compositional program analysis using max smt
play

Compositional Program Analysis using Max-SMT Albert Rubio Cristina - PowerPoint PPT Presentation

Apr 20, 2023 •234 likes •1.2k views

Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc Brockschmidt, Daniel Larraz, Albert Oliveras, Jos Miguel Rivero and Enric Rodrguez-Carbonell Universitat Politcnica de Catalunya - Barcelona Tech UCM

  1. Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc Brockschmidt, Daniel Larraz, Albert Oliveras, José Miguel Rivero and Enric Rodríguez-Carbonell Universitat Politècnica de Catalunya - Barcelona Tech UCM Seminar March 2018 Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 1 / 44

  2. Overview of the talk 1 Introduction 2 SMT/Max-SMT solving 3 Invariant generation 4 Compositional safety verification 5 VeryMax Tool 6 Conclusions and current work Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 2 / 44

  3. Overview of the talk 1 Introduction 2 SMT/Max-SMT solving 3 Invariant generation 4 Compositional safety verification 5 VeryMax Tool 6 Conclusions and current work Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 3 / 44

  4. Motivation Main Goal: Build static analysis tools for programmers. Fully automatic. Efficient. Scalable. Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 4 / 44

  5. Motivation Main Goal: Build static analysis tools for programmers. Fully automatic. Efficient. Scalable. Strategy: Take advantage of powerful arithmetic constraint solvers. SMT solvers Constraint-based Program Analysis techniques Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 4 / 44

  6. Motivation Main Goal: Build static analysis tools for programmers. Fully automatic. Efficient. Scalable. Strategy: Take advantage of powerful arithmetic constraint solvers. Max-SMT solvers Constraint-based Program Analysis techniques Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 4 / 44

  7. Motivation Main Goal: Build static analysis tools for programmers. Fully automatic. Efficient. Scalable. Strategy: Take advantage of powerful arithmetic constraint solvers. Max-SMT solvers Constraint-based Program Analysis techniques Goal : Verify safety and liveness properties of programs Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 4 / 44

  8. Motivation Main Goal: Build static analysis tools for programmers. Fully automatic. Efficient. Scalable. Strategy: Take advantage of powerful arithmetic constraint solvers. Max-SMT solvers Constraint-based Program Analysis techniques Goal : Verify safety and liveness properties of programs Challenge: discover (loop) invariants. How can we guide the search? Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 4 / 44

  9. Overview of the talk 1 Introduction 2 SMT/Max-SMT solving 3 Invariant generation 4 Compositional safety verification 5 VeryMax Tool 6 Conclusions and current work Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 5 / 44

  10. SMT solvers We make extensive use of SMT solvers inside our program analysis tools. SAT and SMT solvers gain efficiency by: addressing only (expressive enough) decidable fragments of a certain logic incorporate domain-specific reasoning, e.g: arithmetic reasoning equality data structures (arrays, lists, stacks, ...) SAT: use propositional logic as the formalization language + high degree of efficiency - expressive (all NP-complete) but involved encodings SMT: propositional logic + domain-specific reasoning + improves the expressivity - certain (but acceptable) loss of efficiency Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 6 / 44

  11. Need and Applications of SMT Some problems are more naturally expressed in other logics than propositional logic, e.g: Software verification needs reasoning about equality, arithmetic, data structures, ... SMT consists of deciding the satisfiability of a (ground) FO formula with respect to a background theory Example ( Equality with Uninterpreted Functions – EUF ): g ( a )= c ∧ ( f ( g ( a )) � = f ( c ) ∨ g ( a )= d ) ∧ c � = d Wide range of applications: Scheduling Predicate abstraction Test generation Model checking ... Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 7 / 44

  12. Theories of Interest - Arithmetic Very useful for obvious reasons Restricted fragments support more efficient methods: Bounds: x ⊲ ⊳ k with ⊲ ⊳ ∈ { <, >, ≤ , ≥ , = } Difference logic: x − y ⊲ ⊳ k , with ⊲ ⊳ ∈ { <, >, ≤ , ≥ , = } UTVPI: ± x ± y ⊲ ⊳ k , with ⊲ ⊳ ∈ { <, >, ≤ , ≥ , = } Linear arithmetic, e.g: 2 x − 3 y + 4 z ≤ 5 Non-linear arithmetic, e.g: 2 xy + 4 xz 2 − 5 y ≤ 10 Variables are either reals or integers Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 8 / 44

  13. SMT problems Input: Given a boolean formula ϕ over some theory T . Question: Is there any interpretation (solution) that satisfies the formula? Example: T = linear integer/real arithmetic. ( x < 0 ∨ x ≤ y ∨ y < z ) ∧ ( x ≥ 0 ) ∧ ( x > y ∨ y < z ) { x = 1 , y = 0 , z = 2 } Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 9 / 44

  14. SMT problems Input: Given a boolean formula ϕ over some theory T . Question: Is there any interpretation (solution) that satisfies the formula? Example: T = linear integer/real arithmetic. ( x < 0 ∨ x ≤ y ∨ y < z ) ∧ ( x ≥ 0 ) ∧ ( x > y ∨ y < z ) { x = 1 , y = 0 , z = 2 } Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 9 / 44

  15. SMT problems Input: Given a boolean formula ϕ over some theory T . Question: Is there any interpretation (solution) that satisfies the formula? Example: T = linear integer/real arithmetic. ( x < 0 ∨ x ≤ y ∨ y < z ) ∧ ( x ≥ 0 ) ∧ ( x > y ∨ y < z ) { x = 1 , y = 0 , z = 2 } There exist very efficient solvers: yices, z3, Barcelogic, ... Can handle large formulas with a complex boolean structure. Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 9 / 44

  16. Optimization problems (Weighted) Max-SMT problem Input: Given an SMT formula ϕ = C 1 ∧ . . . ∧ C m in CNF, where some of the clauses are hard and the others soft with a weight. Output: An assignment for the hard clauses that minimizes the sum of the weights of the falsified soft clauses. ( x 2 + y 2 > 2 ∨ x · z ≤ y ∨ y · z < z 2 ) ∧ ( x > y ∨ 0 < z ∨ w ( 5 )) ∧ . . . Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 10 / 44

  17. Non-linear SMT solving Input: Given a boolean formula ϕ over some theory T . Question: Is there any solution that satisfies the formula? Example: T = non-linear (polynomial) integer/real arithmetic. ( x 2 + y 2 > 2 ∨ x · z ≤ y ∨ y · z < z 2 ) ∧ ( x > y ∨ 0 < z ) { x = 0 , y = 1 , z = 1 } Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 11 / 44

  18. Non-linear SMT solving Input: Given a boolean formula ϕ over some theory T . Question: Is there any solution that satisfies the formula? Example: T = non-linear (polynomial) integer/real arithmetic. ( x 2 + y 2 > 2 ∨ x · z ≤ y ∨ y · z < z 2 ) ∧ ( x > y ∨ 0 < z ) { x = 0 , y = 1 , z = 1 } Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 11 / 44

  19. Non-linear SMT solving Input: Given a boolean formula ϕ over some theory T . Question: Is there any solution that satisfies the formula? Example: T = non-linear (polynomial) integer/real arithmetic. ( x 2 + y 2 > 2 ∨ x · z ≤ y ∨ y · z < z 2 ) ∧ ( x > y ∨ 0 < z ) { x = 0 , y = 1 , z = 1 } Non-linear arithmetic decidability: Integers: undecidable (Hilbert’s 10th problem). Reals: decidable (Tarski) but algorithms have prohibitive complexity. Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 11 / 44

  20. Non-linear SMT solving Input: Given a boolean formula ϕ over some theory T . Question: Is there any solution that satisfies the formula? Example: T = non-linear (polynomial) integer/real arithmetic. ( x 2 + y 2 > 2 ∨ x · z ≤ y ∨ y · z < z 2 ) ∧ ( x > y ∨ 0 < z ) { x = 0 , y = 1 , z = 1 } Non-linear arithmetic decidability: Integers: undecidable (Hilbert’s 10th problem). Reals: decidable (Tarski) but algorithms have prohibitive complexity. Incomplete solvers focus on either satisfiability or unsatisfiability. Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 11 / 44

  21. Non-linear SMT solving Input: Given a boolean formula ϕ over some theory T . Question: Is there any solution that satisfies the formula? Example: T = non-linear (polynomial) integer/real arithmetic. ( x 2 + y 2 > 2 ∨ x · z ≤ y ∨ y · z < z 2 ) ∧ ( x > y ∨ 0 < z ) { x = 0 , y = 1 , z = 1 } Non-linear arithmetic decidability: Integers: undecidable (Hilbert’s 10th problem). Reals: decidable (Tarski) but algorithms have prohibitive complexity. Incomplete solvers focus on either satisfiability or unsatisfiability. Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 11 / 44

  22. Solving non-linear SMT formulas Need to handle large formulas with non-linear arithmetic and complex boolean structure. Barcelogic has shown to be the best SMT-solver proving satisfiability of this kind of problems. Barcelogic can handle Max-SMT formulas (over non-linear arithmetic) as well. Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 12 / 44

  23. Overview of the talk 1 Introduction 2 SMT/Max-SMT solving 3 Invariant generation 4 Compositional safety verification 5 VeryMax Tool 6 Conclusions and current work Albert Rubio (UPC) Program Analysis using Max-SMT UCM Seminar 2018 13 / 44

Recommend

Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid University of Toronto September

Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid University of Toronto September

Compositional Recurrence Analysis Azadeh Farzan Zachary Kincaid University of Toronto September 28, 2015 Compositional program analysis P P Break program into parts P P Analyze each part P P Compose the results Incremental analysis

787 views • 62 slides
Compositional and Mechanically Verified Program Analyzers David Darais University of Maryland

Compositional and Mechanically Verified Program Analyzers David Darais University of Maryland

Compositional and Mechanically Verified Program Analyzers David Darais University of Maryland Let's Design an Analysis 2 Let's Design an Analysis Property x/0 2 Let's Design an Analysis Property Program x/0 0: int x y; 1: void

945 views • 72 slides
Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification

Viktor Vafeiadis Software Analysis &amp; Verification Full functional verification Compilers , concurrent programs , theorem provers Program equivalence / Compositional reasoning Compositional compiler verification

266 views • 3 slides
Numerical Invariants via Abstract Machines Compositional Recurrence Analysis (CRA) Azadeh Farzan,

Numerical Invariants via Abstract Machines Compositional Recurrence Analysis (CRA) Azadeh Farzan,

Princeton University Zachary Kincaid Static Analysis Symposium August 31, 2018 Numerical Invariants via Abstract Machines Compositional Recurrence Analysis (CRA) Azadeh Farzan, Thomas Reps. Todays agenda: A recipe for building abstract

1.16k views • 78 slides
Safety Criticality Analysis of Air Traffic Management Systems: A Compositional Bisimulation

Safety Criticality Analysis of Air Traffic Management Systems: A Compositional Bisimulation

Third SESAR Innovation Days 26 28 November 2013, KTH, Stockholm, Sweden Safety Criticality Analysis of Air Traffic Management Systems: A Compositional Bisimulation Approach Elena De Santis, Maria Domenica Di Benedetto, Mariken Everdij,

664 views • 32 slides
COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction)

COMPOSITIONAL APPROACH TO PROGRAM FORMALIZATION AND VERIFICATION (methodological introduction) Mykola (Nikolaj) S. Nikitchenko Taras Shevchenko National University of Kyiv Linz, JKU, November 08-19, 2012 1 Contents Introduction

783 views • 40 slides
Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of

Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of

Compositional Framework Bounded Delay Resource Model Schedulability Analysis Utilization Bounds Component Abstraction Conclusion Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of Pennsylvania 15 November

362 views • 33 slides
Compositional Analysis of Compositional Analysis of Soluble Salts in Bresle Bresle Extraction

Compositional Analysis of Compositional Analysis of Soluble Salts in Bresle Bresle Extraction

ISST- -2007 2007 ISST Compositional Analysis of Compositional Analysis of Soluble Salts in Bresle Bresle Extraction Extraction Soluble Salts in from Blocks in Newbuilding Newbuilding Shipyards Shipyards from Blocks in S.S. Seo Seo,

626 views • 20 slides
Compositional Symbolic Execution through Program Specialization e Miguel Rojas 1 and Corina P

Compositional Symbolic Execution through Program Specialization e Miguel Rojas 1 and Corina P

Compositional Symbolic Execution through Program Specialization e Miguel Rojas 1 and Corina P areanu 2 Jos as 1 Technical University of Madrid, Spain 2 CMU-SV/NASA Ames, Moffett Field, CA, USA BYTECODE 2013 March 23, Rome, Italy Software

579 views • 33 slides
Compositional Solution Space Quantification for Probabilistic Software Analysis Mateus Borges,

Compositional Solution Space Quantification for Probabilistic Software Analysis Mateus Borges,

Compositional Solution Space Quantification for Probabilistic Software Analysis Mateus Borges, Marcelo dAmorim (UFPE) Antonio Filieri (Stuttgart) Corina Pasareanu (CMU SV and NASA Ames) Willem Visser (Stellenbosch) Uncertain Environments

752 views • 59 slides
Imprecise Compositional Data Analysis: Alternative Statistical Methods Michael Smithson The

Imprecise Compositional Data Analysis: Alternative Statistical Methods Michael Smithson The

Imprecise Compositional Data Analysis: Alternative Statistical Methods Michael Smithson The Australian National University 2-6 July 2019 /SIPTA 2019 Smithson (The Australian National University) Imprecise Compositional Data Analysis SIPTA19

225 views • 11 slides
PLEBISCITE FOR PEACE IN COLOMBIA: STATISICAL ANALYSIS USING COMPOSITIONAL DATA CoDaWork 2017

PLEBISCITE FOR PEACE IN COLOMBIA: STATISICAL ANALYSIS USING COMPOSITIONAL DATA CoDaWork 2017

Introduction Applied exercise Discussion PLEBISCITE FOR PEACE IN COLOMBIA: STATISICAL ANALYSIS USING COMPOSITIONAL DATA CoDaWork 2017 CATALINA PLATA RINC ON &amp; ANDR ES FELIPE ORTIZ RICO UNIVERSITY SANTO TOM AS June 9 2017

356 views • 24 slides
Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman

Compositional C11 Program Transformation Mark Batty - Mike Dodds - Alexey Gotsman Imperial Concurrency Workshop, July 2015 @miike Overview The C11 model is (arguably) broken: we omit problem features, most importantly no RLX.

544 views • 42 slides
Semi-Markov PEPA: Compositional Modelling and Analysis with General Distributions Jeremy Bradley

Semi-Markov PEPA: Compositional Modelling and Analysis with General Distributions Jeremy Bradley

Semi-Markov PEPA: Compositional Modelling and Analysis with General Distributions Jeremy Bradley Email: jb@doc.ic.ac.uk Department of Computing, Imperial College London Produced with prosper and L A T EX JTB [07/2004] p.1/19 What have

760 views • 47 slides
Compositional Recurrence Analysis Revisited Zachary Kincaid 1 Jason Breck 2 Ashkan Forouhi

Compositional Recurrence Analysis Revisited Zachary Kincaid 1 Jason Breck 2 Ashkan Forouhi

June 19, 2017 Compositional Recurrence Analysis Revisited Zachary Kincaid 1 Jason Breck 2 Ashkan Forouhi Boroujeni 2 Thomas Reps 2 , 3 1 Princeton University 2 University of Wisconsin-Madison 3 GrammaTech, Inc. How can we apply loop analyses to

648 views • 53 slides
Forecasting Patent Filings at the European Patent Office (EPO) using compositional data analysis

Forecasting Patent Filings at the European Patent Office (EPO) using compositional data analysis

Forecasting Patent Filings at the European Patent Office (EPO) using compositional data analysis techniques. Peter Hingley, Financial Controlling and Statistics, European Patent Office, M unich, Germany phingley@epo.org Disclaimer: The forecasts

370 views • 18 slides
Compositional Shape Analysis by means of Bi-Abduction Dino Distefano Queen Mary University of

Compositional Shape Analysis by means of Bi-Abduction Dino Distefano Queen Mary University of

Compositional Shape Analysis by means of Bi-Abduction Dino Distefano Queen Mary University of London and Monoidics Ltd MOVEP 2010, Aachen 29/06/2010 Monday, 28 June 2010 A lot of real code out there uses pointer manipulation... Is this

1.53k views • 133 slides
Compositional Timing Analysis Ramzi Ben Salah Marius Bozga Oded Maler CNRS - VERIMAG Grenoble,

Compositional Timing Analysis Ramzi Ben Salah Marius Bozga Oded Maler CNRS - VERIMAG Grenoble,

Compositional Timing Analysis Ramzi Ben Salah Marius Bozga Oded Maler CNRS - VERIMAG Grenoble, France 2009 Apology The message of this paper is not easy to communicate It represents many years of work (theory and implementation)

696 views • 23 slides
Compositional Semantics and Analysis of Hierarchical Block Diagrams Iulia Dragomir 1 joint work

Compositional Semantics and Analysis of Hierarchical Block Diagrams Iulia Dragomir 1 joint work

Compositional Semantics and Analysis of Hierarchical Block Diagrams Iulia Dragomir 1 joint work with Viorel Preoteasa 1 and Stavros Tripakis 1 , 2 1 Aalto University, Finland 2 UC Berkeley, USA Hierarchical block diagrams Consist of: atomic

556 views • 45 slides
A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston College g , g Andrew W. Appel, Princeton University Jan 8 2006 Jan 8, 2006 1 Mobile Code Security Protect trusted system against

561 views • 26 slides
Analysis and Optimizations Program Analysis P3 / 2006 Discovers properties of a program

Analysis and Optimizations Program Analysis P3 / 2006 Discovers properties of a program

Analysis and Optimizations Program Analysis P3 / 2006 Discovers properties of a program Optimizations Using Program Analysis Use analysis results to transform program for Optimization Goal: improve some aspect of program

232 views • 12 slides
park ber Enforcing Verifiable Object Abstractions for Automated Compositional Security

park ber Enforcing Verifiable Object Abstractions for Automated Compositional Security

park ber Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a Hypervisor Amit Vasudevan (CyLab-CMU), Sagar Chaki (SEI-CMU), Petros Maniatis (Google Inc.), Limin Jia, Anupam Datta (ECE/CSD-CMU)

517 views • 24 slides
Bruno Gavranovi c SYCO2 Compositional Deep Learning December 18, 2018 1 / 36 Compositional

Bruno Gavranovi c SYCO2 Compositional Deep Learning December 18, 2018 1 / 36 Compositional

Bruno Gavranovi c SYCO2 Compositional Deep Learning December 18, 2018 1 / 36 Compositional Deep Learning Bruno Gavranovi c Faculty of Electrical Engineering and Computing (FER) University of Zagreb, Croatia bruno.gavranovic@fer.hr

1.22k views • 102 slides
Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs Robert

Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs Robert

Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs Robert Sison 13 Jan 2018 THE UNIVERSITY OF NEW SOUTH WALES www.data61.csiro.au A confidentiality-preserving program Cross Domain Desktop Compositor

1.49k views • 118 slides

More recommend