Controlling Polyvariance for Specialization-Based Verification - - PowerPoint PPT Presentation

controlling polyvariance for specialization based
SMART_READER_LITE
LIVE PREVIEW

Controlling Polyvariance for Specialization-Based Verification - - PowerPoint PPT Presentation

Sep 02, 2023 277 likes •479 views

Controlling Polyvariance for Specialization-Based Verification Fabio Fioravanti (Univ. DAnnunzio, Pescara, Italy), Alberto Pettorossi (Univ. Tor Vergata, Rome, Italy), Maurizio Proietti (IASI-CNR, Rome, Italy), Valerio Senni (Univ. Tor

slide-1
SLIDE 1

Controlling Polyvariance for Specialization-Based Verification

Fabio Fioravanti (Univ. D’Annunzio, Pescara, Italy), Alberto Pettorossi (Univ. Tor Vergata, Rome, Italy), Maurizio Proietti (IASI-CNR, Rome, Italy), Valerio Senni (Univ. Tor Vergata, Rome, Italy)

CILC 2011, Pescara

August 31 - September 2, 2011

slide-2
SLIDE 2

Forward Reachability

Verification via Reachability

Backward Reachability

Initial States Unsafe States

? ... t t2

Initial States Unsafe States

? ... t-1 t-2

= ∅ safety ≠ ∅ unsafety = ∅ safety ≠ ∅ unsafety

t t-

slide-3
SLIDE 3

Bw: (I’s) unsafe init1(X) ∧ bwReach(X) ! (T’s) bwReach(X) t1(X,X’) ∧ bwReach(X’) ! (U’s) bwReach(X) u1(X) ! Theorem: The system is safe iff unsafe M(Bw) ≃ (SBw) A A c with c satisf.

Backward Reachability as a Constraint Logic Program

slide-4
SLIDE 4

An Example of System Verification

init(<X1,X2>): X11 ∧ X2=0 t(<X1,X2>, <X’1,X’2>): X’1= X1+X2 ∧ X’2= X2+1 u(<X1,X2>): X2>X1 <X1,X2>

X’1= X1+X2 X’2= X2+1

Bw:

  • 1. unsafe X11 ∧ X2=0 ∧ bwReach(X1,X2)
  • 2. bwReach(X1,X2) X’1= X1+X2 ∧ X’2= X2+1 ∧ bwReach(X’1,X’2)
  • 3. bwReach(X1,X2) X2>X1

Unfortunately, the computation of M(Bw) does not terminate. Verification via Specialization: (A) Bw SpBw (B) unsafe M(SpBw) ∈

slide-5
SLIDE 5

Specialization via Unfold/Definition/Fold

def-intro:

  • 4. new1(X1,X2) X11 ∧ X2=0 ∧ bwReach(X1,X2)

fold:

  • 1f. unsafe X11 ∧ X2=0 ∧ new1(X1,X2)

unfold:

  • 4u. new1(X1,X2) X11 ∧ X2=0 ∧ X’1=X1 ∧ X’2=1 ∧ bwReach(X’1,X’2)

def-intro: newp(X’1,X’2) X’11 ∧ X’2=1 ∧ bwReach(X’1,X’2) fold: ... unfold: ... def-intro: newq(X”1,X”2) X”11 ∧ X”2=2 ∧ bwReach(X”1,X”2)

!

Nontermination of specialization

1 2

!

slide-6
SLIDE 6

Need for Generalization

def-intro:

  • 5. new2(X1,X2) X11 ∧ X20 ∧ bwReach(X1,X2) (generalization)
  • 4uf. new1(X1,X2) X11 ∧ X2=0 ∧ X’1X1 ∧ X’2=1 ∧ new2(X’1,X’2)

From 5 by unfold-fold:

  • 6. new2(X1,X2) X11 ∧ X20 ∧ X’1=X1+X2 ∧ X’2=X2+1 ∧ new2(X’1,X’2)
  • 7. new2(X1,X2) X11 ∧ X2>X1

SpBw: 1f, 4uf, 6, 7. Specialization has terminated (due to generalization). The computation of M(SpBw) terminates: unsafe M(SpBw) new1(X1,X2) false new2(X1,X2) X11 ∧ X2>1 ∈

slide-7
SLIDE 7

A Different Specialization

new2 is more general than new1: use new2, instead of new1. SpBw1: 1f’. unsafe X11 ∧ X2=0 ∧ new2(X1,X2)

  • 6. new2(X1,X2) X11 ∧ X20 ∧ X’1=X1+X2 ∧ X’2=X2+1 ∧ new2(X1,X2)
  • 7. new2(X1,X2) X11 ∧ X2>X1

SpBw1: 1f, 6, 7. Fold “immediately”: use of new1 and new2. More polyvariance (SpBw). Fold at the end “with a maximally general definition”: use of new2 only. Less polyvariance (SpBw1). Polyvariance depends on generalization and folding and affects the specialization time and the size of the specialized program (and thus, the computation of the M(SpBw)).

slide-8
SLIDE 8

! Constructing the Definition Tree: DefsTree

D1 Dk {I1} {Ik}

...

D B1 Bh-1

...

Bh Unfold using T’s and U’s:

...

Generalize:

constrained facts

G1 Gh-1

...

Stop if node D occurs earlier in DefsTree. D G1 Gh-1 B1 Bh-1

...

a generic node D: Partition of clauses into blocks: Initialization:

slide-9
SLIDE 9

DefsTree for Our Verification

!

D1: 4. new1(X1,X2) X11 ∧ X2=0 ∧ bwReach(X1,X2) D1 {1}

Initialization:

  • 4u. new1(X1,X2) X11 ∧ X2=0 ∧ X’1=X1 ∧ X’2=1 ∧ bwReach(X’1,X’2)
  • 5. new2(X1,X2) X11 ∧ X20 ∧ bwReach(X1,X2)

D2: 5. new2(X1,X2) X11 ∧ X20 ∧ bwReach(X1,X2) {4u} Unfold: Generalize (ch+widen):

slide-10
SLIDE 10

Generalization: (Convex-Hull and) Widen

X11 ∧ X20 ∧ X20 previous definition D1 : X11 ∧ X21 ∧ X21 unfold (renaming X’i / Xi): Convex-Hull X11 ∧ X2 0 ∧ X2 1 banc (X1,X2): X11 ∧ X20 ∧ X20 previous definition D1 : Widen X11 ∧ X20 Another generalization operator: (Convex-Hull and) WidenSum. It takes into account the coefficients of the variables (in our case: 1).

slide-11
SLIDE 11

Input: program Bw Output: program SpBw such that unsafe ∈ M(Bw) iff unsafe ∈ M(SpBw) Initialization: DefsTree := {T"D1,...,T"Dk} while there exists a definition D in DefsTree which does not occur earlier do - unfold using Ti’s and Ui’s and derive UnfD;

  • definition introduction:

Partition(UnfD, {B1,..., Bh}) ; Generalize(D, Bi, DefsTree, Gi) and derive a new DefsTree

  • d

Fold(DefsTree, SpBw)

Generic Specialization Algorithm

blocks a generalized definition

slide-12
SLIDE 12

UnfD: clauses C1, ... , Cm, Cm+1, ... , Cn

  • 1. Singleton: {C1}, ... , {Cm}
  • 2. Finite Domain: clauses Ci and Cj in the same block iff con(Ci)|X’ ≃ fd con(Cj)|X’
  • 3. All: {C1, ..., Cm}

Various Partition Operators

(constrained facts)

e.g., X’1=a ∧ X’2=a ≃ fd X’1=a ∧ X’2=X’1

Partition:

(m blocks) (one block)

!"

slide-13
SLIDE 13

Technique by Partition Generalization Folding Cousot-Halbwachs: Finite-Domain Widen Peralta-Gallagher: All Widen Maximally General FPPS (Lopstr 2010): Singleton Widen (or WidenSum) Immediate

  • ur new1-new2: Singleton Widen Immediate
  • ur new2: Singleton Widen Maximally General

Reconstructing Known Techniques

slide-14
SLIDE 14

No-Specializat. All_Widen Singleton_WidenSum Bakery 4 130 Im 19 (6) 101 (1745) MG 19 (6) 77 (1172) Ticket 2

  • Im
  • 0.02 (11)

MG

  • 0.02 (11)

Futurebus+ 15 Im 17 (6) 2.4 (19) MG 15 (3) 2.2 (15) McCarthy91

Im

4.13 (5)

  • MG 4.12 (3)
  • Verification of System: Backward Reachability

!"

29 protocols: 20 verified MG 21 verified 27 verified

Similar results for Forward Reachability.

Times in milliseconds. Number of definitions between parentheses.

  • means more than

200 seconds

slide-15
SLIDE 15

! A generic specialization algorithm reconstructing various

techniques known in the literature (plus new ones), depending on:

  • partition operators (singleton, all, ...)
  • generalization operators (widen, ...)
  • folding procedure (immediate, maximally general)

! Specialization improves precision (i.e., the number of verified

properties or systems) but may increment verification time

! Polyvariance control may allow fewer definitions and shorter

verification times at the expense of possible loss of precision.

Conclusions

slide-16
SLIDE 16

An implementation in SICStus Prolog as a module of the MAP transformation system. http://map.uniroma2.it/mapweb

Tool

slide-17
SLIDE 17
  • Perform more system verifications and check scalability of the approach.
  • Use of polyvariance control outside the scope of the verification of reactive

systems.

Future Work

slide-18
SLIDE 18

References

  • E. M. Clarke, O. Grumberg, and D. Peled. Model Checking. MIT Press, 1999.
  • P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among

variables of a program. In Proceedings of the Fifth ACM Symposium on Principles

  • f Programming Languages (POPL'78), 84-96. ACM Press, 1978.
  • F. Fioravanti, A. Pettorossi, M. Proietti, and V. Senni. Program specialization for

verifying infinite state systems: An experimental evaluation. In Proceedings of LOPSTR '10, LNCS 6564, 164-183. Springer, 2011.

  • M. Leuschel, B. Martens, and D. De Schreye. Controlling generalization and

polyvariance in partial deduction of normal logic programs. ACM Transactions on Programming Languages and Systems, 20(1):208-258, 1998.

  • J. C. Peralta and J. P. Gallagher. Convex hull abstractions in specialization of CLP
  • programs. In Proceedings of LOPSTR '02, LNCS 2664, 90-108. Springer, 2003.