bound analysis of imperative programs with the size
play

Bound Analysis of Imperative Programs with the Size change - PowerPoint PPT Presentation

Jul 17, 2023 •549 likes •1.05k views

Bound Analysis of Imperative Programs with the Size change Abstraction Florian Zuleger, TU Vienna SAS, Venice, 16.09.2011 Joint work with Sumit Gulwani, Microsoft Research Moritz Sinn, Helmut Veith, TU Vienna Resource Bounds Programs consume a

  1. Bound Analysis of Imperative Programs with the Size ‐ change Abstraction Florian Zuleger, TU Vienna SAS, Venice, 16.09.2011 Joint work with Sumit Gulwani, Microsoft Research Moritz Sinn, Helmut Veith, TU Vienna

  2. Resource Bounds Programs consume a variety of resources: – CPU time, memory, network bandwidth, power Bounding the use of such resources is important: – Economic incentives – Better user experience – Hard constraints on availability of resources Program correctness depends on bounding quantitative properties of data: – Information leakage, Propagation of numerical errors

  3. The Reachability ‐ bound Problem (Gulwani, Zuleger, PLDI 2010) void main (int n, C[] temp) { Given a control int i := 0; while (i < n) { location l inside int j := i+1; a program P. while (j < n) { if (nondet()) { l : temp[n] := new C(); How often can l be j--; n--; } j++; } visited inside P? i++; } } Goal: A symbolic bound Bound( l ) in terms of the inputs of P.

  4. Bound Computation and Termination A bound for a loop implies the termination of the loop. ⇒ Computing bounds is more difficult than proving termination! Can successfull techniques for termination analysis be extended to bound analysis? What about • Size ‐ change Abstraction (Ben ‐ Amram, Lee, Jones, 2001) Yes! • Transition Invariants (Podelski, Rybalchenko, 2004)? Not so easy...

  5. Outline 1. Introduction 2. Comparing SCA with Transition Invariants 3. SCA solves Technical Challanges 4. How to apply SCA on Imperative Programs

  6. Size ‐ change Abstraction (SCA) void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { ρ 1 if (nondet()) ρ 2 x--; else ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ y--; ρ 2 ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y ‐ 1 = y‘ }

  7. Size ‐ change Abstraction (SCA) void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { α ( ρ 1 ) if (nondet()) α ( ρ 2 ) x--; else α ( ρ 1 ) ≡ x > 0 Æ y > 0 Æ x > x‘ Æ y = y‘ y--; α ( ρ 2 ) ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y > y‘ } Predicate abstract domain consisting of inequalities between integer variables (primed and unprimed)

  8. Size ‐ change Abstraction (SCA) void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { α ( ρ 1 ) if (nondet()) α ( ρ 2 ) x--; else α ( ρ 1 ) ≡ x > 0 Æ y > 0 Æ x > x‘ Æ y = y‘ y--; α ( ρ 2 ) ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y > y‘ } Finite powerset abstract domain whose base elements are conjuncts of inequalities between integer variables (primed and unprimed)

  9. Size ‐ change Abstraction (SCA) void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { α ( ρ 1 ) if (nondet()) α ( ρ 2 ) x--; else = = 0 0’ 0 0’ y--; > = x x’ x x’ α ( ρ 2 ) ≡ α ( ρ 1 ) ≡ < < } > = y y’ y y’ < < Control flow graph whose edges are labeled by size ‐ change graphs

  10. SCA is a Success Story • Termination is decidable in PSPACE (Ben ‐ Amram, Lee, Jones, 2001; Ben ‐ Amram,2011) • Complete method for extracting ranking functions on terminating instances (possibly exponentially large) • SCA based termination analysis is implemented in widely ‐ used systems such as ACL2, Isabelle, AProVE • The industrial ‐ strength tool ACL2 can automatically prove the termination of 98% of the functions in its database

  11. Good Computational Properties • Enjoys built ‐ in disjunction. • Transitive hulls can be computed without overapproximation techniques such as widening. • Transitive hulls preserve termination. • Abstraction can be done by SMT solver calls. ⇒ Potential for automation

  12. Transition Invariants • Have been developed as adaption of SCA to imperative programs • Experimentally proven useful on device drivers in the Terminator tool; see Cook et al. 2006 • More general than SCA; for formal comparison see Heizmann et al. 2011

  13. Transition Invariants void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { ρ 1 if (nondet()) ρ 2 x--; else ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ y--; ρ 2 ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y ‐ 1 = y‘ } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  14. Transition Invariants void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { ρ 1 if (nondet()) ρ 2 x--; else Well ‐ founded ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ y--; relations ρ 2 ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y ‐ 1 = y‘ } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  15. Transition Invariants void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { ρ 1 if (nondet()) ρ 2 x--; x and y are else Well ‐ founded local ranking ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ y--; relations ρ 2 ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y ‐ 1 = y‘ functions } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  16. Transition Invariants void main (int n) { l int x=n; int y=n; Transitive hull l : while (x>0 Æ y>0) { ρ 1 in the concrete if (nondet()) ρ 2 x--; x and y are else Well ‐ founded local ranking ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ y--; relations ρ 2 ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y ‐ 1 = y‘ functions } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  17. Transition Invariants void main (int n) { l int x=n; int y=n; l : while (x>0 Æ y>0) { ρ 1 if (nondet()) ρ 2 x--; else { ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ x := n; ρ 2 ≡ x > 0 Æ y > 0 Æ n = x‘ Æ y ‐ 1 = y‘ y--; } } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  18. Transition Invariants void main (int n) { l We reset int x=n; int y=n; l : while (x>0 Æ y>0) { x to n! ρ 1 if (nondet()) ρ 2 x--; else { ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ x := n; ρ 2 ≡ x > 0 Æ y > 0 Æ n = x‘ Æ y ‐ 1 = y‘ y--; } } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  19. Transition Invariants void main (int n) { l We reset int x=n; int y=n; Same termination l : while (x>0 Æ y>0) { x to n! proof! ρ 1 if (nondet()) ρ 2 x--; else { ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ x := n; ρ 2 ≡ x > 0 Æ y > 0 Æ n = x‘ Æ y ‐ 1 = y‘ y--; } } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  20. Transition Invariants void main (int n) { l We reset int x=n; int y=n; Same termination l : while (x>0 Æ y>0) { x to n! proof! ρ 1 if (nondet()) ρ 2 x--; else { ρ 1 ≡ x > 0 Æ y > 0 Æ x ‐ 1 = x‘ Æ y = y‘ x := n; ρ 2 ≡ x > 0 Æ y > 0 Æ n = x‘ Æ y ‐ 1 = y‘ y--; } } Termination proof: ( ρ 1 ∪ ρ 2 ) + ⊆ T 1 ∪ T 2 , where T 1 ≡ x > 0 Æ x‘ = x ‐ 1 and T 2 ≡ y > 0 Æ y‘ = y ‐ 1

  21. Size ‐ change Abstraction (SCA) void main (int n) { void main (int n) { int x=n; int y=n; int x=n; int y=n; l : while (x>0 Æ y>0) { l : while (x>0 Æ y>0) { if (nondet()) if (nondet()) x--; x--; else else { y--; x := n; } y--; } } α ( ρ 1 ) ≡ x > 0 Æ y > 0 α ( ρ 1 ) ≡ x > 0 Æ y > 0 Æ x > x‘ Æ y = y‘ Æ x > x‘ Æ y = y‘ α ( ρ 2 ) ≡ x > 0 Æ y > 0 α ( ρ 2 ) ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y > y‘ Æ n = x‘ Æ y > y‘

  22. Size ‐ change Abstraction (SCA) void main (int n) { void main (int n) { int x=n; int y=n; int x=n; int y=n; l : while (x>0 Æ y>0) { l : while (x>0 Æ y>0) { if (nondet()) if (nondet()) x--; x--; else else { y--; x := n; } y--; } } α ( ρ 1 ) ≡ x > 0 Æ y > 0 α ( ρ 1 ) ≡ x > 0 Æ y > 0 Æ x > x‘ Æ y = y‘ Æ x > x‘ Æ y = y‘ α ( ρ 2 ) ≡ x > 0 Æ y > 0 α ( ρ 2 ) ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y > y‘ Æ n = x‘ Æ y > y‘

  23. Bounds by SCA α ( ρ 1 ) ≡ x > 0 Æ y > 0 α ( ρ 1 ) ≡ x > 0 Æ y > 0 Æ x > x‘ Æ y = y‘ Æ x > x‘ Æ y = y‘ α ( ρ 2 ) ≡ x > 0 Æ y > 0 α ( ρ 2 ) ≡ x > 0 Æ y > 0 Æ x = x‘ Æ y > y‘ Æ n = x‘ Æ y > y‘ Our bound algorithm for SCA: uses only the abstracted transitions • discovers x and y as norms by heuristics • x and y stay constant on the only x is increased on respective other transition the other transition Our tool computes the Our tool computes the ranking function x+y, which ranking function (x,y), which results in Bound( l ) = 2n results in Bound( l ) = n 2

  24. Outline 1. Introduction 2. Comparing SCA with Transition Invariants 3. SCA solves Technical Challanges 4. How to apply SCA on Imperative Programs

  25. SCA solves Technical Challanges We do not use SCA because we like the formalism, but because we believe that SCA is the right abstraction for the bound analysis of imperative programs.

Recommend

Difference Constraints: An adequate Abstraction for Complexity Analysis of Imperative Programs

Difference Constraints: An adequate Abstraction for Complexity Analysis of Imperative Programs

Difference Constraints: An adequate Abstraction for Complexity Analysis of Imperative Programs Florian Zuleger Technische Universitt Wien FMCAD, 28.09.2015 Joint work with Moritz Sinn, Helmut Veith Bounds and Complexity foo(uint n) Local

437 views • 26 slides
An Upper Bound on BER in a Coded Two-Transmission Scheme with the Same-Size Arbitrary

An Upper Bound on BER in a Coded Two-Transmission Scheme with the Same-Size Arbitrary

An Upper Bound on BER in a Coded Two-Transmission Scheme with the Same-Size Arbitrary Constellations Mehmet Ilter &amp; Halim Yanikomeroglu September 4 th , 2014 A Fresh Start With These Questions Why do we need such an analysis depending on

382 views • 19 slides
Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele

Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele

Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele De Angelis 1 , Fabio Fioravanti 1 , Alberto Pettorossi 2 , and Maurizio Proietti 3 1 University of Chieti-Pescara G. dAnnunzio, Italy 2

671 views • 52 slides
Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric

Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric

Introduction SMT/Max-SMT solving Invariant generation Termination analysis Further work Proving Termination of Imperative Programs using Max-SMT Daniel Larraz, Albert Oliveras, Enric Rodr guez-Carbonell and Albert Rubio Universitat

1.18k views • 73 slides
Consistency Analysis for Massively Inconsistent Datasets in Bound-to-Bound Data Collaboration

Consistency Analysis for Massively Inconsistent Datasets in Bound-to-Bound Data Collaboration

Consistency Analysis for Massively Inconsistent Datasets in Bound-to-Bound Data Collaboration Arun Hegde Wenyu Li James Oreluk Andrew Packard Michael Frenklach December 19, 2017 Abstract Bound-to-Bound Data Collaboration

462 views • 32 slides
Direct Manipulation For Imperative Programs Hu 1 , Roopsha Samanta 2 , Rishabh Singh 3 , Loris

Direct Manipulation For Imperative Programs Hu 1 , Roopsha Samanta 2 , Rishabh Singh 3 , Loris

Direct Manipulation For Imperative Programs Hu 1 , Roopsha Samanta 2 , Rishabh Singh 3 , Loris DAntoni 1 Qin Qinhepin ing Hu 1 Universitve of Wisconsin-Madison 2 Purdue University 3 Google 5 Variable values Call stack code 6 Python

1.04k views • 90 slides
Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg

Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg

Customised Induction Rules for Proving Correctness of Imperative Programs Angela Wallenburg angelaw@cs.chalmers.se 4th International Symposium June 9, 2005, L okeberg Outline 1. Problem: Induction and Loops 2. First approach: Use idea

821 views • 34 slides
Small Cell Height &amp; Base Size Analysis Analysis on Height and Base Size of deployments 15

Small Cell Height &amp; Base Size Analysis Analysis on Height and Base Size of deployments 15

Small Cell Height &amp; Base Size Analysis Analysis on Height and Base Size of deployments 15 October 2019 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of

1.03k views • 23 slides
Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u

Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u

11/14/17 CSCI-2320 Object-Oriented Paradigm: Ruby Mohammad T . Irfan Imperative vs. object- oriented paradigms 1 11/14/17 Imperative vs. object-oriented u Imperative u Procedural decomposition u Procedures are all powerful u Data is

582 views • 45 slides
Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs

Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs

Proving Equivalence of Imperative Programs via Constrained Rewriting Induction Carsten Fuhs Birkbeck, University of London joint work with Cynthia Kop (U Copenhagen) and Naoki Nishida (U Nagoya) Workshop on Program Equivalence, London, UK 11

2.1k views • 197 slides
Imperative vs. object- oriented paradigms 1 11/11/14 Imperative vs. object-oriented

Imperative vs. object- oriented paradigms 1 11/11/14 Imperative vs. object-oriented

11/11/14 CSCI-2325 Object-Oriented Paradigm: Ruby Mohammad T . Irfan Imperative vs. object- oriented paradigms 1 11/11/14 Imperative vs. object-oriented u Imperative u Procedural decomposition u Procedures are all

577 views • 31 slides
Imperative vs. object- oriented paradigms 1 11/17/14 Imperative vs. object-oriented

Imperative vs. object- oriented paradigms 1 11/17/14 Imperative vs. object-oriented

11/17/14 CSCI-2325 Object-Oriented Paradigm: Ruby Mohammad T . Irfan Imperative vs. object- oriented paradigms 1 11/17/14 Imperative vs. object-oriented u Imperative u Procedural decomposition u Procedures are all

867 views • 33 slides
Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview

CS6202: Advanced Topics in Programming Hoare Logic Hoare Logic Languages and Systems Lecture 8/9 : Separation Logic Can handle reasoning of imperative programs well. Overview Notation : {P} code {Q} Assertion Logic {P}

557 views • 19 slides
A subexponential lower bound for Zadehs pivoting rule for solving linear programs and games

A subexponential lower bound for Zadehs pivoting rule for solving linear programs and games

A subexponential lower bound for Zadehs pivoting rule for solving linear programs and games Oliver Friedmann Department of Computer Science, Ludwig-Maximilians-Universit at Munich, Germany. Oliver Friedmann (LMU) Zadeh Lower Bound 1

1.72k views • 156 slides
Lecture 31: Declarative Programming Imperative vs. Declarative So far, our programs are

Lecture 31: Declarative Programming Imperative vs. Declarative So far, our programs are

Lecture 31: Declarative Programming Imperative vs. Declarative So far, our programs are explicit directions for solving a problem; the problem itself is implicit in the program. Declarative programming turns this around: A program

249 views • 3 slides
Backtracking And Branch And Bound Subset &amp; Permutation Problems Subset problem of size n.

Backtracking And Branch And Bound Subset &amp; Permutation Problems Subset problem of size n.

Backtracking And Branch And Bound Subset &amp; Permutation Problems Subset problem of size n. Nonsystematic search of the space for the answer takes O(p2 n ) time, where p is the time needed to evaluate each member of the solution space.

65 views • 5 slides
Backtracking And Branch And Bound Subset &amp; Permutation Problems Subset problem of size n.

Backtracking And Branch And Bound Subset &amp; Permutation Problems Subset problem of size n.

Backtracking And Branch And Bound Subset &amp; Permutation Problems Subset problem of size n. Nonsystematic search of the space for the answer takes O(p2 n ) time, where p is the time needed to evaluate each member of the solution space.

310 views • 4 slides
The Public Health Imperative for Early Psychosis Programs Michael Haines Tamara Sale Our

The Public Health Imperative for Early Psychosis Programs Michael Haines Tamara Sale Our

We Cant Wait! The Public Health Imperative for Early Psychosis Programs Michael Haines Tamara Sale Our agenda Introduction The goals of Early Psychosis Intervention/ Coordinated Specialty Care Contrasting stories: Tamara and

667 views • 40 slides
JANUS: Fast and Flexible Deep Learning via Symbolic Graph Execution of Imperative Programs Eunji

JANUS: Fast and Flexible Deep Learning via Symbolic Graph Execution of Imperative Programs Eunji

JANUS: Fast and Flexible Deep Learning via Symbolic Graph Execution of Imperative Programs Eunji Jeong , Sungwoo Cho, Gyeong-In Yu, Joo Seong Jeong, Dong-Jin Shin, Byung-Gon Chun Demo 1 Introduction Challenge Solution Results Deep Neural

452 views • 21 slides
CSE 3341: Principles of Programming Languages Core Concepts I Jeremy Morris 1 Imperative

CSE 3341: Principles of Programming Languages Core Concepts I Jeremy Morris 1 Imperative

CSE 3341: Principles of Programming Languages Core Concepts I Jeremy Morris 1 Imperative Language Basics The model of most imperative languages is straightforward: Programs are a sequence of expressions or statements Expressions

1.33k views • 45 slides
Project 3 Thierry Sans Overview Goal Total size of programs running &gt; size of physical

Project 3 Thierry Sans Overview Goal Total size of programs running &gt; size of physical

Project 3 Thierry Sans Overview Goal Total size of programs running &gt; size of physical memory Store data that is not currently used on disk (80/20 rule) Solution Demand paging - divide memory into fixed-sized &quot;pages&quot;

282 views • 16 slides
A lower bound on the size of linear sets in PG ( 1 , q n ) joint work with Geertrui Van de Voorde

A lower bound on the size of linear sets in PG ( 1 , q n ) joint work with Geertrui Van de Voorde

A lower bound on the size of linear sets in PG ( 1 , q n ) joint work with Geertrui Van de Voorde Jan De Beule September 12, 2018 Linear sets Definition Let k 1 and r 2. A point set in PG ( r 1 , q n ) is an F q -linear set of rank

296 views • 27 slides
Logic Programming 1 Logic Programming Instead of using functions as in imperative and

Logic Programming 1 Logic Programming Instead of using functions as in imperative and

Logic Programming 1 Logic Programming Instead of using functions as in imperative and functional programs We use predicates, as in predicate calculus Interpretation = proving theorems 2 Prolog Developed at Univ. of

663 views • 7 slides
New Bound for Batch Codes with Restricted Query Size Vitaly Skachek Joint work with Hui Zhang

New Bound for Batch Codes with Restricted Query Size Vitaly Skachek Joint work with Hui Zhang

New Bound for Batch Codes with Restricted Query Size Vitaly Skachek Joint work with Hui Zhang Estonian CS Theory Days 29 January 2016 Supported by the research grants PUT405 and IUT2-1 from the Estonian Research Council and by the COST Action

705 views • 43 slides

More recommend