Predicate pairing for program verification. (English) Zbl 1478.68153
Summary: It is well-known that the verification of partial correctness properties of imperative programs can be reduced to the satisfiability problem for constrained Horn clauses (CHCs). However, state-of-the-art solvers for constrained Horn clauses (or CHC solvers) based on predicate abstraction are sometimes unable to verify satisfiability because they look for models that are definable in a given class \(\mathcal{A}\) of constraints, called \(\mathcal{A}\)-definable models. We introduce a transformation technique, called Predicate Pairing, which is able, in many interesting cases, to transform a set of clauses into an equisatisfiable set whose satisfiability can be proved by finding an \(\mathcal{A}\)-definable model, and hence can be effectively verified by a state-of-the-art CHC solver. In particular, we prove that, under very general conditions on \(\mathcal{A}\), the unfold/fold transformation rules preserve the existence of an \(\mathcal{A}\)-definable model, that is, if the original clauses have an \(\mathcal{A}\)-definable model, then the transformed clauses have an \(\mathcal{A}\)-definable model. The converse does not hold in general, and we provide suitable conditions under which the transformed clauses have an \(\mathcal{A}\)-definable model if and only if the original ones have an \(\mathcal{A}\)-definable model. Then, we present a strategy, called Predicate Pairing, which guides the application of the transformation rules with the objective of deriving a set of clauses whose satisfiability problem can be solved by looking for \(\mathcal{A}\)-definable models. The Predicate Pairing (PP) strategy introduces a new predicate defined by the conjunction of two predicates occurring in the original set of clauses, together with a conjunction of constraints. We will show through some examples that an \(\mathcal{A}\)-definable model may exist for the new predicate even if it does not exist for its defining atomic conjuncts. We will also present some case studies showing that Predicate Pairing plays a crucial role in the verification of relational properties of programs, that is, properties relating two programs (such as program equivalence) or two executions of the same program (such as non-interference). Finally, we perform an experimental evaluation of the proposed techniques to assess the effectiveness of Predicate Pairing in increasing the power of CHC solving.
MSC:
| 68Q60 | Specification and verification (program logics, model checking, etc.) |
| 03B70 | Logic in computer science |
| 68N17 | Logic programming |
Keywords:
program verification; constrained Horn clauses; constraint logic programming; program transformation; relational properties of programsSoftware:
ECCEReferences:
| [1] | AlbertE., Gómez-ZamalloaM., HubertL. and PueblaG.2007. Verification of Java bytecode using analysis and transformation of logic programs. In Proc. of Practical Aspects of Declarative Languages, M.Hanus, Ed., Lecture Notes in Computer Science, Vol. 4354. Springer, 124-139. |
| [2] | BartheG., CrespoJ. M. and KunzC.2011. Relational verification using product programs. In Proc. of FM 2011: Formal Methods - 17th International Symposium on Formal Methods, Limerick, Ireland, June 20-24, 2011. Lecture Notes in Computer Science, Vol. 6664. Springer, 200-214. |
| [3] | BenoyF. and KingA.1997. Inferring argument size relationships with CLP(R). In Proc. of the 6th International Workshop on Logic Program Synthesis and Transformation, LOPSTR’96, Stockholm, Sweden, August 28-30, 1996, J. P.Gallagher, Ed., Lecture Notes in Computer Science, Vol. 1207. Springer, 204-223. |
| [4] | BentonN.2004. Simple relational correctness proofs for static analyses and program transformations. In Proc. of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2004, Venice, Italy, January 14-16, 2004. ACM, 14-25. · Zbl 1325.68057 |
| [5] | BjørnerN., GurfinkelA., McMillanK. L. and RybalchenkoA.2015. Horn clause solvers for program verification. In Fields of Logic and Computation II - Essays Dedicated to Yuri Gurevich on the Occasion of His 75th Birthday, L. D.Beklemishev, A.Blass, N.Dershowitz, B.Finkbeiner, and W.Schulte, Eds., Lecture Notes in Computer Science, Vol. 9300. Springer, Switzerland, 24-51. · Zbl 1465.68044 |
| [6] | BradleyA. R., MannaZ. and SipmaH. B.2006. What’s decidable about arrays? In Proc. of the 7th International Conference on Verification, Model Checking, and Abstract Interpretation. VMCAI ’06. Lecture Notes in Computer Science, Vol. 3855. Springer, 427-442. · Zbl 1176.68116 |
| [7] | ChakiS., GurfinkelA. and StrichmanO.2012. Regression verification for multi-threaded programs. In Proc. of Verification, Model Checking, and Abstract Interpretation - 13th International Conference, VMCAI 2012, Philadelphia, PA, USA, January 22-24, 2012, V.Kuncak and A.Rybalchenko, Eds., Lecture Notes in Computer Science, Vol. 7148. Springer, 119-135. · Zbl 1325.68060 |
| [8] | CiobâcăS., LucanuD., RusuV. and RosuG.2014. A language-independent proof system for mutual program equivalence. In Proc. of Formal Methods and Software Engineering - 16th International Conference on Formal Engineering Methods, ICFEM 2014, Luxembourg, Luxembourg, November 3-5, 2014, S.Merz and J.Pang, Eds., Lecture Notes in Computer Science, Vol. 8829. Springer, 75-90. |
| [9] | CousotP. and CousotR.1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximation of fixpoints. In Proc. of the 4th ACM-SIGPLAN Symposium on Principles of Programming Languages, POPL ’77. ACM, 238-252. |
| [10] | De AngelisE., FioravantiF., PettorossiA. and ProiettiM.2014a. Program verification via iterated specialization. Science of Computer Programming 95, Part 2, 149-175. Selected and extended papers from Partial Evaluation and Program Manipulation 2013. |
| [11] | DeAngelis, E., FioravantiF., PettorossiA. and ProiettiM.2014b. VeriMAP: A tool for verifying programs through transformations. In Proc. of the 20th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS ’14. Lecture Notes in Computer Science, Vol. 8413. Springer, 568-574. Available at: http://www.map.uniroma2.it/VeriMAP. |
| [12] | De AngelisE., FioravantiF., PettorossiA. and ProiettiM.2015a. Proving correctness of imperative programs by linearizing constrained Horn clauses. Theory and Practice of Logic Programming15, 4-5, 635-650.10.1017/S1471068415000289S1471068415000289 · Zbl 1379.68093 · doi:10.1017/S1471068415000289 |
| [13] | De AngelisE., FioravantiF., PettorossiA. and ProiettiM.2015b. A rule-based verification strategy for array manipulating programs. Fundamenta Informaticae140, 3-4, 329-355.10.3233/FI-2015-1257 · Zbl 1348.68131 · doi:10.3233/FI-2015-1257 |
| [14] | DeAngelis, E., FioravantiF., PettorossiA., and ProiettiM.2016. Relational verification through Horn clause transformation. In Proc. of the 23rd International Symposium on Static Analysis, SAS 2016, Edinburgh, UK, September 8-10, 2016, X.Rival, Ed., Lecture Notes in Computer Science, Vol. 9837. Springer, 147-169. · Zbl 1394.68227 |
| [15] | DeAngelis, E., FioravantiF., PettorossiA. and ProiettiM.2017. Semantics-based generation of verification conditions via program specialization. Science of Computer Programming147, 3-4, 78-108.10.1016/j.scico.2016.11.002 · doi:10.1016/j.scico.2016.11.002 |
| [16] | deMoura, L. M. and BjørnerN.2008. Z3: An efficient SMT solver. In Proc. of the 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS ’08. Lecture Notes in Computer Science, Vol. 4963. Springer, 337-340. |
| [17] | DeSchreye, D., GlückR., JørgensenJ., LeuschelM., MartensB. and SørensenM. H.1999. Conjunctive partial deduction: Foundations, control, algorithms, and experiments. Journal of Logic Programming41, 2-3, 231-277.10.1016/S0743-1066(99)00030-8 · Zbl 0944.68025 · doi:10.1016/S0743-1066(99)00030-8 |
| [18] | DebrayS. K. and RamakrishnanR.1994. Abstract interpretation of logic programs using magic transformations. Journal of Logic Programming18, 149-176.10.1016/0743-1066(94)90050-7 · Zbl 0795.68037 · doi:10.1016/0743-1066(94)90050-7 |
| [19] | EtalleS. and GabbrielliM.1996. Transformations of CLP modules. Theoretical Computer Science166, 101-146.10.1016/0304-3975(95)00148-4 · Zbl 0872.68021 · doi:10.1016/0304-3975(95)00148-4 |
| [20] | FedyukovichG., GurfinkelA. and SharyginaN.2016. Property directed equivalence via abstract simulation. In Proc. of Computer Aided Verification: 28th International Conference, CAV 2016, Part II, Toronto, Canada, July 17-23, 2016, S.Chaudhuri and A.Farzan, Eds., Lecture Notes in Computer Science, Vol. 7792. Springer International Publishing. · Zbl 1411.68065 |
| [21] | FelsingD., GrebingS., KlebanovV., RümmerP. and UlbrichM.2014. Automating regression verification. In Proc. of ACM/IEEE International Conference on Automated Software Engineering, ASE ’14, Vasteras, Sweden - September 15-19, 2014, I.Crnkovic, M.Chechik, and P.Grünbacher, Eds., 349-360. |
| [22] | GantyP., IosifR. and KonečnýF.2013. Underapproximation of procedure summaries for integer programs. In Proc. of Tools and Algorithms for the Construction and Analysis of Systems: 19th International Conference, TACAS 2013, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2013, Rome, Italy, March 16-24, 2013, N.Piterman, Scott A.Smolka, Eds., Lecture Notes in Computer Science, Vol. 7795. Springer, 245-259. · Zbl 1381.68052 |
| [23] | GodlinB. and StrichmanO.2008. Inference rules for proving the equivalence of recursive procedures. Acta Informatica45, 6, 403-439.10.1007/s00236-008-0075-2 · Zbl 1161.68013 · doi:10.1007/s00236-008-0075-2 |
| [24] | GrebenshchikovS., LopesN. P., PopeeaC. and RybalchenkoA.2012. Synthesizing software verifiers from proof rules. In Proc. of the ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’12. 405-416. |
| [25] | GurfinkelA., KahsaiT., KomuravelliA. and NavasJ.2015. The SeaHorn verification framework. In Proc. of Computer Aided Verification: 27th International Conference, CAV 2015, San Francisco, CA, USA, July 18-24, 2015. Lecture Notes in Computer Science 9206. Springer, 343-361. |
| [26] | HoareC.1969. An axiomatic basis for computer programming. Communications of the ACM12, 10 (October), 576-580.10.1145/363235.363259 · Zbl 0179.23105 · doi:10.1145/363235.363259 |
| [27] | HoderK., BjørnerN. and de MouraL. M.2011. μ Z- An efficient engine for fixed points with constraints. In Proc. of Computer Aided Verification, 23rd International Conference, CAV ’11, Snowbird, UT, USA, July 14-20, 2011, G.Gopalakrishnan and S.Qadeer, Eds., Lecture Notes in Computer Science, Vol. 6806. Springer, 457-462. |
| [28] | HojjatH., KonecnýF., GarnierF., IosifR., KuncakV. and RümmerP.2012. A verification toolkit for numerical transition systems. In Proc. of FM ’12: Formal Methods, 18th International Symposium, Paris, France, August 27-31, 2012, D.Giannakopoulou and D.Méry, Eds., Lecture Notes in Computer Science, Vol. 7436. Springer, 247-251. |
| [29] | JaffarJ. and MaherM.1994. Constraint logic programming: A survey. Journal of Logic Programming19/20, 503-581. · Zbl 0900.68127 |
| [30] | JaffarJ., SantosaA. and VoicuR.2009. An interpolation method for CLP traversal. In Principles and Practice of Constraint Programming, CP ’09, I.Gent, Ed., Lecture Notes in Computer Science, Vol. 5732. Springer, 454-469. |
| [31] | KafleB. and GallagherJ. P.2017a. Constraint specialisation in Horn clause verification. Science of Computer Programming137, 125-140.10.1016/j.scico.2017.01.002 · doi:10.1016/j.scico.2017.01.002 |
| [32] | KafleB. and GallagherJ. P.2017b. Horn clause verification with convex polyhedral abstraction and tree automata-based refinement. Computer Languages, Systems & Structures47, 2-18.10.1016/j.cl.2015.11.001 · Zbl 1379.68239 · doi:10.1016/j.cl.2015.11.001 |
| [33] | KafleB., GallagherJ. P., and MoralesJ. F.2016. RAHFT: A tool for verifying Horn clauses using abstract interpretation and finite tree automata. In Proc. of Computer Aided Verification - 28th International Conference, CAV 2016, Part I Toronto, ON, Canada, July 17-23, 2016. Lecture Notes in Computer Science, Vol. 9779. Springer, 261-268. |
| [34] | LahiriS. K., McMillanK. L., SharmaR. and HawblitzelC.2013. Differential assertion checking. In Proc. of Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE’13, Saint Petersburg, Russian Federation, August 18-26, 2013, B.Meyer, L.Baresi, and M.Mezini, Eds., ACM, 345-355. |
| [35] | LeroyX.2009. Formal verification of a realistic compiler. Communications of the ACM52, 7, 107-115.10.1145/1538788.1538814 · doi:10.1145/1538788.1538814 |
| [36] | LeuschelM. and BruynoogheM.2002. Logic program specialisation through partial deduction: Control issues. Theory and Practice of Logic Programming2, 4&5, 461-515.10.1017/S147106840200145X · Zbl 1105.68331 · doi:10.1017/S147106840200145X |
| [37] | LloydJ. W.1987. Foundations of Logic Programming. Springer-Verlag, Berlin. 2nd Edition. · Zbl 0668.68004 |
| [38] | LopesN. P. and MonteiroJ.2016. Automatic equivalence checking of programs with uninterpreted functions and integer arithmetic. International Journal on Software Tools for Technology Transfer18, 4, 359-374.10.1007/s10009-015-0366-1 · doi:10.1007/s10009-015-0366-1 |
| [39] | McMillanK. L. and RybalchenkoA.2013. Solving constrained Horn clauses using interpolation. MSR Technical Report 2013-6, Microsoft Report. |
| [40] | MendelsonE.1997. Introduction to Mathematical Logic. Chapman & Hall, London, UK. 4th Edition. · Zbl 0915.03002 |
| [41] | Méndez-LojoM., NavasJ. A. and HermenegildoM. V.2008. A flexible, (C)LP-based approach to the analysis of object-oriented programs. In Proc. of 17th International Symposium on Logic-Based Program Synthesis and Transformation, LOPSTR ’07, Kongens Lyngby, Denmark, August 23-24, 2007. Lecture Notes in Computer Science, Vol. 4915. Springer, 154-168. · Zbl 1179.68030 |
| [42] | MinéA.2006. The octagon abstract domain. Higher-Order and Symbolic Computation19, 1, 31-100.10.1007/s10990-006-8609-1 · Zbl 1105.68069 · doi:10.1007/s10990-006-8609-1 |
| [43] | PeraltaJ. C., GallagherJ. P. and SaglamH.1998. Analysis of imperative programs through analysis of constraint logic programs. In Proc. of the 5th International Symposium on Static Analysis, SAS ’98, G.Levi, Ed., Lecture Notes in Computer Science, Vol. 1503. Springer, 246-261. |
| [44] | PettorossiA. and ProiettiM.1994. Transformation of logic programs: Foundations and techniques. Journal of Logic Programming19,20, 261-320. · Zbl 0942.68528 |
| [45] | PodelskiA. and RybalchenkoA.2007. ARMC: The logical choice for software model checking with abstraction refinement. In Proc. of Practical Aspects of Declarative Languages, PADL ’07, M.Hanus, Ed., Lecture Notes in Computer Science, Vol. 4354. Springer, 245-259. |
| [46] | RümmerP., HojjatH. and KuncakV.2013. Disjunctive interpolants for Horn clause verification. In Proc. of the 25th International Conference on Computer Aided Verification, CAV ’13, Saint Petersburg, Russia, July 13-19, 2013, N.Sharygina and H.Veith, Eds., Lecture Notes in Computer Science, Vol. 8044. Springer, 347-363. |
| [47] | StrichmanO. and VeitsmanM.2016. Regression verification for unbalanced recursive functions. In Proc. of FM 2016: Formal Methods - 21st International Symposium, Limassol, Cyprus, November 9-11, 2016. Lecture Notes in Computer Science, Vol. 9995. Springer International Publishing, 645-658. · Zbl 1427.68055 |
| [48] | TamakiH. and SatoT.1984. Unfold/fold transformation of logic programs. In Proc. of the Second International Conference on Logic Programming, ICLP ’84, S.-Å.Tärnlund, Ed., Uppsala University, Uppsala, Sweden, 127-138. |
| [49] | VerdoolaegeS., JanssensG. and BruynoogheM.2012. Equivalence checking of static affine programs using widening to handle recurrences. ACM Trans. Program. Lang. Syst.34, 3, 11. · Zbl 1242.68076 |
| [50] | ZaksA. and PnueliA.2008. CoVaC: Compiler validation by program analysis of the cross-product. In Proc. of the 15th International Symposium on Formal Methods (FM 2008), Turku, Finland, May 26-30, 2008. J.Cuéllar, T. S. E.Maibaum, and K.Sere, Eds., Lecture Notes in Computer Science, Vol. 5014. Springer, 35-51. |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
