h andling i nvariants in the p redicate cpa
play

H ANDLING I NVARIANTS IN THE P REDICATE CPA One manager class - PowerPoint PPT Presentation

Nov 04, 2022 •121 likes •464 views

A UGMENTING P REDICATE A NALYSIS W ITH A UXILIARY I NVARIANTS Thomas Stieglmaier September 23, 2016 University of Passau M OTIVATION Predicate Analysis SMT-based Abstraction of program, computed from a set of predicates CEGAR for

  1. A UGMENTING P REDICATE A NALYSIS W ITH A UXILIARY I NVARIANTS Thomas Stieglmaier September 23, 2016 University of Passau

  2. M OTIVATION Predicate Analysis • SMT-based • Abstraction of program, computed from a set of predicates π • CEGAR for refining π • Craig interpolation for discovering precision increments 1

  3. M OTIVATION Predicate Analysis • SMT-based • precision π • Abstraction of program, • path formula φ computed from a set of • abstraction formula ψ predicates π Abstraction computation • CEGAR for refining π • ψ ′ = ( φ ∧ ψ ) π • Craig interpolation for • φ = TRUE discovering precision increments 1

  4. M OTIVATION — I NVARIANTS Generating Invariants • Several tools available: I NV G EN , D AIKON • Often not SMT-based 2

  5. M OTIVATION — I NVARIANTS Generating Invariants • Several tools available: I NV G EN , D AIKON • Often not SMT-based Use invariants in other analyses • Add new (helpful) information to a predicate analysis • Speed up the analysis • less refinements • less dependent on interpolants 2

  6. P REDICATE A NALYSIS — A DDING I NVARIANTS ψ ′ = ( φ ∧ ψ ∧ INV ) π 3

  7. P REDICATE A NALYSIS — A DDING I NVARIANTS ψ ′ = ( φ ∧ ψ ) π ∪{ INV } 3

  8. P REDICATE A NALYSIS — A DDING I NVARIANTS ψ ′ = ( φ ∧ ψ ) π ∧ INV 3

  9. P REDICATE A NALYSIS — A DDING I NVARIANTS ψ ′ = ( φ ∧ ψ ∧ INV ) π ∪{ INV } ∧ INV 3

  10. P REDICATE A NALYSIS — E XAMPLE Location � 2 • Abstraction location • π = { i < 10 } • invariant i = 2 4

  11. P REDICATE A NALYSIS — E XAMPLE Strategy New Abstract State Possible Transitions No Inv ( i < 10, TRUE ) 2 → 3, 2 → 4 Prec ( i = 2 ∧ i < 10, TRUE ) 2 → 3 ( i < 10, i = 2 ) 2 → 3 PF ( i = 2 ∧ i < 10, TRUE ) 2 → 3 AF Prec + PF ( i = 2 ∧ i < 10, i = 2 ) 2 → 3 Prec + AF ( i = 2 ∧ i = 2 ∧ i < 10, TRUE ) 2 → 3 PF + AF ( i = 2 ∧ i < 10, i = 2 ) 2 → 3 Prec + PF + AF ( i = 2 ∧ i = 2 ∧ i < 10, i = 2 ) 2 → 3 5

  12. A UXILIARY I NVARIANTS • fast computation • high success rate • useful invariants 6

  13. A UXILIARY I NVARIANTS • fast computation • high success rate • useful invariants → no negative impact on the main analysis 6

  14. A UXILIARY I NVARIANTS — L IGHTWEIGHT H EURISTICS PredicateCPA specific • Inductive weakening of path formulas • Checking conjuncts of path formulas on invariance • Checking interpolants on invariance 7

  15. A UXILIARY I NVARIANTS — L IGHTWEIGHT H EURISTICS PredicateCPA specific • Inductive weakening of path formulas • Checking conjuncts of path formulas on invariance • Checking interpolants on invariance Applicable to other analyses • Path invariants 7

  16. A UXILIARY I NVARIANTS — S EQUENTIAL A NALYSES Compute invariants from reached sets of earlier analyses 8

  17. A UXILIARY I NVARIANTS — P ARALLEL A NALYSES • k -induction uses concurrently running invariant generation � not usable for other concurrent analyses → new CPA CHECKER feature • Algorithm for executing several analyses in parallel • Communication between analyses via reached sets 9

  18. H ANDLING I NVARIANTS IN THE P REDICATE CPA • One manager class • Exposes general methods for retrieving and generating invariants • Hides exact configuration • Lazy computation of invariants during refinement • Mixing generation and usage strategies possible 10

  19. H ANDLING I NVARIANTS IN THE P REDICATE CPA • One manager class • Exposes general methods for retrieving and generating invariants • Hides exact configuration • Lazy computation of invariants during refinement • Mixing generation and usage strategies possible • Two users • Refinement (precision increment) • PrecisionAdjustment (path -and abstraction formula) 10

  20. E VALUATION — E NVIRONMENT • 2 . 6 GHz Octa Core CPUs (Intel E5-2650 v2) • 8 GB memory • 300 s or 600 s CPU time • trunk r23084 • Measured with B ENCH E XEC • 3488 verification tasks taken from SV-COMP’16 11

  21. E VALUATION — H EURISTICS • Inductive weakening and checking conjuncts of path formulas failed • Checking interpolants on invariance is very slow due to prefix generation • Path invariants are too slow overall, but good on tasks in the loops category 12

  22. E VALUATION — P ATH I NVARIANTS • Two configurations: • Predicate Analysis + Path Invariants with InvariantsCPA • Predicate Analysis + Path Invariants with PolicyCPA 13

  23. E VALUATION — P ATH I NVARIANTS int main() { 1 int i; 2 for (i = 0; i < 1000000; i++) ; 3 assert(i == 1000000); 4 return 0; 5 } 6 � Interpolation unrolls the loop ✓ found invariant: i = 1000000 for location of assert call 14

  24. E VALUATION — P ARALLEL A NALYSES • Combination of: • An analysis with the PredicateCPA, and • An analysis with the InvariantsCPA (continuously-refined) • 600 s CPU time (300 s per analysis) • 7 configurations: abs , prec , path , abs-path , ... • 3 baselines • 300 s and 600 s predicate analyses base300 , base600 • 600 s parallel analysis without invariant generation basePar 15

  25. E VALUATION — P ARALLEL A NALYSES base600 base300 basePar async-abs 100 CPU time (s) 10 0 500 1 000 1 500 2 000 n-th fastest correct result 16

  26. E VALUATION — P ARALLEL A NALYSES • all baselines are strictly worse than configurations with invariants • async-abs is the best configuration • 4 % better than base600 • 8 % better than base300 • 3 % better than basePar → wall time is comparable to base300 • async-prec is slow • async-prec-path almost as good as async-abs 17

  27. E VALUATION — S EQUENTIAL A NALYSES • Combination of: • bounded predicate analysis (100 s) • unbounded predicate analysis without refinement (100 s) • predicate analysis using invariants (300 s) • 7 configurations (invariants): abs , prec , path , abs-path , ... • 1 configuration (only precision): restart2 • 2 baselines, 300 s and 600 s predicate analyses base300 , base600 18

  28. E VALUATION — S EQUENTIAL A NALYSES 19

  29. C ONCLUSION & O UTLOOK • Heuristics for invariant generation need more time than expected • More intelligent heuristics needed: • When should invariants be generated • Filtering of found invariants 20

  30. C ONCLUSION & O UTLOOK • Heuristics for invariant generation need more time than expected • More intelligent heuristics needed: • When should invariants be generated • Filtering of found invariants ✓ Combination of analyses increases performance ✓ Performance is even better if the analyses communicate → Aim: Make communication easier usable 20

  31. P ATH I NVARIANTS — T ABLE (1) Table 1: Details on analyses using path invariants for generating auxiliary invariants and their baseline correct wrong Invariants (equal) CPU time (h) safe unsafe safe time (h) tries succ all correct equal base300 1 391 553 27 149 26 . 0 21 . 3 path-inv 1 327 519 27 2 . 36 4 719 1 428 162 31 . 0 30 . 5 path-policy 1 337 529 27 3 . 84 4 600 1 611 161 31 . 4 29 . 8 400s-inv 1 364 575 27 196 35 . 6 400s-policy 1 371 576 27 196 34 . 7

  32. P ATH I NVARIANTS — T ABLE (2) Table 2: A selection of tasks and their results with path invariants file name path-inv path-policy loop-acceleration/array true-unreach-call3.i ✓ ✗ loop-acceleration/functions true-unreach-call1.i ✗ ✓ loop-acceleration/nested true-unreach-call1.i ✓ ✗ loop-acceleration/simple true-unreach-call1.i ✗ ✓ loop-new/count by 1 true-unreach-call.i ✓ ✗ loop-new/count by 1 variant true-unreach-call.i ✓ ✗ loop-new/count by nondet true-unreach-call.i ✗ ✓

  33. P ARALLEL A NALYSES — T ABLE Table 3: Details on all parallel analyses using invariants and their baselines correct wrong Main Succ Wall time (h) CPU time (h) true false true false correct all equal all equal base300 1 391 553 0 27 1 944 128 13 . 8 149 20 . 9 base600 1 434 588 0 27 2 022 240 13 . 9 262 21 . 1 basePar 1 509 541 0 18 1 109 152 15 . 6 281 39 . 9 abs 1 532 572 0 18 1 154 147 14 . 4 276 38 . 2 path 1 536 561 1 17 1 148 146 14 . 2 274 37 . 9 prec 1 526 549 0 18 1 108 149 15 . 3 279 39 . 6 prec-path 1 525 561 1 17 1 111 148 15 . 1 278 39 . 4 abs-path 1 528 568 1 18 1 148 146 14 . 4 275 38 . 4 prec-abs 1 526 557 0 18 1 110 149 15 . 2 279 39 . 4 prec-abs-path 1 531 551 1 18 1 106 148 15 . 0 278 39 . 5

  34. S EQUENTIAL A NALYSES — T ABLE Table 4: Details on all sequential combinations of analyses using invariants and their baselines correct wrong ∅ Analyses Wall time (h) true false false Alg1 Alg2 Alg3 all correct equal base300 1 391 553 27 1 . 00 128 17 . 9 14 . 5 base600 1 434 588 27 1 . 00 240 26 . 7 14 . 7 restart2 1 420 612 27 1 . 97 12 . 3 8 . 84 182 29 . 1 22 . 7 abs 1 415 557 27 2 . 38 12 . 3 3 . 35 8 . 73 201 32 . 3 25 . 9 path 1 416 547 28 2 . 38 12 . 3 3 . 39 8 . 65 200 30 . 9 25 . 9 prec 1 409 550 27 2 . 38 12 . 3 3 . 33 9 . 15 202 31 . 7 26 . 3 prec-path 1 409 557 28 2 . 38 12 . 3 3 . 40 8 . 89 201 31 . 7 26 . 1 abs-path 1 414 555 28 2 . 38 12 . 3 3 . 35 8 . 66 200 31 . 5 25 . 9 prec-abs 1 407 555 27 2 . 38 12 . 3 3 . 36 9 . 21 202 32 . 0 26 . 4 prec-abs-path 1 414 552 26 2 . 38 12 . 3 3 . 35 9 . 13 201 31 . 8 26 . 3

Recommend

Commissioning Presentation INTRODUCTIONS: 2 1. 1. Air ir Han andling dling Units nits 2.

Commissioning Presentation INTRODUCTIONS: 2 1. 1. Air ir Han andling dling Units nits 2.

Commissioning Presentation INTRODUCTIONS: 2 1. 1. Air ir Han andling dling Units nits 2. 2. Chill hilled ed Water Sys ter System tem inc including luding c chill hiller ers, s, co cooling to oling tower wers, s, pu pump

590 views • 34 slides
EECS 591 D ISTRIBUTED S YSTEMS Manos Kapritsos Fall 2020 H ANDLING QUERIES query Primary The

EECS 591 D ISTRIBUTED S YSTEMS Manos Kapritsos Fall 2020 H ANDLING QUERIES query Primary The

EECS 591 D ISTRIBUTED S YSTEMS Manos Kapritsos Fall 2020 H ANDLING QUERIES query Primary The primary cannot respond until it has received all acks for prior updates ack ack ack ack ack backups C HAIN REPLICATION Primary replicas Head

588 views • 36 slides
C H R ONSTRAINT ANDLING ULES Jon Sneyers August 2010 2 CHR summer school 2010

C H R ONSTRAINT ANDLING ULES Jon Sneyers August 2010 2 CHR summer school 2010

1 CHR summer school 2010 Computability and complexity of CHR Jon Sneyers Computability and Complexity of Computability and Complexity of C ONSTRAINT H ANDLING R ULES C H R ONSTRAINT ANDLING ULES Jon Sneyers August 2010 2 CHR

708 views • 59 slides
C H R ONSTRAINT ANDLING ULES Jon Sneyers August 2010 2 CHR summer school 2010

C H R ONSTRAINT ANDLING ULES Jon Sneyers August 2010 2 CHR summer school 2010

1 CHR summer school 2010 Introduction to CHR Jon Sneyers An introduction to An introduction to C ONSTRAINT H ANDLING R ULES C H R ONSTRAINT ANDLING ULES Jon Sneyers August 2010 2 CHR summer school 2010 Introduction to CHR

1.11k views • 64 slides
S YSTEM FUNCTIONALITY 2 Quickly move all baggage, including transfers, automatically between

S YSTEM FUNCTIONALITY 2 Quickly move all baggage, including transfers, automatically between

D ENVER A IRPORT I NTEGRATED A UTOMATED B AGGAGE H ANDLING S YSTEM I a i n S i m m s &amp; K y l e K e n n e d y I NTRODUCTION We will discuss: Background of the airport. Background of the airport. Baggage system

763 views • 34 slides
WHO WE ARE Direct &amp; Reinsurance Broker and Risk Management Company with over 21 years of

WHO WE ARE Direct &amp; Reinsurance Broker and Risk Management Company with over 21 years of

WHO WE ARE 21+ years of experience Serving 10,000+ satisfied clients 325+ highly experienced and professional team C lient R etention - 97%+ P resence in 10+ cities H andling INR 800 Crs+ Premium WHO WE ARE Direct &amp; Reinsurance Broker and Risk

774 views • 32 slides
method George Kastrinis , Yannis Smaragdakis ~ Efficient and Effective Handling of Exceptions in

method George Kastrinis , Yannis Smaragdakis ~ Efficient and Effective Handling of Exceptions in

E FFICIENT AND E FFECTIVE H ANDLING OF E XCEPTIONS IN J AVA P OINTS- T O A NALYSIS George Kastrinis ~ Yannis Smaragdakis University of Athens E XECUTIVE S UMMARY Huge amount of analysis time spent on exceptions They mainly affect

1.16k views • 84 slides
Presentation The Challenge / Opportunity Change The Context Abrasive wear The

Presentation The Challenge / Opportunity Change The Context Abrasive wear The

I MPROVING M AINTENANCE Q UALITY IN A IRPORT B AGGAGE H ANDLING O PERATIONS F RANK K OENIG , P AULINE F OUND ,M ANEESH KUMAR AND R ICHARD M C M EEKIN Presentation The Challenge / Opportunity Change The Context Abrasive wear The

564 views • 29 slides
CHIEF Replacement Programme (CRP) Overview presentation to EGAD 13 th November 2014 Steve Casey

CHIEF Replacement Programme (CRP) Overview presentation to EGAD 13 th November 2014 Steve Casey

CHIEF Replacement Programme (CRP) Overview presentation to EGAD 13 th November 2014 Steve Casey Stakeholder Management &amp; Engagement Lead, CRP HMRC Business Tax Directorate What is CHIEF? The C ustoms H andling of I mport and E xport F

567 views • 15 slides
Do Super Cats Make Odd Knots? Sean Clark MPIM Oberseminar November 5, 2015 Sean Clark Do Super

Do Super Cats Make Odd Knots? Sean Clark MPIM Oberseminar November 5, 2015 Sean Clark Do Super

Do Super Cats Make Odd Knots? Sean Clark MPIM Oberseminar November 5, 2015 Sean Clark Do Super Cats Make Odd Knots? November 5, 2015 1 / 10 O DD K NOT I NVARIANTS Knots W HAT IS A KNOT ? (The unknot) (The Trefoil Knot) Sean Clark Do

399 views • 23 slides

More recommend