Upload
lang
View
37
Download
0
Embed Size (px)
DESCRIPTION
Predicate Abstraction of ANSI-C Programs Using SAT. By Edmund Clarke, Daniel Kroening, Natalia Shar y gina, Karen Yorav Presented by Yunho Kim Provable Software Lab, KAIST. Introduction Preparation of C code Abstraction using SAT Model checking Conclusion. Contents. - PowerPoint PPT Presentation
Citation preview
Predicate Abstraction of ANSI-C Programs Using SAT
By Edmund Clarke, Daniel Kroening, Natalia Sharygina, Karen Yorav
Presented by Yunho KimProvable Software Lab, KAIST
Contents
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 2/23
• Introduction
• Preparation of C code
• Abstraction using SAT
• Model checking
• Conclusion
• A simple C code has too many states for exhaus-tive analysis
• However, what we really need is ‘x is 0 or not’, not the concrete value of x
Introduction(1/3)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 3/23
Example(unsigned int x)L1: while(x>1) {L2: if (x%2 == 1)L3: x = 3*x+1; elseL4: x = x/2; }L5: assert(x != 0); Ini-
tial
Value of x0 1 2 …
Pro-gramCounter
L1L2L3L4L5
…
Final
• Predicate is a function which returns a Boolean value– A function π: X→ {true, false} is a predicate on X
• States satisfying same predicates are equivalent
Introduction(2/3)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 4/23
π = false
Value of x0 1 2 …
ProgramCounter
L1L2L3L4L5
…π=tru
ePredicateAbstraction
π = true
π = false
π ⇔ (x = 0)
Introduction(3/3)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 5/23
• Overview of predicate abstraction process
PredicateAbstraction
ModelChecking
Predicate Refinement
Spuri-ous?
C programSpec φ
Boolean Program
Spurious Coun-terexample
φ false +
counterexam-ple
φ true
φ
Today’s focus: How to make a Boolean program effectively and effi-cientlyfrom a given C program and a set of predicates
Contents
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 6/23
• Introduction
• Preparation of C code
• Abstraction using SAT
• Model checking
• Conclusion
Preparation of C code(1/3)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 7/23
Abstractionfunction(predicates)
Concrete transition(basic block) Concrete
next stateConcrete
state
Abstractstate
Abstractnext stateAbstract transition
Abstractionfunction(predicates)
Preparation of C code(2/3)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 8/23
• Transform C program into goto-program– Function inlining
• Recursion is not supported– Loop is rewritten using if and goto statements– Side-effects are removed
• x = 5+(++i); i = i+1;x = 5+i;
Preparation of C code(3/3)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 9/23
• goto-program examplegoto-program 1. int global; 2. int x, i; 3. global = 1; 4. i = i+1; 5. x = 5+i; 6. if (!x) goto L1; 7. global = 2; 8. goto L2; 9. L1: global = 3;10. L2:
C program 1. int global; 2. int func(){ 3. global = 1; 4. } 5. 6. int main(){ 7. int x, i; 8. func(); 9. if ((x = 5+(++i))){10. global = 2;11. }12. else{13. global = 3;14. }15. }
Contents
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 10/23
• Introduction
• Preparation of C code
• Abstraction using SAT
• Model checking
• Conclusion
Abstraction using SAT(1/9)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 11/23
• Definition– v is the vector of all concrete program vari-
ables v• v is a state of a concrete program• Program counter is considered as a variable
– b denotes the vector of all Boolean variables b• b is a state of a Boolean program• Each predicate πi is associated with a Boolean vari-
able bi
– π denotes the vector of predicates πi• π(v) is called the abstraction function, π(v) = b
Abstraction using SAT(2/9)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 12/23
• Definition (con’t)– T is a concrete transition relation which maps a
concrete state v into a concrete next state v’– B is an abstract transition relation which maps
an abstract state b into an abstract next state b’
Abstraction using SAT(3/9)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 13/23
Abstractionfunction(predicates)
Concrete transition(basic block) Concrete
next stateConcrete
state
Abstractstate
Abstractnext stateAbstract transition
Abstractionfunction(predicates)
Example(unsigned int x)L1: while(x>1) {L2: if (x%2 == 1)L3: x = 3*x+1; elseL4: x = x/2; }L5: assert(x != 0);
PC=L4, x = 3
PC’=L1, x’ = 1
b = false
π ⇔ (x = 0) π ⇔ (x = 0)
b = false
Abstraction using SAT(4/9)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 14/23
• First defines the concrete transition rela-tion of a basic block
• Each basic block consists of a sequence of assignments– Therefore do not consider control statements
here
• T denotes the CNF formula representing the concrete transition relation
Abstraction using SAT(5/9)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 15/23
• Translates a basic block into its Static Sin-gle Assignment(SSA) form
• Each v’ in v’ is the largest numbered SSA variable
Basic blockx = z * x;y = x + 1;x = x + y;
SSA formv[x:=x0, y:=y0, z:=z0]
x1 = z0 * x0;y1 = x1 + 1;x2 = x1 + y1;
v’[x’:=x2, y’:=y1, z’:=z0]
T(v, v’)
CNFformula
Abstraction using SAT(6/9)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 16/23
• Assignments and arithmetic operations are trans-lated into CNF formula
• Assume that x,y,z are three bits positive inte-gers represented by propositions x0x1x2, y0y1y2, z0z1z2
• C z=x+y (z0(x0⊕y0)⊕( (x1∧y1) ∨ ((x1⊕y1)∧(x2∧y2)))∧ (z1(x1⊕y1)⊕(x2∧y2)) ∧ (z2(x2⊕y2))
Abstraction using SAT(7/9)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 17/23
• The abstract transition relation B(b, b’) is defined using π as follows:
•
Abstraction using SAT(8/9)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 18/23
• ExampleBasic block
d = e;e = e+1;
SSA formv[d:=d0, e:=e0]
d1 = e0
e1 = e0+1v’[d’:=d1, e’:=e1]
SAT formula(b1(e0≥0)) (b∧ 2(e0≤100))∧
d1=e0 e∧ 1=e0+1 ∧(b1’=(e1≥0)) (b∧ 2’=(e1≤100))
Predicates:π1 = e ≥ 0π2 = e ≤ 100
b1 b2 b1’
b2’
0 1 0 10 1 1 11 0 0 11 0 1 01 1 1 01 1 1 1
All satisfying assign-ments obtained using SAT solver
Abstraction using SAT(9/9)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 19/23
• The condition in if statement can be a predicate
Control state-ment
x = 0;if (x<2) x = x+1;
SAT formulab1x0<2 ∧x1=0 ∧
b1’ x1<2 ∧
Predicate:π1 = x < 0
b1’x1<2 ∧x2=x1+1 ∧b1’’ x2<2
┐(b1’x1<2) ∧x2=x1 b∧ 1’’=b1’∨
Contents
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 20/23
• Introduction
• Preparation of C code
• Abstraction using SAT
• Model checking
• Conclusion
Model checking(1/1)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 21/23
• Model checker tries to find a counterexample of the generated Boolean program model.
• If no counterexample is found, the concrete pro-gram satisfies given requirements.
• If a counterexample is found, check its feasibility– If the counterexample is infeasible, refine predicates and
re-run predicate abstraction process
Conclusion(1/1)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 22/23
• Predicate abstraction using SAT performs better than theorem provers
• It can use sound abstraction with the power of SAT solver
References(1/1)
Predicate Abstraction of ANSI-C Programs Using SAT, Yunho Kim, Provable Software Lab, KAIST 23/23
• Predicate abstraction of ANSI-C Programs Using SATby Edmund Clarke, Daniel Kroening, Natasha Sharygina and Karen Yoravin Formal Methods in System Design, Vol. 25, pp. 105-127, 2004