Draft Refining AI Analysis with CP Techniques or How to - PowerPoint PPT Presentation

Draft Refining AI Analysis with CP Techniques or How to identifying suspicious values in programs with floating-point numbers Michel RUEHER University of Nice Sophia-Antipolis / I3S – CNRS, France (joined work with Olivier Ponsini, Claude Michel ) JFPC June 2013

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Introduction • Problem: verifying programs with floating-point computations Embedded systems written in C (transportation, nuclear plants,...) • Programs use floating-point numbers but I Specifications are written with the semantics of reals “in mind” I Programs are written with the semantics of reals “in mind” 2/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Floating-point arithmetic pitfalls Rounding Counter-intuitive properties ( 0 . 1 ) 10 = ( 0 . 000110011001100 · · · ) 2 simple precision 0 . 100000001490116119384765625 • Neither associative nor distributive operators ( � 10000001 + 10 7 ) + 0 . 5 6 = � 10000001 + ( 10 7 + 0 . 5 ) • Absorption, cancellation phenomena Absorption: 10 7 + 0 . 5 = 10 7 Cancellation: (( 1 � 10 − 7 ) � 1 ) ⇤ 10 7 = � 1 . 192 ... ( 6 = � 1 ) ! Floats are source of errors in programs 3/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Objectives & Method Goals: → bounds for variables with real numbers semantics and floating-point numbers semantics → bounds for the error due to the use of floating-point numbers instead of real numbers to identify suspicious values Method: combining abstract interpretation & constraint programming 4/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Outline Problematic: Verifying Programs with FP computations AI Approach: Abstraction of program states Constraint Programming over continous domains Example 1 Combining AI and CP Experiments Conclusion 5/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion AI Approach: Abstraction of program states Intervals , zonotopes , polyhedra ... Zonotopes: convex polytopes with a central symmetry Sets of affine forms ˆ  a = a 0 + a 1 ε 1 + · · · + a n ε n  ˆ  b = b 0 + b 1 ε 1 + · · · + b n ε n with ε i 2 [ � 1 , 1 ] . .  .  + Good trade-off between performance and precision – Not very accurate for nonlinear expressions – Not accurate on very common program constructs such as conditionals 6/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion AI: Static analysis (cont.) + Good scalability for I Showing absence of runtime errors I Estimating rounding errors and their propagation I Checking properties of programs – Lack of precision I Approximations may be very coarse I Over-approximation possible false alarms 7/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion AI & False alarm From Cousot: 8/26 http://www.di.ens.fr/~cousot/AI/IntroAbsInt.html

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion CP over continous domains A branch & prune process Iteration of two steps: 1. Pruning the search space 2. Making a choice to generate two (or more) sub-problems Pruning step ! reduces an interval when the upper bound or the lower bound does not satisfy some constraint Branching step ! splits the domain of some variable in two or more intervals 9/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Local consistencies – 2B–consistency • A constraint c j is 2B–consistent if for any variable x i of c j , the bounds D x i and D x i have a support in the domains of all other variables of c j ! Variable x is 2B–consistent for f ( x , x 1 , . . . , x n ) = 0 if the lower (resp. upper) bound of the domain of x is the smallest (resp. largest) solution of f ( x , x 1 , . . . , x n ) A CSP is 2B–consistent iff all its constraints are 2B–consistent 10/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion 3B–Consistency (1) 3B–Consistency, a shaving process ! checks whether 2B–Consistency can be enforced when the domain of a variable is reduced to the value of one of its bounds in the whole system 11/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Constraint Programming framework: sum up + Good refutation capabilities Flexibility : handling of integers, floats, non-linear expressions,... – Scalability Pruning may be costly for large domains A CSP is a conjunction of constraints a different constraint system is required for each path of the CFG 12/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Example 1 float x = [0,10]; float y = x*x - x; if (y >= 0) y = x/10; else y = x*x + 2; 13/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Example 1: Abstract Interpretation (zonotopes) x 0 = 5 + 5 ε 1 P 0 : ˆ ε 1 ∈ [ − 1 , 1 ] float x = [0,10]; D 0 x = [ 0 , 10 ] float y = x*x - x; if (y >= 0) y = x ∗ x − x y = x/10; y 1 = 32 . 5 + 45 ε 1 + 12 . 5 η 1 P 1 : ˆ else η 1 ∈ [ − 1 , 1 ] y = x*x + 2; D 1 D 1 x = [ 0 , 10 ] y = [ − 10 , 90 ] y ≥ 0 y ≥ 0 y < 0 y 2 = ˆ y 1 D 2 P 2 : ˆ x = [ 0 , 10 ] P 4 D 2 y = [ 0 , 90 ] y = x / 10 y = x ∗ x + 2 y 3 = 0 . 5 + 0 . 5 ε 1 P 3 : ˆ P 5 D 3 y = [ 0 , 1 ] P 6 14/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Example 1: Abstract Interpretation (zonotopes) x 0 = 5 + 5 ε 1 P 0 : ˆ ε 1 ∈ [ − 1 , 1 ] float x = [0,10]; D 0 x = [ 0 , 10 ] float y = x*x - x; if (y >= 0) y = x ∗ x − x y = x/10; y 1 = 32 . 5 + 45 ε 1 + 12 . 5 η 1 P 1 : ˆ else η 1 ∈ [ − 1 , 1 ] y = x*x + 2; D 1 D 1 x = [ 0 , 10 ] y = [ − 10 , 90 ] y ≥ 0 y ≥ 0 y < 0 y 2 = ˆ y 4 = ˆ y 1 D 2 y 1 D 4 P 2 : ˆ x = [ 0 , 10 ] P 4 : ˆ x = [ 0 , 10 ] D 2 D 4 y = [ 0 , 90 ] y = [ − 10 , 0 [ y = x / 10 y = x ∗ x + 2 y 3 = 0 . 5 + 0 . 5 ε 1 P 3 : ˆ P 5 D 3 y = [ 0 , 1 ] P 6 15/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Example 1: Abstract Interpretation (zonotopes) x 0 = 5 + 5 ε 1 P 0 : ˆ ε 1 ∈ [ − 1 , 1 ] float x = [0,10]; D 0 x = [ 0 , 10 ] float y = x*x - x; if (y >= 0) y = x ∗ x − x y = x/10; y 1 = 32 . 5 + 45 ε 1 + 12 . 5 η 1 P 1 : ˆ else η 1 ∈ [ − 1 , 1 ] y = x*x + 2; D 1 D 1 x = [ 0 , 10 ] y = [ − 10 , 90 ] y ≥ 0 y ≥ 0 y < 0 y 2 = ˆ y 4 = ˆ y 1 D 2 y 1 D 4 P 2 : ˆ x = [ 0 , 10 ] P 4 : ˆ x = [ 0 , 10 ] D 2 D 4 y = [ 0 , 90 ] y = [ − 10 , 0 [ y = x / 10 y = x ∗ x + 2 y 3 = 0 . 5 + 0 . 5 ε 1 y 5 = 39 . 5 + 50 ε 1 + 12 . 5 η 1 P 3 : ˆ P 5 : ˆ D 3 D 5 y = [ 0 , 1 ] y = [ 2 , 102 ] y 6 = ˆ y 5 = 39 . 5 + 0 . 5 ε 1 + 62 η 2 y 3 ∪ ˆ P 6 : ˆ η 2 ∈ [ − 1 , 1 ] D 6 y = D 3 y ∪ D 5 y = [ 0 , 102 ] 16/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Example 1: Constraint Programming P 0 : D x 0 = [ 0 , 10 ] D y 0 = [ − 10 , 90 ] D y 1 = [ 0 , 102 ] y 0 = x 0 ∗ x 0 − x 0 y 0 = x 0 ∗ x 0 − x 0 y 0 ≥ 0 y 1 = x 0 / 10 y 0 ≥ 0 filtering y 0 ≥ 0 y 0 < 0 D 1 x 0 = [ 0 , 10 ] y 1 = x 0 / 10 y 1 = x 0 ∗ x 0 + 2 D 1 y 0 = [ 0 , 90 ] D 1 y 1 = [ 0 , 1 ] P 6 17/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Example 1: Constraint Programming P 0 : D x 0 = [ 0 , 10 ] D y 0 = [ − 10 , 90 ] D y 1 = [ 0 , 102 ] y 0 = x 0 ∗ x 0 − x 0 y 0 = x 0 ∗ x 0 − x 0 y 0 = x 0 ∗ x 0 − x 0 y 0 ≥ 0 y 0 < 0 y 1 = x 0 / 10 y 1 = x 0 ∗ x 0 + 2 y 0 ≥ 0 filtering filtering y 0 ≥ 0 y 0 < 0 D 1 D 2 x 0 = [ 0 , 10 ] x 0 = [ 0 , 1 . 026 ] y 1 = x 0 / 10 y 1 = x 0 ∗ x 0 + 2 D 1 y 0 = [ 0 , 90 ] D 1 y 1 = [ 0 , 1 ] P 6 18/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Example 1: Constraint Programming P 0 : D x 0 = [ 0 , 10 ] D y 0 = [ − 10 , 90 ] D y 1 = [ 0 , 102 ] y 0 = x 0 ∗ x 0 − x 0 y 0 = x 0 ∗ x 0 − x 0 y 0 = x 0 ∗ x 0 − x 0 y 0 ≥ 0 y 0 < 0 y 1 = x 0 / 10 y 1 = x 0 ∗ x 0 + 2 y 0 ≥ 0 filtering filtering y 0 ≥ 0 y 0 < 0 D 1 D 2 x 0 = [ 0 , 10 ] x 0 = [ 0 , 1 . 026 ] y 1 = x 0 / 10 y 1 = x 0 ∗ x 0 + 2 D 1 D 2 y 0 = [ 0 , 90 ] y 0 = [ − 0 . 257 , 0 ] D 1 D 2 y 1 = [ 0 , 1 ] y 1 = [ 2 , 3 . 027 ] P 6 : D 3 y 1 = D 1 y 1 ∪ D 2 y 1 = [ 0 , 3 . 027 ] 19/26

Draft Problematic AI Approach Constraint Programming Example 1 AI+CP Experiments Conclusion Proposed approach: Combining AI and CP Successive exploration and merging steps • Use of AI to compute a first approximation of the values of variables at a program node where two branches join • Building a constraint system for each branch between two join nodes in the CFG of the program and use of CP local consistencies to shrink the domains computed by AI 20/26