Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid - - PowerPoint PPT Presentation

Compositional Recurrence Analysis

Azadeh Farzan Zachary Kincaid

University of Toronto

September 28, 2015

Compositional program analysis

P1; P2 P P Break program into parts P P Analyze each part P P Compose the results Incremental analysis Compute in parallel

Compositional program analysis

P1; P2 P1 P2 Break program into parts P P Analyze each part P P Compose the results Incremental analysis Compute in parallel

Compositional program analysis

P1; P2 P1 P2 Break program into parts P1 P2 Analyze each part P P Compose the results Incremental analysis Compute in parallel

Compositional program analysis

P1; P2 P1 P2 Break program into parts P1 P2 Analyze each part ⊙ P1; P2 Compose the results Incremental analysis Compute in parallel

Compositional program analysis

P1; P2 P1 P2 Break program into parts P1 P2 Analyze each part ⊙ P1; P2 Compose the results Incremental analysis Compute in parallel

Compositional program analysis

P1; P2 P1 P2 Break program into parts P1 P2 Analyze each part ⊙ P1; P2 Compose the results Incremental analysis Compute in parallel

Context

x := 0 c := 1 n := 100 while(x < n): x := x + c assert(x == n) 100 1 100 c n x k k x n k x x kc

Context

x := 0 c := 1 n := 100 while(x < n): x := x + c assert(x == n) 100 1 100 c n x k k x n k x x kc

Context

x := 0 c := 1 n := 100 while(x < n): x := x + c assert(x == n) 100 1 100 c = 1 ∧ n = 100 ∧ 0 ≤ x ≤ 100 k k x n k x x kc

Context

x := 0 c := 1 n := 100 while(x < n): x := x + c assert(x == n) 100 1 100 c n x ∃k.((k ≥ 1 ∧ x < n) ∨ k = 0) ∧ x′ = x + kc...

How can we analyze programs compositionally and precisely?

Recurrence Analysis

while(*): x := x + 1 y := y - 2 Recurrences: x k x k y k y k Closed forms: x k x k y k y k Loop abstraction: k k x x k y y k

Recurrence Analysis

while(*): x := x + 1 y := y - 2 Recurrences: x(k) = x(k−1) + 1 y(k) = y(k−1) − 2 Closed forms: x k x k y k y k Loop abstraction: k k x x k y y k

Recurrence Analysis

while(*): x := x + 1 y := y - 2 Recurrences: x(k) = x(k−1) + 1 y(k) = y(k−1) − 2 Closed forms: x(k) = x(0) + 1k y(k) = y(0) − 2k Loop abstraction: k k x x k y y k

Recurrence Analysis

while(*): x := x + 1 y := y - 2 Recurrences: x(k) = x(k−1) + 1 y(k) = y(k−1) − 2 Closed forms: x(k) = x(0) + 1k y(k) = y(0) − 2k Loop abstraction: ∃k.k ≥ 0 ∧ x′ = x + k ∧ y′ = y − 2k

while(z < 100): x := 0 y := 0 while(x + y < 10): z := z + 1 if (*): x := x + rand(1,3) else y := y + 1 w := w + x

while(z < 100): x := 0 y := 0 while(x + y < 10): z := z + 1 if (*): x := x + rand(1,3) else y := y + 1 w := w + x

How can we use recurrence analysis to compute approximations of arbitrary programs?

Compositional Recurrence Analysis

Algebraic Program Analysis [Tarjan ’81]

1 Compute a path expression to a point of interest (e.g., an assertion) 2 Evaluate the path expression in the semantic algebra defining the

analysis

• uter:

inner: end: x := 0 n := 10 i := 0 if(i >= n): goto end i := i + 1 j := 0 if(*): x := x + 1 j := j + 1 if(j < n): goto inner goto outer assert(x <= 100)

x := 0 n := 10 i := 0 [i < n] i := i + 1 j := 0 x := x + 1 skip j := j + 1 [j < n] [j >= n] [i >= n] [x > 100] a b c d e f g h h+g (h+g)i ((h+g)ij) (h+g)ik i j k def((h+g)ij) (h+g)ik l m abc(def((h+g)ij) (h+g)ik) lm Path expression: Regular expression over alphabet of control flow edges

• uter:

inner: end: x := 0 n := 10 i := 0 if(i >= n): goto end i := i + 1 j := 0 if(*): x := x + 1 j := j + 1 if(j < n): goto inner goto outer assert(x <= 100)

x := 0 n := 10 i := 0 [i < n] i := i + 1 j := 0 x := x + 1 skip j := j + 1 [j < n] [j >= n] [i >= n] [x > 100] a b c d e f g h h+g (h+g)i ((h+g)ij) (h+g)ik i j k def((h+g)ij) (h+g)ik l m abc(def((h+g)ij) (h+g)ik) lm Path expression: Regular expression over alphabet of control flow edges

• uter:

inner: end: x := 0 n := 10 i := 0 if(i >= n): goto end i := i + 1 j := 0 if(*): x := x + 1 j := j + 1 if(j < n): goto inner goto outer assert(x <= 100)

x := 0 n := 10 i := 0 [i < n] i := i + 1 j := 0 x := x + 1 skip j := j + 1 [j < n] [j >= n] [i >= n] [x > 100] a b c d e f g h h+g (h+g)i ((h+g)ij) (h+g)ik i j k def((h+g)ij) (h+g)ik l m abc(def((h+g)ij) (h+g)ik) lm Path expression: Regular expression over alphabet of control flow edges

• uter:

inner: end: x := 0 n := 10 i := 0 if(i >= n): goto end i := i + 1 j := 0 if(*): x := x + 1 j := j + 1 if(j < n): goto inner goto outer assert(x <= 100)

x := 0 n := 10 i := 0 [i < n] i := i + 1 j := 0 x := x + 1 skip j := j + 1 [j < n] [j >= n] [i >= n] [x > 100] a b c d e f g h h+g (h+g)i ((h+g)ij) (h+g)ik i j k def((h+g)ij) (h+g)ik l m abc(def((h+g)ij) (h+g)ik) lm Path expression: Regular expression over alphabet of control flow edges

• uter:

inner: end: x := 0 n := 10 i := 0 if(i >= n): goto end i := i + 1 j := 0 if(*): x := x + 1 j := j + 1 if(j < n): goto inner goto outer assert(x <= 100)

x := 0 n := 10 i := 0 [i < n] i := i + 1 j := 0 x := x + 1 skip j := j + 1 [j < n] [j >= n] [i >= n] [x > 100] a b c d e f g h h+g (h+g)i ((h+g)ij) (h+g)ik i j k def((h+g)ij) (h+g)ik l m abc(def((h+g)ij) (h+g)ik) lm Path expression: Regular expression over alphabet of control flow edges

• uter:

inner: end: x := 0 n := 10 i := 0 if(i >= n): goto end i := i + 1 j := 0 if(*): x := x + 1 j := j + 1 if(j < n): goto inner goto outer assert(x <= 100)

x := 0 n := 10 i := 0 [i < n] i := i + 1 j := 0 x := x + 1 skip j := j + 1 [j < n] [j >= n] [i >= n] [x > 100] a b c d e f g h h+g (h+g)i ((h+g)ij) (h+g)ik i j k def((h+g)ij) (h+g)ik l m abc(def((h+g)ij) (h+g)ik) lm Path expression: Regular expression over alphabet of control flow edges

• uter:

inner: end: x := 0 n := 10 i := 0 if(i >= n): goto end i := i + 1 j := 0 if(*): x := x + 1 j := j + 1 if(j < n): goto inner goto outer assert(x <= 100)

x := 0 n := 10 i := 0 [i < n] i := i + 1 j := 0 x := x + 1 skip j := j + 1 [j < n] [j >= n] [i >= n] [x > 100] a b c d e f g h h+g (h+g)i ((h+g)ij) (h+g)ik i j k def((h+g)ij)∗(h+g)ik l m abc(def((h+g)ij) (h+g)ik) lm Path expression: Regular expression over alphabet of control flow edges

• uter:

inner: end: x := 0 n := 10 i := 0 if(i >= n): goto end i := i + 1 j := 0 if(*): x := x + 1 j := j + 1 if(j < n): goto inner goto outer assert(x <= 100)

x := 0 n := 10 i := 0 [i < n] i := i + 1 j := 0 x := x + 1 skip j := j + 1 [j < n] [j >= n] [i >= n] [x > 100] a b c d e f g h h+g (h+g)i ((h+g)ij) (h+g)ik i j k def((h+g)ij) (h+g)ik l m abc(def((h+g)ij)∗(h+g)ik)∗lm Path expression: Regular expression over alphabet of control flow edges

Interpretation: I = ⟨D, ·⟩

• D = ⟨D, ⊙, ⊕, ⍟, 0, 1⟩ is a semantic algebra
• Control flow edges

D is a semantic function Program meanings Composition operators

Interpretation: I = ⟨D, ·⟩

• D = ⟨D, ⊙, ⊕, ⍟, 0, 1⟩ is a semantic algebra
• Control flow edges

D is a semantic function Program meanings Composition operators

Interpretation: I = ⟨D, ·⟩

• D = ⟨D,

⊙, ⊕, ⍟, 0, 1⟩ is a semantic algebra

• Control flow edges

D is a semantic function Program meanings Composition operators

Interpretation: I = ⟨D, ·⟩

• D = ⟨D, ⊙, ⊕, ⍟, 0, 1⟩ is a semantic algebra
• · : Control flow edges → D is a semantic function

Program meanings Composition operators

Interpretation: I = ⟨D, ·⟩

• D = ⟨D, ⊙, ⊕, ⍟, 0, 1⟩ is a semantic algebra
• · : Control flow edges → D is a semantic function

Program meanings Composition operators abc(def((h+g)ij)∗(h+g)ik)∗lm = a ⊙ b ⊙ c ⊙ ( d ⊙ e ⊙ f ⊙ ( (h ⊕ g) ⊙ i ⊙ j )⍟ ⊙(h ⊕ g) ⊙ i ⊙ k )⍟ ⊙l ⊙ m

Interpretation: I = ⟨D, ·⟩

• D = ⟨D, ⊙, ⊕, ⍟, 0, 1⟩ is a semantic algebra
• · : Control flow edges → D is a semantic function

Program meanings Composition operators Compositional Recurrence Analysis

• D: set of arithmetic transition formulas

x := x + 1 ≜ x′ = x + 1 ∧ y′ = y ∧ i′ = i ∧ j′ = j ∧ n′ = n

• x

x x x x

Interpretation: I = ⟨D, ·⟩

• D = ⟨D, ⊙, ⊕, ⍟, 0, 1⟩ is a semantic algebra
• · : Control flow edges → D is a semantic function

Program meanings Composition operators Compositional Recurrence Analysis

• D: set of arithmetic transition formulas

x := x + 1 ≜ x′ = x + 1 ∧ y′ = y ∧ i′ = i ∧ j′ = j ∧ n′ = n

• φ ⊙ ψ ≜ ∃⃗

x′′.φ[⃗ x′ → ⃗ x′′] ∧ ψ[⃗ x → ⃗ x′′]

Interpretation: I = ⟨D, ·⟩

• D = ⟨D, ⊙, ⊕, ⍟, 0, 1⟩ is a semantic algebra
• · : Control flow edges → D is a semantic function

Program meanings Composition operators Compositional Recurrence Analysis

• D: set of arithmetic transition formulas

x := x + 1 ≜ x′ = x + 1 ∧ y′ = y ∧ i′ = i ∧ j′ = j ∧ n′ = n

• φ ⊙ ψ ≜ ∃⃗

x′′.φ[⃗ x′ → ⃗ x′′] ∧ ψ[⃗ x → ⃗ x′′]

• φ ⊕ ψ ≜ φ ∨ ψ

Interpretation: I = ⟨D, ·⟩

• D = ⟨D, ⊙, ⊕, ⍟, 0, 1⟩ is a semantic algebra
• · : Control flow edges → D is a semantic function

Program meanings Composition operators Compositional Recurrence Analysis

• D: set of arithmetic transition formulas

x := x + 1 ≜ x′ = x + 1 ∧ y′ = y ∧ i′ = i ∧ j′ = j ∧ n′ = n

• φ ⊙ ψ ≜ ∃⃗

x′′.φ[⃗ x′ → ⃗ x′′] ∧ ψ[⃗ x → ⃗ x′′]

• φ ⊕ ψ ≜ φ ∨ ψ
• φ⍟ ≜ ...

p∗ = p⍟

Problem Given a transition formula φ (representing the body of a loop), compute a formula φ⍟ representing any number of iterations of the loop. First, linearize : compute a linear formula lin such that = lin .

Linearization via optimization modulo theories: If = x and y , then = y xy y x xy x

Problem Given a transition formula φ (representing the body of a loop), compute a formula φ⍟ representing any number of iterations of the loop. First, linearize φ: compute a linear formula lin(φ) such that φ | = lin(φ).

Linearization via optimization modulo theories: If = x and y , then = y xy y x xy x

Problem Given a transition formula φ (representing the body of a loop), compute a formula φ⍟ representing any number of iterations of the loop. First, linearize φ: compute a linear formula lin(φ) such that φ | = lin(φ).

Linearization via optimization modulo theories: If ϕ | = x ∈ [1, 10] and y ∈ [2, 3], then ϕ | = y ≤ xy ≤ 10y ∧ 2x ≤ xy ≤ 3x

Simple recurrences

while(*): c := 2 * x if (c = 1): x := x + 2 else x := x + 1 y := y - 2 c x c x x c x x y y m c x y c x y =

body

c c m x x m y y m

body body = body =

c c x x y y

Simple recurrences

while(*): c := 2 * x if (c = 1): x := x + 2 else x := x + 1 y := y - 2 c′ = 2x ∧ ( (c′ = 1 ∧x′ = x + 2) ∨(c′ ̸= 1 ∧x′ = x + 1) ) ∧y′ = y − 2 m c x y c x y =

body

c c m x x m y y m

body body = body =

c c x x y y

Simple recurrences

while(*): c := 2 * x if (c = 1): x := x + 2 else x := x + 1 y := y - 2 c′ = 2x ∧ ( (c′ = 1 ∧x′ = x + 2) ∨(c′ ̸= 1 ∧x′ = x + 1) ) ∧y′ = y − 2 m : [c → 0, x → 0, y → 0, c′ → 0, x′ → 1, y′ → −2] | = φbody c c m x x m y y m

body body = body =

c c x x y y

Simple recurrences

while(*): c := 2 * x if (c = 1): x := x + 2 else x := x + 1 y := y - 2 c′ = 2x ∧ ( (c′ = 1 ∧x′ = x + 2) ∨(c′ ̸= 1 ∧x′ = x + 1) ) ∧y′ = y − 2 m : [c → 0, x → 0, y → 0, c′ → 0, x′ → 1, y′ → −2] | = φbody (c′ − c)m = 0 (x′ − x)m = 1 (y′ − y)m = −2

body body = body =

c c x x y y

Simple recurrences

while(*): c := 2 * x if (c = 1): x := x + 2 else x := x + 1 y := y - 2 c′ = 2x ∧ ( (c′ = 1 ∧x′ = x + 2) ∨(c′ ̸= 1 ∧x′ = x + 1) ) ∧y′ = y − 2 m : [c → 0, x → 0, y → 0, c′ → 0, x′ → 1, y′ → −2] | = φbody (c′ − c)m = 0 (x′ − x)m = 1 (y′ − y)m = −2 φbody | = φbody | = φbody | = c′ = c + 0? x′ = x + 1? y′ = y − 2?

Simple recurrences

while(*): c := 2 * x if (c = 1): x := x + 2 else x := x + 1 y := y - 2 c′ = 2x ∧ ( (c′ = 1 ∧x′ = x + 2) ∨(c′ ̸= 1 ∧x′ = x + 1) ) ∧y′ = y − 2 m : [c → 0, x → 0, y → 0, c′ → 0, x′ → 1, y′ → −2] | = φbody (c′ − c)m = 0 (x′ − x)m = 1 (y′ − y)m = −2 φbody ̸| = φbody | = φbody | = c′ = c + 0 x′ = x + 1 y′ = y − 2

Stratified recurrences

while(*): x := x + 1 y := y + x z := z + y

Linear recurrences (in)equations

while(0 <= i < 100): if (*): x := x + i else y := y + i i := i + 1 0 ≤ i ∧ i < 100 ∧x′ = x + i ∧y′ = y + i ∧i′ = i + 1

1 Introduce difference variables for non-induction variables: body x

x x

y

y y

2 Project + compute the convex hull:

• Smallest polyhedron P such that x y x y i

= P

x y

i

x

i

y

i ... x x y y i x x i y y i x y x y i x x x i x y y i Linear equations over ’s and induction variables x k y k x y ki k k x x k x ki k k x y k y ki k k

Linear recurrences (in)equations

while(0 <= i < 100): if (*): x := x + i else y := y + i i := i + 1 0 ≤ i ∧ i < 100 ∧x′ = x + i ∧y′ = y + i ∧i′ = i + 1

1 Introduce difference variables for non-induction variables:

ψ ≜ φbody ∧ δx = x′ − x ∧ δy = y′ − y

2 Project + compute the convex hull:

• Smallest polyhedron P such that x y x y i

= P

x y

i

x

i

y

i ... x x y y i x x i y y i x y x y i x x x i x y y i Linear equations over ’s and induction variables x k y k x y ki k k x x k x ki k k x y k y ki k k

Linear recurrences (in)equations

while(0 <= i < 100): if (*): x := x + i else y := y + i i := i + 1 0 ≤ i ∧ i < 100 ∧x′ = x + i ∧y′ = y + i ∧i′ = i + 1

1 Introduce difference variables for non-induction variables:

ψ ≜ φbody ∧ δx = x′ − x ∧ δy = y′ − y

2 Project + compute the convex hull:

• Smallest polyhedron P such that ∃x, y, x′, y′, i′.ψ |

= P

x y

i

x

i

y

i ... x x y y i x x i y y i x y x y i x x x i x y y i Linear equations over ’s and induction variables x k y k x y ki k k x x k x ki k k x y k y ki k k

Linear recurrences (in)equations

while(0 <= i < 100): if (*): x := x + i else y := y + i i := i + 1 0 ≤ i ∧ i < 100 ∧x′ = x + i ∧y′ = y + i ∧i′ = i + 1 δx + δy = i 0 ≤ δx ≤ i 0 ≤ δy ≤ i ... x x y y i x x i y y i x y x y i x x x i x y y i Linear equations over δ’s and induction variables x k y k x y ki k k x x k x ki k k x y k y ki k k

Linear recurrences (in)equations

while(0 <= i < 100): if (*): x := x + i else y := y + i i := i + 1 0 ≤ i ∧ i < 100 ∧x′ = x + i ∧y′ = y + i ∧i′ = i + 1 δx + δy = i 0 ≤ δx ≤ i 0 ≤ δy ≤ i ... (x′ − x) + (y′ − y) = i 0 ≤ (x′ − x) ≤ i 0 ≤ (y′ − y) ≤ i x y x y i x x x i x y y i Linear equations over ’s and induction variables x k y k x y ki k k x x k x ki k k x y k y ki k k

Linear recurrences (in)equations

while(0 <= i < 100): if (*): x := x + i else y := y + i i := i + 1 0 ≤ i ∧ i < 100 ∧x′ = x + i ∧y′ = y + i ∧i′ = i + 1 δx + δy = i 0 ≤ δx ≤ i 0 ≤ δy ≤ i ... (x′ − x) + (y′ − y) = i 0 ≤ (x′ − x) ≤ i 0 ≤ (y′ − y) ≤ i x′ + y′ = x + y + i x ≤ x′ ≤ x + i x ≤ y′ ≤ y + i Linear equations over ’s and induction variables x k y k x y ki k k x x k x ki k k x y k y ki k k

Linear recurrences (in)equations

while(0 <= i < 100): if (*): x := x + i else y := y + i i := i + 1 0 ≤ i ∧ i < 100 ∧x′ = x + i ∧y′ = y + i ∧i′ = i + 1 δx + δy = i 0 ≤ δx ≤ i 0 ≤ δy ≤ i ... (x′ − x) + (y′ − y) = i 0 ≤ (x′ − x) ≤ i 0 ≤ (y′ − y) ≤ i x′ + y′ = x + y + i x ≤ x′ ≤ x + i x ≤ y′ ≤ y + i Linear equations over ’s and induction variables x(k)+y(k) = x(0)+y(0)+ki(0)+k(k+1)/2 x(0) ≤ x(k) ≤ x(0) +ki(0) +k(k+1)/2 x(0) ≤ y(k) ≤ y(0) +ki(0) +k(k+1)/2

Putting it all together

φbody| = ∧

r

∑

i

arix′

ri ≤

∑

i

arixri + ∑

j

brjyrj + cr

ri

arix k

ri ri

arixri

j

prj k yrj kcr Extracted recurrences

body i

xi xi k k x

body

x

body r i

arixri

i

arixri

j

prj k yrj kcr

Putting it all together

φbody| = ∧

r

∑

i

arix′

ri ≤

∑

i

arixri + ∑

j

brjyrj + cr ∑

ri

arix(k)

ri ≤

∑

ri

arix(0)

ri +

∑

j

prj(k)y(0)

rj + kcr

Closed form

body i

xi xi k k x

body

x

body r i

arixri

i

arixri

j

prj k yrj kcr

Putting it all together

φbody| = ∧

r

∑

i

arix′

ri ≤

∑

i

arixri + ∑

j

brjyrj + cr ∑

ri

arix(k)

ri ≤

∑

ri

arix(0)

ri +

∑

j

prj(k)y(0)

rj + kcr

φ⍟

body ≜

∧

i

x′

i = xi

∨ ( ∃k.k ≥ 1 ∧ (∃⃗ x′.φbody) ∧ (∃⃗ x.φbody) ∧ ∧

r

∑

i

arix′

ri ≤

∑

i

arixri + ∑

j

prj(k)yrj + kcr )

Experimental evaluation on

• 74 safe benchmarks from SVComp15
• 7 safe non-linear benchmarks

Tool Solved

CRA % 65% CRA+Oct % 88% SeaHorn % 85% CPAChecker % 47%

Summary

CRA is compositional yet precise Compositional analysis + SMT-based recurrence detection Approximate recurrence analysis for arbitrary loops

Summary

CRA is compositional yet precise Compositional analysis + SMT-based recurrence detection Approximate recurrence analysis for arbitrary loops