Arrays Made Simpler: An Efficient, Scalable and Thorough Preprocessing

Citations Over TimeTop 14% of 2018 papers

Abstract

The theory of arrays has a central place in software verification due to its ability to model memory or data structures. Yet, this theory is known to be hard to solve in both theory and practice, especially in the case of very long formulas coming from unrolling-based verification methods. Standard simplification techniques à la read-over-write suffer from two main drawbacks: they do not scale on very long sequences of stores and they miss many simplification opportunities because of a crude syntactic (dis-)equality reasoning. We propose a new approach to array formula simplification based on a new dedicated data structure together with original simplifications and low-cost reasoning. The technique is efficient, scalable and it yields significant simplification. The impact on formula resolution is always positive, and it can be dramatic on some specific classes of problems of interest, e.g. very long formula or binary-level symbolic execution. While currently implemented as a preprocessing, the approach would benefit from a deeper integration in an array solver.

Related Papers

• → Symbolic execution with mixed concrete-symbolic solving(2011)93 cited
• → Symbolic Execution and Recent Applications to Worst-Case Execution, Load Testing, and Security Analysis(2018)9 cited
• → SENinja: A symbolic execution plugin for Binary Ninja(2022)5 cited
• → pbSE: Phase-Based Symbolic Execution(2017)2 cited