An SMT-based verification framework for
software systems handling arrays
Doctoral Dissertation submitted to the
Faculty of Informatics of the Universit`a della Svizzera Italiana
in partial fulfillment of the requirements for the degree of
Doctor of Philosophy
presented by
Francesco Alberti
under the supervision of
Natasha Sharygina
April 2015
Dissertation Committee
Nikolaj Bjørner Microsoft Research, Redmond, WA, USA
Rolf Krause Universit`a della Svizzera Italiana, Lugano, Switzerland
Viktor Kuncak ´
Ecole Polytechnique F´ed´erale de Lausanne, Lausanne, Switzerland
Nate Nystrom Universit`a della Svizzera Italiana, Lugano, Switzerland
Dissertation accepted on 15 April 2015
Research Advisor PhD Program Directors
Natasha Sharygina Igor Pivkin Stefan Wolf
i
I certify that except where due acknowledgement has been given, the work
presented in this thesis is that of the author alone; the work has not been sub-
mitted previously, in whole or in part, to qualify for any other academic award;
and the content of the thesis is the result of work which has been carried out
since the official commencement date of the approved research program.
Francesco Alberti
Lugano, 15 April 2015
ii
Abstract
Recent advances in the areas of automated reasoning and first-order theorem
proving paved the way to the developing of effective tools for the rigorous formal
analysis of computer systems. Nowadays many formal verification frameworks
are built over highly engineered tools (SMT-solvers) implementing decision
procedures for quantifier-free fragments of theories of interest for (dis)proving
properties of software or hardware products.
The goal of this thesis is to go beyond the quantifier-free case and enable
sound and effective solutions for the analysis of software systems requiring the
usage of quantifiers. This is the case, for example, of software systems handling
array variables, since meaningful properties about arrays (e.g., “the array is
sorted”) can be expressed only by exploiting quantification.
The first contribution of this thesis is the definition of a new Lazy Ab-
straction with Interpolants framework in which arrays can be handled in a
natural manner. We identify a fragment of the theory of arrays admitting
quantifier-free interpolation and provide an effective quantifier-free interpola-
tion algorithm. The combination of this result with an important preprocessing
technique allows the generation of the required quantified formulæ.
Second, we prove that accelerations, i.e., transitive closures, of an inter-
esting class of relations over arrays are definable in the theory of arrays via
-first order formulæ. We further show that the theoretical importance of
this result has a practical relevance: Once the (problematic) nested quantifiers
are suitably handled, acceleration offers a precise (not over-approximated) al-
ternative to abstraction solutions.
Third, we present new decision procedures for quantified fragments of the
theories of arrays. Our decision procedures are fully declarative, parametric
in the theories describing the structure of the indexes and the elements of the
arrays and orthogonal with respect to known results.
Fourth, by leveraging our new results on acceleration and decision proce-
dures, we show that the problem of checking the safety of an important class
of programs with arrays is fully decidable.
iii
1 / 202 100%
La catégorie de ce document est-elle correcte?
Merci pour votre participation!

Faire une suggestion

Avez-vous trouvé des erreurs dans linterface ou les textes ? Ou savez-vous comment améliorer linterface utilisateur de StudyLib ? Nhésitez pas à envoyer vos suggestions. Cest très important pour nous !