Systematic Predicate Abstraction Using Variable Roles

Demyanova, Yulia; Rümmer, Philipp; Zuleger, Florian

doi:10.1007/978-3-319-57288-8_18

Cited by 7 publications

(10 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For 17 of these 142 runs, LIA (incorrectly) verified the program to be safe whereas BV found a counter-example. Unexpectantly for trex03 trueunreach-call.i.annot.c from [12], LIA found a counter-example but BV verified safety. This program contains three integers, x1, x2 and x3, which can become negative in the idealised arithmetic employed in LIA, triggering an assertion.…”

Section: Methodsmentioning

confidence: 93%

“…The model checker is implemented in Python 3.7.2 and uses MathSAT5 [9] for satisfiability checking and interpolation over LIA. The model checker parses a subset of the C language, but is rich enough to handle 312 benchmarks drawn from [2,12]. The model checker was instantiated in one of three ways to use: (1) LIA interpolation [17]; (2) BV interpolation by covering the solutions of an LIA interpolate with columns (recall f 2 of section 2); and (3) BV interpolation by covering the solutions of an LIA interpolate using boxing, gapping and flipping.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Mind the Gap: Bit-vector Interpolation recast over Linear Integer Arithmetic

Okudono

King

2020

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

Much of an interpolation engine for bit-vector (BV) arithmetic can be constructed by observing that BV arithmetic can be modeled with linear integer arithmetic (LIA). Two BV formulae can thus be translated into two LIA formulae and then an interpolation engine for LIA used to derive an interpolant, albeit one expressed in LIA. The construction is completed by back-translating the LIA interpolant into a BV formula whose models coincide with those of the LIA interpolant. This paper develops a back-translation algorithm showing, for the first time, how back-translation can be universally applied, whatever the LIA interpolant. This avoids the need for deriving a BV interpolant by bit-blasting the BV formulae, as a backup process when back-translation fails. The new back-translation process relies on a novel geometric technique, called gapping, the correctness and practicality of which are demonstrated.

show abstract

Section: Methodsmentioning

confidence: 93%

Section: Methodsmentioning

confidence: 99%

Mind the Gap: Bit-vector Interpolation recast over Linear Integer Arithmetic

Okudono

King

2020

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

show abstract

“…d) Verification of C Programs: Since it is difficult to compare interpolation procedures outside of an application, we present results of running the ELDARICA version 2.0-alpha3 model checker 5 on a benchmark set of 551 C programs, using the implementation of our calculus in PRINCESS as interpolation procedure (Table I). The benchmarks are the programs used in [31] for evaluating different predicate generation strategies. The programs use only arithmetic operations, no arrays or heap data structures.…”

Section: Methodsmentioning

confidence: 99%

Bit-Vector Interpolation and Quantifier Elimination by Lazy Reduction

Backeman

Rümmer

Zeljić

2018

2018 Formal Methods in Computer Aided Design (FMCAD)

View full text Add to dashboard Cite

The inference of program invariants over machine arithmetic, commonly called bit-vector arithmetic, is an important problem in verification. Techniques that have been successful for unbounded arithmetic, in particular Craig interpolation, have turned out to be difficult to generalise to machine arithmetic: existing bit-vector interpolation approaches are based either on eager translation from bit-vectors to unbounded arithmetic, resulting in complicated constraints that are hard to solve and interpolate, or on bit-blasting to propositional logic, in the process losing all arithmetic structure. We present a new approach to bitvector interpolation, as well as bit-vector quantifier elimination (QE), that works by lazy translation of bit-vector constraints to unbounded arithmetic. Laziness enables us to fully utilise the information available during proof search (implied by decisions and propagation) in the encoding, and this way produce constraints that can be handled relatively easily by existing interpolation and QE procedures for Presburger arithmetic. The lazy encoding is complemented with a set of native proof rules for bit-vector equations and non-linear (polynomial) constraints, this way minimising the number of cases a solver has to consider.

show abstract

“…In this case, loop analysis will identify the term x -y as a useful expression (or interpolation template) in invariants, and interpolation abstraction will guide the interpolation process towards expressions that avoid the variables x, y, unless they occur in the context x -y. This approach enables ELDAR-ICA to rank interpolants according to their expected generality, and has been shown to speed up the solving process, as well as to significantly reduce the possibility of divergence [29], [14]. Interpolation templates can also be specified manually by the user to control the derived predicates.…”

Section: Convergence Heuristicsmentioning

confidence: 99%

“…The development of ELDARICA initially focused on the theory of unbounded linear integer arithmetic (LIA, quantifierfree Presburger arithmetic, but also including Booleans), for which efficient Craig interpolation is well understood. Among the supported theories, linear integer arithmetic in ELDARICA is at this point the most refined and mature, and has been evaluated extensively in previous work [22], [29], [14].…”

Section: Status Of Theory Support a Unbounded Integersmentioning

confidence: 99%

The ELDARICA Horn Solver

Hojjat

Rümmer

2018

2018 Formal Methods in Computer Aided Design (FMCAD)

View full text Add to dashboard Cite

This paper presents the ELDARICA version 2 model checker. Over the last years we have been developing and maintaining ELDARICA as a state-of-the-art solver for Horn clauses over integer arithmetic. In the version 2, we have extended the solver to support also algebraic data types and bit-vectors, theories that are commonly applied in verification, but currently unsupported by most Horn solvers. This paper describes the high-level structure of the tool and the interface that it provides to other applications. We also report on an evaluation of the tool. While some of the techniques in ELDARICA have been documented in research papers over the last years, this is the first tool paper describing ELDARICA in its entirety.

show abstract

Systematic Predicate Abstraction Using Variable Roles

Cited by 7 publications

References 22 publications

Mind the Gap: Bit-vector Interpolation recast over Linear Integer Arithmetic

Mind the Gap: Bit-vector Interpolation recast over Linear Integer Arithmetic

Bit-Vector Interpolation and Quantifier Elimination by Lazy Reduction

The ELDARICA Horn Solver

Contact Info

Product

Resources

About