![Page 1: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/1.jpg)
A specialization calculus for program verification
Cristian GherghinaJoint work with:
Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin
![Page 2: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/2.jpg)
Focus
Logics with inductive predicates provide an expressive abstraction mechanism
Becoming popular in the field of program analysis
Tricky to efficiently reason with
2
![Page 3: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/3.jpg)
Folding/Unfolding Given a predicate definition
Unfolding performance loss Unfolded states are costlier due to disjunctions
3
Unfolding
Folding
![Page 4: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/4.jpg)
Proposal
We introduce a sound and complete calculus to support pruning of infeasible disjuncts
Use predicate specialization.Benefits:
eagerly discards unsatisfiable disjunctsstate in abstracted form
4
![Page 5: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/5.jpg)
OverviewMotivating example
Informal description of the calculus
Predicate Specialization
Annotation inference
Experiments
5
![Page 6: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/6.jpg)
Motivating Example
6
![Page 7: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/7.jpg)
Consider the entailment:
The LHS unfolds to:
Motivation
7
![Page 8: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/8.jpg)
Performance penaltiesUnfold operations are followed by costly
satisfiability checks
The remaining satisfiable disjuncts expose considerable information Detailed information not always needed Reasoning with larger formulas is inherently costly
8
![Page 9: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/9.jpg)
OverviewMotivating example
Informal description of the calculus
Predicate Specialization
Correctness
Experiments
9
![Page 10: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/10.jpg)
Predicate definition changes
10
Invariant family
Pruning conditions
![Page 11: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/11.jpg)
The previous entailment with annotations
Predicate specialization , for list x1. Pruning
2. Invariant enrichment
Entailment - revisited
11
![Page 12: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/12.jpg)
Predicate specialization, for list y
1. Pruning
2. Invariant enrichment
Entailment - revisited
12
![Page 13: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/13.jpg)
OverviewMotivating example
Informal description of the calculus
Predicate Specialization
Annotation inference
Experiments
13
![Page 14: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/14.jpg)
Predicate Specialization Convention:
We will use the term context ( C ) to denote the pure part of the formula
The rationale is that C will be the context in which predicate specialization takes place
14
![Page 15: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/15.jpg)
Predicate SpecializationPredicate specialization
Aims forfewer viable branches : L2L1 fewer possible pruning conditions : R2
R1 stronger context : C1 C2
15
![Page 16: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/16.jpg)
Given
1. Pick a pruning condition 2. Drop the infeasible branches from L3. Enrich the context 4. Drop irrelevant pruning conditions
Predicate Specialization
16
![Page 17: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/17.jpg)
L={1,2} ; C : ;
1. From pick:
Contradicts with C : -> such checks can be syntactic
2. Drop infeasible branches :
3. Add the invariant of to C C1 :
4. Drop irrelevant pruning conditions
17
![Page 18: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/18.jpg)
Irrelevant pruning conditionsGiven:
C : L : {1}
Result:
18
![Page 19: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/19.jpg)
Predicate specialization gains
Simple implication checks (mostly syntactic)
Considerable drop in formula size after an unfold
Increase in formula information without an unfold
19
![Page 20: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/20.jpg)
OverviewMotivating example
Informal description of the calculus
Predicate Specialization
Annotation inference
Experiments
20
![Page 21: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/21.jpg)
Annotation inference
We need a mechanism for computing
Invariant family Pruning conditions
21
![Page 22: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/22.jpg)
Inferring the invariant familyGiven a predicate definition
Compute fixpoint for the predicate definition
For each possible set of branches compute a conjunctive invariant
22
![Page 23: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/23.jpg)
Inferring the invariant family (for dll)1. Replace recursive points with , the fixpoint of2. For each possible subset of the branches:
23
Branch
{1}{2}{1,2}
Pick the pure part of the branches root=null ( root=null) ∨
Transform to simple constraints root=null
( root=null) ∨()
Approximate to a conjunction root=null
![Page 24: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/24.jpg)
Inferring the pruning conditionsGiven a predicate definition and the invariant
families
Compute an approximation of the closure of branch invariants
For each atomic constraint in all closures construct the list of branches in which it appears (by which it is implied)
24
![Page 25: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/25.jpg)
Inferring the pruning conditionsCompute an approximation of the transitive closure of each
branch invariant
Group all branches that imply an atomic constraint
25
Branch
branch invariant Transitive closure
{1} root=null root=null{2} {1,2} Guard Branch
esGuard Branch
es
{1}Guard Branche
s
![Page 26: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/26.jpg)
OverviewMotivating example
Informal description of the calculus
Predicate Specialization
Annotation inference
Experiments
26
![Page 27: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/27.jpg)
ExperimentsAdded the calculus to a program verifier
(HIP)Verified functional correctness for small and
medium-sized programs with moderate complexity.
A benchmark of 17 small programs (7% faster)Singly, doubly, sorted and circular linked lists, selection-
sort, insertion- sort, methods for handling heaps an perfect trees
Complex shapes and invariants (12-90% faster) Red black trees, balanced binary trees, quick sort,
merge sort
27
![Page 28: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/28.jpg)
28
17 small progs
Bubblesort
Quicksort
Mergesort
Complete
AVL (h, s,b)
Heap Trees
AVL (h, s)
AVL (h, s, s)
Red Black
0
20
40
60
80
100
Avg. Dis-juncts
Avg. Size
Time
HIP %
HIP + Spec :
Changes
Formula size 13%
Disjuncts per formula 36%
Total verification time 15%
![Page 29: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/29.jpg)
ConclusionsPresented an effective, sound and complete
calculus for predicate specialization
Application of the calculus benefits in two ways: Keep abstraction, where possible Improve verification performance by
Pruning unsatisfiable disjuncts Propagate invariant constraints Various optimization techniques (details in paper).
29
![Page 30: Cristian Gherghina Joint work with: Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin TexPoint fonts used in EMF. Read the TexPoint](https://reader035.vdocument.in/reader035/viewer/2022062321/56649e105503460f94afabc5/html5/thumbnails/30.jpg)
Questions?
Thank you!
30