producing effective interpolants for sat based
play

Producing Effective Interpolants for SAT-based Incremental - PowerPoint PPT Presentation

Nov 07, 2023 •33 likes •843 views

Producing Effective Interpolants for SAT-based Incremental Verification and Upgrade Checking Grigory Fedyukovich Joint work with: Ondrej Sery, Simone Fulvio Rollini, Leonardo Alt, Antti E. J. Hyvrinen, and Natasha Sharygina F ORMAL V ERIFICATION

  1. Producing Effective Interpolants for SAT-based Incremental Verification and Upgrade Checking Grigory Fedyukovich Joint work with: Ondrej Sery, Simone Fulvio Rollini, Leonardo Alt, Antti E. J. Hyvärinen, and Natasha Sharygina F ORMAL V ERIFICATION L AB University of Lugano VSSE 2014, 5 Apr 2014, Grenoble, France

  2. Motivation • Incremental checking of program correctness • One program, several properties • Eliminate redundancy in consequent verification runs • Checking upgrade correctness • Several programs, one property • Localize the verification to the change • Our methods • Use SAT-based Bounded Model Checking • Extracting function summaries by means of Craig Interpolation • Reusing function summaries in both scenarios • Controlling the size and strength of Craig Interpolants • Making the verification more efficient 2

  3. Background Bounded Model Checking [Biere et al. 1999] • Successful technique to prove program safety • Static • Automatic • Gives a concrete counter-example or proof of safety • Loops and recursion unwound • Up to a given bound • Encoding into a BMC formula • Different logics available • Conjoin with the negation of a property • To encode an undesired b е havior • Satisfiability check by a SAT/SMT-solver • UNSAT à System is safe • SAT à Error found • Satisfying assignment identifies an error trace • Problems • Detecting the bound enough for complete checking • Constructing abstractions of the behavior 3

  4. Background Counter-Example-Guided Abstraction Refinement [Ball et al. 2000] Initial Abstract Program Verification Proof Abstraction Model Safe model Checker Refine Counterexample the abstraction Refinement Simulator Bug found Simulation successful Counterexample is spurious 4

  5. Background Abstraction • Over-approximates program behavior • Is used to speed up verification • No precise encoding required • Sound • If it is proven to be safe then the original program is safe • Possibly non-terminating • Every detected bug should be simulated on the real program • After each spurious counter-example the abstraction should be refined • Refinement may not terminate • Random • How to construct better abstraction? 5

  6. Craig Interpolation [Craig et al. 1957] Definition: • Given mutually unsatisfiable formulas A and B, an Interpolant is a formula I such that • A → I • I ∧ B is unsatisfiable • Variables in I are common to both A and B A I B 6

  7. Craig Interpolation [Craig et al. 1957] Definition: • Given mutually unsatisfiable formulas A and B, an Interpolant is a formula I such that • A → I • I ∧ B is unsatisfiable • Variables in I are common to both A and B ∧ B I’ A I B 6

  8. Labeled Interpolation System [D’Silva et al. 2010] • Propositional logic, construction from unsatisfiablity proof • Generation of different interpolants from the same refutation • Interpolants of different size and strength • Generalization of algorithms of: • P by [Pudlak 1997] • M by [McMillan 2003] • M’ by [D’Silva et.al 2010] M P M’ 7

  9. Proof reduction Affects the size of summaries • Eliminate redundancies in the proof DAG • Applied before interpolation • Different methods available: • RecyclePivotsWithIntersection [Bar-Ilan et al. 2008, Fontaine et al. 2010] • LowerUnits [Fontaine et al. 2010] • Structural hashing based approach [Cotton et al. 2010] • Local rewriting rules [Rollini et al. 2010] • Practically, ends up with more compact interpolants • the smaller formula, the faster usage 8

  10. PeRIPLO high level overview 9

  11. PeRIPLO high level overview The first … • set of techniques to obtain Verification Environment interpolants of different strength and size φ φ interp. system; f ᴧ g ᴧ ... distibution configure PBMC formula A ᴧ B • experimentation evidence SAT UNSAT that compact interpolants improve performance in Logic Solver interpolant the context of software A I → B ᴧ I → ⊥ BMC proof of UNSAT Proof Interpolator Transformer • evaluation of the impact of interpolant strength in PeRIPLO Summarization-based BMC 9

  12. Function summaries in Bounded Model Checking • Apply Craig interpolation after SAT-solver returns UNSAT • Iterative procedure over the set of function calls • BMC created in a partitioned way • Each function represented by a separate partition in the BMC formula • Not monolithic as for classical BMC • Function summary • An over-approximation of the real behavior • Contains only the relevant information • Expressed using function’s in/out parameters 10

  13. Summaries substitution During the check of another property of the same code 1) No error is reachable à OK, program is safe 2) Error is reachable A) due to over-approximation of summaries B) real error Solution: Refine the abstraction • Identify candidate summaries • Appeared along the error trace • Replace them by precise representation 11

  14. Summaries substitution During the check of another property of the same code 1) No error is reachable à OK, program is safe 2) Error is reachable Σ A) due to over-approximation of summaries Σ B) real error Refinement of the abstraction: Σ • Identify candidate summaries Σ • Appeared along the error trace • Replace them by precise representation 12

  15. Partitioned BMC main () ¡ φ main UNSAT ¡ call ¡ f () ¡ ∧ ⇔ φ f asser0on ¡holds ¡ call ¡ g () ¡ ∧ φ g ∧ return ¡ φ bug assert(!bug); ¡ return ¡ return ¡ 13

  16. Construction of function summaries main () ¡ φ main B A ¡ ∧ B ¡ ¡ call ¡ f () ¡ ∧ UNSAT ¡ φ f B call ¡ g () ¡ ∧ φ g A ∧ return ¡ φ bug assert(!bug); ¡ return ¡ return ¡ B 13

  17. Construction of function summaries main () ¡ φ main B A ¡ ∧ B ¡ ¡ call ¡ f () ¡ ∧ UNSAT ¡ φ f B call ¡ g () ¡ ∧ proof ¡of ¡UNSAT ¡ φ g A ∧ return ¡ φ bug assert(!bug); ¡ return ¡ return ¡ B 13

  18. Construction of function summaries main () ¡ φ main B call ¡ f () ¡ ∧ φ f B call ¡ g () ¡ ∧ proof ¡of ¡UNSAT ¡ φ g I A ∧ return ¡ I ¡ ∧ B ¡ ¡ A ⇒ I φ bug assert(!bug); ¡ return ¡ return ¡ B UNSAT ¡ 13

  19. Using summary for checking another assertion main () ¡ φ main UNSAT ¡ call ¡ f () ¡ ∧ ⇔ φ f asser0on ¡holds ¡ call ¡ g () ¡ ∧ φ g ∧ return ¡ Subs0tute ¡existent ¡ φ bug' assert(!bug'); ¡ return ¡ return ¡ summary ¡instead ¡of ¡ precise ¡encoding ¡ 14

  20. Using summary for checking another assertion main () ¡ φ main UNSAT ¡ call ¡ f () ¡ ∧ ⇔ φ f asser0on ¡holds ¡ call ¡ g () ¡ ∧ φ g ∧ return ¡ Subs0tute ¡existent ¡ φ bug' assert(!bug'); ¡ return ¡ return ¡ summary ¡instead ¡of ¡ precise ¡encoding ¡ 14

  21. Using summary for checking another assertion main () ¡ φ main SAT ¡ call ¡ f () ¡ ∧ ⇔ φ f bug ¡witness ¡ call ¡ g () ¡ ∧ φ g ∧ return ¡ φ bug φ bug' assert(!bug'); ¡ return ¡ return ¡ The ¡more ¡accurate ¡ summary, ¡the ¡be1er ¡ chance ¡to ¡prove ¡safety! ¡ 14

  22. Interpolation algorithms main () ¡ φ main P by [Pudlak 1997] call ¡ f () ¡ M by [McMillan 2003] ∧ M’ by [D’Silva et al. 2010] φ f call ¡ g () ¡ ∧ φ g M P M’ ∧ return ¡ φ bug' assert(!bug'); ¡ return ¡ return ¡ The ¡stronger ¡interpolant, ¡the ¡ more ¡accurate ¡summary! ¡ 14

  23. sources summaries *.c known new summaries summaries *.h goto binary parser PBMC formula goto-cc φ f ᴧ φ g ᴧ ... UNSAT solver PBMC Correct encoder PeRIPLO initializer SAT eager/lazy refiner Bug CEG/greedy & error trace Σ * * Σ Σ Σ Σ initial subst. scenario refined subst. scenario 15

  24. FunFrog evaluation • 50 C benchmarks • Assertions on different call-tree levels • Checking one assertion at a time • Strength: M, P, M’ • Size: proof compression for interpolants reduction 16

  25. FunFrog evaluation 17

  26. Function-summarization-based Upgrade Checking The eVolCheck algorithm 0) Verification of the base version of the software ( bootstrap ) • function summaries generated and stored 18

  27. Function-summarization-based Upgrade Checking The eVolCheck algorithm 0) Verification of the base version of the software ( bootstrap ) • function summaries generated and stored 1) The user upgrades the software 2) Upgraded version of the software is preprocessed 3) eVolCheck identifies the modified code • by comparing parse trees for both the base and the upgraded version • function per function, in the intermediate program representation 4) eVolCheck attempts to verify the upgraded version 4) by rechecking whether old summaries still over-approximate new code 5) If all old function summaries are still valid then the upgrade is safe 6) If a summary is invalid, eVolCheck propagates 6) The user fixes the reported errors and continues from step 2) 18

  28. Upgrade Checking [Fedyukovich et al. 2013] Original version is safe main () ¡ φ main call ¡ f () ¡ ∧ φ f call ¡ g () ¡ ∧ φ g ∧ return ¡ φ bug assert(!bug); ¡ return ¡ return ¡ 19

Recommend

Lazy Abstraction with Interpolants Ken McMillan (CAV06) Based on presentation by Yakir Vizel

Lazy Abstraction with Interpolants Ken McMillan (CAV06) Based on presentation by Yakir Vizel

Lazy Abstraction with Interpolants Ken McMillan (CAV06) Based on presentation by Yakir Vizel Automatic verification, June 26, 2017 Lecture 12 Previous work develops lazy abstraction for hardware Models describe hardware

693 views • 35 slides
Creating wellness, producing value Creating wellness, producing value Disclaimer

Creating wellness, producing value Creating wellness, producing value Disclaimer

, HELEX 16 OCTOBER 2018 Creating wellness, producing value Creating wellness, producing value Disclaimer This presentation has been prepared by PAPOUTSANIS S.A. based on publicly available information solely for the

712 views • 28 slides
Nested Interpolants Matthias Heizmann Jochen Hoenicke Andreas Podelski University of Freiburg,

Nested Interpolants Matthias Heizmann Jochen Hoenicke Andreas Podelski University of Freiburg,

Nested Interpolants Matthias Heizmann Jochen Hoenicke Andreas Podelski University of Freiburg, Germany POPL 2010 Result Interpolant-based software model checking for recursive programs avoid construction of an abstract program Hoare

346 views • 32 slides
Exploring Interpolants Philipp R ummer, Pavle Suboti c Uppsala University, Sweden COST

Exploring Interpolants Philipp R ummer, Pavle Suboti c Uppsala University, Sweden COST

Exploring Interpolants Philipp R ummer, Pavle Suboti c Uppsala University, Sweden COST Meeting, October 17 R ummer, Suboti c Exploring Interpolants COST Meeting, October 17 1 / 39 Introduction Interpolants in Model Checking Craig

754 views • 60 slides
Nonlinear Polynomials, Interpolants and Invariant Generation for System Analysis Deepak Kapur

Nonlinear Polynomials, Interpolants and Invariant Generation for System Analysis Deepak Kapur

Nonlinear Polynomials, Interpolants and Invariant Generation for System Analysis Deepak Kapur Department of Computer Science University of New Mexico Albuquerque, NM, USA with Rodriguez-Carbonell, Zhihai Zhang, Hengjun Zhao, Stephan Falke,

2.07k views • 183 slides
On the Lebesgue constant of the Floater-Hormann rational interpolants Stefano De Marchi

On the Lebesgue constant of the Floater-Hormann rational interpolants Stefano De Marchi

On the Lebesgue constant of the Floater-Hormann rational interpolants Stefano De Marchi Department of Mathematics University of Padova Fribourg, November 3, 2015 Joint work with L. Bos (Verona), K. Hormann (Lugano), G. Klein (Fribourg),

1.05k views • 63 slides
On smooth spline spaces and quasi-interpolants over Powell-Sabin triangulations Hendrik Speleers

On smooth spline spaces and quasi-interpolants over Powell-Sabin triangulations Hendrik Speleers

Intro PS r -splines Quasi-interpolation Conclusions On smooth spline spaces and quasi-interpolants over Powell-Sabin triangulations Hendrik Speleers Katholieke Universiteit Leuven Department of Computer Science MAIA Conference Erice,

537 views • 32 slides
Effectively Propositional Interpolants Samuel Drews and Aws Albarghouthi Effectively

Effectively Propositional Interpolants Samuel Drews and Aws Albarghouthi Effectively

Effectively Propositional Interpolants Samuel Drews and Aws Albarghouthi Effectively Propositional Logic (EPR) Quantifier-free No function symbols EPR Decidable satisfiability! EPR Decidable satisfiability! Expressive: Linked lists

1.12k views • 55 slides
Generating Sharper and Simpler Nonlinear Interpolants for Program Verification Takamasa Okudono 1

Generating Sharper and Simpler Nonlinear Interpolants for Program Verification Takamasa Okudono 1

Generating Sharper and Simpler Nonlinear Interpolants for Program Verification Takamasa Okudono 1 , Yuki Nishida 2 , Kensuke Kojima 2 , Kohei Suenaga 2 , Kengo Kido 1 and Ichiro Hasuo 3 1 University of Tokyo, Japan 2 Kyoto University, Japan 3

645 views • 36 slides
Producing Safety Cases - Good Practice Based on Lessons Learnt in in the UK and Mid iddle East

Producing Safety Cases - Good Practice Based on Lessons Learnt in in the UK and Mid iddle East

Producing Safety Cases - Good Practice Based on Lessons Learnt in in the UK and Mid iddle East Mike Bates Risktec Solutions DMCC, Dubai 1 Agenda A little bit of history 3 mile island, Piper Alpha NIMROD incident SHAPED safety

176 views • 14 slides
Design Based Research: research, capable of producing generalizable results? The tension

Design Based Research: research, capable of producing generalizable results? The tension

Introduction Brooks CHI88: is interface design itself an area of Design Based Research: research, capable of producing generalizable results? The tension between truths: What We Learn When We Engage in Design of Interactive

395 views • 24 slides
Is Your District Producing High Quality FBA/BIPs? The TATE and Improving Practice Rose

Is Your District Producing High Quality FBA/BIPs? The TATE and Improving Practice Rose

Is Your District Producing High Quality FBA/BIPs? The TATE and Improving Practice Rose Iovannone, Ph.D., BCBA-D iovannone@usf.edu University of South Florida Objectives Identify essential features for effective FBA/BIP behavior

429 views • 30 slides
Building a System to Support Effective PreK Learning from other states with a focus on New

Building a System to Support Effective PreK Learning from other states with a focus on New

Building a System to Support Effective PreK Learning from other states with a focus on New Jerseys Universal Urban Pre-K Program Ellen Frede, PhD 1 Senior Co-Director efrede@nieer.org No Single Ingredient*: Pre-k Programs Producing Large

268 views • 13 slides
The Equipment: From Rig to Producing Well Hydraulic Fracturing Producing Well: 20+ Years

The Equipment: From Rig to Producing Well Hydraulic Fracturing Producing Well: 20+ Years

www.anadarko.com | NYSE: APC The Equipment: From Rig to Producing Well Hydraulic Fracturing Producing Well: 20+ Years Producing Well: 20+ Years Drilling Rig 1 3 Anadarko Petroleum Corporation www.anadarko.com | NYSE: APC Horizontal Drilling

598 views • 16 slides
Applications of linear barycentric rational interpolation at equispaced nodes Jean-Paul Berrut

Applications of linear barycentric rational interpolation at equispaced nodes Jean-Paul Berrut

Interpolation Differentiation of barycentric rational interpolants Linear barycentric rational finite differences Integration of barycentric rational interpolants Applications of linear barycentric rational interpolation at equispaced nodes

1k views • 82 slides
Unusual convergence behaviour of certain rational interpolants Joris Van Deun Outline Chebyshev

Unusual convergence behaviour of certain rational interpolants Joris Van Deun Outline Chebyshev

Unusual convergence behaviour of certain rational interpolants Joris Van Deun Outline Chebyshev polynomials and rational functions Barycentric interpolation Conformal maps Strange convergence 2/30 Outline Chebyshev polynomials and rational

731 views • 30 slides
Effective School-Based Prevention Programming What works best to keep kids safe and healthy? 3

Effective School-Based Prevention Programming What works best to keep kids safe and healthy? 3

Effective School-Based Prevention Programming What works best to keep kids safe and healthy? 3 big picture research-based strategies 1. Community wide, consistent messaging (i.e. school + family) 2. Long-term multiple contacts (i.e. 10

375 views • 11 slides
New Staff Training Effective Use of PAs Effective Use of PAs How to Use PAs Effectively

New Staff Training Effective Use of PAs Effective Use of PAs How to Use PAs Effectively

Changing lives. Making a difference. New Staff Training Effective Use of PAs Effective Use of PAs How to Use PAs Effectively Performance Measure 2 Effective Use of PAs Introduction Roles and Limitations of a PA Who Is a

519 views • 15 slides
CORE PRINCIPLES & VALUES OF EFFECTIVE TEAM-BASED HEALTH CARE Working group on team-based care

CORE PRINCIPLES & VALUES OF EFFECTIVE TEAM-BASED HEALTH CARE Working group on team-based care

CORE PRINCIPLES & VALUES OF EFFECTIVE TEAM-BASED HEALTH CARE Working group on team-based care Best Practices Innovation Collaborative February 28 th , 2012 Goal To identify basic principles and expectations for contributions of various

343 views • 12 slides
A T Producing slides with L EX2 Frank Mittelbach 1997/08/15 1 Introduction With L A T EX 2

A T Producing slides with L EX2 Frank Mittelbach 1997/08/15 1 Introduction With L A T EX 2

A T Producing slides with L EX2 Frank Mittelbach 1997/08/15 1 Introduction With L A T EX 2 it is now no longer necessary to maintain a special format for producing overhead slides. Instead the standard format may be used and internally

551 views • 31 slides
Producing slides with L A T EX2 Frank Mittelbach 2014/09/29 1 Introduction With L A T EX 2

Producing slides with L A T EX2 Frank Mittelbach 2014/09/29 1 Introduction With L A T EX 2

Producing slides with L A T EX2 Frank Mittelbach 2014/09/29 1 Introduction With L A T EX 2 it is now no longer necessary to maintain a special format for producing overhead slides. Instead the standard format may be used and internally

718 views • 35 slides
Producing slides with L A T EX2 Frank Mittelbach 2016/03/29 1 Introduction With L A T EX 2

Producing slides with L A T EX2 Frank Mittelbach 2016/03/29 1 Introduction With L A T EX 2

Producing slides with L A T EX2 Frank Mittelbach 2016/03/29 1 Introduction With L A T EX 2 it is now no longer necessary to maintain a special format for producing overhead slides. Instead the standard format may be used and internally

459 views • 35 slides
Producing slides with L A T EX2 Frank Mittelbach 2020/02/20 1 Introduction With L A T EX 2

Producing slides with L A T EX2 Frank Mittelbach 2020/02/20 1 Introduction With L A T EX 2

Producing slides with L A T EX2 Frank Mittelbach 2020/02/20 1 Introduction With L A T EX 2 it is now no longer necessary to maintain a special format for producing overhead slides. Instead the standard format may be used and internally

492 views • 36 slides
Potential for Co-producing knowledge with Migrant families PI: Dr Umut Erel, The Open University

Potential for Co-producing knowledge with Migrant families PI: Dr Umut Erel, The Open University

This presentation is based on our research project Participatory Action Research (PAR): Participatory Theatre and Walking Methods' Potential for Co-producing knowledge with Migrant families PI: Dr Umut Erel, The Open University CI: Professor

584 views • 13 slides

More recommend