compositional program analysis using max smt
play

Compositional Program Analysis using Max-SMT Albert Rubio Cristina - PowerPoint PPT Presentation

Apr 20, 2023 •234 likes •1.2k views

Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc Brockschmidt, Daniel Larraz, Albert Oliveras, Jos Miguel Rivero and Enric Rodrguez-Carbonell Universitat Politcnica de Catalunya - Barcelona Tech UCM

  1. Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc Brockschmidt, Daniel Larraz, Albert Oliveras, José Miguel Rivero and Enric Rodríguez-Carbonell Universitat Politècnica de Catalunya - Barcelona Tech UCM Seminar March 2018 Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 1 / 44

  2. Overview of the talk 1 Introduction 2 SMT/Max-SMT solving 3 Invariant generation 4 Compositional safety verification 5 VeryMax Tool 6 Conclusions and current work Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 2 / 44

  3. Overview of the talk 1 Introduction 2 SMT/Max-SMT solving 3 Invariant generation 4 Compositional safety verification 5 VeryMax Tool 6 Conclusions and current work Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 3 / 44

  4. Motivation Main Goal: Build static analysis tools for programmers. Fully automatic. Efficient. Scalable. Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 4 / 44

  5. Motivation Main Goal: Build static analysis tools for programmers. Fully automatic. Efficient. Scalable. Strategy: Take advantage of powerful arithmetic constraint solvers. SMT solvers Constraint-based Program Analysis techniques Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 4 / 44

  6. Motivation Main Goal: Build static analysis tools for programmers. Fully automatic. Efficient. Scalable. Strategy: Take advantage of powerful arithmetic constraint solvers. Max-SMT solvers Constraint-based Program Analysis techniques Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 4 / 44

  7. Motivation Main Goal: Build static analysis tools for programmers. Fully automatic. Efficient. Scalable. Strategy: Take advantage of powerful arithmetic constraint solvers. Max-SMT solvers Constraint-based Program Analysis techniques Goal : Verify safety and liveness properties of programs Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 4 / 44

  8. Motivation Main Goal: Build static analysis tools for programmers. Fully automatic. Efficient. Scalable. Strategy: Take advantage of powerful arithmetic constraint solvers. Max-SMT solvers Constraint-based Program Analysis techniques Goal : Verify safety and liveness properties of programs Challenge: discover (loop) invariants. How can we guide the search? Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 4 / 44

  9. Overview of the talk 1 Introduction 2 SMT/Max-SMT solving 3 Invariant generation 4 Compositional safety verification 5 VeryMax Tool 6 Conclusions and current work Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 5 / 44

  10. SMT solvers We make extensive use of SMT solvers inside our program analysis tools. SAT and SMT solvers gain efficiency by: addressing only (expressive enough) decidable fragments of a certain logic incorporate domain-specific reasoning, e.g: arithmetic reasoning equality data structures (arrays, lists, stacks, ...) SAT: use propositional logic as the formalization language + high degree of efficiency - expressive (all NP-complete) but involved encodings SMT: propositional logic + domain-specific reasoning + improves the expressivity - certain (but acceptable) loss of efficiency Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 6 / 44

  11. Need and Applications of SMT Some problems are more naturally expressed in other logics than propositional logic, e.g: Software verification needs reasoning about equality, arithmetic, data structures, ... SMT consists of deciding the satisfiability of a (ground) FO formula with respect to a background theory Example ( Equality with Uninterpreted Functions – EUF ): g ( a )= c ∧ ( f ( g ( a )) � = f ( c ) ∨ g ( a )= d ) ∧ c � = d Wide range of applications: Scheduling Predicate abstraction Test generation Model checking ... Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 7 / 44

  12. Theories of Interest - Arithmetic Very useful for obvious reasons Restricted fragments support more efficient methods: Bounds: x ⊲ ⊳ k with ⊲ ⊳ ∈ { <, >, ≤ , ≥ , = } Difference logic: x − y ⊲ ⊳ k , with ⊲ ⊳ ∈ { <, >, ≤ , ≥ , = } UTVPI: ± x ± y ⊲ ⊳ k , with ⊲ ⊳ ∈ { <, >, ≤ , ≥ , = } Linear arithmetic, e.g: 2 x − 3 y + 4 z ≤ 5 Non-linear arithmetic, e.g: 2 xy + 4 xz 2 − 5 y ≤ 10 Variables are either reals or integers Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 8 / 44

  13. SMT problems Input: Given a boolean formula ϕ over some theory T . Question: Is there any interpretation (solution) that satisfies the formula? Example: T = linear integer/real arithmetic. ( x < 0 ∨ x ≤ y ∨ y < z ) ∧ ( x ≥ 0 ) ∧ ( x > y ∨ y < z ) { x = 1 , y = 0 , z = 2 } Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 9 / 44

  14. SMT problems Input: Given a boolean formula ϕ over some theory T . Question: Is there any interpretation (solution) that satisfies the formula? Example: T = linear integer/real arithmetic. ( x < 0 ∨ x ≤ y ∨ y < z ) ∧ ( x ≥ 0 ) ∧ ( x > y ∨ y < z ) { x = 1 , y = 0 , z = 2 } Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 9 / 44

  15. SMT problems Input: Given a boolean formula ϕ over some theory T . Question: Is there any interpretation (solution) that satisfies the formula? Example: T = linear integer/real arithmetic. ( x < 0 ∨ x ≤ y ∨ y < z ) ∧ ( x ≥ 0 ) ∧ ( x > y ∨ y < z ) { x = 1 , y = 0 , z = 2 } There exist very efficient solvers: yices, z3, Barcelogic, ... Can handle large formulas with a complex boolean structure. Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 9 / 44

  16. Optimization problems (Weighted) Max-SMT problem Input: Given an SMT formula ϕ = C 1 ∧ . . . ∧ C m in CNF, where some of the clauses are hard and the others soft with a weight. Output: An assignment for the hard clauses that minimizes the sum of the weights of the falsified soft clauses. ( x 2 + y 2 > 2 ∨ x · z ≤ y ∨ y · z < z 2 ) ∧ ( x > y ∨ 0 < z ∨ w ( 5 )) ∧ . . . Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 10 / 44

  17. Non-linear SMT solving Input: Given a boolean formula ϕ over some theory T . Question: Is there any solution that satisfies the formula? Example: T = non-linear (polynomial) integer/real arithmetic. ( x 2 + y 2 > 2 ∨ x · z ≤ y ∨ y · z < z 2 ) ∧ ( x > y ∨ 0 < z ) { x = 0 , y = 1 , z = 1 } Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 11 / 44

  18. Non-linear SMT solving Input: Given a boolean formula ϕ over some theory T . Question: Is there any solution that satisfies the formula? Example: T = non-linear (polynomial) integer/real arithmetic. ( x 2 + y 2 > 2 ∨ x · z ≤ y ∨ y · z < z 2 ) ∧ ( x > y ∨ 0 < z ) { x = 0 , y = 1 , z = 1 } Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 11 / 44

  19. Non-linear SMT solving Input: Given a boolean formula ϕ over some theory T . Question: Is there any solution that satisfies the formula? Example: T = non-linear (polynomial) integer/real arithmetic. ( x 2 + y 2 > 2 ∨ x · z ≤ y ∨ y · z < z 2 ) ∧ ( x > y ∨ 0 < z ) { x = 0 , y = 1 , z = 1 } Non-linear arithmetic decidability: Integers: undecidable (Hilbert’s 10th problem). Reals: decidable (Tarski) but algorithms have prohibitive complexity. Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 11 / 44

  20. Non-linear SMT solving Input: Given a boolean formula ϕ over some theory T . Question: Is there any solution that satisfies the formula? Example: T = non-linear (polynomial) integer/real arithmetic. ( x 2 + y 2 > 2 ∨ x · z ≤ y ∨ y · z < z 2 ) ∧ ( x > y ∨ 0 < z ) { x = 0 , y = 1 , z = 1 } Non-linear arithmetic decidability: Integers: undecidable (Hilbert’s 10th problem). Reals: decidable (Tarski) but algorithms have prohibitive complexity. Incomplete solvers focus on either satisfiability or unsatisfiability. Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 11 / 44

  21. Non-linear SMT solving Input: Given a boolean formula ϕ over some theory T . Question: Is there any solution that satisfies the formula? Example: T = non-linear (polynomial) integer/real arithmetic. ( x 2 + y 2 > 2 ∨ x · z ≤ y ∨ y · z < z 2 ) ∧ ( x > y ∨ 0 < z ) { x = 0 , y = 1 , z = 1 } Non-linear arithmetic decidability: Integers: undecidable (Hilbert’s 10th problem). Reals: decidable (Tarski) but algorithms have prohibitive complexity. Incomplete solvers focus on either satisfiability or unsatisfiability. Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 11 / 44

  22. Solving non-linear SMT formulas Need to handle large formulas with non-linear arithmetic and complex boolean structure. Barcelogic has shown to be the best SMT-solver proving satisfiability of this kind of problems. Barcelogic can handle Max-SMT formulas (over non-linear arithmetic) as well. Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 12 / 44

  23. Overview of the talk 1 Introduction 2 SMT/Max-SMT solving 3 Invariant generation 4 Compositional safety verification 5 VeryMax Tool 6 Conclusions and current work Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 13 / 44

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid University of Toronto September

Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid University of Toronto September

Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid University of Toronto September 28, 2015 Compositional program analysis P P Break program into parts P P Analyze each part P P Compose the results Incremental analysis

787 views • 62 slides
Compositional and Mechanically Verified Program Analyzers David Darais University of Maryland

Compositional and Mechanically Verified Program Analyzers David Darais University of Maryland

Compositional and Mechanically Verified Program Analyzers David Darais University of Maryland Let's Design an Analysis 2 Let's Design an Analysis Property x/0 2 Let's Design an Analysis Property Program x/0 0: int x y; 1: void

945 views • 72 slides
Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification Compilers , concurrent programs , theorem provers Program equivalence / Compositional reasoning Compositional compiler verification

266 views • 3 slides
Numerical Invariants via Abstract Machines Compositional Recurrence Analysis (CRA) Azadeh Farzan,

Numerical Invariants via Abstract Machines Compositional Recurrence Analysis (CRA) Azadeh Farzan,

Princeton University Zachary Kincaid Static Analysis Symposium August 31, 2018 Numerical Invariants via Abstract Machines Compositional Recurrence Analysis (CRA) Azadeh Farzan, Thomas Reps. Todays agenda: A recipe for building abstract

1.16k views • 78 slides
Safety Criticality Analysis of Air Traffic Management Systems: A Compositional Bisimulation

Safety Criticality Analysis of Air Traffic Management Systems: A Compositional Bisimulation

Third SESAR Innovation Days 26 28 November 2013, KTH, Stockholm, Sweden Safety Criticality Analysis of Air Traffic Management Systems: A Compositional Bisimulation Approach Elena De Santis, Maria Domenica Di Benedetto, Mariken Everdij,

664 views • 32 slides
COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction) Mykola (Nikolaj) S. Nikitchenko Taras Shevchenko National University of Kyiv Linz, JKU, November 08-19, 2012 1 Contents Introduction

783 views • 40 slides
Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of

Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of

Compositional Framework Bounded Delay Resource Model Schedulability Analysis Utilization Bounds Component Abstraction Conclusion Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of Pennsylvania 15 November

362 views • 33 slides
Compositional Analysis of Compositional Analysis of Soluble Salts in Bresle Bresle Extraction

Compositional Analysis of Compositional Analysis of Soluble Salts in Bresle Bresle Extraction

ISST- -2007 2007 ISST Compositional Analysis of Compositional Analysis of Soluble Salts in Bresle Bresle Extraction Extraction Soluble Salts in from Blocks in Newbuilding Newbuilding Shipyards Shipyards from Blocks in S.S. Seo Seo,

626 views • 20 slides
Compositional Symbolic Execution through Program Specialization e Miguel Rojas 1 and Corina P

Compositional Symbolic Execution through Program Specialization e Miguel Rojas 1 and Corina P

Compositional Symbolic Execution through Program Specialization e Miguel Rojas 1 and Corina P areanu 2 Jos as 1 Technical University of Madrid, Spain 2 CMU-SV/NASA Ames, Moffett Field, CA, USA BYTECODE 2013 March 23, Rome, Italy Software

579 views • 33 slides
Compositional Solution Space Quantification for Probabilistic Software Analysis Mateus Borges,

Compositional Solution Space Quantification for Probabilistic Software Analysis Mateus Borges,

Compositional Solution Space Quantification for Probabilistic Software Analysis Mateus Borges, Marcelo dAmorim (UFPE) Antonio Filieri (Stuttgart) Corina Pasareanu (CMU SV and NASA Ames) Willem Visser (Stellenbosch) Uncertain Environments

752 views • 59 slides
Imprecise Compositional Data Analysis: Alternative Statistical Methods Michael Smithson The

Imprecise Compositional Data Analysis: Alternative Statistical Methods Michael Smithson The

Imprecise Compositional Data Analysis: Alternative Statistical Methods Michael Smithson The Australian National University 2-6 July 2019 /SIPTA 2019 Smithson (The Australian National University) Imprecise Compositional Data Analysis SIPTA19

225 views • 11 slides
PLEBISCITE FOR PEACE IN COLOMBIA: STATISICAL ANALYSIS USING COMPOSITIONAL DATA CoDaWork 2017

PLEBISCITE FOR PEACE IN COLOMBIA: STATISICAL ANALYSIS USING COMPOSITIONAL DATA CoDaWork 2017

Introduction Applied exercise Discussion PLEBISCITE FOR PEACE IN COLOMBIA: STATISICAL ANALYSIS USING COMPOSITIONAL DATA CoDaWork 2017 CATALINA PLATA RINC ON &amp; ANDR ES FELIPE ORTIZ RICO UNIVERSITY SANTO TOM AS June 9 2017

356 views • 24 slides
Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman Imperial Concurrency Workshop, July 2015 @miike Overview The C11 model is (arguably) broken: we omit problem features, most importantly no RLX.

544 views • 42 slides
Semi-Markov PEPA: Compositional Modelling and Analysis with General Distributions Jeremy Bradley

Semi-Markov PEPA: Compositional Modelling and Analysis with General Distributions Jeremy Bradley

Semi-Markov PEPA: Compositional Modelling and Analysis with General Distributions Jeremy Bradley Email: jb@doc.ic.ac.uk Department of Computing, Imperial College London Produced with prosper and L A T EX JTB [07/2004] p.1/19 What have

760 views • 47 slides
Compositional Recurrence Analysis Revisited Zachary Kincaid 1 Jason Breck 2 Ashkan Forouhi

Compositional Recurrence Analysis Revisited Zachary Kincaid 1 Jason Breck 2 Ashkan Forouhi

June 19, 2017 Compositional Recurrence Analysis Revisited Zachary Kincaid 1 Jason Breck 2 Ashkan Forouhi Boroujeni 2 Thomas Reps 2 , 3 1 Princeton University 2 University of Wisconsin-Madison 3 GrammaTech, Inc. How can we apply loop analyses to

648 views • 53 slides
Forecasting Patent Filings at the European Patent Office (EPO) using compositional data analysis

Forecasting Patent Filings at the European Patent Office (EPO) using compositional data analysis

Forecasting Patent Filings at the European Patent Office (EPO) using compositional data analysis techniques. Peter Hingley, Financial Controlling and Statistics, European Patent Office, M unich, Germany phingley@epo.org Disclaimer: The forecasts

370 views • 18 slides
Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs Robert

Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs Robert

Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs Robert Sison 13 Jan 2018 THE UNIVERSITY OF NEW SOUTH WALES www.data61.csiro.au A confidentiality-preserving program Cross Domain Desktop Compositor

1.49k views • 118 slides
Numerical Solution of Compositional Two-Phase Flow in Porous Media P. Bastian Collaborators: M.

Numerical Solution of Compositional Two-Phase Flow in Porous Media P. Bastian Collaborators: M.

Numerical Solution of Compositional Two-Phase Flow in Porous Media P. Bastian Collaborators: M. Blatt, O. Ippisch, R. Neumann Universit at Heidelberg Interdisziplin ares Zentrum f ur Wissenschaftliches Rechnen Im Neuenheimer Feld 368,

567 views • 34 slides
Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle ACL2 Workshop Presentation July 14, 2003 Outline Motivation and Goals Technical Background Comments on Our Work Issues and

609 views • 31 slides
Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed Thorben

Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed Thorben

Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed Thorben Moos 1 , Amir Moradi 1 , Tobias Schneider 2 and Franois-Xavier Standaert 2 Horst Grtz Institute for IT Security, Ruhr-Universitt Bochum,

694 views • 46 slides
Secure Information Flow as a Safety Problem Overview Introduction to secure information flow

Secure Information Flow as a Safety Problem Overview Introduction to secure information flow

Secure Information Flow as a Safety Problem Overview Introduction to secure information flow Type-Based approach Self composition Downgrading Self composition with downgrading Type directed transformation

511 views • 22 slides
Compositional Action System Derivation Introduction Using Enforced Properties Action systems

Compositional Action System Derivation Introduction Using Enforced Properties Action systems

Compositional Action System Derivation Using Enforced Properties Brijesh Dongol and Ian J. Hayes Compositional Action System Derivation Introduction Using Enforced Properties Action systems Enforced properties Example Brijesh Dongol

785 views • 45 slides
Compositional Semantics and Analysis of Hierarchical Block Diagrams Iulia Dragomir 1 joint work

Compositional Semantics and Analysis of Hierarchical Block Diagrams Iulia Dragomir 1 joint work

Compositional Semantics and Analysis of Hierarchical Block Diagrams Iulia Dragomir 1 joint work with Viorel Preoteasa 1 and Stavros Tripakis 1 , 2 1 Aalto University, Finland 2 UC Berkeley, USA Hierarchical block diagrams Consist of: atomic

556 views • 45 slides
On Two Composition Operator in Dempster-Shafer Theory Radim Jirou sek Faculty of Management,

On Two Composition Operator in Dempster-Shafer Theory Radim Jirou sek Faculty of Management,

On Two Composition Operator in Dempster-Shafer Theory Radim Jirou sek Faculty of Management, Jind rich uv Hradec, Czech Republic &amp; Institute of Information Theory and Automation Czech Academy of Sciences, Prague ISIPTA 2015

674 views • 30 slides

More recommend