Analyzing Array Manipulating Programs by Program Transformation

Abstract: We explore a transformational approach to the problem of verifying simple array-manipulating programs. Traditionally, verification of such programs requires intricate analysis machinery to reason with universally quantified statements about symbolic array segments, such as "every data item stored in the segment A[i] to A[j] is equal to the corresponding item stored in the segment B[i] to B [j]." We define a simple abstract machine which allows for set-valued variables and we show how to translate programs with… Show more

“…Most methods that analyze programs manipulating arrays [8,18,20,13,25] are based on abstract interpretation. Cornish et al [12] transform a program to remove arrays and discover non-trivial universally quantified loop invariants by analyzing the transformed program using off-the-shelf abstract scalar analysis. Since they create additional blocks for each value of summary variable, the program size increases considerably raising concerns about scalability.…”

“…This is orthogonal to the work of Dillig et al [17] where they introduce fluid updates of arrays using indexed locations along with bracketing constraints, to specify the concrete elements being updated. Cornish et al [12] apply a program-to-program translation over the LLVM intermediate representation, followed by a scalar analysis. Although the abstraction in these approaches is expressible as a composition of our abstraction followed by further abstraction, our implementation of fullarrayaccess(S) guarantees an array-free and loopfree programs whenever possible.…”

“…Consider the example in Figure 1 manipulating an array of structures a. The structure has two fields, p and q, whose values are assigned in the first for loop (lines [8][9][10][11][12][13] such that a [i].q is the square of a [i].p for every index i. The second for loop (lines [14][15][16][17] asserts that this property indeed holds for each element in a.…”

Scaling Bounded Model Checking by Transforming Programs with Arrays

“…Most methods that analyze programs manipulating arrays [8,18,20,13,25] are based on abstract interpretation. Cornish et al [12] transform a program to remove arrays and discover non-trivial universally quantified loop invariants by analyzing the transformed program using off-the-shelf abstract scalar analysis. Since they create additional blocks for each value of summary variable, the program size increases considerably raising concerns about scalability.…”

“…This is orthogonal to the work of Dillig et al [17] where they introduce fluid updates of arrays using indexed locations along with bracketing constraints, to specify the concrete elements being updated. Cornish et al [12] apply a program-to-program translation over the LLVM intermediate representation, followed by a scalar analysis. Although the abstraction in these approaches is expressible as a composition of our abstraction followed by further abstraction, our implementation of fullarrayaccess(S) guarantees an array-free and loopfree programs whenever possible.…”

“…Consider the example in Figure 1 manipulating an array of structures a. The structure has two fields, p and q, whose values are assigned in the first for loop (lines [8][9][10][11][12][13] such that a [i].q is the square of a [i].p for every index i. The second for loop (lines [14][15][16][17] asserts that this property indeed holds for each element in a.…”

Scaling Bounded Model Checking by Transforming Programs with Arrays

“…Cornish et al [10] similarly apply a program-to-program translation over the LLVM intermediate representation, followed by a scalar analysis.…”

Cell Morphing: From Array Programs to Array-Free Horn Clauses

Abstract Interpretation of LLVM with a Region-Based Memory Model