Automatic equivalence checking of programs with uninterpreted functions and integer arithmetic

Proving equivalence of programs has several important applications, including algorithm recognition, regression checking, compiler optimization verification and validation, and information flow checking. Despite being a topic with so many important applications, program equivalence checking has seen little advances over the past decades due to its inherent (high) complexity. In this paper, we propose, to the best of our knowledge, the first semi-algorithm for the automatic verification of partial equivalence of two programs over the combined theory of uninterpreted function symbols and integer arithmetic (UF+IA). The proposed algorithm supports, in particular, programs with nested loops. The crux of the technique is a transformation of uninterpreted functions (UFs) applications into integer polynomials, which enables the precise summarization of loops with UF applications using recurrences. The equivalence checking algorithm then proceeds on loop-free, integer only programs. We implemented the proposed technique in CORK, a tool that automatically verifies the correctness of compiler optimizations, and we show that it can prove more optimizations correct than state-of-the-art techniques.

[1]  Enric Rodríguez-Carbonell,et al.  Generating all polynomial invariants in simple loops , 2007, J. Symb. Comput..

[2]  Ashutosh Gupta,et al.  Solving Recursion-Free Horn Clauses over LI+UIF , 2011, APLAS.

[3]  Dawson R. Engler,et al.  Practical, Low-Effort Equivalence Verification of Real Code , 2011, CAV.

[4]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[5]  Sorin Lerner,et al.  Equality-Based Translation Validator for LLVM , 2011, CAV.

[6]  Nick Benton,et al.  Simple relational correctness proofs for static analyses and program transformations , 2004, POPL.

[7]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[8]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[9]  T. Sauer,et al.  On the history of multivariate polynomial interpolation , 2000 .

[10]  José C. Monteiro,et al.  Automatic Equivalence Checking of UF+IA Programs , 2013, SPIN.

[11]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[12]  Sagar Chaki,et al.  Regression verification for multi-threaded programs (with extensions to locks and dynamic thread creation) , 2012, Formal Methods in System Design.

[13]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[14]  Zhendong Su,et al.  Compiler validation via equivalence modulo inputs , 2014, PLDI.

[15]  Amir Pnueli,et al.  CoVaC: Compiler Validation by Program Analysis of the Cross-Product , 2008, FM.

[16]  Markus Müller-Olm,et al.  Computing polynomial program invariants , 2004, Inf. Process. Lett..

[17]  Denis Barthou,et al.  On the Recognition of Algorithm Templates , 2004, COCV@ETAPS.

[18]  Kenneth L. McMillan,et al.  Interpolants from Z3 proofs , 2011, 2011 Formal Methods in Computer-Aided Design (FMCAD).

[19]  Jean-Luc Chabert,et al.  Integer-Valued Polynomials , 1996 .

[20]  David Cachera,et al.  Inference of polynomial invariants for imperative programs: A farewell to Gröbner bases , 2014, Sci. Comput. Program..

[21]  Milo M. K. Martin,et al.  Formal verification of SSA-based optimizations for LLVM , 2013, PLDI.

[22]  Alastair F. Donaldson,et al.  Software Model Checking , 2014, Computing Handbook, 3rd ed..

[23]  Shuvendu K. Lahiri,et al.  Towards Modularly Comparing Programs Using Automated Theorem Provers , 2013, CADE.

[24]  Sophie Frisch,et al.  Interpolation by Integer-Valued Polynomials☆ , 1999 .

[25]  Mooly Sagiv,et al.  Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages , 2011, POPL 2011.

[26]  Peter J. Olver,et al.  OnMultivariate Interpolation , 2003 .

[27]  Andrey Rybalchenko,et al.  Synthesizing software verifiers from proof rules , 2012, PLDI.

[28]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, SIGP.

[29]  Sorin Lerner,et al.  Bringing extensibility to verified compilers , 2010, PLDI '10.

[30]  Thomas A. Henzinger,et al.  Invariant Synthesis for Combined Theories , 2007, VMCAI.

[31]  Benjamin Goldberg,et al.  Into the Loops: Practical Issues in Translation Validation for Optimizing Compilers , 2005, COCV@ETAPS.

[32]  P. Olver On Multivariate Interpolation , 2006 .

[33]  Henny B. Sipma,et al.  Non-linear loop invariant generation using Gröbner bases , 2004, POPL.

[34]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[35]  Thomas A. Henzinger,et al.  ABC: Algebraic Bound Computation for Loops , 2010, LPAR.

[36]  Xinyu Feng,et al.  A rely-guarantee-based simulation for verifying concurrent program transformations , 2012, POPL '12.

[37]  Francesco Ranzato,et al.  Tracing compilation by abstract interpretation , 2014, POPL.

[38]  Gerda Janssens,et al.  Equivalence checking of static affine programs using widening to handle recurrences , 2008, TOPL.

[39]  Sumit Gulwani,et al.  Constraint-Based Invariant Inference over Predicate Abstraction , 2008, VMCAI.

[40]  Kenneth L. McMillan,et al.  Computing Relational Fixed Points using Interpolation , 2013 .

[41]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[42]  Dirk Beyer,et al.  CPAchecker: A Tool for Configurable Software Verification , 2009, CAV.

[43]  Isil Dillig,et al.  Simplifying Loop Invariant Generation Using Splitter Predicates , 2011, CAV.

[44]  Kedar S. Namjoshi,et al.  Witnessing Program Transformations , 2013, SAS.

[45]  Emmanuel Fleury,et al.  Accelerating Interpolation-Based Model-Checking , 2008, TACAS.

[46]  Marsha Chechik,et al.  Ufo: A Framework for Abstraction- and Interpolation-Based Software Verification , 2012, CAV.

[47]  Amir Pnueli,et al.  Translation and Run-Time Validation of Loop Transformations , 2005, Formal Methods Syst. Des..

[48]  Gerda Janssens,et al.  Verification of Source Code Transformations by Program Equivalence Checking , 2005, CC.

[49]  Xuejun Yang,et al.  Finding and understanding bugs in C compilers , 2011, PLDI '11.

[50]  Shuvendu K. Lahiri,et al.  SYMDIFF: A Language-Agnostic Semantic Diff Tool for Imperative Programs , 2012, CAV.

[51]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[52]  Sorin Lerner,et al.  Proving optimizations correct using parameterized program equivalence , 2009, PLDI '09.

[53]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[54]  Sumit Gulwani,et al.  Assertion Checking over Combined Abstraction of Linear Arithmetic and Uninterpreted Functions , 2006, ESOP.

[55]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[56]  Jens Palsberg,et al.  The essence of compiling with traces , 2011, POPL '11.

[57]  George C. Necula,et al.  Translation validation for an optimizing compiler , 2000, PLDI '00.

[58]  Sumit Gulwani,et al.  SPEED: precise and efficient static estimation of program computational complexity , 2009, POPL '09.

[59]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools (2nd Edition) , 2006 .

[60]  Davide Sangiorgi,et al.  On the origins of bisimulation and coinduction , 2009, TOPL.

[61]  Laure Gonnord,et al.  Abstract acceleration in linear relation analysis , 2014, Sci. Comput. Program..

[62]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[63]  Liyun Dai,et al.  Generating Non-linear Interpolants by Semidefinite Programming , 2013, CAV.

[64]  Gilles Barthe,et al.  Relational Verification Using Product Programs , 2011, FM.

[65]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[66]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[67]  Matthew B. Dwyer,et al.  Differential symbolic execution , 2008, SIGSOFT '08/FSE-16.

[68]  Masahiro Fujita,et al.  Equivalence checking of C programs by locally performing symbolic simulation on dependence graphs , 2006, 7th International Symposium on Quality Electronic Design (ISQED'06).

[69]  Ofer Strichman,et al.  Regression verification , 2009, 2009 46th ACM/IEEE Design Automation Conference.

[70]  Viorica Sofronie-Stokkermans,et al.  Constraint solving for interpolation , 2007, J. Symb. Comput..

[71]  Marsha Chechik,et al.  Symbolic optimization with SMT solvers , 2014, POPL.

[72]  J. Gregory Morrisett,et al.  Evaluating value-graph translation validation for LLVM , 2011, PLDI '11.

[73]  JEAN-LUC CHABERT,et al.  Interpolation Domains , 1999 .

[74]  Viktor Kuncak,et al.  Accelerating Interpolants , 2012, ATVA.

[75]  Paul Feautrier,et al.  On the Equivalence of Two Systems of Affine Recurrence Equations (Research Note) , 2002, Euro-Par.

[76]  José C. Monteiro,et al.  Weakest Precondition Synthesis for Compiler Optimizations , 2014, VMCAI.

[77]  Audra E. Kosh,et al.  Linear Algebra and its Applications , 1992 .

[78]  Marius Bozga,et al.  Fast Acceleration of Ultimately Periodic Relations , 2010, CAV.