bound analysis of imperative programs with the size
play

Bound Analysis of Imperative Programs with the Size change - PowerPoint PPT Presentation

Jul 17, 2023 •549 likes •1.05k views

Bound Analysis of Imperative Programs with the Size change Abstraction Florian Zuleger, TU Vienna SAS, Venice, 16.09.2011 Joint work with Sumit Gulwani, Microsoft Research Moritz Sinn, Helmut Veith, TU Vienna Resource Bounds Programs consume a

  1. Bound Analysis of Imperative Programs with the Size ‐ change Abstraction Florian Zuleger, TU Vienna SAS, Venice, 16.09.2011 Joint work with Sumit Gulwani, Microsoft Research Moritz Sinn, Helmut Veith, TU Vienna

  2. Resource Bounds Programs consume a variety of resources: – CPU time, memory, network bandwidth, power Bounding the use of such resources is important: – Economic incentives – Better user experience – Hard constraints on availability of resources Program correctness depends on bounding quantitative properties of data: – Information leakage, Propagation of numerical errors

  3. The Reachability ‐ bound Problem (Gulwani, Zuleger, PLDI 2010) void main (int n, C[] temp) { Given a control int i := 0; while (i < n) { location l inside int j := i+1; a program P. while (j < n) { if (nondet()) { l : temp[n] := new C(); How often can l be j--; n--; } j++; } visited inside P? i++; } } Goal: A symbolic bound Bound( l ) in terms of the inputs of P.

  4. Bound Computation and Termination A bound for a loop implies the termination of the loop. ⇒ Computing bounds is more difficult than proving termination! Can successfull techniques for termination analysis be extended to bound analysis? What about • Size ‐ change Abstraction (Ben ‐ Amram, Lee, Jones, 2001) Yes! • Transition Invariants (Podelski, Rybalchenko, 2004)? Not so easy...

  5. Outline 1. Introduction 2. Comparing SCA with Transition Invariants 3. SCA solves Technical Challanges 4. How to apply SCA on Imperative Programs

  6. Size ‐ change Abstraction (SCA) void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { ρ 1 if (nondet()) ρ 2 x--; else ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ y--; ρ 2 ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y ‐ 1 = y‘ }

  7. Size ‐ change Abstraction (SCA) void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { α ( ρ 1 ) if (nondet()) α ( ρ 2 ) x--; else α ( ρ 1 ) ≡ x > 0 Æ y > 0 Æ x > x‘ Æ y = y‘ y--; α ( ρ 2 ) ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y > y‘ } Predicate abstract domain consisting of inequalities between integer variables (primed and unprimed)

  8. Size ‐ change Abstraction (SCA) void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { α ( ρ 1 ) if (nondet()) α ( ρ 2 ) x--; else α ( ρ 1 ) ≡ x > 0 Æ y > 0 Æ x > x‘ Æ y = y‘ y--; α ( ρ 2 ) ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y > y‘ } Finite powerset abstract domain whose base elements are conjuncts of inequalities between integer variables (primed and unprimed)

  9. Size ‐ change Abstraction (SCA) void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { α ( ρ 1 ) if (nondet()) α ( ρ 2 ) x--; else = = 0 0’ 0 0’ y--; > = x x’ x x’ α ( ρ 2 ) ≡ α ( ρ 1 ) ≡ < < } > = y y’ y y’ < < Control flow graph whose edges are labeled by size ‐ change graphs

  10. SCA is a Success Story • Termination is decidable in PSPACE (Ben ‐ Amram, Lee, Jones, 2001; Ben ‐ Amram,2011) • Complete method for extracting ranking functions on terminating instances (possibly exponentially large) • SCA based termination analysis is implemented in widely ‐ used systems such as ACL2, Isabelle, AProVE • The industrial ‐ strength tool ACL2 can automatically prove the termination of 98% of the functions in its database

  11. Good Computational Properties • Enjoys built ‐ in disjunction. • Transitive hulls can be computed without overapproximation techniques such as widening. • Transitive hulls preserve termination. • Abstraction can be done by SMT solver calls. ⇒ Potential for automation

  12. Transition Invariants • Have been developed as adaption of SCA to imperative programs • Experimentally proven useful on device drivers in the Terminator tool; see Cook et al. 2006 • More general than SCA; for formal comparison see Heizmann et al. 2011

  13. Transition Invariants void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { ρ 1 if (nondet()) ρ 2 x--; else ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ y--; ρ 2 ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y ‐ 1 = y‘ } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  14. Transition Invariants void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { ρ 1 if (nondet()) ρ 2 x--; else Well ‐ founded ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ y--; relations ρ 2 ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y ‐ 1 = y‘ } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  15. Transition Invariants void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { ρ 1 if (nondet()) ρ 2 x--; x and y are else Well ‐ founded local ranking ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ y--; relations ρ 2 ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y ‐ 1 = y‘ functions } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  16. Transition Invariants void main (int n) { l int x=n; int y=n; Transitive hull l : while (x>0 Æ y>0) { ρ 1 in the concrete if (nondet()) ρ 2 x--; x and y are else Well ‐ founded local ranking ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ y--; relations ρ 2 ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y ‐ 1 = y‘ functions } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  17. Transition Invariants void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { ρ 1 if (nondet()) ρ 2 x--; else { ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ x := n; ρ 2 ≡ x > 0 Æ y > 0 Æ n = x‘ Æ y ‐ 1 = y‘ y--; } } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  18. Transition Invariants void main (int n) { l We reset int x=n; int y=n; l : while (x>0 Æ y>0) { x to n! ρ 1 if (nondet()) ρ 2 x--; else { ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ x := n; ρ 2 ≡ x > 0 Æ y > 0 Æ n = x‘ Æ y ‐ 1 = y‘ y--; } } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  19. Transition Invariants void main (int n) { l We reset int x=n; int y=n; Same termination l : while (x>0 Æ y>0) { x to n! proof! ρ 1 if (nondet()) ρ 2 x--; else { ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ x := n; ρ 2 ≡ x > 0 Æ y > 0 Æ n = x‘ Æ y ‐ 1 = y‘ y--; } } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  20. Transition Invariants void main (int n) { l We reset int x=n; int y=n; Same termination l : while (x>0 Æ y>0) { x to n! proof! ρ 1 if (nondet()) ρ 2 x--; else { ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ x := n; ρ 2 ≡ x > 0 Æ y > 0 Æ n = x‘ Æ y ‐ 1 = y‘ y--; } } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  21. Size ‐ change Abstraction (SCA) void main (int n) { void main (int n) { int x=n; int y=n; int x=n; int y=n; l : while (x>0 Æ y>0) { l : while (x>0 Æ y>0) { if (nondet()) if (nondet()) x--; x--; else else { y--; x := n; } y--; } } α ( ρ 1 ) ≡ x > 0 Æ y > 0 α ( ρ 1 ) ≡ x > 0 Æ y > 0 Æ x > x‘ Æ y = y‘ Æ x > x‘ Æ y = y‘ α ( ρ 2 ) ≡ x > 0 Æ y > 0 α ( ρ 2 ) ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y > y‘ Æ n = x‘ Æ y > y‘

  22. Size ‐ change Abstraction (SCA) void main (int n) { void main (int n) { int x=n; int y=n; int x=n; int y=n; l : while (x>0 Æ y>0) { l : while (x>0 Æ y>0) { if (nondet()) if (nondet()) x--; x--; else else { y--; x := n; } y--; } } α ( ρ 1 ) ≡ x > 0 Æ y > 0 α ( ρ 1 ) ≡ x > 0 Æ y > 0 Æ x > x‘ Æ y = y‘ Æ x > x‘ Æ y = y‘ α ( ρ 2 ) ≡ x > 0 Æ y > 0 α ( ρ 2 ) ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y > y‘ Æ n = x‘ Æ y > y‘

  23. Bounds by SCA α ( ρ 1 ) ≡ x > 0 Æ y > 0 α ( ρ 1 ) ≡ x > 0 Æ y > 0 Æ x > x‘ Æ y = y‘ Æ x > x‘ Æ y = y‘ α ( ρ 2 ) ≡ x > 0 Æ y > 0 α ( ρ 2 ) ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y > y‘ Æ n = x‘ Æ y > y‘ Our bound algorithm for SCA: uses only the abstracted transitions • discovers x and y as norms by heuristics • x and y stay constant on the only x is increased on respective other transition the other transition Our tool computes the Our tool computes the ranking function x+y, which ranking function (x,y), which results in Bound( l ) = 2n results in Bound( l ) = n 2

  24. Outline 1. Introduction 2. Comparing SCA with Transition Invariants 3. SCA solves Technical Challanges 4. How to apply SCA on Imperative Programs

  25. SCA solves Technical Challanges We do not use SCA because we like the formalism, but because we believe that SCA is the right abstraction for the bound analysis of imperative programs.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Difference Constraints: An adequate Abstraction for Complexity Analysis of Imperative Programs

Difference Constraints: An adequate Abstraction for Complexity Analysis of Imperative Programs

Difference Constraints: An adequate Abstraction for Complexity Analysis of Imperative Programs Florian Zuleger Technische Universitt Wien FMCAD, 28.09.2015 Joint work with Moritz Sinn, Helmut Veith Bounds and Complexity foo(uint n) Local

437 views • 26 slides
An Upper Bound on BER in a Coded Two-Transmission Scheme with the Same-Size Arbitrary

An Upper Bound on BER in a Coded Two-Transmission Scheme with the Same-Size Arbitrary

An Upper Bound on BER in a Coded Two-Transmission Scheme with the Same-Size Arbitrary Constellations Mehmet Ilter &amp; Halim Yanikomeroglu September 4 th , 2014 A Fresh Start With These Questions Why do we need such an analysis depending on

382 views • 19 slides
Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele

Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele

Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele De Angelis 1 , Fabio Fioravanti 1 , Alberto Pettorossi 2 , and Maurizio Proietti 3 1 University of Chieti-Pescara G. dAnnunzio, Italy 2

671 views • 52 slides
Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric

Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric

Introduction SMT/Max-SMT solving Invariant generation Termination analysis Further work Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric Rodr guez-Carbonell and Albert Rubio Universitat

1.18k views • 73 slides
Consistency Analysis for Massively Inconsistent Datasets in Bound-to-Bound Data Collaboration

Consistency Analysis for Massively Inconsistent Datasets in Bound-to-Bound Data Collaboration

Consistency Analysis for Massively Inconsistent Datasets in Bound-to-Bound Data Collaboration Arun Hegde Wenyu Li James Oreluk Andrew Packard Michael Frenklach December 19, 2017 Abstract Bound-to-Bound Data Collaboration

462 views • 32 slides
Direct Manipulation For Imperative Programs Hu 1 , Roopsha Samanta 2 , Rishabh Singh 3 , Loris

Direct Manipulation For Imperative Programs Hu 1 , Roopsha Samanta 2 , Rishabh Singh 3 , Loris

Direct Manipulation For Imperative Programs Hu 1 , Roopsha Samanta 2 , Rishabh Singh 3 , Loris DAntoni 1 Qin Qinhepin ing Hu 1 Universitve of Wisconsin-Madison 2 Purdue University 3 Google 5 Variable values Call stack code 6 Python

1.04k views • 90 slides
Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg

Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg

Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg angelaw@cs.chalmers.se 4th International Symposium June 9, 2005, L okeberg Outline 1. Problem: Induction and Loops 2. First approach: Use idea

821 views • 34 slides
Small Cell Height &amp; Base Size Analysis Analysis on Height and Base Size of deployments 15

Small Cell Height &amp; Base Size Analysis Analysis on Height and Base Size of deployments 15

Small Cell Height &amp; Base Size Analysis Analysis on Height and Base Size of deployments 15 October 2019 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of

1.03k views • 23 slides
Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u

Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u

11/14/17 CSCI-2320 Object-Oriented Paradigm: Ruby Mohammad T . Irfan Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u Imperative u Procedural decomposition u Procedures are all powerful u Data is

582 views • 45 slides
Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs

Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs

Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs Birkbeck, University of London joint work with Cynthia Kop (U Copenhagen) and Naoki Nishida (U Nagoya) Workshop on Program Equivalence, London, UK 11

2.1k views • 197 slides
Imperative vs. object- oriented paradigms 1 11/11/14 Imperative vs. object-oriented

Imperative vs. object- oriented paradigms 1 11/11/14 Imperative vs. object-oriented

11/11/14 CSCI-2325 Object-Oriented Paradigm: Ruby Mohammad T . Irfan Imperative vs. object- oriented paradigms 1 11/11/14 Imperative vs. object-oriented u Imperative u Procedural decomposition u Procedures are all

577 views • 31 slides
Imperative vs. object- oriented paradigms 1 11/17/14 Imperative vs. object-oriented

Imperative vs. object- oriented paradigms 1 11/17/14 Imperative vs. object-oriented

11/17/14 CSCI-2325 Object-Oriented Paradigm: Ruby Mohammad T . Irfan Imperative vs. object- oriented paradigms 1 11/17/14 Imperative vs. object-oriented u Imperative u Procedural decomposition u Procedures are all

867 views • 33 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides
A subexponential lower bound for Zadehs pivoting rule for solving linear programs and games

A subexponential lower bound for Zadehs pivoting rule for solving linear programs and games

A subexponential lower bound for Zadehs pivoting rule for solving linear programs and games Oliver Friedmann Department of Computer Science, Ludwig-Maximilians-Universit at Munich, Germany. Oliver Friedmann (LMU) Zadeh Lower Bound 1

1.72k views • 156 slides
Lecture 31: Declarative Programming Imperative vs. Declarative So far, our programs are

Lecture 31: Declarative Programming Imperative vs. Declarative So far, our programs are

Lecture 31: Declarative Programming Imperative vs. Declarative So far, our programs are explicit directions for solving a problem; the problem itself is implicit in the program. Declarative programming turns this around: A program

249 views • 3 slides
Backtracking And Branch And Bound Subset &amp; Permutation Problems Subset problem of size n.

Backtracking And Branch And Bound Subset &amp; Permutation Problems Subset problem of size n.

Backtracking And Branch And Bound Subset &amp; Permutation Problems Subset problem of size n. Nonsystematic search of the space for the answer takes O(p2 n ) time, where p is the time needed to evaluate each member of the solution space.

65 views • 5 slides
Asynchronous Events: Signals Signals Concepts Generating Signals Catching Signals

Asynchronous Events: Signals Signals Concepts Generating Signals Catching Signals

CPSC-313: Introduction to Computer Systems Asynchronous Events: Signals Asynchronous Events: Signals Signals Concepts Generating Signals Catching Signals Waiting for Signals Loose end: Program start-up Loose end: Signal

545 views • 11 slides
Will it blend ? Java agents and OSGi Slides revision : 20190923- ea 7 c 311 1 Welcome 2 About

Will it blend ? Java agents and OSGi Slides revision : 20190923- ea 7 c 311 1 Welcome 2 About

Will it blend ? Java agents and OSGi Slides revision : 20190923- ea 7 c 311 1 Welcome 2 About me 3 Outline Quick demo Java agents primer Usage scenarios OSGi integration Integration testing Testing demo 4 Quick demo 5 Java agents

694 views • 30 slides
Events vs. Threads ! Event-Based Execution ! Single thread of control ! No context switch overheads

Events vs. Threads ! Event-Based Execution ! Single thread of control ! No context switch overheads

TOSThreads Thread-Safe and Non-Invasive Preemption in TinyOS Kevin Klues , Chieh-Jan Liang, Jeongyeup Paek, Razvan Musaloiu-E, Philip Levis, Andreas Terzis, Ramesh Govindan November 5, 2009 SenSys 2009 1 Events vs. Threads ! Event-Based

1.01k views • 90 slides
Linked Lists Kruse and Ryba Textbook 4.1 and Chapter 6 Linked Lists Linked list of items

Linked Lists Kruse and Ryba Textbook 4.1 and Chapter 6 Linked Lists Linked list of items

Linked Lists Kruse and Ryba Textbook 4.1 and Chapter 6 Linked Lists Linked list of items is arranged in order Size of linked list changes as items are inserted or removed Dynamic memory allocation is often used in linked list

484 views • 26 slides
Lecture 6: Task-based Models and Charm++ Abhinav Bhatele, Department of Computer Science Summary

Lecture 6: Task-based Models and Charm++ Abhinav Bhatele, Department of Computer Science Summary

High Performance Computing Systems (CMSC714) Lecture 6: Task-based Models and Charm++ Abhinav Bhatele, Department of Computer Science Summary of last lecture Shared-memory programming and OpenMP Fork-join parallelism OpenMP vs MPI:

365 views • 12 slides
ProtoDUNE XYZ Calibration Service Jonathan Paley ProtoDUNE Sim/Reco Meeting August 15, 2018

ProtoDUNE XYZ Calibration Service Jonathan Paley ProtoDUNE Sim/Reco Meeting August 15, 2018

ProtoDUNE XYZ Calibration Service Jonathan Paley ProtoDUNE Sim/Reco Meeting August 15, 2018 Jonathan M. Paley 1 XYZ Calibrations Plane 1 X Correction Plane 1 Negative X Correction 600 2 1.2 Y Coordinate (cm) Correction 500 1 1.5

285 views • 7 slides
The motion of emptiness Dynamics and evolution of cosmic voids Laura Ceccarelli IATE,

The motion of emptiness Dynamics and evolution of cosmic voids Laura Ceccarelli IATE,

The motion of emptiness Dynamics and evolution of cosmic voids Laura Ceccarelli IATE, Observatorio Astronmico de Crdoba Large scale structure and galaxy flows Quy Nhon, July 2016 Motivations

568 views • 34 slides
SQL with C Test Program 1: Select a row with one column #include &lt;stdio.h&gt; #include

SQL with C Test Program 1: Select a row with one column #include &lt;stdio.h&gt; #include

SQL with C Test Program 1: Select a row with one column #include &lt;stdio.h&gt; #include &lt;string.h&gt; #include &lt;stdlib.h&gt; EXEC SQL BEGIN DECLARE SECTION; VARCHAR userid[20]; VARCHAR passwd[20]; int value; EXEC SQL END DECLARE

550 views • 6 slides

More recommend