strings software model checking
play

Strings & Software Model Checking Philipp Rmmer Uppsala - PowerPoint PPT Presentation

Oct 29, 2022 •454 likes •1.68k views

Strings & Software Model Checking Philipp Rmmer Uppsala University 30 August 2019 Taipei, Taiwan 1/121 Outline Constrained Horn Clauses JayHorn Architecture JayHorn Approach to Handling Heap Demos & Examples

  1. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $z0 = <Test: boolean $assertionsDisabled>; if $z0 != 0 goto label3; $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $r3 = new java.lang.AssertionError; specialinvoke $r3.<java.lang.AssertionError: void <init>()>(); throw $r3; label3: return; 45/121 }

  2. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); r1 = $r2; label1: + Several further $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; methods $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $z0 = <Test: boolean $assertionsDisabled>; if $z0 != 0 goto label3; $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $r3 = new java.lang.AssertionError; specialinvoke $r3.<java.lang.AssertionError: void <init>()>(); throw $r3; label3: return; 46/121 }

  3. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); r1 = $r2; Load instruction label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; Store instruction r1.<Test: int x> = $i3; goto label1; label2: $z0 = <Test: boolean $assertionsDisabled>; if $z0 != 0 goto label3; $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $r3 = new java.lang.AssertionError; specialinvoke $r3.<java.lang.AssertionError: void <init>()>(); throw $r3; label3: return; 47/121 }

  4. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $z0 = <Test: boolean $assertionsDisabled>; if $z0 != 0 goto label3; ➀ $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $r3 = new java.lang.AssertionError; specialinvoke $r3.<java.lang.AssertionError: void <init>()>(); throw $r3; label3: return; 48/121 }

  5. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: Reconstructed assertion $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); label3: return; 49/121 }

  6. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; ➁ specialinvoke $r2.<Test: void <init>()>(); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); label3: return; 50/121 }

  7. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; Exception passing through variables; label1: assert absence of exceptions $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); label3: return; 51/121 }

  8. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); label3: return; 52/121 }

  9. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } ➂ staticinvoke <Test: void <clinit>()>(); Static initialisers staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; as normal methods specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 53/121 label3: return;

  10. Data-Flow ➁ ➀ ➂ ➃ ➅ ➈ ➄ ➆ 54/121

  11. ➃ From Jimple to JayHorn IR ● Intermediate representation similar to Jimple ● But simpler, e.g.: ● Methods become C-like functions ● No exceptions 55/121

  12. ➃ From Jimple to JayHorn IR ● Intermediate representation similar to Jimple ● But simpler, e.g.: ● Methods become C-like functions ● No exceptions Main difgerence: load → pull store → push 56/121

  13. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 57/121 label3: return;

  14. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 58/121 label3: return;

  15. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: r1_x, r1_y := pull(Test, r1) $i0 = r1.<Test: int x>; $i0 := r1_x if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 59/121 label3: return;

  16. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: r1_x, r1_y := pull(Test, r1) $i0 = r1.<Test: int x>; $i0 := r1_x if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; r1_x := $i3 r1.<Test: int x> = $i3; goto label1; push(Test, r1, [r1_x, r1_y]) label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 60/121 label3: return;

  17. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); havoc(r1_x, r1_y) $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; assume inv_Test(r1, r1_x, r1_y) $assert_11 = $helper1 == null; [...] staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: r1_x, r1_y := pull(Test, r1) $i0 = r1.<Test: int x>; $i0 := r1_x if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; r1_x := $i3 r1.<Test: int x> = $i3; goto label1; push(Test, r1, [r1_x, r1_y]) label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 61/121 label3: return;

  18. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); havoc(r1_x, r1_y) $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; assume inv_Test(r1, r1_x, r1_y) $assert_11 = $helper1 == null; [...] staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: r1_x, r1_y := pull(Test, r1) $i0 = r1.<Test: int x>; $i0 := r1_x if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; r1_x := $i3 r1.<Test: int x> = $i3; goto label1; push(Test, r1, [r1_x, r1_y]) label2: $i1 = r1.<Test: int x>; [...] if $i1 == 10 goto label3; $assert_9 = 0; assert inv_Test(r1, r1_x, r1_y) staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 62/121 label3: return;

  19. ➄ JayHorn IR to Horn Clauses Three kinds of predicates: ● State invariants loc_l for every control location l → like in Ex 1 ● Pre-/post-conditions pre_m , post_m for every method m → like in Ex 2 ● Class/instance invariants inv_C for every class C 63/121

  20. JayHorn IR Instructions ● x := t ● assume phi ● assert phi ● x := pull(C, p) ● push(C, p, [x]) 64/121

  21. JayHorn IR Instructions ● x := t ● assume phi ● assert phi ● x := pull(C, p) ● push(C, p, [x]) 65/121

  22. JayHorn IR Instructions ● x := t ● assume phi ● assert phi ● x := pull(C, p) ● push(C, p, [x]) Heap is completely gone at this point! 66/121

  23. In the Example public class Test { int x, y; public static void main(String[] args) { Test t = new Test(); while (t.x < 10) t.x++; assert(t.x == 10); } } 67/121

  24. Invariant In the Example inv_Test(p, x, y) has to hold for all states of all Test objects reachable in the program public class Test { int x, y; public static void main(String[] args) { Test t = new Test(); while (t.x < 10) t.x++; assert(t.x == 10); } } 68/121

  25. Invariant In the Example inv_Test(p, x, y) has to hold for all states of all Test objects reachable in the program public class Test { int x, y; public static void main(String[] args) { Test t = new Test(); while (t.x < 10) x ⊆ [0, 10] ⟹ t.x++; inv_Test(t, x, y) assert(t.x == 10); } } 69/121

  26. Invariant In the Example inv_Test(p, x, y) has to hold for all states of all Test objects reachable in the program public class Test { int x, y; public static void main(String[] args) { Test t = new Test(); while (t.x < 10) x ⊆ [0, 10] ⟹ t.x++; inv_Test(t, x, y) assert(t.x == 10); } } inv_Test(t, x, y) will be too weak to prove the assertion 70/121

  27. Invariant In the Example inv_Test(p, x, y) has to hold for all states of all Test objects reachable in the program public class Test { int x, y; public static void main(String[] args) { Test t = new Test(); while (t.x < 10) x ⊆ [0, 10] ⟹ t.x++; inv_Test(t, x, y) assert(t.x == 10); } } inv_Test(t, x, y) NB: loop condition will be too weak does not help, since to prove the assertion state invariants only see local variables 71/121

  28. Data-Flow ➁ ➀ ➂ ➃ ➅ ➈ ➄ ➆ 72/121

  29. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: r1_x, r1_y := pull(Test, r1) $i0 := r1_x if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) $i2 := r1_x $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) r1_x := $i3 push(Test, r1, [r1_x, r1_y]) goto label1; label2: [...] 73/121

  30. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: r1_x, r1_y := pull(Test, r1) $i0 := r1_x Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i3 = $i2 + 1; in the program r1_x, r1_y := pull(Test, r1) r1_x := $i3 push(Test, r1, [r1_x, r1_y]) goto label1; label2: [...] 74/121

  31. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x $i3 = $i2 + 1; $i3 = $i2 + 1; in the program r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; label2: [...] 75/121

  32. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x $i2 := r1_x $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; in the program r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; label2: [...] 76/121

  33. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x r1_x', r1_y := pull(Test, r1) $i2 := r1_x $i3 = $i2 + 1; $i3 = $i2 + 1; $i2 := r1_x r1_x, r1_y := pull(Test, r1) in the program r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; goto label1; label2: [...] 77/121

  34. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x r1_x', r1_y := pull(Test, r1) $i2 := r1_x r1_x' := r1_x; r1_y := r1_y $i3 = $i2 + 1; $i2 := r1_x $i2 := r1_x r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; in the program r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; goto label1; goto label1; label2: [...] 78/121

  35. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x r1_x', r1_y := pull(Test, r1) $i2 := r1_x r1_x' := r1_x; r1_y := r1_y $i3 = $i2 + 1; $i2 := r1_x $i2 := r1_x r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i2 := r1_x in the program r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; label2: [...] 79/121

  36. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: label1: label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x r1_x' := r1_x; r1_y := r1_y $i2 := r1_x r1_x', r1_y := pull(Test, r1) $i3 = $i2 + 1; $i2 := r1_x $i2 := r1_x $i2 := r1_x $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) $i2 := r1_x in the program r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; label2: [...] 80/121

  37. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: label1: label1: label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x r1_x', r1_y := pull(Test, r1) $i2 := r1_x r1_x' := r1_x; r1_y := r1_y $i3 = $i2 + 1; $i3 = $i2 + 1; $i2 := r1_x $i2 := r1_x $i2 := r1_x $i2 := r1_x $i2 := r1_x r1_x, r1_y := pull(Test, r1) in the program r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; label2: [...] 81/121

  38. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: label1: label1: label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; ... r1_x, r1_y := pull(Test, r1) if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x r1_x', r1_y := pull(Test, r1) $i2 := r1_x r1_x' := r1_x; r1_y := r1_y $i2 := r1_x $i3 = $i2 + 1; $i3 = $i2 + 1; $i2 := r1_x $i2 := r1_x $i2 := r1_x r1_x, r1_y := pull(Test, r1) $i2 := r1_x $i2 := r1_x in the program r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; label2: [...] 82/121

  39. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; r1_x, r1_y := pull(Test, r1) Finally, complete label1: $i0 := r1_x computation if $i0 >= 10 goto label2; happening on local $i2 := r1_x $i3 = $i2 + 1; variables! r1_x := $i3 push(Test, r1, [r1_x, r1_y]) goto label1; label2: [...] 83/121

  40. Push/Pull Simplifjcation Rules 84/121

  41. Push/Pull Simplifjcation Rules Assuming distinct sets of x not variables occurring in p, t1, ... 85/121

  42. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { FlowSens t = new FlowSens(); t.x = 1; if (args.length > 5) t.x += 10; else t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; } } 86/121

  43. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { push(t, 0) FlowSens t = new FlowSens(); t.x = 1; if (args.length > 5) t.x += 10; else t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; } } 87/121

  44. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { push(t, 0) FlowSens t = new FlowSens(); t.x = 1; push(t, 1) if (args.length > 5) t.x += 10; else t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; } } 88/121

  45. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { push(t, 0) FlowSens t = new FlowSens(); t.x = 1; push(t, 1) if (args.length > 5) push(t, 11) t.x += 10; else push(t, 21) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; } } 89/121

  46. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { push(t, 0) FlowSens t = new FlowSens(); t.x = 1; push(t, 1) if (args.length > 5) push(t, 11) t.x += 10; else push(t, 21) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x := pull(t) } } 90/121

  47. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { push_0(t, 0) push(t, 0) FlowSens t = new FlowSens(); t.x = 1; push(t, 1) push_1(t, 1) if (args.length > 5) push(t, 11) push_2(t, 11) t.x += 10; else push(t, 21) push_3(t, 21) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x := pull(t) } } 91/121

  48. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { push_0(t, 0) push(t, 0) FlowSens t = new FlowSens(); t.x = 1; push(t, 1) push_1(t, 1) if (args.length > 5) push(t, 11) push_2(t, 11) t.x += 10; else push(t, 21) push_3(t, 21) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x := pull(t)[2,3] x := pull(t) } } 92/121

  49. Adding Flow-Sensitivity (2) Defjnition Statement S = push(p, x) is a (data-)dependency of statement L = x := pull(q) if there is a path from S to L such that ● p and q may alias (on that path); ● there is no further statement push(p', x') on the path such that p and p' must alias . 93/121

  50. Adding Flow-Sensitivity (3) public class FlowSens { int x; public static void main(String[] args) { push_0(t, 0) FlowSens t = new FlowSens(); t.x = 1; push_1(t, 1) if (args.length > 5) push_2(t, 11) t.x += 10; else push_3(t, 21) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x := pull(t)[2,3] x := pull(t)[2,3] } } 94/121

  51. Ghost fjeld to Adding Flow-Sensitivity (3) store the ID of the last push public class FlowSens { int x; int pushID; public static void main(String[] args) { push_0(t, 0) FlowSens t = new FlowSens(); t.x = 1; push_1(t, 1) if (args.length > 5) push_2(t, 11) t.x += 10; else push_3(t, 21) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x := pull(t)[2,3] x := pull(t)[2,3] } } 95/121

  52. Ghost fjeld to Adding Flow-Sensitivity (3) store the ID of Assign to the the last push ghost fjeld public class FlowSens { int x; int pushID; public static void main(String[] args) { push_0(t, 0) push(t, 0 , 0 ) FlowSens t = new FlowSens(); t.x = 1; push(t, 1 , 1 ) push_1(t, 1) if (args.length > 5) push(t, 11 , 2 ) push_2(t, 11) t.x += 10; else push_3(t, 21) push(t, 21 , 3 ) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x := pull(t)[2,3] x := pull(t)[2,3] } } 96/121

  53. Ghost fjeld to Adding Flow-Sensitivity (3) store the ID of Assign to the the last push ghost fjeld public class FlowSens { int x; int pushID; public static void main(String[] args) { push(t, 0 , 0 ) push_0(t, 0) FlowSens t = new FlowSens(); t.x = 1; push(t, 1 , 1 ) push_1(t, 1) if (args.length > 5) push(t, 11 , 2 ) push_2(t, 11) t.x += 10; else push_3(t, 21) push(t, 21 , 3 ) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x, i := pull(t) x := pull(t)[2,3] x := pull(t)[2,3] } assume i==2 || i==3 Check that we } read right version 97/121

  54. Ghost fjeld to Adding Flow-Sensitivity (3) store the ID of Assign to the the last push ghost fjeld public class FlowSens { int x; int pushID; public static void main(String[] args) { Possible class invariant: push_0(t, 0) push(t, 0 , 0 ) FlowSens t = new FlowSens(); pushID == 0 && x == 0 || t.x = 1; push(t, 1 , 1 ) push_1(t, 1) pushID == 1 && x == 1 || if (args.length > 5) pushID == 2 && x > 1 || push_2(t, 11) push(t, 11 , 2 ) t.x += 10; pushID == 3 && x > 1 else push_3(t, 21) push(t, 21 , 3 ) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x, i := pull(t) x := pull(t)[2,3] x := pull(t)[2,3] } assume i==2 || i==3 Check that we } read right version 98/121

  55. ➇ Tupled 01 public static class Node { 02 final Node next; 03 final int data; 04 References 05 public Node(Node next, int data) { 06 this.next = next; 07 this.data = data; 08 } 09 } 10 11 public static void main(String[] args) { 12 final int size = 10; 13 final int[] table = new int[size] ; 14 Node l1 = null; 15 Node l2 = null; 16 for (int i=0; i<args.length; i++) { 17 int d = Integer.parseInt(args[i]); 18 if (d >= 0 && d < size) { 19 l1 = new Node(l1, d); 20 } else { 21 l2 = new Node(l2, d); 22 } 23 } 24 while (l1 != null) { 25 table[l1.data] = table[l1.data] + 1; 26 l1 = l1.next; 27 } 100/121 28 }

  56. ➇ Tupled 01 public static class Node { 02 final Node next; 03 final int data; 04 References 05 public Node(Node next, int data) { 06 this.next = next; 07 this.data = data; 08 } 09 } 10 11 public static void main(String[] args) { 12 final int size = 10; 13 final int[] table = new int[size] ; 14 Node l1 = null; 15 Node l2 = null; 16 for (int i=0; i<args.length; i++) { 17 int d = Integer.parseInt(args[i]); 18 if (d >= 0 && d < size) { 19 l1 = new Node(l1, d); 20 } else { Need to show absence of 21 l2 = new Node(l2, d); ArrayIndexOutOfBoundsE. 22 } 23 } 24 while (l1 != null) { 25 table[l1.data] = table[l1.data] + 1; 26 l1 = l1.next; 27 } 101/121 28 }

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

628 views • 34 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

301 views • 8 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

777 views • 31 slides
SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl

SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl

SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl Joint work with Dirk Beyer University of Passau, Germany SMT-based Software Model Checking Bounded Model Checking ( Cbmc , CPAchecker , Esbmc ,

496 views • 26 slides
Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition systems checks safety and

439 views • 17 slides
SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva b.fischer@ecs.soton.ac.uk Bounded Model Checking (BMC) Basic Idea: check negation of given property

957 views • 33 slides
Finding and Understanding Bugs in Software Model Checkers Chengyu Zhang , Ting Su, Yichen Yan,

Finding and Understanding Bugs in Software Model Checkers Chengyu Zhang , Ting Su, Yichen Yan,

Finding and Understanding Bugs in Software Model Checkers Chengyu Zhang , Ting Su, Yichen Yan, Fuyuan Zhang, Geguang Pu, Zhendong Su Software Model Checking 2 Software Model Checking P 3 Software Model Checking P 4 Software

1.41k views • 114 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Software Verification with BLAST Model Checking Blast Motivation Rigorous Sofware Development

Software Verification with BLAST Model Checking Blast Motivation Rigorous Sofware Development

Software Verification with BLAST Daniele Sgandurra Introduction Software Verification with BLAST Model Checking Blast Motivation Rigorous Sofware Development via Model Checking Lazy Abstraction Reachability Tree Seminar Complete

970 views • 95 slides
Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid

Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid

Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid UC Santa Cruz Bell Labs Presented by: Ulrich Mller Model Checking Given a multithreaded program Wed like to check for deadlocks and

462 views • 17 slides
Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and Verification Group RWTH Aachen University associated to University of Twente, Formal Methods and Tools Lecture at Quantitative Model Checking School, March

638 views • 45 slides
Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and Verification Group RWTH Aachen University associated to University of Twente, Formal Methods and Tools Lecture at Quantitative Model Checking School, March

672 views • 66 slides
Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model checking historically not the first symbolic model checking approach scales better than original BDD based techniques mostly incomplete in

521 views • 28 slides
CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms for ( U ) Counter Examples and witnesses Symbolic Model Checking (Thursday) Binary Decision Trees

740 views • 40 slides
Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic Program Analysis Program Analysis Patrice Godefroid Godefroid Patrice Bell Laboratories, Lucent Technologies Bell Laboratories, Lucent

1.05k views • 56 slides
Software Engineering I (02161) Week 10 Assoc. Prof. Hubert Baumeister DTU Compute Technical

Software Engineering I (02161) Week 10 Assoc. Prof. Hubert Baumeister DTU Compute Technical

Software Engineering I (02161) Week 10 Assoc. Prof. Hubert Baumeister DTU Compute Technical University of Denmark Spring 2017 Last Week Layered Architecture: Persistent Layer Software Development Processes Waterfall (Rational)

861 views • 41 slides
Using Graph Theory to Analyze Gene Network Coherence Francisco A. Gmez-Vela Norberto

Using Graph Theory to Analyze Gene Network Coherence Francisco A. Gmez-Vela Norberto

Using Graph Theory to Analyze Gene Network Coherence Francisco A. Gmez-Vela Norberto Daz-Daz fgomez@upo.es ndiaz@upo.es Jess S. Aguilar Jos A. Lagares Jos A. Snchez 1 Outlines n Introduction n Proposed Methodology n

900 views • 31 slides
Usage Aware Average-Clicks Kalyan Beemanapalli University of Minnesota Ramya Rangarajan

Usage Aware Average-Clicks Kalyan Beemanapalli University of Minnesota Ramya Rangarajan

Usage Aware Average-Clicks Kalyan Beemanapalli University of Minnesota Ramya Rangarajan University of Minnesota Jaideep Srivastava University of Minnesota Presenter: Kalyan Beemanapalli WebKDD 2006 Workshop on Knowledge Discovery on

555 views • 26 slides
Categorical Liveness Checking by Corecursive Algebras Natsuki Urabe, Masaki Hara &amp;

Categorical Liveness Checking by Corecursive Algebras Natsuki Urabe, Masaki Hara &amp;

Categorical Liveness Checking by Corecursive Algebras Natsuki Urabe, Masaki Hara &amp; Ichiro Hasuo June 20, 2017 Natsuki Urabe (U. Tokyo) 1 / 29 Motivation ranking function nondeterministic system Natsuki Urabe (U.

1.01k views • 68 slides
P OPULATION CTMC A population model is thus given by a tuple X ( N ) = ( X ( N ) , T ( N ) , x ( N

P OPULATION CTMC A population model is thus given by a tuple X ( N ) = ( X ( N ) , T ( N ) , x ( N

F LUID M ODEL C HECKING F LUID A PPROXIMATION FOR C HECKING L OGIC P ROPERTIES IN M ARKOV P OPULATION M ODELS Luca Bortolussi 1 , 2 1 Dipartimento di Matematica e Geoscienze Universit degli studi di Trieste 2 CNR/ISTI, Pisa luca@dmi.units.it

1.43k views • 122 slides
Welcome'to'the'first'video'lecture'in'this'tutorial'on'Fluid'Construc5on'Grammar.'

Welcome'to'the'first'video'lecture'in'this'tutorial'on'Fluid'Construc5on'Grammar.'

Welcome'to'the'first'video'lecture'in'this'tutorial'on'Fluid'Construc5on'Grammar.' Todays'lecture'will'introduce'feature'structures'for'represen5ng'linguis5c'

223 views • 20 slides
Cooling LHCb installation workshop, 16 May 2018 Thanks to O. Crespo-Lopez, J. Daguin, M. Doubek,

Cooling LHCb installation workshop, 16 May 2018 Thanks to O. Crespo-Lopez, J. Daguin, M. Doubek,

Cooling LHCb installation workshop, 16 May 2018 Thanks to O. Crespo-Lopez, J. Daguin, M. Doubek, P. Tropea for providing material/slides. 1 / 22 Cooling-related projects and tasks during LS2 Evaporative CO 2 cooling for VELO and UT sensors and

430 views • 22 slides
Introduction to OpenMP ! Introduction to parallel computing ! Classification of parallel

Introduction to OpenMP ! Introduction to parallel computing ! Classification of parallel

Agenda ! Introduction to OpenMP ! Introduction to parallel computing ! Classification of parallel computers ! What is OpenMP? ! OpenMP examples ! !&quot; #&quot; Parallel computing ! Demand for parallel computing ! A form of

299 views • 18 slides

More recommend