Array Abstraction with Symbolic Pivots

Hähnle, Reiner; Wasser, Nathan; Bubel, Richard

doi:10.1007/978-3-319-30734-3_9

Reiner Hähnle¹⁶,
Nathan Wasser¹⁶ &
Richard Bubel¹⁶

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9660))

921 Accesses
1 Citations

Abstract

We present a novel approach to automatically generate invariants for loops manipulating arrays. The intention is to achieve formal verification of programs over arrays without the need for user-specified loop invariants. Many loops iterate and manipulate collections. Finding useful, i.e., sufficiently precise invariants for those loops is a challenging task, in particular, if the iteration order is complex. Our approach partitions an array and provides an abstraction for each of these partitions. Symbolic pivot elements are used to compute the partitions. In addition we integrate a faithful and precise program logic for sequential (Java) programs with abstract interpretation using an extensible multi-layered framework to compute array invariants. The presented approach has been implemented. Results of experiments are reported.

The work has been funded by the DFG priority program 1496 Reliably Secure Software Systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
While programs themselves are deterministic, we can introduce at least some non-determinism through the symbolic input values, which while having a single value in each model leave open which model is under consideration.
2.
The limitation to only finite ascending chains ensures termination of our approach without the need to introduce widening operators. An extension to infinite chains with widening would be easily realizable, but so far was unnecessary.
3.
Note choosing the range \([0..\texttt {i})\) for the array b is sound even when \(\texttt {i} \ge \texttt {b.length}\), as an uncaught ArrayIndexOutOfBoundsException is treated as non-termination.
4.
Later we also examine each array access (read or write) in if-conditions to gain invariants such as \(\forall k \in [0..\texttt {j}).\ \chi _{>}( select (\texttt {heap}, \texttt {a}, k))\) in the example above.

References

Bubel, R., Hähnle, R., Weiß, B.: Abstract interpretation of symbolic execution with explicit state updates. In: de Boer, F.S., Bonsangue, M.M., Madelaine, E. (eds.) FMCO 2008. LNCS, vol. 5751, pp. 247–277. Springer, Heidelberg (2009)
Chapter Google Scholar
Beckert, B., Hähnle, R., Schmitt, P.H. (eds.): Verification of Object-Oriented Software. LNCS (LNAI), vol. 4334. Springer, Heidelberg (2007)
Google Scholar
Weiß, B.: Deductive Verification of Object-Oriented Software – Dynamic Frames, Dynamic Logic and Predicate Abstraction. Ph.D. thesis, KIT., January 2011
Google Scholar
Rümmer, P.: Sequential, parallel, and quantified updates of first-order structures. In: Hermann, M., Voronkov, A. (eds.) LPAR 2006. LNCS (LNAI), vol. 4246, pp. 422–436. Springer, Heidelberg (2006)
Chapter Google Scholar
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: 4th Symposium on Principles of Programming Languages (POPL), pp. 238–252. ACM (1977)
Google Scholar
Wasser, N., Bubel, R., Hähnle, R.: TR: array abstraction with symbolic pivots. Technical report, Department of Computer Science, Technische Universität Darmstadt, Germany, August 2015
Google Scholar
McMillan, K.L.: Quantified invariant generation using an interpolating saturation prover. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 413–427. Springer, Heidelberg (2008)
Chapter Google Scholar
Gulwani, S., McCloskey, B., Tiwari, A.: Lifting abstract interpreters to quantified logical domains. SIGPLAN Not. 43(1), 235–246 (2008)
Article MATH Google Scholar
Halbwachs, N., Péron, M.: Discovering properties about arrays in simple programs. SIGPLAN Not. 43(6), 339–348 (2008)
Article Google Scholar
Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software. In: Mogensen, T.Æ., Schmidt, D.A., Sudborough, I.H. (eds.) The Essence of Computation. LNCS, vol. 2566, pp. 85–108. Springer, Heidelberg (2002)
Chapter Google Scholar
Dillig, I., Dillig, T., Aiken, A.: Fluid updates: beyond strong vs. weak updates. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 246–266. Springer, Heidelberg (2010)
Chapter Google Scholar
Kovács, L., Voronkov, A.: Finding loop invariants for programs over arrays using a theorem prover. In: Chechik, M., Wirsing, M. (eds.) FASE 2009. LNCS, vol. 5503, pp. 470–485. Springer, Heidelberg (2009)
Chapter Google Scholar
Jhala, R., McMillan, K.L.: Array abstractions from proofs. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 193–206. Springer, Heidelberg (2007)
Chapter Google Scholar
Cousot, P., Cousot, R., Logozzo, F.: A parametric segmentation functor for fully automatic and scalable array content analysis. In: Proceedings of the 38th Symposium on Principles of Programming Languages, POPL 2011, pp. 105–118. ACM (2011)
Google Scholar
Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855. Springer, Heidelberg (2000)
Chapter Google Scholar
Gopan, D., Reps, T., Sagiv, M.: A framework for numeric analysis of array operations. SIGPLAN Not. 40(1), 338–350 (2005)
Article Google Scholar
de Boer, F.S., de Gouw, S.: Being and change: reasoning about invariance. In: Meyer, R., Platzer, A., Wehrheim, H. (eds.) Olderog-Festschrift. LNCS, vol. 9360, pp. 191–204. Springer, Heidelberg (2015). doi:10.1007/978-3-319-23506-6_13
Chapter Google Scholar
Hentschel, M., Käsdorf, S., Hähnle, R., Bubel, R.: An interactive verification tool meets an IDE. In: Proceedings of the 11th International Conference on Integrated Formal Methods, pp. 55–70 (2014)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, Technische Universität Darmstadt, Darmstadt, Germany
Reiner Hähnle, Nathan Wasser & Richard Bubel

Authors

Reiner Hähnle
View author publications
You can also search for this author in PubMed Google Scholar
Nathan Wasser
View author publications
You can also search for this author in PubMed Google Scholar
Richard Bubel
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Reiner Hähnle .

Editor information

Editors and Affiliations

Informatik 2, RWTH Aachen University Informatik 2, Aachen, Germany
Erika Ábrahám
Leiden University , Leiden, The Netherlands
Marcello Bonsangue
University of Oslo , Oslo, Norway
Einar Broch Johnsen

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Hähnle, R., Wasser, N., Bubel, R. (2016). Array Abstraction with Symbolic Pivots. In: Ábrahám, E., Bonsangue, M., Johnsen, E. (eds) Theory and Practice of Formal Methods. Lecture Notes in Computer Science(), vol 9660. Springer, Cham. https://doi.org/10.1007/978-3-319-30734-3_9

Download citation

DOI: https://doi.org/10.1007/978-3-319-30734-3_9
Published: 13 March 2016
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-30733-6
Online ISBN: 978-3-319-30734-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics