16 research outputs found
Higher-order Program Verification as Satisfiability Modulo Theories with Algebraic Data-types
We report on work in progress on automatic procedures for proving properties
of programs written in higher-order functional languages. Our approach encodes
higher-order programs directly as first-order SMT problems over Horn clauses.
It is straight-forward to reduce Hoare-style verification of first-order
programs into satisfiability of Horn clauses. The presence of closures offers
several challenges: relatively complete proof systems have to account for
closures; and in practice, the effectiveness of search procedures depend on
encoding strategies and capabilities of underlying solvers. We here use
algebraic data-types to encode closures and rely on solvers that support
algebraic data-types. The viability of the approach is examined using examples
from the literature on higher-order program verification
Proving Correctness of Imperative Programs by Linearizing Constrained Horn Clauses
We present a method for verifying the correctness of imperative programs
which is based on the automated transformation of their specifications. Given a
program prog, we consider a partial correctness specification of the form
prog , where the assertions and are
predicates defined by a set Spec of possibly recursive Horn clauses with linear
arithmetic (LA) constraints in their premise (also called constrained Horn
clauses). The verification method consists in constructing a set PC of
constrained Horn clauses whose satisfiability implies that prog
is valid. We highlight some limitations of state-of-the-art
constrained Horn clause solving methods, here called LA-solving methods, which
prove the satisfiability of the clauses by looking for linear arithmetic
interpretations of the predicates. In particular, we prove that there exist
some specifications that cannot be proved valid by any of those LA-solving
methods. These specifications require the proof of satisfiability of a set PC
of constrained Horn clauses that contain nonlinear clauses (that is, clauses
with more than one atom in their premise). Then, we present a transformation,
called linearization, that converts PC into a set of linear clauses (that is,
clauses with at most one atom in their premise). We show that several
specifications that could not be proved valid by LA-solving methods, can be
proved valid after linearization. We also present a strategy for performing
linearization in an automatic way and we report on some experimental results
obtained by using a preliminary implementation of our method.Comment: To appear in Theory and Practice of Logic Programming (TPLP),
Proceedings of ICLP 201
An Instantiation-Based Approach for Solving Quantified Linear Arithmetic
This paper presents a framework to derive instantiation-based decision
procedures for satisfiability of quantified formulas in first-order theories,
including its correctness, implementation, and evaluation. Using this framework
we derive decision procedures for linear real arithmetic (LRA) and linear
integer arithmetic (LIA) formulas with one quantifier alternation. Our
procedure can be integrated into the solving architecture used by typical SMT
solvers. Experimental results on standardized benchmarks from model checking,
static analysis, and synthesis show that our implementation of the procedure in
the SMT solver CVC4 outperforms existing tools for quantified linear
arithmetic
The SeaHorn Verification Framework
In this paper, we present SeaHorn, a software verification framework. The key distinguishing feature of SeaHorn is its modular design that separates the concerns of the syntax of the programming language, its operational semantics, and the verification semantics. SeaHorn encompasses several novelties: it (a) encodes verification conditions using an efficient yet precise inter-procedural technique, (b) provides flexibility in the verification semantics to allow different levels of precision, (c) leverages the state-of-the-art in software model checking and abstract interpretation for verification, and (d) uses Horn-clauses as an intermediate language to represent verification conditions which simplifies interfacing with multiple verification tools based on Horn-clauses. SeaHorn provides users with a powerful verification tool and researchers with an extensible and customizable framework for experimenting with new software verification techniques. The effectiveness and scalability of SeaHorn are demonstrated by an extensive experimental evaluation using benchmarks from SV-COMP 2015 and real avionics code
Program Verification using Constraint Handling Rules and Array Constraint Generalizations*
Thetransformationofconstraintlogicprograms(CLPprograms)hasbeenshowntobean effective methodology for verifying properties of imperative programs. By following this methodology, we encode the negation of a partial correctness property of an imperative program prog as a predicate incorrect defined by a CLP program T , and we show that prog is correct by transforming T into the empty program (and thus incorrect does not hold) through the application of semantics preserving transformation rules. We can also show that prog is incorrect by transforming T into a program with the fact incorrect (and thus incorrect does hold). Some of the transformation rules perform replacements of constraints that are based on properties of the data structures manipulated by the program prog. In this paper we show that Constraint Handling Rules (CHR) are a suitable formalism for representing and applying constraint replacements during the transformation of CLP programs. In particular, we consider programs that manipulate integer arrays and we present a CHR encoding of a constraint replacement strategy based on the theory of arrays. We also propose a novel generalization strategy for constraints on integer arrays that combines CHR constraint replacements with various generalization operators on integer constraints, such as widening and convex hull. Generalization is controlled by additional constraints that relate the variable identifiers in the imperative program prog and the CLP representation of their values. The method presented in this paper has been implemented and we have demonstrated its effectiveness on a set of benchmark programs taken from the literature