strings software model checking
play

Strings & Software Model Checking Philipp Rmmer Uppsala - PowerPoint PPT Presentation

Oct 29, 2022 •454 likes •1.68k views

Strings & Software Model Checking Philipp Rmmer Uppsala University 30 August 2019 Taipei, Taiwan 1/121 Outline Constrained Horn Clauses JayHorn Architecture JayHorn Approach to Handling Heap Demos & Examples

  1. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $z0 = <Test: boolean $assertionsDisabled>; if $z0 != 0 goto label3; $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $r3 = new java.lang.AssertionError; specialinvoke $r3.<java.lang.AssertionError: void <init>()>(); throw $r3; label3: return; 45/121 }

  2. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); r1 = $r2; label1: + Several further $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; methods $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $z0 = <Test: boolean $assertionsDisabled>; if $z0 != 0 goto label3; $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $r3 = new java.lang.AssertionError; specialinvoke $r3.<java.lang.AssertionError: void <init>()>(); throw $r3; label3: return; 46/121 }

  3. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); r1 = $r2; Load instruction label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; Store instruction r1.<Test: int x> = $i3; goto label1; label2: $z0 = <Test: boolean $assertionsDisabled>; if $z0 != 0 goto label3; $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $r3 = new java.lang.AssertionError; specialinvoke $r3.<java.lang.AssertionError: void <init>()>(); throw $r3; label3: return; 47/121 }

  4. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $z0 = <Test: boolean $assertionsDisabled>; if $z0 != 0 goto label3; ➀ $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $r3 = new java.lang.AssertionError; specialinvoke $r3.<java.lang.AssertionError: void <init>()>(); throw $r3; label3: return; 48/121 }

  5. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: Reconstructed assertion $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); label3: return; 49/121 }

  6. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; ➁ specialinvoke $r2.<Test: void <init>()>(); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); label3: return; 50/121 }

  7. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; Exception passing through variables; label1: assert absence of exceptions $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); label3: return; 51/121 }

  8. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); label3: return; 52/121 }

  9. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } ➂ staticinvoke <Test: void <clinit>()>(); Static initialisers staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; as normal methods specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 53/121 label3: return;

  10. Data-Flow ➁ ➀ ➂ ➃ ➅ ➈ ➄ ➆ 54/121

  11. ➃ From Jimple to JayHorn IR ● Intermediate representation similar to Jimple ● But simpler, e.g.: ● Methods become C-like functions ● No exceptions 55/121

  12. ➃ From Jimple to JayHorn IR ● Intermediate representation similar to Jimple ● But simpler, e.g.: ● Methods become C-like functions ● No exceptions Main difgerence: load → pull store → push 56/121

  13. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 57/121 label3: return;

  14. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: $i0 = r1.<Test: int x>; if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 58/121 label3: return;

  15. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: r1_x, r1_y := pull(Test, r1) $i0 = r1.<Test: int x>; $i0 := r1_x if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; $i3 = $i2 + 1; r1.<Test: int x> = $i3; goto label1; label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 59/121 label3: return;

  16. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: r1_x, r1_y := pull(Test, r1) $i0 = r1.<Test: int x>; $i0 := r1_x if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; r1_x := $i3 r1.<Test: int x> = $i3; goto label1; push(Test, r1, [r1_x, r1_y]) label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 60/121 label3: return;

  17. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); havoc(r1_x, r1_y) $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; assume inv_Test(r1, r1_x, r1_y) $assert_11 = $helper1 == null; [...] staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: r1_x, r1_y := pull(Test, r1) $i0 = r1.<Test: int x>; $i0 := r1_x if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; r1_x := $i3 r1.<Test: int x> = $i3; goto label1; push(Test, r1, [r1_x, r1_y]) label2: $i1 = r1.<Test: int x>; if $i1 == 10 goto label3; $assert_9 = 0; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 61/121 label3: return;

  18. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); havoc(r1_x, r1_y) $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; assume inv_Test(r1, r1_x, r1_y) $assert_11 = $helper1 == null; [...] staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: r1_x, r1_y := pull(Test, r1) $i0 = r1.<Test: int x>; $i0 := r1_x if $i0 >= 10 goto label2; $i2 = r1.<Test: int x>; r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; r1_x := $i3 r1.<Test: int x> = $i3; goto label1; push(Test, r1, [r1_x, r1_y]) label2: $i1 = r1.<Test: int x>; [...] if $i1 == 10 goto label3; $assert_9 = 0; assert inv_Test(r1, r1_x, r1_y) staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_9); 62/121 label3: return;

  19. ➄ JayHorn IR to Horn Clauses Three kinds of predicates: ● State invariants loc_l for every control location l → like in Ex 1 ● Pre-/post-conditions pre_m , post_m for every method m → like in Ex 2 ● Class/instance invariants inv_C for every class C 63/121

  20. JayHorn IR Instructions ● x := t ● assume phi ● assert phi ● x := pull(C, p) ● push(C, p, [x]) 64/121

  21. JayHorn IR Instructions ● x := t ● assume phi ● assert phi ● x := pull(C, p) ● push(C, p, [x]) 65/121

  22. JayHorn IR Instructions ● x := t ● assume phi ● assert phi ● x := pull(C, p) ● push(C, p, [x]) Heap is completely gone at this point! 66/121

  23. In the Example public class Test { int x, y; public static void main(String[] args) { Test t = new Test(); while (t.x < 10) t.x++; assert(t.x == 10); } } 67/121

  24. Invariant In the Example inv_Test(p, x, y) has to hold for all states of all Test objects reachable in the program public class Test { int x, y; public static void main(String[] args) { Test t = new Test(); while (t.x < 10) t.x++; assert(t.x == 10); } } 68/121

  25. Invariant In the Example inv_Test(p, x, y) has to hold for all states of all Test objects reachable in the program public class Test { int x, y; public static void main(String[] args) { Test t = new Test(); while (t.x < 10) x ⊆ [0, 10] ⟹ t.x++; inv_Test(t, x, y) assert(t.x == 10); } } 69/121

  26. Invariant In the Example inv_Test(p, x, y) has to hold for all states of all Test objects reachable in the program public class Test { int x, y; public static void main(String[] args) { Test t = new Test(); while (t.x < 10) x ⊆ [0, 10] ⟹ t.x++; inv_Test(t, x, y) assert(t.x == 10); } } inv_Test(t, x, y) will be too weak to prove the assertion 70/121

  27. Invariant In the Example inv_Test(p, x, y) has to hold for all states of all Test objects reachable in the program public class Test { int x, y; public static void main(String[] args) { Test t = new Test(); while (t.x < 10) x ⊆ [0, 10] ⟹ t.x++; inv_Test(t, x, y) assert(t.x == 10); } } inv_Test(t, x, y) NB: loop condition will be too weak does not help, since to prove the assertion state invariants only see local variables 71/121

  28. Data-Flow ➁ ➀ ➂ ➃ ➅ ➈ ➄ ➆ 72/121

  29. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: r1_x, r1_y := pull(Test, r1) $i0 := r1_x if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) $i2 := r1_x $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) r1_x := $i3 push(Test, r1, [r1_x, r1_y]) goto label1; label2: [...] 73/121

  30. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: r1_x, r1_y := pull(Test, r1) $i0 := r1_x Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i3 = $i2 + 1; in the program r1_x, r1_y := pull(Test, r1) r1_x := $i3 push(Test, r1, [r1_x, r1_y]) goto label1; label2: [...] 74/121

  31. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x $i3 = $i2 + 1; $i3 = $i2 + 1; in the program r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; label2: [...] 75/121

  32. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x $i2 := r1_x $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; in the program r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; label2: [...] 76/121

  33. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x r1_x', r1_y := pull(Test, r1) $i2 := r1_x $i3 = $i2 + 1; $i3 = $i2 + 1; $i2 := r1_x r1_x, r1_y := pull(Test, r1) in the program r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; goto label1; label2: [...] 77/121

  34. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x r1_x', r1_y := pull(Test, r1) $i2 := r1_x r1_x' := r1_x; r1_y := r1_y $i3 = $i2 + 1; $i2 := r1_x $i2 := r1_x r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; in the program r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; goto label1; goto label1; label2: [...] 78/121

  35. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x r1_x', r1_y := pull(Test, r1) $i2 := r1_x r1_x' := r1_x; r1_y := r1_y $i3 = $i2 + 1; $i2 := r1_x $i2 := r1_x r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i2 := r1_x in the program r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; label2: [...] 79/121

  36. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: label1: label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x r1_x' := r1_x; r1_y := r1_y $i2 := r1_x r1_x', r1_y := pull(Test, r1) $i3 = $i2 + 1; $i2 := r1_x $i2 := r1_x $i2 := r1_x $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) $i2 := r1_x in the program r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; label2: [...] 80/121

  37. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: label1: label1: label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) Move pulls upward if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x $i2 := r1_x r1_x', r1_y := pull(Test, r1) $i2 := r1_x r1_x' := r1_x; r1_y := r1_y $i3 = $i2 + 1; $i3 = $i2 + 1; $i2 := r1_x $i2 := r1_x $i2 := r1_x $i2 := r1_x $i2 := r1_x r1_x, r1_y := pull(Test, r1) in the program r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; label2: [...] 81/121

  38. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; label1: label1: label1: label1: label1: label1: label1: label1: r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x $i0 := r1_x if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; if $i0 >= 10 goto label2; Move pulls upward if $i0 >= 10 goto label2; ... r1_x, r1_y := pull(Test, r1) if $i0 >= 10 goto label2; r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) r1_x, r1_y := pull(Test, r1) ➅ and pushes downward $i2 := r1_x r1_x', r1_y := pull(Test, r1) $i2 := r1_x r1_x' := r1_x; r1_y := r1_y $i2 := r1_x $i3 = $i2 + 1; $i3 = $i2 + 1; $i2 := r1_x $i2 := r1_x $i2 := r1_x r1_x, r1_y := pull(Test, r1) $i2 := r1_x $i2 := r1_x in the program r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x, r1_y := pull(Test, r1) $i3 = $i2 + 1; $i3 = $i2 + 1; r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 r1_x := $i3 push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) push(Test, r1, [r1_x, r1_y]) goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; goto label1; label2: [...] 82/121

  39. <Test: void main(java.lang.String[])> public class Test { public static void main(java.lang.String[]) int x, y; { public static void main(...) { java.lang.String[] r0; Test t = new Test(); Test r1, $r2; while (t.x < 10) int $i0, $i1, $i2, $i3; t.x++; boolean $z0; assert(t.x == 10); java.lang.AssertionError $r3; } r0 := @parameter0: java.lang.String[]; } staticinvoke <Test: void <clinit>()>(); staticinvoke <JayHornAssertions: void <clinit>()>(); $r2 = new Test; specialinvoke $r2.<Test: void <init>()>(); $helper1 = <JayHornAssertions: java.lang.Throwable lastExceptionThrown>; $assert_11 = $helper1 == null; staticinvoke <JayHornAssertions: void assertion(boolean)>($assert_11); r1 = $r2; r1_x, r1_y := pull(Test, r1) Finally, complete label1: $i0 := r1_x computation if $i0 >= 10 goto label2; happening on local $i2 := r1_x $i3 = $i2 + 1; variables! r1_x := $i3 push(Test, r1, [r1_x, r1_y]) goto label1; label2: [...] 83/121

  40. Push/Pull Simplifjcation Rules 84/121

  41. Push/Pull Simplifjcation Rules Assuming distinct sets of x not variables occurring in p, t1, ... 85/121

  42. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { FlowSens t = new FlowSens(); t.x = 1; if (args.length > 5) t.x += 10; else t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; } } 86/121

  43. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { push(t, 0) FlowSens t = new FlowSens(); t.x = 1; if (args.length > 5) t.x += 10; else t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; } } 87/121

  44. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { push(t, 0) FlowSens t = new FlowSens(); t.x = 1; push(t, 1) if (args.length > 5) t.x += 10; else t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; } } 88/121

  45. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { push(t, 0) FlowSens t = new FlowSens(); t.x = 1; push(t, 1) if (args.length > 5) push(t, 11) t.x += 10; else push(t, 21) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; } } 89/121

  46. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { push(t, 0) FlowSens t = new FlowSens(); t.x = 1; push(t, 1) if (args.length > 5) push(t, 11) t.x += 10; else push(t, 21) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x := pull(t) } } 90/121

  47. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { push_0(t, 0) push(t, 0) FlowSens t = new FlowSens(); t.x = 1; push(t, 1) push_1(t, 1) if (args.length > 5) push(t, 11) push_2(t, 11) t.x += 10; else push(t, 21) push_3(t, 21) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x := pull(t) } } 91/121

  48. ➆ Adding Flow-Sensitivity public class FlowSens { int x; public static void main(String[] args) { push_0(t, 0) push(t, 0) FlowSens t = new FlowSens(); t.x = 1; push(t, 1) push_1(t, 1) if (args.length > 5) push(t, 11) push_2(t, 11) t.x += 10; else push(t, 21) push_3(t, 21) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x := pull(t)[2,3] x := pull(t) } } 92/121

  49. Adding Flow-Sensitivity (2) Defjnition Statement S = push(p, x) is a (data-)dependency of statement L = x := pull(q) if there is a path from S to L such that ● p and q may alias (on that path); ● there is no further statement push(p', x') on the path such that p and p' must alias . 93/121

  50. Adding Flow-Sensitivity (3) public class FlowSens { int x; public static void main(String[] args) { push_0(t, 0) FlowSens t = new FlowSens(); t.x = 1; push_1(t, 1) if (args.length > 5) push_2(t, 11) t.x += 10; else push_3(t, 21) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x := pull(t)[2,3] x := pull(t)[2,3] } } 94/121

  51. Ghost fjeld to Adding Flow-Sensitivity (3) store the ID of the last push public class FlowSens { int x; int pushID; public static void main(String[] args) { push_0(t, 0) FlowSens t = new FlowSens(); t.x = 1; push_1(t, 1) if (args.length > 5) push_2(t, 11) t.x += 10; else push_3(t, 21) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x := pull(t)[2,3] x := pull(t)[2,3] } } 95/121

  52. Ghost fjeld to Adding Flow-Sensitivity (3) store the ID of Assign to the the last push ghost fjeld public class FlowSens { int x; int pushID; public static void main(String[] args) { push_0(t, 0) push(t, 0 , 0 ) FlowSens t = new FlowSens(); t.x = 1; push(t, 1 , 1 ) push_1(t, 1) if (args.length > 5) push(t, 11 , 2 ) push_2(t, 11) t.x += 10; else push_3(t, 21) push(t, 21 , 3 ) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x := pull(t)[2,3] x := pull(t)[2,3] } } 96/121

  53. Ghost fjeld to Adding Flow-Sensitivity (3) store the ID of Assign to the the last push ghost fjeld public class FlowSens { int x; int pushID; public static void main(String[] args) { push(t, 0 , 0 ) push_0(t, 0) FlowSens t = new FlowSens(); t.x = 1; push(t, 1 , 1 ) push_1(t, 1) if (args.length > 5) push(t, 11 , 2 ) push_2(t, 11) t.x += 10; else push_3(t, 21) push(t, 21 , 3 ) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x, i := pull(t) x := pull(t)[2,3] x := pull(t)[2,3] } assume i==2 || i==3 Check that we } read right version 97/121

  54. Ghost fjeld to Adding Flow-Sensitivity (3) store the ID of Assign to the the last push ghost fjeld public class FlowSens { int x; int pushID; public static void main(String[] args) { Possible class invariant: push_0(t, 0) push(t, 0 , 0 ) FlowSens t = new FlowSens(); pushID == 0 && x == 0 || t.x = 1; push(t, 1 , 1 ) push_1(t, 1) pushID == 1 && x == 1 || if (args.length > 5) pushID == 2 && x > 1 || push_2(t, 11) push(t, 11 , 2 ) t.x += 10; pushID == 3 && x > 1 else push_3(t, 21) push(t, 21 , 3 ) t.x += 20; f(t); } public static void f(FlowSens t) { assert t.x > 1; x, i := pull(t) x := pull(t)[2,3] x := pull(t)[2,3] } assume i==2 || i==3 Check that we } read right version 98/121

  55. ➇ Tupled 01 public static class Node { 02 final Node next; 03 final int data; 04 References 05 public Node(Node next, int data) { 06 this.next = next; 07 this.data = data; 08 } 09 } 10 11 public static void main(String[] args) { 12 final int size = 10; 13 final int[] table = new int[size] ; 14 Node l1 = null; 15 Node l2 = null; 16 for (int i=0; i<args.length; i++) { 17 int d = Integer.parseInt(args[i]); 18 if (d >= 0 && d < size) { 19 l1 = new Node(l1, d); 20 } else { 21 l2 = new Node(l2, d); 22 } 23 } 24 while (l1 != null) { 25 table[l1.data] = table[l1.data] + 1; 26 l1 = l1.next; 27 } 100/121 28 }

  56. ➇ Tupled 01 public static class Node { 02 final Node next; 03 final int data; 04 References 05 public Node(Node next, int data) { 06 this.next = next; 07 this.data = data; 08 } 09 } 10 11 public static void main(String[] args) { 12 final int size = 10; 13 final int[] table = new int[size] ; 14 Node l1 = null; 15 Node l2 = null; 16 for (int i=0; i<args.length; i++) { 17 int d = Integer.parseInt(args[i]); 18 if (d >= 0 && d < size) { 19 l1 = new Node(l1, d); 20 } else { Need to show absence of 21 l2 = new Node(l2, d); ArrayIndexOutOfBoundsE. 22 } 23 } 24 while (l1 != null) { 25 table[l1.data] = table[l1.data] + 1; 26 l1 = l1.next; 27 } 101/121 28 }

Recommend

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

628 views • 34 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

301 views • 8 slides
Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and

Software Model Checking Using Bogor Software Model Checking Using Bogor a Modular and Extensible Model Checking Framework a Modular and Extensible Model Checking Framework 3rd Estonian Summer School in Computer and System Science

777 views • 31 slides
SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl

SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl

SMT-based Software Model Checking: Experimental Comparison of Four Algorithms Matthias Dangl Joint work with Dirk Beyer University of Passau, Germany SMT-based Software Model Checking Bounded Model Checking ( Cbmc , CPAchecker , Esbmc ,

496 views • 26 slides
Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas

Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition systems checks safety and

439 views • 17 slides
SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software

SMT-Based Bounded Model Checking for Embedded ANSI-C Software for Embedded ANSI-C Software Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva b.fischer@ecs.soton.ac.uk Bounded Model Checking (BMC) Basic Idea: check negation of given property

957 views • 33 slides
Finding and Understanding Bugs in Software Model Checkers Chengyu Zhang , Ting Su, Yichen Yan,

Finding and Understanding Bugs in Software Model Checkers Chengyu Zhang , Ting Su, Yichen Yan,

Finding and Understanding Bugs in Software Model Checkers Chengyu Zhang , Ting Su, Yichen Yan, Fuyuan Zhang, Geguang Pu, Zhendong Su Software Model Checking 2 Software Model Checking P 3 Software Model Checking P 4 Software

1.41k views • 114 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Software Verification with BLAST Model Checking Blast Motivation Rigorous Sofware Development

Software Verification with BLAST Model Checking Blast Motivation Rigorous Sofware Development

Software Verification with BLAST Daniele Sgandurra Introduction Software Verification with BLAST Model Checking Blast Motivation Rigorous Sofware Development via Model Checking Lazy Abstraction Reachability Tree Seminar Complete

970 views • 95 slides
Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid

Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid

Dynamic Partial-Order Reduction for Model Checking Software Cormac Flanagan Patrice Godefroid UC Santa Cruz Bell Labs Presented by: Ulrich Mller Model Checking Given a multithreaded program Wed like to check for deadlocks and

462 views • 17 slides
Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and Verification Group RWTH Aachen University associated to University of Twente, Formal Methods and Tools Lecture at Quantitative Model Checking School, March

638 views • 45 slides
Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and

Model Checking Continuous-Time Markov Chains Joost-Pieter Katoen Software Modeling and Verification Group RWTH Aachen University associated to University of Twente, Formal Methods and Tools Lecture at Quantitative Model Checking School, March

672 views • 66 slides
Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model checking historically not the first symbolic model checking approach scales better than original BDD based techniques mostly incomplete in

521 views • 28 slides
CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms

CTL Chapter 6 Part 2 Overview Review CTL Model Checking CTL model Checking algorithms for ( U ) Counter Examples and witnesses Symbolic Model Checking (Thursday) Binary Decision Trees

740 views • 40 slides
Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic

Software Model Checking Software Model Checking via Static and Dynamic via Static and Dynamic Program Analysis Program Analysis Patrice Godefroid Godefroid Patrice Bell Laboratories, Lucent Technologies Bell Laboratories, Lucent

1.05k views • 56 slides
Lecture 1: Introduction to model checking B. Srivathsan Chennai Mathematical Institute Model

Lecture 1: Introduction to model checking B. Srivathsan Chennai Mathematical Institute Model

Lecture 1: Introduction to model checking B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2015 1 / 25 What are we interested in? 2 / 25 What are we interested in? Software Controllers Code

1.05k views • 40 slides
Temporal Logic and Model Checking Model mathematical structure extracted from hardware or

Temporal Logic and Model Checking Model mathematical structure extracted from hardware or

Temporal Logic and Model Checking Model mathematical structure extracted from hardware or software Temporal logic provides a language for specifying functional properties Model checking checks whether a given property holds

1.56k views • 131 slides
Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of

Hoare Logic and Model Checking Model Checking But perhaps theres a clever way of compiling one into the other? Both have very different models of time How do they compare? We have seen two widely used temporal logics Relative

510 views • 10 slides
Acknowledgements Acknowl edgements Software M So ftware Mode odel Check Checking Us ng

Acknowledgements Acknowl edgements Software M So ftware Mode odel Check Checking Us ng

Acknowledgements Acknowl edgements Software M So ftware Mode odel Check Checking Us ng Using Bogor ng Bogor a Mod Modular an r and E Extensible Model Model Che Checking ng F Frame amework Work on Cadena has been carried out

421 views • 21 slides
Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL

Hoare Logic and Model Checking 1. You should be able to model simple systems in NuSMV, an LTL Other interesting books: Model Checking by Clarke, Grumberg, and Peled Principles of Model Checking by Baier and Katoen 3 Course

636 views • 11 slides
IC3 Software Model Checking on Control Flow Automata Tim Lange 1 Martin R. Neuhuer 2 Thomas

IC3 Software Model Checking on Control Flow Automata Tim Lange 1 Martin R. Neuhuer 2 Thomas

IC3 Software Model Checking on Control Flow Automata Tim Lange 1 Martin R. Neuhuer 2 Thomas Noll 1 1 Software Modeling and Verification Group, RWTH Aachen 2 Siemens AG FMCAD 2015 at Austin, TX, USA, September 29, 2015 Introduction Outline

941 views • 42 slides
Software Model Checking with Ultimate Jochen Hoenicke Albert-Ludwigs-Universit at Freiburg,

Software Model Checking with Ultimate Jochen Hoenicke Albert-Ludwigs-Universit at Freiburg,

Software Model Checking with Ultimate Jochen Hoenicke Albert-Ludwigs-Universit at Freiburg, Germany July 3rd &amp; 5th, 2019 Jochen Hoenicke (Uni Freiburg) Software Model Checking with Ultimate 3 Jul 2019 1 / 65 Brief History of Model

1.58k views • 140 slides
SMT-based model checking techniques for formal software verification of synchronous dataflow

SMT-based model checking techniques for formal software verification of synchronous dataflow

An insight into SMT-based model checking techniques for formal software verification of synchronous dataflow programs Jonathan Laurent Ecole Normale Sup erieure, National Institute of Aerospace, NASA Langley Research Center August 11 th ,

1.01k views • 67 slides

More recommend