

  28. Upgrade Checking [Fedyukovich et al. 2013] Original version is safe main () ¡ φ main call ¡ f () ¡ ∧ φ f call ¡ g () ¡ ∧ φ g ∧ return ¡ φ bug assert(!bug); ¡ return ¡ return ¡ 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lazy Abstraction with Interpolants Ken McMillan (CAV06) Based on presentation by Yakir Vizel

Lazy Abstraction with Interpolants Ken McMillan (CAV06) Based on presentation by Yakir Vizel

Lazy Abstraction with Interpolants Ken McMillan (CAV06) Based on presentation by Yakir Vizel Automatic verification, June 26, 2017 Lecture 12 Previous work develops lazy abstraction for hardware Models describe hardware

691 views • 35 slides
Creating wellness, producing value Creating wellness, producing value Disclaimer

Creating wellness, producing value Creating wellness, producing value Disclaimer

, HELEX 16 OCTOBER 2018 Creating wellness, producing value Creating wellness, producing value Disclaimer This presentation has been prepared by PAPOUTSANIS S.A. based on publicly available information solely for the

712 views • 28 slides
Nested Interpolants Matthias Heizmann Jochen Hoenicke Andreas Podelski University of Freiburg,

Nested Interpolants Matthias Heizmann Jochen Hoenicke Andreas Podelski University of Freiburg,

Nested Interpolants Matthias Heizmann Jochen Hoenicke Andreas Podelski University of Freiburg, Germany POPL 2010 Result Interpolant-based software model checking for recursive programs avoid construction of an abstract program Hoare

346 views • 32 slides
Exploring Interpolants Philipp R ummer, Pavle Suboti c Uppsala University, Sweden COST

Exploring Interpolants Philipp R ummer, Pavle Suboti c Uppsala University, Sweden COST

Exploring Interpolants Philipp R ummer, Pavle Suboti c Uppsala University, Sweden COST Meeting, October 17 R ummer, Suboti c Exploring Interpolants COST Meeting, October 17 1 / 39 Introduction Interpolants in Model Checking Craig

754 views • 60 slides
Nonlinear Polynomials, Interpolants and Invariant Generation for System Analysis Deepak Kapur

Nonlinear Polynomials, Interpolants and Invariant Generation for System Analysis Deepak Kapur

Nonlinear Polynomials, Interpolants and Invariant Generation for System Analysis Deepak Kapur Department of Computer Science University of New Mexico Albuquerque, NM, USA with Rodriguez-Carbonell, Zhihai Zhang, Hengjun Zhao, Stephan Falke,

2.07k views • 183 slides
On the Lebesgue constant of the Floater-Hormann rational interpolants Stefano De Marchi

On the Lebesgue constant of the Floater-Hormann rational interpolants Stefano De Marchi

On the Lebesgue constant of the Floater-Hormann rational interpolants Stefano De Marchi Department of Mathematics University of Padova Fribourg, November 3, 2015 Joint work with L. Bos (Verona), K. Hormann (Lugano), G. Klein (Fribourg),

1.05k views • 63 slides
On smooth spline spaces and quasi-interpolants over Powell-Sabin triangulations Hendrik Speleers

On smooth spline spaces and quasi-interpolants over Powell-Sabin triangulations Hendrik Speleers

Intro PS r -splines Quasi-interpolation Conclusions On smooth spline spaces and quasi-interpolants over Powell-Sabin triangulations Hendrik Speleers Katholieke Universiteit Leuven Department of Computer Science MAIA Conference Erice,

537 views • 32 slides
Effectively Propositional Interpolants Samuel Drews and Aws Albarghouthi Effectively

Effectively Propositional Interpolants Samuel Drews and Aws Albarghouthi Effectively

Effectively Propositional Interpolants Samuel Drews and Aws Albarghouthi Effectively Propositional Logic (EPR) Quantifier-free No function symbols EPR Decidable satisfiability! EPR Decidable satisfiability! Expressive: Linked lists

1.12k views • 55 slides
Generating Sharper and Simpler Nonlinear Interpolants for Program Verification Takamasa Okudono 1

Generating Sharper and Simpler Nonlinear Interpolants for Program Verification Takamasa Okudono 1

Generating Sharper and Simpler Nonlinear Interpolants for Program Verification Takamasa Okudono 1 , Yuki Nishida 2 , Kensuke Kojima 2 , Kohei Suenaga 2 , Kengo Kido 1 and Ichiro Hasuo 3 1 University of Tokyo, Japan 2 Kyoto University, Japan 3

645 views • 36 slides
Producing Safety Cases - Good Practice Based on Lessons Learnt in in the UK and Mid iddle East

Producing Safety Cases - Good Practice Based on Lessons Learnt in in the UK and Mid iddle East

Producing Safety Cases - Good Practice Based on Lessons Learnt in in the UK and Mid iddle East Mike Bates Risktec Solutions DMCC, Dubai 1 Agenda A little bit of history 3 mile island, Piper Alpha NIMROD incident SHAPED safety

176 views • 14 slides
Design Based Research: research, capable of producing generalizable results? The tension

Design Based Research: research, capable of producing generalizable results? The tension

Introduction Brooks CHI88: is interface design itself an area of Design Based Research: research, capable of producing generalizable results? The tension between truths: What We Learn When We Engage in Design of Interactive

395 views • 24 slides
Is Your District Producing High Quality FBA/BIPs? The TATE and Improving Practice Rose

Is Your District Producing High Quality FBA/BIPs? The TATE and Improving Practice Rose

Is Your District Producing High Quality FBA/BIPs? The TATE and Improving Practice Rose Iovannone, Ph.D., BCBA-D iovannone@usf.edu University of South Florida Objectives Identify essential features for effective FBA/BIP behavior

427 views • 30 slides
Building a System to Support Effective PreK Learning from other states with a focus on New

Building a System to Support Effective PreK Learning from other states with a focus on New

Building a System to Support Effective PreK Learning from other states with a focus on New Jerseys Universal Urban Pre-K Program Ellen Frede, PhD 1 Senior Co-Director efrede@nieer.org No Single Ingredient*: Pre-k Programs Producing Large

268 views • 13 slides
The Equipment: From Rig to Producing Well Hydraulic Fracturing Producing Well: 20+ Years

The Equipment: From Rig to Producing Well Hydraulic Fracturing Producing Well: 20+ Years

www.anadarko.com | NYSE: APC The Equipment: From Rig to Producing Well Hydraulic Fracturing Producing Well: 20+ Years Producing Well: 20+ Years Drilling Rig 1 3 Anadarko Petroleum Corporation www.anadarko.com | NYSE: APC Horizontal Drilling

598 views • 16 slides
Applications of linear barycentric rational interpolation at equispaced nodes Jean-Paul Berrut

Applications of linear barycentric rational interpolation at equispaced nodes Jean-Paul Berrut

Interpolation Differentiation of barycentric rational interpolants Linear barycentric rational finite differences Integration of barycentric rational interpolants Applications of linear barycentric rational interpolation at equispaced nodes

1k views • 82 slides
Unusual convergence behaviour of certain rational interpolants Joris Van Deun Outline Chebyshev

Unusual convergence behaviour of certain rational interpolants Joris Van Deun Outline Chebyshev

Unusual convergence behaviour of certain rational interpolants Joris Van Deun Outline Chebyshev polynomials and rational functions Barycentric interpolation Conformal maps Strange convergence 2/30 Outline Chebyshev polynomials and rational

731 views • 30 slides
Speeding up VP9 Intra Encoder with Hierarchical Deep Learning Based Partition Prediction Somdyuti

Speeding up VP9 Intra Encoder with Hierarchical Deep Learning Based Partition Prediction Somdyuti

Speeding up VP9 Intra Encoder with Hierarchical Deep Learning Based Partition Prediction Somdyuti Paul, Andrey Norkin and Alan C. Bovik AOM Symposium 2019 VP9 Partition Prediction Using H-FCN October 21, 2019 1 / 19 Outline Introduction

401 views • 19 slides
Holonomic D -Modules, the Dixmie Conjecture and the Jacobian Conjecture Vladimir Bavula

Holonomic D -Modules, the Dixmie Conjecture and the Jacobian Conjecture Vladimir Bavula

Holonomic D -Modules, the Dixmie Conjecture and the Jacobian Conjecture Vladimir Bavula Talks/DOKBONN 1 Plan 1. Holonomic D -Modules and the Inequality of Bernstein. 2. The Jacobian Conjecture, the Dixmier Prob- lem and a Question

457 views • 13 slides
Homological mirror symmetry HMS (Kontsevich 1994, Hori-Vafa 2000, Kapustin-Li 2002, Katzarkov

Homological mirror symmetry HMS (Kontsevich 1994, Hori-Vafa 2000, Kapustin-Li 2002, Katzarkov

Homological mirror symmetry HMS (Kontsevich 1994, Hori-Vafa 2000, Kapustin-Li 2002, Katzarkov 2002, . . . ) relates symplectic and algebraic geometry via their categorical structures. A symplectic manifold M is mirror to a Landau- Ginzburg

470 views • 17 slides
Model Theory for Sheaves of Modules Mike Prest School of Mathematics, University of Manchester,

Model Theory for Sheaves of Modules Mike Prest School of Mathematics, University of Manchester,

Model Theory for Sheaves of Modules Mike Prest School of Mathematics, University of Manchester, UK mprest@manchester.ac.uk March 1, 2019 1 / 21 Model Theory March 1, 2019 2 / 21 Model Theory Definable sets in structures : ( M ) where M

833 views • 54 slides
Super-FRS components Presenter: F. Amjad Contributors: H. Weick, C. Karagiannis, C. Schloer, N.

Super-FRS components Presenter: F. Amjad Contributors: H. Weick, C. Karagiannis, C. Schloer, N.

t Remote handling for the Super-FRS components Presenter: F. Amjad Contributors: H. Weick, C. Karagiannis, C. Schloer, N. Nociforo Partner institutions: KVI-CART university of Groningen CSIR- CMERI, Durgapur Accelerator Seminar, Darmstadt,

667 views • 48 slides
Inspi Inspiring ring U How to Bring Your "A-Game" To Work Every Day and Bring out the

Inspi Inspiring ring U How to Bring Your "A-Game" To Work Every Day and Bring out the

Inspi Inspiring ring U How to Bring Your "A-Game" To Work Every Day and Bring out the Best in Others With David Lee The Key Difference Between the Top 10% The ability to inspire and motivate others to perform at their best. Source:

775 views • 52 slides
Game Engines CMPM 164, F2019 Prof. Angus Forbes (instructor) angus@ucsc.edu Montana Fowler (TA)

Game Engines CMPM 164, F2019 Prof. Angus Forbes (instructor) angus@ucsc.edu Montana Fowler (TA)

Game Engines CMPM 164, F2019 Prof. Angus Forbes (instructor) angus@ucsc.edu Montana Fowler (TA) mocfowle@ucsc.edu Website: creativecoding.soe.ucsc.edu/courses/cmpm164 Slack: https://ucsccmpm164.slack.com Class information Class website:

372 views • 14 slides
trt tr s s

trt tr s s

trt tr trt t ss trt tr s s rst

570 views • 42 slides

More recommend