verification of one integer parameter recursive
play

Verification of One Integer Parameter Recursive Sequential - PowerPoint PPT Presentation

Nov 15, 2022 •210 likes •639 views

Verification of One Integer Parameter Recursive Sequential Procedures Ahmed Bouajjani Liafa - University of Paris 7 joint work with Peter Habermehl and Richard Mayr 1 Verification of Boolean Recursive Procedures Boolean Recursive Procedures

  1. Verification of One Integer Parameter Recursive Sequential Procedures Ahmed Bouajjani Liafa - University of Paris 7 joint work with Peter Habermehl and Richard Mayr 1

  2. Verification of Boolean Recursive Procedures Boolean Recursive Procedures − → Context-Free Processes Interprocedural data flow analysis and verification problems (safety properties) of recursive programs can be formulated as reachability analysis problems for context-free (or pushdown) processes: = ⇒ Computing sets of successors / predecessors of given sets of configurations. e.g., [Steffen and al., 96], [Esparza and Knop, 99] 2

  3. Verification of Boolean Recursive Procedures Boolean Recursive Procedures − → Context-Free Processes Interprocedural data flow analysis and verification problems (safety properties) of recursive programs can be formulated as reachability analysis problems for context-free (or pushdown) processes: = ⇒ Computing sets of successors / predecessors of given sets of configurations. e.g., [Steffen and al., 96], [Esparza and Knop, 99] Symbolic Reachability Analysis of Context-Free Processes Algorithms for symbolic reachability analysis and model-checking of pushdown systems • Sets of stack configurations are represented by means of finite-state automata. • Polynomial constructions of the post ∗ and pre ∗ images of given regular sets of configurations. e.g., [Bouajjani, Esparza, Maler, 97], [Finkel, Willems, Wolper, 97], [Esparza, Schwoon, 01] • Efficient tools have been developed based on these techniques (e.g., Edinburgh, Microsoft). 3

  4. Recursive Procedures with Integer Parameters Example: Fibonacci function F ( v ) = if n ≤ 1 then return 1 else return F ( v − 1) + F ( v − 2) Reachable configurations (stack contents) from F (5): F (5) F (4) F (3) F (3) F (2) F (3) F (2) F (1) F (2) F (3) F (1) F (0) F (1) F (2) F (3) F (0) F (1) F (2) F (3) F (1) F (2) F (3) F (2) F (3) F (1) F (0) F (3) F (0) F (3) F (3) F (2) F (1) F (1) F (0) F (1) F (0) F (1) F (1) ǫ 4

  5. Parametrized Context-Free Processes Integer Symbol Sequences (ISS) Finite sequences of the form: X 1 ( k 1 ) X 2 ( k 2 ) . . . X n ( k n ) where X i ∈ Γ and k i ∈ Z Z BPA( Z Z ) • Set ∆ of rewriting rules of the form: X ( v ) → X 1 ( e 1 ) X 2 ( e 2 ) . . . X n ( e n ) , P ( v ) where – e i is either k i or v + k i ( k i ∈ Z Z ), – P ( v ) is a Presburger predicate. • Prefix rewriting: Defines a transition relation = ⇒ ∆ on ISS. ∗ ∗ • post ∗ ⇒ ∆ α } , pre ∗ ∆ ( C ) = { α | ∃ β ∈ C. β = ∆ ( C ) = { α | ∃ β ∈ C. α = ⇒ ∆ β } . 5

  6. Example BPA( Z Z ) system for the Fibonacci function: F ( v ) → v ≤ 1 ǫ F ( v ) → F ( v − 1) F ( v − 2) v > 1 Post ∗ ( { F ( k ) | k ≥ 0 } ): F ( k ) F ( k − 1) F ( k − 2) F ( k − 2) F ( k − 3) F ( k − 2) F ( k − 3) F ( k − 4) F ( k − 3) F ( k − 2) F ( k − 4) F ( k − 5) F ( k − 4) F ( k − 3) F ( k − 2) · · · F ( k − 3) F ( k − 2) F ( k − 4) F ( k − 5) F ( k − 2) · · · F ( k − 5) F ( k − 2) F ( k − 6) F ( k − 7) F ( k − 2) F ( k − 7) F ( k − 8) F ( k − 7) F ( k − 2) · · · 6

  7. Z -input 1-Counter Automata Z • Input = Integer Symbol Sequence • Equality tests between the integer input and the counter value X ( c ) X (0) X (2) X (4) X (6) · · · c := c + 2 X (1) X (3) X (5) · · · guess ( c ) · · · X ( k ) X ( k + 2) · · · X ( k + 2 n ) · · · Figure 1: Example 7

  8. Recognizing Fibonacci Configurations F (5) guess ( c ) F ( c ) F (4) F (3) F ( c ) c := c − 1 F (3) F (2) F (3) F ( c ) c := c + 2 F (2) F (1) F (2) F (3) c := c + 2 F (1) F (0) F (3) c := c − 1 F ( c ) c := c + 2 Figure 2: Post ∗ ( { F ( k ) | k ≥ 0 } ) 8

  9. Main Results (1) Forward Reachability Analysis Let ∆ be a BPA( Z Z ) system, and let A be a Z Z -input 1-counter automaton. Z -input 1-counter automaton A ′ with L ( A ′ ) = post ∗ Then, a Z ∆ ( L ( A )) can be effectively constructed. 9

  10. Main Results (1) Forward Reachability Analysis Let ∆ be a BPA( Z Z ) system, and let A be a Z Z -input 1-counter automaton. Z -input 1-counter automaton A ′ with L ( A ′ ) = post ∗ Then, a Z ∆ ( L ( A )) can be effectively constructed. Backward Reachability Analysis • The membership problem (of an ISS) in pre ∗ ∆ ( L ( A )), where A is a Z Z -input 1-counter automaton, is undecidable. 10

  11. Main Results (1) Forward Reachability Analysis Let ∆ be a BPA( Z Z ) system, and let A be a Z Z -input 1-counter automaton. Z -input 1-counter automaton A ′ with L ( A ′ ) = post ∗ Then, a Z ∆ ( L ( A )) can be effectively constructed. Backward Reachability Analysis • The membership problem (of an ISS) in pre ∗ ∆ ( L ( A )), where A is a Z Z -input 1-counter automaton, is undecidable. • The set pre ∗ ∆ ( L ( A )), where A is a Z Z -input 1-counter automaton, is not recognizable by Z Z -input 1-counter automata. 11

  12. Main Results (1) Forward Reachability Analysis Let ∆ be a BPA( Z Z ) system, and let A be a Z Z -input 1-counter automaton. Z -input 1-counter automaton A ′ with L ( A ′ ) = post ∗ Then, a Z ∆ ( L ( A )) can be effectively constructed. Backward Reachability Analysis • The membership problem (of an ISS) in pre ∗ ∆ ( L ( A )), where A is a Z Z -input 1-counter automaton, is undecidable. • The set pre ∗ ∆ ( L ( A )), where A is a Z Z -input 1-counter automaton, is not recognizable by Z Z -input 1-counter automata. • Let ∆ be a BPA( Z Z ) system, and let R be a finite-state automaton. Z -input 1-counter automaton A with L ( A ) = pre ∗ Then, a Z ∆ ( L ( R ) ↑ ) can be effectively constructed. where, for any regular language L over Γ, L ↑ = { X 1 ( k 1 ) X 2 ( k 2 ) · · · X n ( k n ) | X 1 X 2 · · · X n ∈ L, and k 1 , . . . k 2 ∈ Z Z } 12

  13. Configuration Properties Pattern Constraints ϕ = � A 1 , . . . , A n , P � where A 1 , . . . , A n are finite automata over Γ, and P is an n -ary Presburger predicate. Semantics Let w be an ISS. Then, w | = � A 1 , . . . , A n , P � iff ∃ w 1 , . . . , w n ∈ ISS, ∃ X 1 , . . . , X n ∈ Γ, ∃ k 1 , . . . , k n ∈ Z Z , such that w = w 1 · X 1 ( k 1 ) · w 2 · X 2 ( k 2 ) · · · w n · X n ( k n ) and • ∀ i ∈ { 1 , . . . , n } , w i | Γ · X i ∈ L ( A i ), • P ( k 1 , . . . , k n ) is true. 13

  14. Reachability/Safety Properties Decide whether w | = EF ϕ i.e., ∃ w ′ . w ′ ∈ post ∗ ∆ ( w ) and w ′ | = ϕ . 14

  15. Reachability/Safety Properties Decide whether w | = EF ϕ i.e., ∃ w ′ . w ′ ∈ post ∗ ∆ ( w ) and w ′ | = ϕ . Examples • Can the procedure X be called with some parameter greater than 5 ? EF � X, Γ ∗ , v 1 ≥ 5 � • Can the execution stack contain two intances of the procedures X with same parameter ? EF � Γ ∗ X, Γ ∗ X, Γ ∗ , v 1 = v 2 � • The stack always contains an increasing sequences of X -parameters ¬ EF � Γ ∗ X, Γ ∗ X, Γ ∗ , v 1 ≥ v 2 � 15

  16. Main Results (2) Pattern Constraints Reachability Properties Theorem The problem w | = EF ϕ is decidable. 16

  17. Main Results (2) Pattern Constraints Reachability Properties Theorem The problem w | = EF ϕ is decidable. Reachable Parameter n -vectors What is the set of all possible parameter values for which X can be called ? 17

  18. Main Results (2) Pattern Constraints Reachability Properties Theorem The problem w | = EF ϕ is decidable. Reachable Parameter n -vectors What is the set of all possible parameter values for which X can be called ? { k | X ( k ) · w ′ ∈ post ∗ ∆ ( w ) } 18

  19. Main Results (2) Pattern Constraints Reachability Properties Theorem The problem w | = EF ϕ is decidable. Reachable Parameter n -vectors What is the set of all possible parameter values for which X can be called ? { k | X ( k ) · w ′ ∈ post ∗ ∆ ( w ) } Theorem Let ∆ be a BPA( Z Z ) system, let w be an initial configuration (ISS), and let ϕ be a pattern constraint. Then, the set Z n | ∃ w ′ = w 1 · X 1 ( k 1 ) · w 2 · X 2 ( k 2 ) · · · w n · X n ( k n ) ∈ post ∗ ∆ ( w ) . w ′ | { ( k 1 , . . . , k n ) ∈ Z = ϕ } is semilinear and effectively constructible. 19

  20. Outline • Z Z -input 1-Counter Automata, • Construction of the post ∗ image, • Reachability properties, • Conclusion. 20

  21. Z -input 1-Counter Automata Z Definition • Control states Q (including q 0 , accept, fail) • Counter c (with initial value 0) • Instructions – ( q : c := c + 1; goto q ′ ) – ( q : c := c − 1; goto q ′ ) – ( q : If c ≥ 0 then goto q ′ else goto q ′′ ). – ( q : If c = 0 then goto q ′ else goto q ′′ ). 21

  22. Z -input 1-Counter Automata Z Definition • Control states Q (including q 0 , accept, fail) • Counter c (with initial value) • Instructions – ( q : c := c + 1; goto q ′ ) – ( q : c := c − 1; goto q ′ ) – ( q : If c ≥ 0 then goto q ′ else goto q ′′ ). – ( q : If c = 0 then goto q ′ else goto q ′′ ). – ( q : Read input S ( i ) . If S = X and i = K then goto q ′ else goto q ′′ ). – ( q : Read input S ( i ) . If S = X and i = c then goto q ′ else goto q ′′ ). 22

Recommend

Assessing the Stability of Forecasting Models: Recursive Parameter Estimation and Recursive

Assessing the Stability of Forecasting Models: Recursive Parameter Estimation and Recursive

Assessing the Stability of Forecasting Models: Recursive Parameter Estimation and Recursive Residuals At each t, t = k, ... ,T-1, compute: Recursive parameter est. and forecast: Recursive residual: If all is well: Sequence of 1-step forecast

650 views • 39 slides
Verification of Recursive Methods on Tree-like Data Structures Jyotirmoy V. Deshmukh E. Allen

Verification of Recursive Methods on Tree-like Data Structures Jyotirmoy V. Deshmukh E. Allen

Verification of Recursive Methods on Tree-like Data Structures Jyotirmoy V. Deshmukh E. Allen Emerson { deshmukh,emerson}@cs.utexas.edu University of Texas at Austin Formal Methods in Computer-Aided Design 2009 Verifying Recursive Methods on

510 views • 50 slides
Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd

Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd

Introduction Verification Analysis Summary Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd December 2004 Anders Franz en Combining SAT and ILP Introduction Verification Analysis

776 views • 58 slides
Fixed-Parameter and Integer Programming Approaches for Clustering Problems Falk Hffner joint

Fixed-Parameter and Integer Programming Approaches for Clustering Problems Falk Hffner joint

Colorful Components Highly-Connected Deletion Conclusions Fixed-Parameter and Integer Programming Approaches for Clustering Problems Falk Hffner joint work with Sharon Bruckner 1 Christian Komusiewicz 2 Adrian Liebtrau 3 Rolf Niedermeier 2

784 views • 46 slides
Dynamic Verification of Inter-Parameter Constraints in Web Applications Nathalie Oostvogels

Dynamic Verification of Inter-Parameter Constraints in Web Applications Nathalie Oostvogels

# Dynamic Verification of Inter-Parameter Constraints in Web Applications Nathalie Oostvogels Joeri De Koster Wolfgang De Meuter Third party web services 2 Web API specifications 3 Web API requests request.post( { url:

387 views • 19 slides
Sorting integer arrays: security, speed, and verification D. J. Bernstein 2 Bobs laptop

Sorting integer arrays: security, speed, and verification D. J. Bernstein 2 Bobs laptop

1 Sorting integer arrays: security, speed, and verification D. J. Bernstein 2 Bobs laptop screen: From: Alice Thank you for your submission. We received many interesting papers, and unfortunately your Bob assumes this message is

1.04k views • 60 slides
Recursive Methods Noter ch.2 Recursive Methods Recursive problem solution Problems

Recursive Methods Noter ch.2 Recursive Methods Recursive problem solution Problems

Recursive Methods Noter ch.2 Recursive Methods Recursive problem solution Problems that are naturally solved by recursion Examples: Recursive function: Fibonacci numbers Recursive graphics: Fractals Mutual recursion:

796 views • 61 slides
Sorting integer arrays: Bobs laptop screen: security, speed, and verification From: Alice D.

Sorting integer arrays: Bobs laptop screen: security, speed, and verification From: Alice D.

1 2 Sorting integer arrays: Bobs laptop screen: security, speed, and verification From: Alice D. J. Bernstein Thank you for your submission. We received many interesting papers, and unfortunately your Bob assumes this message is

1.54k views • 131 slides
Sorting integer arrays: Bobs laptop screen: security, speed, and verification From: Alice D.

Sorting integer arrays: Bobs laptop screen: security, speed, and verification From: Alice D.

1 2 Sorting integer arrays: Bobs laptop screen: security, speed, and verification From: Alice D. J. Bernstein Thank you for your University of Illinois at Chicago, submission. We received Ruhr-University Bochum many interesting papers,

1.61k views • 125 slides
Formal Verification of a State-of-the-Art Integer Square Root Guillaume Melquiond Rapha el

Formal Verification of a State-of-the-Art Integer Square Root Guillaume Melquiond Rapha el

Introduction Fixed-point Proof Conclusion Formal Verification of a State-of-the-Art Integer Square Root Guillaume Melquiond Rapha el Rieu-Helft Inria, TrustInSoft, Universit e Paris-Saclay June 11th, 2019 Melquiond, Rieu-Helft

766 views • 44 slides
1 Recursive Definitions Infinite Recursion The recursive part of the LIST definition is used

1 Recursive Definitions Infinite Recursion The recursive part of the LIST definition is used

CSC 2014 Java Bootcamp Lecture 9 Recursion 2 Recursion Recursion is a fundamental programming technique that can provide an elegant solution certain kinds of problems RECURSIVE THINKING 3 4 Recursive Thinking Recursive Definitions

148 views • 4 slides
Undecidability Everything is an Integer Countable and Uncountable Sets Turing Machines

Undecidability Everything is an Integer Countable and Uncountable Sets Turing Machines

Undecidability Everything is an Integer Countable and Uncountable Sets Turing Machines Recursive and Recursively Enumerable Languages 1 Integers, Strings, and Other Things Data types have become very important as a programming tool.

506 views • 48 slides
Recursive Methods Recursive problem solution Problems that are naturally solved by

Recursive Methods Recursive problem solution Problems that are naturally solved by

Recursive Methods Recursive problem solution Problems that are naturally solved by recursion Derivative of rational function Recursive Methods Examples: Recursive function: Fibonacci numbers Recursive graphics:

284 views • 5 slides
61A Lecture 6 Announcements Recursive Functions Recursive Functions 4 Recursive Functions

61A Lecture 6 Announcements Recursive Functions Recursive Functions 4 Recursive Functions

61A Lecture 6 Announcements Recursive Functions Recursive Functions 4 Recursive Functions Definition: A function is called recursive if the body of that function calls itself, either directly or indirectly 4 Recursive Functions Definition:

1.08k views • 88 slides
Recursion Announcements Recursive Functions Recursive Functions 4 Recursive Functions

Recursion Announcements Recursive Functions Recursive Functions 4 Recursive Functions

Recursion Announcements Recursive Functions Recursive Functions 4 Recursive Functions Definition : A function is called recursive if the body of that function calls itself, either directly or indirectly 4 Recursive Functions Definition

1.11k views • 89 slides
ProPed Tool for Symbolic Verification of Probablistic Recursive Programs Rohit Chadha 1 Umang

ProPed Tool for Symbolic Verification of Probablistic Recursive Programs Rohit Chadha 1 Umang

ProPed Tool for Symbolic Verification of Probablistic Recursive Programs Rohit Chadha 1 Umang Mathur 2 Stefan Schwoon 3 1 Computer Science Department University of Missouri Columbia, Missouri, USA 2 Department of Computer Science and Engineering

398 views • 35 slides
Theory of Generalized Linear Models If Y has a Poisson distribution with parameter then P (

Theory of Generalized Linear Models If Y has a Poisson distribution with parameter then P (

Theory of Generalized Linear Models If Y has a Poisson distribution with parameter then P ( Y = y ) = y e y ! for y a non-negative integer. We can use the method of maximum likelihood to estimate if we have a sample Y 1 , . .

1.06k views • 18 slides
Integer Programming Part 1 Prof. Dr. Arslan M. RNEK Integer Programming An integer

Integer Programming Part 1 Prof. Dr. Arslan M. RNEK Integer Programming An integer

Chapter 9 Integer Programming Part 1 Prof. Dr. Arslan M. RNEK Integer Programming An integer programming problem (IP) is an LP in which some or all of the variables are required to be non-negative integers. Many real-life situations

462 views • 35 slides
Efficient Decision Procedure for Bounded Integer Non-linear Operations using SMT( LIA LIA ) Oct

Efficient Decision Procedure for Bounded Integer Non-linear Operations using SMT( LIA LIA ) Oct

Efficient Decision Procedure for Bounded Integer Non-linear Operations using SMT( LIA LIA ) Oct 28, 2008 Malay Ganai System Analysis & Verification Group NEC Labs America Princeton, U. S. A. 2 Existing Approaches Our Approach

1.21k views • 45 slides
Lesson 9 Recursive Types 2/19, 21 Chapters 20, 21 Recursive type Recursive type terms are

Lesson 9 Recursive Types 2/19, 21 Chapters 20, 21 Recursive type Recursive type terms are

Lesson 9: Recursive Types Lesson 9 Recursive Types 2/19, 21 Chapters 20, 21 Recursive type Recursive type terms are infinite, but regular For finite terms, use induction based on least fixed points For infinite terms/trees, we

232 views • 7 slides
Review Recursion Factorial (Iterative and Recursive versions) Call Stack (Last-in,

Review Recursion Factorial (Iterative and Recursive versions) Call Stack (Last-in,

Review Recursion Factorial (Iterative and Recursive versions) Call Stack (Last-in, first-out Queue) Tracing recursive functions Fibonacci Sequence Recursive Implementation Recursive Maze Generation One can declare an

921 views • 16 slides
D3: Arithmetic Issues #3: Arithm ithmetic tic Iss ssue ues Integer overflow and integer

D3: Arithmetic Issues #3: Arithm ithmetic tic Iss ssue ues Integer overflow and integer

D3: Arithmetic Issues #3: Arithm ithmetic tic Iss ssue ues Integer overflow and integer underflow Unsigned vs signed integer confusion Turns many benign-seeming codepaths into vectors for theft or denial of service. Loss :

435 views • 11 slides
Model-Based Recursive Partitioning Beautiful professors Choosey students Achim Zeileis Software

Model-Based Recursive Partitioning Beautiful professors Choosey students Achim Zeileis Software

Overview Motivation: Trees and leaves Methodology Model estimation Tests for parameter instability Segmentation Pruning Applications Costly journals Model-Based Recursive Partitioning Beautiful professors Choosey students Achim Zeileis

299 views • 9 slides
lecture 7 Integer multiplication (grade school) How to do (unsigned) integer multiplication in

lecture 7 Integer multiplication (grade school) How to do (unsigned) integer multiplication in

lecture 7 Integer multiplication (grade school) How to do (unsigned) integer multiplication in binary ? Sequential circuits 3 multiplicand - integer multiplication and division multiplier - floating point arithmetic product - finite

183 views • 3 slides

More recommend