effective approaches to abstraction refinement for an
play

Effective Approaches to Abstraction Refinement for an Explicit - PowerPoint PPT Presentation

Jun 22, 2023 •48 likes •318 views

Effective Approaches to Abstraction Refinement for an Explicit Value Analysis Stefan Lwe SoSy-Lab Software Systems Outline of my Thesis Outline of my Talk Value Analysis by Example Value Analysis by Example Value Analysis by the Numbers

  1. Effective Approaches to Abstraction Refinement for an Explicit Value Analysis Stefan Löwe SoSy-Lab Software Systems

  2. Outline of my Thesis

  3. Outline of my Talk

  4. Value Analysis by Example

  5. Value Analysis by Example

  6. Value Analysis by the Numbers Well over 4000 verification • tasks from SV-COMP’16 VA solves almost two thirds • Under SV-COMP’16 rules, • complete evaluation takes 440 hours 410 hours, or 93%, are • wasted for unsolved verification tasks State-space explosion is prime reason for extreme resource consumption

  7. State-Space Explosion

  8. Counterexample-Guided Abstraction Refinement program no error path source SAFE code UNSAFE build & check abstract model e r r o r path found precision is analysis dependent: • e.g., set of predicates refine is feasible ? for a predicate analysis precision • e.g., set of variable identifiers for a value analysis error path is infeasible

  9. Counterexample-Guided Abstraction Refinement program no error path source SAFE code UNSAFE build & check abstract model e r r o r path found interpolate infeasible error path to, • e.g., obtain set of predicates refine is feasible ? for a predicate analysis precision • e.g., obtain set of variable identifiers for a value analysis error path is infeasible

  10. Craig Interpolation [Abstractions from Proofs, 2004, Henzinger, Jhala, Majumdar, McMillan] φ − ψ itp the interpolant φ + At L12 the interpolant ψ for φ − and φ + could be: [flag = 0], or [flag ≤ 0], or ...

  11. Value Interpolation [Explicit-State Software Model Checking Based on CEGAR and Interpolation, 2013, Beyer, Löwe] For a pair of constraint sequences γ − and γ + , such that γ − ∧ γ + is contradicting , an interpolant ψ is a constraint sequence that fulfills the following requirements: γ − 1) γ − implies ψ ∧ γ + is unsatisfiable 2) ψ 3) ψ only contains symbols that are common to both γ − and γ + γ + A L12 the interpolant ψ for φ − and φ + can only be: [flag = 0]

  12. Comparison to Plain Value Analysis Significant improvements in • DeviceDrivers64Linux Significant regressions in • ECA and ProductLines In total solves around 500 • verification task less High number of refinements is prime reason for overall regression

  13. Inspecting Number of Refinements At least three clusters distinguishable Solved by both • #refinements < 200 Solved only by VA-Cegar • #refinements < 500 Solved only by VA-Plain • #refinements > 1000

  14. Reducing Time for Refinements Optimized Interpolation • Deepest Infeasible Suffix • Interpolant-Equality • Optimized Refinement • “Scoped” Precision • Eager Restart • ➢ CEGAR pays off, solving well over 400 tasks more ➢ Lazy abstraction is not well-suited for the Value Analysis

  15. Level of Non-Determinism Low level of non-determinism: High level of non-determinism: Use Plain Value Analysis Use Value Analysis with CEGAR ➢ Valid indicator whether to perform abstraction or not

  16. Versatility of Value Interpolation • Applicable to other analyses Octagon analysis • Symbolic execution analysis • • Enables regression verification • Parallel composition with Predicate Analysis ➢ Availablilty of several effective analyses based on CEGAR ➢ Next: Techniques that may benefit all such analyses

  17. Infeasible Sliced Prefixes and Refinement Selection

  18. Extraction of Infeasible Sliced Prefixes [Sliced Path Prefixes: An Effective Method to Enable Refinement Selection, 2015, Beyer, Löwe, Wendler]

  19. Main Message Any infeasible sliced prefix φ, that is extracted from an infeasible error path σ, can be used for interpolation to exclude the original error path σ from subsequent iterations of CEGAR loop. ➢ We can use any prefix we want for interpolation !

  20. Sliced Prefixes - Further Applications • Enables guided refinement selection • Improves effectiveness and efficiency of static refinement • Speeds up Value Interpolation significantly • Impressive results in combination with symbolic execution • Better control for global refinement • All target states at once • Each target state with an unique refinement • Infeasible Sliced Prefixes for ABE?

  21. Infeasible Sliced Prefixes for ABE? • ABE: block size can have any size • ABE-encoded path represent different paths • Simply pick one? No! • Simply pick all? No! ➢ Just think in blocks • SBE-encoded paths also are made of blocks • SBE: each block contains a single statement ➢ For ABE: apply same approach as for SBE / Value Analysis

  22. Infeasible Sliced Prefixes for ABE

  23. Elimination of Infeasible Sliced Prefixes ! Verification task const_true-unreach-call1.c from the official SVCOMP’16 repository, and a possible infeasible error path when analyzing the task with ABE-lf

  24. Elimination of Infeasible Sliced Prefixes ! Ψ: [y = 2] Verification task const_true-unreach-call1.c from the official SVCOMP’16 repository, and a possible infeasible error path when analyzing the task with ABE-lf

  25. Elimination of Infeasible Sliced Prefixes ! ➢ For ABE: this approach is also not perfect ➢ Any other ideas?

  26. Quite good for LDV

  27. Questions ?

Recommend

SAT based Abstraction-Refinement using ILP and Machine Learning Techniques Edmund Clarke Anubhav

SAT based Abstraction-Refinement using ILP and Machine Learning Techniques Edmund Clarke Anubhav

SAT based Abstraction-Refinement using ILP and Machine Learning Techniques 1 SAT based Abstraction-Refinement using ILP and Machine Learning Techniques Edmund Clarke Anubhav Gupta James Kukula Ofer Strichman SAT based Abstraction-Refinement

822 views • 36 slides
Counterexample Guided Abstraction Refinement (CEGAR) Peyman Rasouli Gianluca Turin 1

Counterexample Guided Abstraction Refinement (CEGAR) Peyman Rasouli Gianluca Turin 1

Counterexample Guided Abstraction Refinement (CEGAR) Peyman Rasouli Gianluca Turin 1 Abstraction Definition of abstraction on Wikipedia: Abstractions may be formed by reducing the information content of a concept or an observable

575 views • 18 slides
Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Outline Introduction Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement Computing Existential Abstractions of Programs Version 1.0, 2010 Checking the

429 views • 12 slides
Abstraction refinement and plan revision for control synthesis under high level specifications

Abstraction refinement and plan revision for control synthesis under high level specifications

Abstraction refinement and plan revision for control synthesis under high level specifications Pierre-Jean Meyer Dimos V. Dimarogonas KTH, Royal Institute of Technology July 12 th 2017 Outline Abstraction-based synthesis Global framework

603 views • 34 slides
Data Invariants, Abstraction and Refinement Practice Curtis Millar CSE, UNSW (and Data61) 24

Data Invariants, Abstraction and Refinement Practice Curtis Millar CSE, UNSW (and Data61) 24

Exercise 2 Specification and Refinement Editor Example Administrivia Software System Design and Implementation Data Invariants, Abstraction and Refinement Practice Curtis Millar CSE, UNSW (and Data61) 24 June 2020 1 Exercise 2

1.06k views • 52 slides
Data Abstraction and Modularity Modular program development Step-wise refinement

Data Abstraction and Modularity Modular program development Step-wise refinement

CS 242 Topics Data Abstraction and Modularity Modular program development Step-wise refinement Interface, specification, and implementation Language support for modularity John Mitchell Procedural abstraction Abstract

234 views • 8 slides
Part III: Abstraction Refinement Javier Esparza Technische Universitt Mnchen Javier Esparza

Part III: Abstraction Refinement Javier Esparza Technische Universitt Mnchen Javier Esparza

Part III: Abstraction Refinement Javier Esparza Technische Universitt Mnchen Javier Esparza Part III: Abstraction Refinement Example 1 ( X 0 ) ( X &gt; 0 ) 2 3 The problem: X := X ( Y &gt; 0 ) Is the error label reachable? ( Y

1.18k views • 82 slides
Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and

Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and

Data Invariants and ADTs Validation Data Refinement Administrivia Software System Design and Implementation Data Invariants, Abstraction and Refinement Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Data Invariants

1.07k views • 68 slides
Closed-loop Verification of Medical Devices with Model Abstraction and Refinement Zhihao

Closed-loop Verification of Medical Devices with Model Abstraction and Refinement Zhihao

Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Closed-loop Verification of Medical Devices with Model Abstraction and Refinement Zhihao Jiang, Miroslav Pajic, Rajeev Alur and Rahul Mangharam University

759 views • 22 slides
Effective Approaches to Monitoring National HOPWA Institute 2017 Tampa, FL Effective Approaches to

Effective Approaches to Monitoring National HOPWA Institute 2017 Tampa, FL Effective Approaches to

Effective Approaches to Monitoring National HOPWA Institute 2017 Tampa, FL Effective Approaches to Monitoring Learning Objectives: q Understand common and effective framework to approach grant oversight and monitoring. q Know descriptions of basic

696 views • 34 slides
THETA: a Framework for Abstraction Refinement-Based Model Checking Tams Tth 1 , kos Hajdu

THETA: a Framework for Abstraction Refinement-Based Model Checking Tams Tth 1 , kos Hajdu

THETA: a Framework for Abstraction Refinement-Based Model Checking Tams Tth 1 , kos Hajdu 1,2 , Andrs Vrs 1,2 , Zoltn Micskei 1 , Istvn Majzik 1 1 Budapest University of Technology and Economics Department of Measurement and

786 views • 12 slides
SAT-based Abstraction Refinement for Real-time Systems Stephanie Kemper 1 e Platzer 2 , 3 Andr

SAT-based Abstraction Refinement for Real-time Systems Stephanie Kemper 1 e Platzer 2 , 3 Andr

SAT-based Abstraction Refinement for Real-time Systems Stephanie Kemper 1 e Platzer 2 , 3 Andr 1 Centrum voor Wiskunde en Informatica, Software Engineering, Amsterdam, The Netherlands 2 University of Oldenburg, Department of Computing Science,

773 views • 66 slides
Counterexample-guided Cartesian Abstraction Refinement and Saturated Cost Partitioning for

Counterexample-guided Cartesian Abstraction Refinement and Saturated Cost Partitioning for

Counterexample-guided Cartesian Abstraction Refinement and Saturated Cost Partitioning for Optimal Classical Planning Jendrik Seipp February 28, 2018 University of Basel Planning Find a sequence of actions that achieves a goal. 1/35 Optimal

1.08k views • 85 slides
Predicate Abstraction with SATABS Version 1.0, 2010 Outline Introduction Existential

Predicate Abstraction with SATABS Version 1.0, 2010 Outline Introduction Existential

Predicate Abstraction with SATABS Version 1.0, 2010 Outline Introduction Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement Computing Existential Abstractions of Programs Checking the

1.66k views • 162 slides
Software Model Checking and Counter-example Guided Abstraction Refinement Claire Le Goues 1

Software Model Checking and Counter-example Guided Abstraction Refinement Claire Le Goues 1

Software Model Checking and Counter-example Guided Abstraction Refinement Claire Le Goues 1 Motivation: How should we analyze this? * means something we cant analyze (user input, random value) Line 5: the lock is held if and only

886 views • 63 slides
Counterexample Guided Abstraction Refinement in Blast Reading: Checking Memory Safety with Blast

Counterexample Guided Abstraction Refinement in Blast Reading: Checking Memory Safety with Blast

Counterexample Guided Abstraction Refinement in Blast Reading: Checking Memory Safety with Blast 17-654/17-754 Analysis of Software Artifacts Jonathan Aldrich

400 views • 14 slides
Combinatorial Abstraction Refinement for Feasibility Analysis Martin Stigge Uppsala University,

Combinatorial Abstraction Refinement for Feasibility Analysis Martin Stigge Uppsala University,

Combinatorial Abstraction Refinement for Feasibility Analysis Martin Stigge Uppsala University, Sweden Joint work with Wang Yi Problem Overview Workload Model Scheduler Model Task A Task B EDF/Static Prio/... Task C Task A t Task B t

759 views • 51 slides
Abstraction Refinement for Probabilistic Software Sascha Kurowski 6. Juli 2016 0/25 1/25

Abstraction Refinement for Probabilistic Software Sascha Kurowski 6. Juli 2016 0/25 1/25

Abstraction Refinement for Probabilistic Software Abstraction Refinement for Probabilistic Software Sascha Kurowski 6. Juli 2016 0/25 1/25 Sascha Kurowski | 6. Juli 2016 Sascha Kurowski | 6. Juli 2016 Probabilistic programs Outline ANSI-C

638 views • 47 slides
Refinement of Trace Abstraction for Real-Time Programs September 9, 2017 Franck Cassez 2 , Peter

Refinement of Trace Abstraction for Real-Time Programs September 9, 2017 Franck Cassez 2 , Peter

Refinement of Trace Abstraction for Real-Time Programs September 9, 2017 Franck Cassez 2 , Peter G. Jensen 1 , 2 and Kim G. Larsen 1 pgj@cs.aau.dk Department of Computer Science, Aalborg University Department of Computing, Macquarie University

293 views • 28 slides
Abstraction-Refinement Edmund M. Clarke School of Computer Science Carnegie Mellon University

Abstraction-Refinement Edmund M. Clarke School of Computer Science Carnegie Mellon University

Model Checking and Abstraction-Refinement Edmund M. Clarke School of Computer Science Carnegie Mellon University Intel Pentium FDIV Bug Try 4195835 4195835 / 3145727 * 3145727. In 94 Pentium, it doesnt return 0, but 256. Intel

813 views • 45 slides
Computing Abstract Plans for Counterexample-Guided Cartesian Abstraction Refinement Samuel von

Computing Abstract Plans for Counterexample-Guided Cartesian Abstraction Refinement Samuel von

Introduction Perfect Information Summary Computing Abstract Plans for Counterexample-Guided Cartesian Abstraction Refinement Samuel von Allmen 2019-05-21 1 / 20 Introduction Perfect Information Summary The Big Picture What are we trying

586 views • 20 slides
Decomposition for Systems Engineering (Using Event-B) Michael Butler users.ecs.soton.ac.uk/mjb

Decomposition for Systems Engineering (Using Event-B) Michael Butler users.ecs.soton.ac.uk/mjb

Abstraction, Refinement and Decomposition for Systems Engineering (Using Event-B) Michael Butler users.ecs.soton.ac.uk/mjb www.event-b.org Marktoberdorf Summer School 2012 Abstraction, Refinement and Decomposition for Systems Engineering

2.15k views • 178 slides
Point, Line, &amp; Plane 1 Abstraction Abstraction is the act of considering something as a

Point, Line, &amp; Plane 1 Abstraction Abstraction is the act of considering something as a

Point, Line, &amp; Plane 1 Abstraction Abstraction is the act of considering something as a general quality or characteristic, apart from concrete realities, specific objects, or actual instances. 2 Abstraction Abstraction is

478 views • 21 slides
1 Approaches Weve got different approaches here: Textbook advocates a visually

1 Approaches Weve got different approaches here: Textbook advocates a visually

ICS 463 Human Computer Interaction 8. Refinement Dan Suthers Spring 2004 Conceptual Design Transform user requirements/needs into a conceptual model a description of the proposed system in terms of a set of integrated ideas and

381 views • 15 slides

More recommend