Non-Linear Reasoning for Invariant Synthesis Zachary Kincaid 1 John - PowerPoint PPT Presentation

January 12, 2018 @ 15:50 Non-Linear Reasoning for Invariant Synthesis Zachary Kincaid 1 John Cyphert 2 Jason Breck 2 Thomas Reps 2 , 3 1 Princeton University 2 University of Wisconsin-Madison 3 GrammaTech, Inc

The problem: generating non-linear numerical loop invariants • Resource-bound analysis • Side channel analysis • Secure information flow • ...

• branching • nested loops • non-determinism Loop analyzer Recurrence solver algebraic numbers while (i < n): x = x + i i = i + 1 = i ( k − 1) + 1 i ( k ) = x ( k − 1) + i ( k − 1) x ( k ) = i (0) + k i ( k ) ( i ′ = i + k = x (0) + k ( k − 1) ) x ( k ) + k i (0) ∃ k . k ≥ 0 ∧ = x + k ( k − 1) 2 x ′ + k i 2

Loop analyzer i = i + 1 Recurrence solver algebraic numbers x = x + i while (i < n): = i ( k − 1) + 1 i ( k ) = x ( k − 1) + i ( k − 1) x ( k ) • branching • nested loops • non-determinism = i (0) + k i ( k ) ( i ′ = i + k = x (0) + k ( k − 1) ) x ( k ) + k i (0) ∃ k . k ≥ 0 ∧ = x + k ( k − 1) 2 x ′ + k i 2

Loop analyzer i = i + 1 Recurrence solver algebraic numbers x = x + i while (i < n): = i ( k − 1) + 1 i ( k ) = x ( k − 1) + i ( k − 1) x ( k ) • branching • nested loops • non-determinism = i (0) + k i ( k ) ( i ′ = i + k = x (0) + k ( k − 1) ) x ( k ) + k i (0) ∃ k . k ≥ 0 ∧ = x + k ( k − 1) 2 x ′ + k i 2

ticks k ticks k ticks k lo hi lo k hi lo k ticks k hi binary-search(A,target) : mid k hi lo k k ticks ticks k hi lo k hi k hi lo = 1, hi = size(A), ticks = 0 ticks while (lo <= hi): ticks++; mid = lo + (hi-lo)/2 if A[mid] == target: return mid else if A[mid] < target: lo = mid+1 else : hi = mid-1 log(A) times ticks mid lo lo hi lo A mid target lo mid hi hi A mid target lo lo

ticks k ticks k ticks k binary-search(A,target) : k k ticks k hi lo k hi hi lo k k ticks ticks k hi lo k hi lo lo k hi = mid-1 while (lo <= hi): ticks++; mid = lo + (hi-lo)/2 if A[mid] == target: return mid else if A[mid] < target: lo = mid+1 else : log(A) times lo = 1, hi = size(A), ticks = 0 hi lo ticks ′ = ticks + 1 ∧ mid ′ = lo + ( hi − lo )/2 ∧ (( A [ mid ] < target ∧ lo ′ = mid + 1 ∧ hi ′ = hi ) ∨ ( A [ mid ] > target ∧ lo ′ = lo ∧ hi ′ = mid − 1))

ticks k lo ticks k hi lo k k hi binary-search(A,target) : lo = 1, hi = size(A), ticks = 0 ticks ticks k hi lo k hi k k lo hi = mid-1 else : while (lo <= hi): ticks++; mid = lo + (hi-lo)/2 if A[mid] == target: return mid else if A[mid] < target: lo = mid+1 log(A) times ticks ( k +1) = ticks ( k ) + 1 ( hi ′ − lo ′ ) ( k +1) ≤ ( hi − lo ) ( k ) /2 − 1 ticks ′ = ticks + 1 ∧ mid ′ = lo + ( hi − lo )/2 ∧ (( A [ mid ] < target ∧ lo ′ = mid + 1 ∧ hi ′ = hi ) ∨ ( A [ mid ] > target ∧ lo ′ = lo ∧ hi ′ = mid − 1))

ticks k ticks k hi lo k hi lo k ticks k k ticks k hi lo k hi lo = 1, hi = size(A), ticks = 0 binary-search(A,target) : lo else : while (lo <= hi): ticks++; mid = lo + (hi-lo)/2 if A[mid] == target: return mid else if A[mid] < target: log(A) times hi = mid-1 lo = mid+1 ticks ( k ) = ticks (0) + k ( 1 ( hi ′ − lo ′ ) ( k ) ≤ ) k ( hi − lo +2) (0) − 2 2 ticks ′ = ticks + 1 ∧ mid ′ = lo + ( hi − lo )/2 ∧ (( A [ mid ] < target ∧ lo ′ = mid + 1 ∧ hi ′ = hi ) ∨ ( A [ mid ] > target ∧ lo ′ = lo ∧ hi ′ = mid − 1))

ticks k ticks k ticks k binary-search(A,target) : hi lo = 1, hi = size(A), ticks = 0 hi mid hi lo k k lo target ticks k hi lo k k hi lo lo lo A mid log(A) times while (lo <= hi): ticks++; mid = lo + (hi-lo)/2 if A[mid] == target: return mid else if A[mid] < target: lo = mid+1 hi hi = mid-1 else : ticks target hi ticks lo mid A mid lo hi lo mid ∃ k . k ≥ 0 ticks ′ = ticks + k ( 1 ) k ( hi ′ − lo ′ ) ≤ ( hi − lo +2) − 2 2

ticks k ticks k ticks k ticks k ticks k ticks k i k j k j k j k i k i k i k i k i k i k n k n k n k n k n k n k ticks for (i = 0; i < n; i++): k j k ticks ticks k k k n ki k k i i ki k k ticks ticks i i j n n n i i k k i j i i k j k ticks n n i i ticks ticks j j i j ticks++ n i n j n i i n for (j = 0; j < i; j++): k j k n ticks ticks k k i j n k

ticks k ticks k ticks k ticks k ticks k ticks k i k j k j k j k i k i k i k i k i k i k n k n k n k n k n k n k k j k ticks ticks k k ki for (i = 0; i < n; i++): i k k i i ki k k ticks ticks i k j n n k n i n ticks i k k ticks++ ticks k j k i n i i n n i i j k n j n n ticks for (j = 0; j < i; j++): i i k j j k ticks k j < i ∧ j ′ = j + 1 ∧ ticks ′ = ticks + 1 ∧ i ′ = i ∧ n ′ = n

ticks k ticks k ticks k ticks k i k j k i k i k i k i k n k n k n k n k ticks for (i = 0; i < n; i++): k j k ticks ticks k k k k ki k k i i ki k k ticks ticks i i j n n n i n i k n j i ticks++ ticks k j k i n i n n n j i k i for (j = 0; j < i; j++): k i n i k j j k ticks ticks k ticks ( k +1) = ticks ( k ) + 1 j ( k +1) = j ( k ) + 1 i ( k +1) = i ( k ) n ( k +1) = n ( k ) j < i ∧ j ′ = j + 1 ∧ ticks ′ = ticks + 1 ∧ i ′ = i ∧ n ′ = n

ticks k ticks k ticks k ticks k ticks k i k j k j k i k i k i k i k i k n k n k n k n k n k k j k ticks k k ki for (i = 0; i < n; i++): n i k k i i ki k k ticks ticks i k j n n ticks i n ticks n k ticks ticks++ i i n n j i k k ticks k k n i j j for (j = 0; j < i; j++): k i i n i k j ticks ( k ) = ticks (0) + k j ( k ) = j (0) + k i ( k ) = i (0) n ( k ) = n (0) j < i ∧ j ′ = j + 1 ∧ ticks ′ = ticks + 1 ∧ i ′ = i ∧ n ′ = n

ticks k ticks k ticks k ticks k ticks k ticks k i k j k j k j k i k i k i k i k i k i k n k n k n k n k n k n k k ticks k ticks k k k ticks k j for (i = 0; i < n; i++): n ki k k i i ki k k ticks ticks i i j n n n i j k i k n k k i n n ticks n n i i ticks ticks j j i j ticks++ for (j = 0; j < i; j++): i n i i j i ′ = i n ′ = n ∧ j ′ ≤ i ∧   ∃ k . k ≥ 0 ticks ′ = ticks + k ∧ ∧   j ′ = j + k ∧

ticks k ticks k ticks k ticks k ticks k ticks k i k j k j k j k i k i k i k i k i k i k n k n k n k n k n k n k ticks i k k ki i k k k n ticks i n for (j = 0; j < i; j++): i ki n n j i k k ticks for (i = 0; i < n; i++): k k n n i i n i k j k ticks n j i i ticks ticks j j i j ticks++ n i j k k ticks ticks k j i < n i ′ = i + 1 ∧ n ′ = n ∧ j ′ = i ∧   ∃ k . k ≥ 0 ∧ ticks ′ = ticks + k ∧   ∧ j ′ = k

ticks k ticks k ticks k ticks k j k j k j k i k i k i k i k n k n k n k n k k i ki k k ticks k for (j = 0; j < i; j++): n for (i = 0; i < n; i++): i n k n n j i k k ticks ticks k k ki i i j j ticks n n i i n i k j k ticks n j i i ticks ticks j j i j ticks++ n k ticks k k i ticks ( k +1) = ticks ( k ) + i ( k ) i ( k +1) = i ( k ) + 1 n ( k +1) = n ( k ) i < n i ′ = i + 1 ∧ n ′ = n ∧ j ′ = i ∧   ∃ k . k ≥ 0 ∧ ticks ′ = ticks + k ∧   ∧ j ′ = k

ticks k ticks k ticks k ticks k ticks k i k j k j k j k i k i k i k i k i k n k n k n k n k n k k j for (j = 0; j < i; j++): for (i = 0; i < n; i++): i n ticks n n j i k k ticks ticks k k ki i i k j ticks n i n i k j k ticks n i n i ticks ticks j j i j ticks++ k i k k i j n ticks ( k ) = ticks (0) + k ( k + 1)/2 + ki (0) i ( k ) = i (0) + k n ( k ) = n (0) i < n i ′ = i + 1 ∧ n ′ = n ∧ j ′ = i ∧   ∃ k . k ≥ 0 ∧ ticks ′ = ticks + k ∧   ∧ j ′ = k

ticks k ticks k ticks k ticks k ticks k ticks k i k j k j k j k i k i k i k i k i k i k n k n k n k n k n k n k k i k i n n j ticks i ticks for (i = 0; i < n; i++): k j k for (j = 0; j < i; j++): ticks k k ki i k n n i k j ticks++ j i j j ticks ticks j i n n ticks k i k i n i i n n j i k k ticks ticks k j i ′ = n ∧ n ′ = n ∧ j ′ = i  ∃ k . k ≥ 0  ∧ ticks ′ = ticks + k ( k + 1) ∧  + ki   2  ∧ i ′ = i + k

Warm up: the linear case c . . . T c T B x T x T c T B x T x Linear transformation T c B y We need: y B x We have: A x 2 Fixpoint computation: c entailed by F x x B x Result is system of (all) equations A x models of F using an SMT solver. 1 Compute the affine hull of F by sampling linearly independent Algorithm: lo Binary search: project onto ticks , hi computes best abstraction Suppose loop body formula F ( x , x ′ ) is linear . Goal: find a linear system y ′ = A y + b + linear transformation T s.t F ( x , x ′ ) | = ( T x ′ ) = A ( T x ) + b

Warm up: the linear case We need: y . . . T c T B x T x T c T B x T x Linear transformation T c B y c B x We have: A x 2 Fixpoint computation: c entailed by F x x B x Result is system of (all) equations A x models of F using an SMT solver. 1 Compute the affine hull of F by sampling linearly independent Algorithm: computes best abstraction Binary search: project onto ticks , ( hi − lo ) Suppose loop body formula F ( x , x ′ ) is linear . Goal: find a linear system y ′ = A y + b + linear transformation T s.t F ( x , x ′ ) | = ( T x ′ ) = A ( T x ) + b