effective word level interpolation for software
play

Effective Word-Level Interpolation for Software Verification - PowerPoint PPT Presentation

Jul 22, 2023 •149 likes •572 views

FMCAD 2011 Effective Word-Level Interpolation for Software Verification Alberto Griggio FBK-IRST Motivations Craig interpolation applied succesfully for Formal Verification of both hardware and software Ongoing research (at least for

  1. FMCAD 2011 Effective Word-Level Interpolation for Software Verification Alberto Griggio FBK-IRST

  2. Motivations ♦ Craig interpolation applied succesfully for Formal Verification of both hardware and software ♦ Ongoing research (at least for 6-7 years) on efficient algorithms for computing interpolants in various useful (combinations of) theories ♦ UF, LA (and fragments), data structures, arrays, quantifiers... ♦ Very little done for bit-vectors! ♦ ...But BV are fundamental in both hardware and software verification ♦ This work: a “practical” procedure for BV interpolation ♦ Using efficient SMT techniques ♦ A first step, not a general-purpose solution ♦ Optimized for problems arising in software verification

  3. Outline ♦ Background ♦ Layered Interpolation for BV ♦ Discussion ♦ Experimental Evaluation

  4. Interpolants ♦ (Craig) Interpolant for an ordered pair ( A, B ) of formulas s.t. is a formula I s.t. A ^ B j = T ? (or: A j = : B ) A j a) = T I B ^ I j = T ? ( I j = : B ) b) c) All the uninterpreted (in ) symbols of I occur in both A and B T

  5. Lazy SMT and Interpolation ♦ DPLL(T) (i.e. “lazy”) approach to SMT: SAT solver (DPLL) + decision procedure for conjunctions of T -constraints ( T -solver) ♦ Interpolants from DPLL(T)-proofs [McMillan]: T Boolean part -specific part (ground resolution) (for conjunctions of constraints) -specific T Standard Boolean interpolation interpolation for conjunctions only ♦ State-of-the-art approach for solving and interpolation in several important theories (UF, LA, combinations, ...)

  6. SMT for Bit-Vectors ♦ State-of-the-art for SMT(BV) is NOT DPLL(T)! ♦ All efficient SMT(BV) solvers are based on: ♦ Aggressive preprocessing/simplification of the formula using word-level information ♦ Eager encoding into SAT (“bit-blasting”) ♦ Problem for interpolation: proofs are a “blob of bits” ♦ No clear partitioning between Boolean part and BV-specific part ♦ Word-level structure completely lost and difficult to recover ♦ Some work done [Kroening&Weissenbacher 07], but limited to equality logic only

  7. Outline ♦ Background ♦ Layered Interpolation for BV ♦ Discussion ♦ Experimental Evaluation

  8. Interpolation via Bit-Blasting Interpolation via bit-blasting is easy... ♦ From and generate and A BV B BV A Bool B Bool ♦ Each var of width n encoded with n Boolean vars b x 1 : : : b x x n ♦ Generate a Boolean interpolant for I Bool ( A Bool ; B Bool ) ♦ Replace every variable in with the bit-selection b x I Bool x [ i ] i and every Boolean connective with the corresponding bit-wise connective: ^ 7! & ; _ 7! j ; : 7!» ...but quite impractical ♦ Generates “ugly” interpolants ♦ Word-level structure of the original problem completely lost ♦ How to apply word-level simplifications?

  9. Interpolation via Bit-Blasting - Example def = ( a [8] ¤ b [8] = 15 [8] ) ^ ( a [8] = 3 [8] ) A def = : ( b [8] % u c [8] = 1 [8] ) ^ ( c [8] = 2 [8] ) B A word-level interpolant is: def = ( b [8] ¤ 3 [8] = 15 [8] ) I ...but with bit-blasting we get: I 0 def = ( b [8] [0] = 1 [1] ) ^ (( b [8] [0]& » (((((( » b [8] [7]& » b [8] [6])& » b [8] [5])& » b [8] [4])& » b [8] [3])& b [8] [2])& » b [8] [1])) = 0 [1] )

  10. Lazy bit-blasting and DPLL(T) for BV ♦ Our goal: combine the benefits of bit-blasting for efficiently solving BV with those of DPLL(T) for interpolation ♦ Exploit lazy bit-blasting ♦ Bit-blast only BV-atoms, not the whole formula ♦ Boolean skeleton of the formula handled by the “main” DPLL, like in DPLL(T) ♦ Conjunctions of BV-atoms handled (via bit-blasting) by a “sub”- DPLL (DPLL-BV) that acts as a BV-solver Standard BV-specific Interpolation Boolean Interpolation for conjunctions of constraints ♦ Implemented using SAT solving under assumptions

  11. Interpolation for BV constraints A layered approach ♦ Apply in sequence a chain of procedures of increasing generality and cost ♦ Interpolation in EUF ♦ Interpolation via equality inlining ♦ Interpolation via Linear Integer Arithmetic encoding ♦ Interpolation via bit-blasting

  12. Interpolation in EUF ♦ Treat all the BV-operators as uninterpreted functions ♦ Exploit cheap, efficient algorithms for solving and interpolating modulo EUF ♦ Possible because we avoid bit-blasting upront! def Example: = ( x 1[32] = 3 [32] ) ^ ( x 3[32] = x 1[32] ¢ x 2[32] ) A def = ( x 4[32] = x 2[32] ) ^ ( x 5[32] = 3 [32] ¢ x 4[32] ) ^ B : ( x 3[32] = x 5[32] ) def = x 3 = f ¢ ( f 3 ; x 2 ) I UF def = x 3[32] = 3 [32] ¢ x 2[32] I BV

  13. Interpolation via Equality Inlining ♦ Interpolation via quantifier elimination: given , an ( A; B ) interpolant can be computed by eliminating quantifiers from or from 9 x 62 B A 9 x 62 A : B ♦ In general, this can be very expensive for BV ♦ Might require bit-blasting and can cause blow-up of the formula ♦ Cheap case: non-common variables occurring in “definitional” equalities ♦ Example: and does not occur in , then x e ( x = e ) ^ ' 9 x (( x = e ) ^ ' ) = ) ' [ x 7! e ]

  14. Interpolation via Equality Inlining ♦ Inline definitional equalities until either all all non-common variables are removed, or a fixpoint is reached ♦ Try both from and : B A ♦ If one of them succeeds, we have an interpolant def Example: = (0 [24] :: ( x 4[8] ¢ x 5[8] ) · s (0 [24] :: x 1[8] ¡ 1 [32] )) ^ A ( x 2[8] = x 1[8] ) ^ ( x 4[8] = 192 [8] ) ^ ( x 5[8] = 128 [8] ) def = (( x 3[8] ¢ x 6[8] ) = ( ¡ (0 [24] :: x 2[8] ))[7 : 0]) ^ B ( x 3[8] < u 1 [8] ) ^ (0 [8] · u x 3[8] ) ^ ( x 6[8] = 1 [8] )

  15. Interpolation via Equality Inlining ♦ Inline definitional equalities until either all all non-common variables are removed, or a fixpoint is reached ♦ Try both from and : B A ♦ If one of them succeeds, we have an interpolant def Example: = (0 [24] :: ( x 4[8] ¢ x 5[8] ) · s (0 [24] :: x 1[8] ¡ 1 [32] )) ^ A ( x 2[8] = x 1[8] ) ^ ( x 4[8] = 192 [8] ) ^ ( x 5[8] = 128 [8] ) Definitional equalities def = (( x 3[8] ¢ x 6[8] ) = ( ¡ (0 [24] :: x 2[8] ))[7 : 0]) ^ B ( x 3[8] < u 1 [8] ) ^ (0 [8] · u x 3[8] ) ^ ( x 6[8] = 1 [8] )

  16. Interpolation via Equality Inlining ♦ Inline definitional equalities until either all all non-common variables are removed, or a fixpoint is reached ♦ Try both from and : B A ♦ If one of them succeeds, we have an interpolant def Example: = (0 [24] :: ( x 4[8] ¢ x 5[8] ) · s (0 [24] :: x 1[8] ¡ 1 [32] )) ^ A ( x 2[8] = x 1[8] ) ^ ( x 4[8] = 192 [8] ) ^ ( x 5[8] = 128 [8] ) def = (( x 3[8] ¢ x 6[8] ) = ( ¡ (0 [24] :: x 2[8] ))[7 : 0]) ^ B ( x 3[8] < u 1 [8] ) ^ (0 [8] · u x 3[8] ) ^ ( x 6[8] = 1 [8] )

  17. Interpolation via Equality Inlining ♦ Inline definitional equalities until either all all non-common variables are removed, or a fixpoint is reached ♦ Try both from and : B A ♦ If one of them succeeds, we have an interpolant def Example: = (0 [24] :: ( x 4[8] ¢ x 5[8] ) · s (0 [24] :: x 2[8] ¡ 1 [32] )) ^ A ^ ( x 4[8] = 192 [8] ) ^ ( x 5[8] = 128 [8] ) def = (( x 3[8] ¢ x 6[8] ) = ( ¡ (0 [24] :: x 2[8] ))[7 : 0]) ^ B ( x 3[8] < u 1 [8] ) ^ (0 [8] · u x 3[8] ) ^ ( x 6[8] = 1 [8] )

  18. Interpolation via Equality Inlining ♦ Inline definitional equalities until either all all non-common variables are removed, or a fixpoint is reached ♦ Try both from and : B A ♦ If one of them succeeds, we have an interpolant def Example: = (0 [24] :: ( x 4[8] ¢ x 5[8] ) · s (0 [24] :: x 2[8] ¡ 1 [32] )) ^ A ^ ( x 4[8] = 192 [8] ) ^ ( x 5[8] = 128 [8] ) def = (( x 3[8] ¢ x 6[8] ) = ( ¡ (0 [24] :: x 2[8] ))[7 : 0]) ^ B ( x 3[8] < u 1 [8] ) ^ (0 [8] · u x 3[8] ) ^ ( x 6[8] = 1 [8] )

  19. Interpolation via Equality Inlining ♦ Inline definitional equalities until either all all non-common variables are removed, or a fixpoint is reached ♦ Try both from and : B A ♦ If one of them succeeds, we have an interpolant def Example: = (0 [24] :: (192 [8] ¢ 128 [8] ) · s (0 [24] :: x 2[8] ¡ 1 [32] )) A ^ ^ def = (( x 3[8] ¢ x 6[8] ) = ( ¡ (0 [24] :: x 2[8] ))[7 : 0]) ^ B ( x 3[8] < u 1 [8] ) ^ (0 [8] · u x 3[8] ) ^ ( x 6[8] = 1 [8] )

  20. Interpolation via Equality Inlining ♦ Inline definitional equalities until either all all non-common variables are removed, or a fixpoint is reached ♦ Try both from and : B A ♦ If one of them succeeds, we have an interpolant def Example: = (0 [24] :: (192 [8] ¢ 128 [8] ) · s (0 [24] :: x 2[8] ¡ 1 [32] )) A ^ ^ def = (0 32 · s (0 24 :: x 2[8] ¡ 1 [32] ) I def = (( x 3[8] ¢ x 6[8] ) = ( ¡ (0 [24] :: x 2[8] ))[7 : 0]) ^ B ( x 3[8] < u 1 [8] ) ^ (0 [8] · u x 3[8] ) ^ ( x 6[8] = 1 [8] )

  21. Interpolation via LIA Encoding ♦ Simple idea (in principle): ♦ Encode a set of BV-constraints into an SMT(LIA)-formula ♦ Generate a LIA-interpolant using existing algorithms ♦ Map back to a BV-interpolant ♦ However, several problems to solve: ♦ Efficiency (see paper) ♦ More importantly, soundness

Recommend

First-Order Interpolation Laura Kov acs Interpolation: Craig Interpolation Use of

First-Order Interpolation Laura Kov acs Interpolation: Craig Interpolation Use of

First-Order Interpolation Laura Kov acs Interpolation: Craig Interpolation Use of interpolation in software verification thanks to K. McMillan Interpolation: Craig Interpolation Use of interpolation in software verification

1.18k views • 114 slides
Word Processing: Presentation Purpose of Presentation software The purpose of presentation

Word Processing: Presentation Purpose of Presentation software The purpose of presentation

K Hinds 2015 www.smsbarbados.wordpress.com Page 1 Word Processing: Presentation Purpose of Presentation software The purpose of presentation software is to enable someone to impart information to an audience in an interesting and effective

521 views • 4 slides
Introduction to Agile Software Development Word Association Write down the first word or phrase

Introduction to Agile Software Development Word Association Write down the first word or phrase

Introduction to Agile Software Development Word Association Write down the first word or phrase that pops in your head when you hear: Extreme Programming (XP) Team (or Personal) Software Process (TSP/PSP) Plan-driven software

418 views • 15 slides
Part II: Interpolation and Approximation theory Contents: Review of Lagrange interpolation

Part II: Interpolation and Approximation theory Contents: Review of Lagrange interpolation

Part II: Interpolation and Approximation theory Contents: Review of Lagrange interpolation polynomials 1 Newton interpolation 2 Optimal interpolation points; Chebyshev polynomials 3 Cubic spline interpolation 4 Error analysis 5 Numerical

1.14k views • 47 slides
3. Interpolation Closing the Gaps of Discretization . . . 3. Interpolation Numerical Programming

3. Interpolation Closing the Gaps of Discretization . . . 3. Interpolation Numerical Programming

Preliminary Remark Interpolation with Polynomials Polynomial Splines Trigonometric Interpolation Examples for Applications 3. Interpolation Closing the Gaps of Discretization . . . 3. Interpolation Numerical Programming I (for CSE),

616 views • 48 slides
Gray-Level Interpolation (1) Gray levels in f are defined only at integral values of x and y .

Gray-Level Interpolation (1) Gray levels in f are defined only at integral values of x and y .

Gray-Level Interpolation (1) Gray levels in f are defined only at integral values of x and y . The spatial transformation will generally dictate that g be taken at fractional coordinate positions Implementation using the inverse of the

490 views • 10 slides
Marcinkiewicz interpolation Updated May 18, 2020 Plan 2 Outline: Interpolation of quasinorms

Marcinkiewicz interpolation Updated May 18, 2020 Plan 2 Outline: Interpolation of quasinorms

Marcinkiewicz interpolation Updated May 18, 2020 Plan 2 Outline: Interpolation of quasinorms Diagonal Marcinkiewicz interpolation theorem General version Applications: Schur test, Hardy-Littlewood-Sobolev Interpolation for quasinorms 3

642 views • 24 slides
3. Interpolation: Closing the Gaps of Discretization . . . 3. Interpolation: Closing the Gaps of

3. Interpolation: Closing the Gaps of Discretization . . . 3. Interpolation: Closing the Gaps of

Preliminary Remark Interpolation with Polynomials Polynomial Splines Trigonometric Interpolation Examples for Applications 3. Interpolation: Closing the Gaps of Discretization . . . 3. Interpolation: Closing the Gaps of Discretization . . .

494 views • 48 slides
AppMavens suggested software for brainstorming and preparing content MS Word: Word

AppMavens suggested software for brainstorming and preparing content MS Word: Word

AppMavens Favorite Communication and Presentation Software and Checklist AppMavens suggested software for brainstorming and preparing content MS Word: Word processor (can also use cloud capabilities to work on content residing in cloud

304 views • 4 slides
The First Impression What You Are Telling Clients Without Saying A Word! An effective

The First Impression What You Are Telling Clients Without Saying A Word! An effective

First Impressions Presentation and Headshot Coaching Demo Chris Joyce 502-639-9557 The First Impression What You Are Telling Clients Without Saying A Word! An effective Social Media presence can really give you a positive head start when

239 views • 7 slides
Stability and Lebesgue constants in Good interpolation points RBF interpolation Results

Stability and Lebesgue constants in Good interpolation points RBF interpolation Results

Stability and Lebesgue constants in RBF interpolation De Marchi Motivations Stability and Lebesgue constants in Good interpolation points RBF interpolation Results Numerical examples Stability of kernel-based interpolation Stefano De

1.19k views • 78 slides
ELS: A Word-Level Method for Entity-Level Sentiment Analysis Nikos Engonopoulos Angeliki

ELS: A Word-Level Method for Entity-Level Sentiment Analysis Nikos Engonopoulos Angeliki

Introduction Method Experiments Conclusion ELS: A Word-Level Method for Entity-Level Sentiment Analysis Nikos Engonopoulos Angeliki Lazaridou Georgios Paliouras Konstantinos Chandrinos University of Athens, NCSR Demokritos, i-sieve

2.32k views • 20 slides
Interpolation Dr. Mihail October 26, 2015 (Dr. Mihail) Interpolation October 26, 2015 1 / 11

Interpolation Dr. Mihail October 26, 2015 (Dr. Mihail) Interpolation October 26, 2015 1 / 11

Interpolation Dr. Mihail October 26, 2015 (Dr. Mihail) Interpolation October 26, 2015 1 / 11 Definitions 1 Interpolation: method of constructing new data points from sampling or experimentation. (Dr. Mihail) Interpolation October 26, 2015

303 views • 12 slides
WEAK INTERPOLATION PROPERTY over THE MINIMAL LOGIC Larisa Maksimova Sobolev Institute of

WEAK INTERPOLATION PROPERTY over THE MINIMAL LOGIC Larisa Maksimova Sobolev Institute of

Abstract Weak interpolation and joint consistency Propositional J-logics Reduction of WIP Weak interpolation and weak amalgamation Weak interpolation and weak amalgamation Logics with WIP over Gl Description of logics with WIP over Gl and J

621 views • 41 slides
HiFrog: Interpolation-based Software Verification using Theory Refinement Sepideh Asadi joint

HiFrog: Interpolation-based Software Verification using Theory Refinement Sepideh Asadi joint

HiFrog: Interpolation-based Software Verification using Theory Refinement Sepideh Asadi joint work with Karine Even Mendoza, Grigory Fedyukovich, AnM Hyvrinen, Hana Chockler, Natasha Sharygina Formal Verification and Security Lab University

640 views • 18 slides
Last class Represent a word by a context vector Each word x is represented by a vector v .

Last class Represent a word by a context vector Each word x is represented by a vector v .

Last class Represent a word by a context vector Each word x is represented by a vector v . Each dimension in the vector corresponds to a context word type y ANLP Lecture 22 Each v i measures the level of association between the word x

404 views • 6 slides
Word level effects in Polish laryngeal neutralisation Patrycja Strycharczuk University of

Word level effects in Polish laryngeal neutralisation Patrycja Strycharczuk University of

Word level effects in Polish laryngeal neutralisation Patrycja Strycharczuk University of Manchester patrycja.strycharczuk@postgrad.manchester.ac.uk CUNY Phonology Forum Conference on the Word Patrycja Strycharczuk Word level effects in

576 views • 24 slides
Taylors Series and Interpolation CIS 541 - Interpolation Taylor Series interpolates at a

Taylors Series and Interpolation CIS 541 - Interpolation Taylor Series interpolates at a

Taylors Series and Interpolation CIS 541 - Interpolation Taylor Series interpolates at a specific Roger Crawfis point: The function Its first derivative It may not interpolate at other points. We want an

644 views • 13 slides
Scrivener Revolutionising the writing process CANDICE KELLY PhD candidate Word processing

Scrivener Revolutionising the writing process CANDICE KELLY PhD candidate Word processing

Scrivener Revolutionising the writing process CANDICE KELLY PhD candidate Word processing software Scrivener is a low-cost word processing software It is a far more intuitive piece of software than Microsoft Word. Scrivener mirrors

560 views • 22 slides
On interpolation in theorem proving Maria Paola Bonacina Visiting: Computer Science Laboratory,

On interpolation in theorem proving Maria Paola Bonacina Visiting: Computer Science Laboratory,

Outline Introduction to interpolation Interpolation for propositional resolution Interpolation and equality On interpolation in theorem proving Maria Paola Bonacina Visiting: Computer Science Laboratory, SRI International, Menlo Park, CA, USA

1.65k views • 64 slides
Interpolation Sanzheng Qiao Department of Computing and Software McMaster University January,

Interpolation Sanzheng Qiao Department of Computing and Software McMaster University January,

Intro Polynomial Piecewise Cubic Spline Software Summary Interpolation Sanzheng Qiao Department of Computing and Software McMaster University January, 2014 Intro Polynomial Piecewise Cubic Spline Software Summary Outline

857 views • 62 slides
Quantifier elimination, amalgamation, deductive interpolation and Craig interpolation in

Quantifier elimination, amalgamation, deductive interpolation and Craig interpolation in

Quantifier elimination, amalgamation, deductive interpolation and Craig interpolation in many-valued logic Franco Montagna, first part in collaboration with Tommaso Cortonesi and Enrico Marchioni Definition . A logic L has the deductive

380 views • 19 slides
Interpolation Sanzheng Qiao Department of Computing and Software McMaster University July, 2012

Interpolation Sanzheng Qiao Department of Computing and Software McMaster University July, 2012

Intro Polynomial Piecewise Cubic Spline Software Summary Interpolation Sanzheng Qiao Department of Computing and Software McMaster University July, 2012 Intro Polynomial Piecewise Cubic Spline Software Summary Outline Introduction

520 views • 34 slides
Patterns of Effective Teams Dan North @tastapod Dan North &amp; Associates A word of caution

Patterns of Effective Teams Dan North @tastapod Dan North &amp; Associates A word of caution

Patterns of Effective Teams Dan North @tastapod Dan North &amp; Associates A word of caution Effective != Productive Difficulty Effectiveness Dreyfus Squared Difficulty Effectiveness Dreyfus Model of Skills Acquisition Novice Advanced

470 views • 16 slides

More recommend