Jun 4, 2010 - Consider the following pseudo code for âcalculating the number of different elements in an ... The v-th element in b is positive if and only if there is an index i such that a[i] = v. âvâi.(b[v] > 0 ... The axiom of âread-over-writeâ[Mccarthy, 1962]. âa,i,j,x. .... an array monotonically increasing by 1 each step: âi.
On Array Theory of Bounded Elements Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu
June 4, 2010
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
1 / 34
1
Background Array Theory Related Work
2
UABE Syntax and Semantics
3
Decision Procedure Translation
4
Extensions UAUE UABE+
5
Conclusion
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
2 / 34
An Example Consider the following pseudo code for “calculating the number of different elements in an array”: Input a : array of [0..255] for i ← 0 to 255 do b[i] ← 0; for i ← 0 to |a| − 1 do b[a[i]] ← 1; k ← 0; for i ← 0 to 255 do if b[i]=1 then k ← k + 1;
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
3 / 34
An Example Consider the following pseudo code for “calculating the number of different elements in an array”: Input a : array of [0..255] for i ← 0 to 255 do b[i] ← 0; for i ← 0 to |a| − 1 do b[a[i]] ← 1; k ← 0; for i ← 0 to 255 do if b[i]=1 then k ← k + 1; a : N 7→ [0..255]∗ (array of bytes) |a| : the size of the array.
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
3 / 34
An Example Consider the following pseudo code for “calculating the number of different elements in an array”: Input a : array of [0..255] for i ← 0 to 255 do b[i] ← 0; for i ← 0 to |a| − 1 do b[a[i]] ← 1; k ← 0; for i ← 0 to 255 do if b[i]=1 then k ← k + 1; a : N 7→ [0..255]∗ (array of bytes) |a| : the size of the array. b : [0..255] 7→ [0..1], where the v -th element of b is 1 iff there exists an element in a with value v . Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
3 / 34
A property to verify
At the end of this program segment, the following property should hold:
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
4 / 34
A property to verify
At the end of this program segment, the following property should hold:
Property The v -th element in b is positive if and only if there is an index i such that a[i] = v . ∀v ∃i.(b[v ] > 0 ↔ a[i] = v )
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
4 / 34
Array Theory
Array theory is undecidable in its most general form. However, some decidable fragments exist.
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
5 / 34
Array Theory
Array theory is undecidable in its most general form. However, some decidable fragments exist.
Important aspects of an array theory fragment the domain for indices and elements.
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
5 / 34
Array Theory
Array theory is undecidable in its most general form. However, some decidable fragments exist.
Important aspects of an array theory fragment the domain for indices and elements. dimension: single dimensional or multi dimensional.
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
5 / 34
Array Theory
Array theory is undecidable in its most general form. However, some decidable fragments exist.
Important aspects of an array theory fragment the domain for indices and elements. dimension: single dimensional or multi dimensional. quantifiers: the restriction for use of quantifier.
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
5 / 34
Array Theory
Array theory is undecidable in its most general form. However, some decidable fragments exist.
Important aspects of an array theory fragment the domain for indices and elements. dimension: single dimensional or multi dimensional. quantifiers: the restriction for use of quantifier. nested reads: if nested reads of array element is allowed. e.g: a[a[i]].
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
5 / 34
The main axiom of array theory
The axiom of “read-over-write”[Mccarthy, 1962]. ∀a, i, j, x.
(i = j) → a{i ← x}[j] = x ∧ (i 6= j) → a{i ← x}[j] = a[j]
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
6 / 34
Existing fragments of array theory: Two categories of decision procedures:
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
7 / 34
Existing fragments of array theory: Two categories of decision procedures: Based on uninterpreted functions: [Nelson, 1980], [Stump et al., 2001], [Bradley et al., 2006] They are either quantifier free or in the ∃∗ ∀∗ -fragment;
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
7 / 34
Existing fragments of array theory: Two categories of decision procedures: Based on uninterpreted functions: [Nelson, 1980], [Stump et al., 2001], [Bradley et al., 2006] They are either quantifier free or in the ∃∗ ∀∗ -fragment; Based on counter automata: [Habermehl et al., 2008], [Bozga et al., 2009] in the ∃∗ ∀∗ -fragment;
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
7 / 34
Existing fragments of array theory: Two categories of decision procedures: Based on uninterpreted functions: [Nelson, 1980], [Stump et al., 2001], [Bradley et al., 2006] They are either quantifier free or in the ∃∗ ∀∗ -fragment; Based on counter automata: [Habermehl et al., 2008], [Bozga et al., 2009] in the ∃∗ ∀∗ -fragment; In both approaches, their decidable fragments are very restrictive: Arbitrary quantification induces undecidability, and few of the theory fragments above allow nested reads.
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
7 / 34
Existing fragments of array theory: Two categories of decision procedures: Based on uninterpreted functions: [Nelson, 1980], [Stump et al., 2001], [Bradley et al., 2006] They are either quantifier free or in the ∃∗ ∀∗ -fragment; Based on counter automata: [Habermehl et al., 2008], [Bozga et al., 2009] in the ∃∗ ∀∗ -fragment; In both approaches, their decidable fragments are very restrictive: Arbitrary quantification induces undecidability, and few of the theory fragments above allow nested reads. Particularly, the sample formula given above does not belong to the decidable fragments of these theories.
Min Zhou, Fei He, Bow-Yaw Wang, Ming Gu () On Array Theory of Bounded Elements
June 4, 2010
7 / 34
UABE Unbounded Array of Bounded Elements. The size of array is unbounded (finite but arbitrarily large);
The Index Theory: TN domain: N; signature: {S,
