Putting the Squeeze on Array Programs: Loop Verification via Inductive Rank Reduction

Ish-Shalom, Oren; Itzhaky, Shachar; Rinetzky, Noam; Shoham, Sharon

doi:10.1007/978-3-030-39322-9_6

Cited by 11 publications

(16 citation statements)

References 55 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The effectiveness of quantifier-free interpolation in the theory of arrays with maxdiff is exemplified in the simple example of Figure 1: the invariant certifying the assert in line 7 of the Strcpy algorithm can be obtained taking a suitable quantifier-free interpolant out of the spurious trace (1) already for n = 2. In more realistic examples, as witnessed by current research [2,3,4,5,16,22,25,13], it is quite clear that useful invariants require universal quantifiers to be expressed and if undecidable fragments are invaded, incomplete solvers must be used. However, even in such circumstances, quantifier-free interpolation does not lose its interest: for instance, the tool Booster [5] 6 synthesizes universally quantified invariants out of quantifer-free interpolants (quantifier-free interpolation problems are generated by negating and skolemizing universally quantified formulae arising during invariants search, see [4] for details).…”

Section: Introductionmentioning

confidence: 99%

Interpolation and Amalgamation for Arrays with MaxDiff

Ghilardi

Gianola

Kapur

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In this paper, the theory of McCarthy’s extensional arrays enriched with a maxdiff operation (this operation returns the biggest index where two given arrays differ) is proposed. It is known from the literature that a diff operation is required for the theory of arrays in order to enjoy the Craig interpolation property at the quantifier-free level. However, the diff operation introduced in the literature is merely instrumental to this purpose and has only a purely formal meaning (it is obtained from the Skolemization of the extensionality axiom). Our maxdiff operation significantly increases the level of expressivity; however, obtaining interpolation results for the resulting theory becomes a surprisingly hard task. We obtain such results via a thorough semantic analysis of the models of the theory and of their amalgamation properties. The results are modular with respect to the index theory and it is shown how to convert them into concrete interpolation algorithms via a hierarchical approach.

show abstract

Section: Introductionmentioning

confidence: 99%

Interpolation and Amalgamation for Arrays with MaxDiff

Ghilardi

Gianola

Kapur

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Both are based on induction over time along an execution. This paper is inspired by previous work [22] showing that verification can also be done when the induction is performed on the size (rank) of the state rather than on the number of iterations, where the size of the state may correspond, e.g., to the size of an unbounded data structure. We argue that similar concepts can be applied in a framework for complexity classification.…”

Section: Overviewmentioning

confidence: 99%

“…We observed that all the aforementioned functions are simple enough entities, that can be expressed through a strict syntax using first order logic. Similar to [22], we apply a generate-and-test synthesis procedure to enumerate a space of possible expressions representing them. This process is explained in Section 4.…”

Section: Defining a Partitionmentioning

confidence: 99%

“…Our approach relies on the notion of state squeezers [22], previously used exclusively for the verification of safety properties. We present a novel aspect where the same squeezers can be used to determine complexity bounds, by replacing the safety property check with trace length judgements.…”

Section: Introductionmentioning

confidence: 99%

“…This is achieved by a certain form of simulation that is parameterized by stuttering shapes (for the lengths) and by means of a rank bounding function (for the ranks). Furthermore, while [22] limits each trace to relate to a single lower-rank trace, we have found that it is sometimes beneficial to employ a decomposition of the original trace into several consecutive trace segments, so that each segment corresponds to some (possibly different) lower-rank trace.The segmentation simplifies the analysis of the length of the entire trace, since it creates sub-analyses that are easier to carry out, and the sum of which gives the desired recurrence formula. This also enables a richer set of recurrences to be constructed automatically, namely non-single recurrences (meaning that the recursive reference may appear more than once on the right hand side of the equation).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Run-time Complexity Bounds Using Squeezers

Ish-Shalom

Itzhaky

Rinetzky

et al. 2021

Programming Languages and Systems

Self Cite

View full text Add to dashboard Cite

Determining upper bounds on the time complexity of a program is a fundamental problem with a variety of applications, such as performance debugging, resource certification, and compile-time optimizations. Automated techniques for cost analysis excel at bounding the resource complexity of programs that use integer values and linear arithmetic. Unfortunately, they fall short when execution traces become more involved, esp. when data dependencies may affect the termination conditions of loops. In such cases, state-of-the-art analyzers have shown to produce loose bounds, or even no bound at all.We propose a novel technique that generalizes the common notion of recurrence relations based on ranking functions. Existing methods usually unfold one loop iteration, and examine the resulting relations between variables. These relations assist in establishing a recurrence that bounds the number of loop iterations. We propose a different approach, where we derive recurrences by comparing whole traces with whole traces of a lower rank, avoiding the need to analyze the complexity of intermediate states. We offer a set of global properties, defined with respect to whole traces, that facilitate such a comparison, and show that these properties can be checked efficiently using a handful of local conditions. To this end, we adapt state squeezers, an induction mechanism previously used for verifying safety properties. We demonstrate that this technique encompasses the reasoning power of bounded unfolding, and more. We present some seemingly innocuous, yet intricate, examples where previous tools based on cost relations and control flow analysis fail to solve, and that our squeezer-powered approach succeeds.

show abstract

An SMT Encoding of LLVM’s Memory Model for Bounded Translation Validation

Lee

Kim

Hur

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Several automatic verification tools have been recently developed to verify subsets of LLVM’s optimizations. However, none of these tools has robust support to verify memory optimizations.In this paper, we present the first SMT encoding of LLVM’s memory model that 1) is sufficiently precise to validate all of LLVM’s intra-procedural memory optimizations, and 2) enables bounded translation validation of programs with up to hundreds of thousands of lines of code. We implemented our new encoding in Alive2, a bounded translation validation tool, and used it to uncover 21 new bugs in LLVM memory optimizations, 10 of which have been already fixed. We also found several inconsistencies in LLVM IR’s official specification document (LangRef) and fixed LLVM’s code and the document so they are in agreement.

show abstract

Putting the Squeeze on Array Programs: Loop Verification via Inductive Rank Reduction

Cited by 11 publications

References 55 publications

Interpolation and Amalgamation for Arrays with MaxDiff

Interpolation and Amalgamation for Arrays with MaxDiff

Run-time Complexity Bounds Using Squeezers

An SMT Encoding of LLVM’s Memory Model for Bounded Translation Validation

Contact Info

Product

Resources

About