Polyhedral Domains and Widening for Verification of Numerical - - PowerPoint PPT Presentation

1

Polyhedral Domains and Widening for Verification of Numerical Programs

Goran Frehse Verimag Hitashyam Maka and Bruce H. Krogh Carnegie Mellon University

2

Verification of numerical programs

• Problem definition
• Polyhedral domains
• Control flow automata (CFA)
• CFA reachability
• Widening based on coefficient limiting
• CFA reduction
• Kahan summation example
• Conclusions

3

Design and implementation of numerical programs

design model code generation target processor compiler

model-based development source code implementation platform implementation

4

Verification of numerical programs

design model code generation target processor compiler

Need to verify how numerical code will execute on the target processor

5 design model code generation target processor compiler disassembler CFA generator

control flow graph target processor error model

PHAVer reachability results

CFA

numerical program verifier Verification of numerical programs

6 design model code generation target processor compiler disassembler CFA generator

control flow graph target processor error model

PHAVer error bounds

CFA

today’s presentation Verification of numerical programs

reachable sets

7

Scope of this work

• instructions of the form
• real constants and variables
• linear arithmetic
• floating point error bounds

8

Polyhedral domains

• linear predicates
• convex polyhedron: conjunction of linear predicates
• polyhedron: disjunction of convex polyhedra
• Parma Polyhedra Library (PPL): performs exact

computations with non-convex polyhedra

• PHAVer: performs reachability for LHA

– exact and robust arithmetic with unlimited precision (PPL) – bit-constrained over-approximations for termination heuristics – on-the-fly over-approximation of piecewise affine dynamics – support for compositional and assume-guarantee reasoning.

9

Exact Arithmetic in PHAVer

Finite resources require over approximation Semi-bounded exact arithmetic

– exact computations that result in finite precision

* Managing the complexity by over-approximation

• 1. generate time-

elapse polyhedron

initial set

• 2. * compute

conservative over- approximation

derivative

109x 121y 100 1 1 y x 6 x 6 y 6

• 1. limit the

number of bits

• f coefficients

45° 15° 30° 45° 90° 135° A B C D E F 45° 30° 45° 150° 2 1 3 4 5 D F B A C

• 2. limit the

number of constraints

10

Control flow automata (CFA)

• same node/transition structure as the control flow graph
• instructions replaced by action predicates on the transitions

representing the operation error bounds

11

CFA example

12

CFA reachability

• CFA state: (q,x) – q discrete state, x valuation of variables x
• Reachable states: smallest fixed point of

where

• All sets are polyhedra
• In general, the reachability iteration will not terminate

13

Widening for iterative computations

• Accelerates convergence to a fixed point.
• P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by

construction or approximation of fixpoints. In Proceedings of the Fourth Annual ACM Symposium on Principles

• f Programming Languages, pp. 238-252, New York, 1977. ACM Press.

14

Standard widening

• defined for convex polyhedra
• retains

constraints of P1 also satisfied by P2 and constraints of P2 with equivalent constraints in P1

15

Standard widening: example

exact (nonterimintating)

• std. widening
• terminates at

iteration 5

• large over

approximation

16

Widening based on coefficient limiting (NEW)

Preliminaries:

• CP : set of linear predicates defining polyhedron P
• assume integer coefficients with common divisor 1
• max_coeff(CP) : maximum coefficient in CP
• coeff_limit(P,k) : polyhedron P′ such that

1) P ⊆ P′ 2) max_coeff(CP′ ) ≤ k NOTE: Such a P′ is computed by PHAVer

17

Widening based on coefficient limiting (NEW)

Proposition 1. is a widening operator. follows from

18

Example 1: Application to Program 1

• std. widening

coefficient-limiting widening

19

Example 2: Non-convex polyhedra (w/o convex hull)

20

CFA Reduction

Objective: Given a set of variables W, reduce the number of transitions and variables in the CFA without affecting the reachable set for the variables in W.

21

Merging transitions

Transition condition for merging

• applied only to the first transition in a pair of transitions

22

Eliminating irrelevant variables

• transition merging increases the number of globally irrelevant

variables

• retains variables that influence error bounds on variables of

interest

23

Precision vs. Efficiency using

• Value of k introduces a tradeoff between
• accuracy of polyhedral approximations and
• complexity of the computations
• Smaller k

increases the over approximation but doesn’t necessarily make termination faster

24

Example: Kahan summation algorithm

• adding N numbers: error = Nε
• Kahan algorithm introduces intermediate variables to mitigate the

effects of repeated summations: error = 2ε +O(Nε2) From Wikipedia:

function kahanSum(input, n) var sum = input[1] var c = 0.0 // A running compensation for lost low-order bits. for i = 2 to n y = input[i] - c // So far, so good: c is zero. t = sum + y // Alas, sum is big, y small, so low-order digits

• f y are lost.

c = (t - sum) - y //(t - sum) recovers the high-order part of y; // subtracting y recovers -(low part of y) sum = t // Algebraically, c should always be zero. // Beware eagerly optimising compilers! next i // Next time around, the lost low part will // be added to y in a fresh attempt. return sum

25

Our implementation

ε = 1.192092896e-7 (i386) x0 = 1 xi = 0.1249999403953552 N = 8 reduced: 3 locations, 3 transitions, vars y,t eliminated

26

Summary

• new widening operator based on bounding coefficients
• error-preserving reductions
• transition merging
• variable elimination
• implementation using PHAVer
• illustrations on small examples

next steps

• exercise on benchmarks
• integration with standard tools
• incorporating other sources of errors (e.g., inf, NaN)