Quantifiers on Demand

Gurfinkel, Arie; Shoham, Sharon; Vizel, Yakir

doi:10.1007/978-3-030-01090-4_15

Cited by 37 publications

(39 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, one can represent the memory state as a pair of an array h and an index sp indicating the maximum index that has been allocated so far. Finding quantified invariants is known to be difficult in general despite active studies on it [41,2,36,26,19] and most current array-supporting CHC solvers give up finding quantified invariants. In general, much more complex operations on pointers can naturally take place, which makes the universally quantified invariants highly involved and hard to automatically find.…”

Section: Challenges In Verifying Pointer-manipulating Programsmentioning

confidence: 99%

RustHorn: CHC-Based Verification for Rust Programs

Matsushita¹,

Tsukada²,

Kobayashi³

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Reduction to the satisfiablility problem for constrained Horn clauses (CHCs) is a widely studied approach to automated program verification. The current CHC-based methods for pointer-manipulating programs, however, are not very scalable. This paper proposes a novel translation of pointer-manipulating Rust programs into CHCs, which clears away pointers and heaps by leveraging ownership. We formalize the translation for a simplified core of Rust and prove its correctness. We have implemented a prototype verifier for a subset of Rust and confirmed the effectiveness of our method. 17 The first character of each variable indicates the pointer kind (o/m corresponds to own/mutα). We swap the branches of the match statement in take-max, to fit the order to C/Rust's if.

show abstract

Section: Challenges In Verifying Pointer-manipulating Programsmentioning

confidence: 99%

RustHorn: CHC-Based Verification for Rust Programs

Matsushita¹,

Tsukada²,

Kobayashi³

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…We have compared our tool with Spacer (Z3 v4.8.3) [26], that implements a recent QUIC3 [22] algorithm, Booster (v0.2) [2], VIAP (v1.0) [35], and Veri-Abs (v1.3.10) [11]. The last two tools performed well in the ReachSafety Array subcategory at SVCOMP 2019 4 .…”

Section: Discussionmentioning

confidence: 99%

Quantified Invariants via Syntax-Guided Synthesis

Fedyukovich

Prabhu

Madhukar

et al. 2019

Computer Aided Verification

View full text Add to dashboard Cite

Programs with arrays are ubiquitous. Automated reasoning about arrays necessitates discovering properties about ranges of elements at certain program points. Such properties are formally specified by universally quantified formulas, which are difficult to find, and difficult to prove inductive. In this paper, we propose an algorithm based on an enumerative search that discovers quantified invariants in stages. First, by exploiting the program syntax, it identifies ranges of elements accessed in each loop. Second, it identifies potentially useful facts about individual elements and generalizes them to hypotheses about entire ranges. Finally, by applying recent advances of SMT solving, the algorithm filters out wrong hypotheses. The combination of properties is often enough to prove that the program meets a safety specification. The algorithm has been implemented in a solver for Constrained Horn Clauses, Freq-Horn, and extended to deal with multiple (possibly nested) loops. We show that FreqHorn advances state-of-the-art on a wide range of public array-handling programs.

show abstract

“…Specifically, (i) we do not require explicit or implicit loop-specific invariants to be provided by the user or generated by a solver (viz. by constrained Horn clause solvers [20,14,9] or recurrence solvers [25,16]), (ii) we induct on the full program (possibly containing multiple loops) with parameter N and not on iterations of individual loops in the program, and (iii) we perform non-trivial correctby-construction code transformations, whenever feasible, to simplify the inductive step of reasoning. The combination of these factors often reduces reasoning about a program with multiple loops to reasoning about one with fewer (sometimes even none) and "simpler" loops, thereby simplifying proof goals.…”

Section: Introductionmentioning

confidence: 99%

“…Among techniques that do not require explicit inductive invariants or mid-conditions for each loop, there are some that require loop invariants to be implicitly generated by a constraint solver. These include techniques based on constrained Horn clause solving [20,14,9,23], acceleration and lazy interpolation for arrays [1] and those that use inductively defined predicates and recurrence solving [25,16], among others. Thanks to the impressive capabilities of modern constraint solvers and the effectiveness of carefully tuned heuristics for stringing together multiple solvers, this approach has shown a lot of promise in recent years.…”

Section: Introductionmentioning

confidence: 99%

Verifying Array Manipulating Programs with Full-Program Induction

Chakraborty

Gupta

Unadkat

2020

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

We present a full-program induction technique for proving (a sub-class of) quantified as well as quantifier-free properties of programs manipulating arrays of parametric size N . Instead of inducting over individual loops, our technique inducts over the entire program (possibly containing multiple loops) directly via the program parameter N . Significantly, this does not require generation or use of loop-specific invariants. We have developed a prototype tool Vajra to assess the efficacy of our technique. We demonstrate the performance of Vajra vis-a-vis several state-of-the-art tools on a set of array manipulating benchmarks. // assume(true) 1. for (int t1=0; t1

show abstract

Quantifiers on Demand

Cited by 37 publications

References 31 publications

RustHorn: CHC-Based Verification for Rust Programs

RustHorn: CHC-Based Verification for Rust Programs

Quantified Invariants via Syntax-Guided Synthesis

Verifying Array Manipulating Programs with Full-Program Induction

Contact Info

Product

Resources

About