Abstract
A hierarchical program is one with multiple procedures but no loops or recursion. This paper studies the problem of deciding reachability queries in hierarchical programs where individual statements can be encoded in a decidable logic (say in SMT). This problem is fundamental to verification and most directly applicable to doing bounded reachability in programs, i.e., reachability under a bound on the number of loop iterations and recursive calls. The usual method of deciding reachability in hierarchical programs is to first inline all procedures and then do reachability on the resulting single-procedure program. Such inlining unfolds the call graph of the program to a tree and may lead to an exponential increase in the size of the program. We design and evaluate a method called DAG inlining that unfolds the call graph to a directed acyclic graph (DAG) instead of a tree by sharing the bodies of procedures at certain points during inlining. DAG inlining can produce much more compact representations than tree inlining. Empirically, we show that it leads to significant improvements in the running time of a state-of-the-art verifier.
- D. Babic and A. J. Hu. Calysto: Scalable and precise extended static checking. In International Conference on Software Engineering, pages 211–220, 2008. Google Scholar
Digital Library
- T. Ball and S. K. Rajamani. Bebop: A symbolic model checker for Boolean programs. In SPIN, pages 113–130, 2000. Google Scholar
Digital Library
- T. Ball, R. Majumdar, T. D. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In Programming Language Design and Implementation, 2001. Google Scholar
Digital Library
- M. Barnett and K. R. M. Leino. Weakest-precondition of unstructured programs. In Program Analysis for Software Tools and Engineering, 2005. Google Scholar
Digital Library
- M. Barnett, B.-Y. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A modular reusable verifier for object-oriented programs. In Formal Methods for Components and Objects, pages 364–387, 2005. Google Scholar
Digital Library
- CBMC. Bounded Model Checking for ANSI-C. http://www. cprover.org/cbmc/.Google Scholar
- E. M. Clarke, D. Kroening, and F. Lerda. A tool for checking ANSI-C programs. In Tools and Algorithms for the Construction and Analysis of Systems, pages 168–176, 2004.Google Scholar
Cross Ref
- J. Esparza and S. Schwoon. A BDD-based model checker for recursive programs. In Computer Aided Verification, pages 324–336, 2001. Google Scholar
Digital Library
- F. Ivancic, G. Balakrishnan, A. Gupta, S. Sankaranarayanan, N. Maeda, H. Tokuoka, T. Imoto, and Y. Miyazaki. DC2: A framework for scalable, scope-bounded software verification. In Automated Software Engineering, 2011. Google Scholar
Digital Library
- V. Kuznetsov, J. Kinder, S. Bucur, and G. Candea. Efficient state merging in symbolic execution. In Programming Language Design and Implementation, 2012. Google Scholar
Digital Library
- A. Lal and S. Qadeer. Reachability modulo theories. In Reachability Problems, 2013.Google Scholar
Cross Ref
- A. Lal and S. Qadeer. Powering the Static Driver Verifier using Corral. In Foundations of Software Engineering, 2014. Google Scholar
Digital Library
- A. Lal and S. Qadeer. A program transformation for faster goal-directed search. In Formal Methods in Computer Aided Design, 2014. Google Scholar
Digital Library
- A. Lal, S. Qadeer, and S. Lahiri. Corral: A solver for reachability modulo theories. In Computer Aided Verification, 2012. Google Scholar
Digital Library
- A. Loginov, E. Yahav, S. Chandra, S. Fink, N. Rinetzky, and M. G. Nanda. Verifying dereference safety via expanding-scope analysis. In International Symposium on Software Testing and Analysis, 2008. Google Scholar
Digital Library
- Microsoft. Static driver verifier. http://msdn.microsoft. com/en-us/library/windows/hardware/ff552808(v= vs.85).aspx.Google Scholar
- Z. Rakamaric and M. Emmi. SMACK: Decoupling source language details from verifier implementations. In Computer Aided Verification, 2014. Google Scholar
Digital Library
- N. Sinha. Modular bug detection with inertial refinement. In Formal Methods in Computer Aided Design, 2010. Google Scholar
Digital Library
- E. Torlak and R. Bodík. A lightweight symbolic virtual machine for solver-aided host languages. In Programming Language Design and Implementation, 2014. Google Scholar
Digital Library
Index Terms
DAG inlining: a decision procedure for reachability-modulo-theories in hierarchical programs
Recommendations
DAG inlining: a decision procedure for reachability-modulo-theories in hierarchical programs
PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and ImplementationA hierarchical program is one with multiple procedures but no loops or recursion. This paper studies the problem of deciding reachability queries in hierarchical programs where individual statements can be encoded in a decidable logic (say in SMT). ...
All-Solution Satisfiability Modulo Theories: Applications, Algorithms and Benchmarks
ARES '15: Proceedings of the 2015 10th International Conference on Availability, Reliability and SecuritySatisfiability Modulo Theories (SMT) is a decision problem for logical formulas over one or more first-order theories. In this paper, we study the problem of finding all solutions of an SMT problem with respect to a set of Boolean variables, henceforth ...
Solving SAT and SAT Modulo Theories: From an abstract Davis--Putnam--Logemann--Loveland procedure to DPLL(T)
We first introduce Abstract DPLL, a rule-based formulation of the Davis--Putnam--Logemann--Loveland (DPLL) procedure for propositional satisfiability. This abstract framework allows one to cleanly express practical DPLL algorithms and to formally reason ...






Comments