Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University Simplifying Loop Invariant Generation Using Splitter Predicates.

Published byAgnes Dawson Modified over 9 years ago

Similar presentations

Presentation on theme: "Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University Simplifying Loop Invariant Generation Using Splitter Predicates."— Presentation transcript:

1

2 Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University Simplifying Loop Invariant Generation Using Splitter Predicates

3 Loops and Loop Invariants Invariant evaluates to true after every iteration Key problem software verification Is undecidable Loop Head Loop Body x = 0; while( x <= 49 ) { x = x + 1; }

4 Conjunctive Invariants Mature techniques for discovering these Cousot and Halbwachs, 1978 Abstract interpretation-based technique (Interproc) Keep estimate of reachable states StInG and InvGen Assume an invariant template (a.x + b.y <= c) Solve (non-linear) constraints to instantiate template x = 0; y = 50; while( x <= 49 ) { x = x + 1; } x <= 50 && y = 50 && x >= 0

5 Disjunctive Invariants Some loops require disjunctive invariants Some very involved techniques: Probabilistic inference, predicate abstraction, … Difficult to characterize their behavior Most are not fully automatic Can we reduce disjunctive to conjunctive?

6 Loops Requiring Disjunctive Invariants OpenSSH for(int i=0; i< size; i++) { if( i == size-1 ) a[i] = NULL; else a[i] = malloc(...); } Digikam for(int i = 0; i <num_widgets; i++) { if( i == 0 ) { delete w[i]; continue; } w[i-1] = w[i]; }

7 A Small Study About 10% of loops require disjunctive invariants (OpenSSH 9/95) Of these about 90% are multi-phase (OpenSSH 8/9)

8 Multi-phase Loops x = 0; y = 50; while( x < 100 ) { x = x + 1; if( x > 50 ) y = y + 1; } assert( y == 100); (x<=50 && y=50) ||(50<=x<=100 && y=x) x = 0, x = 1, …, x = 49 x = 0; y = 50; while( x < 100 ) { x = x + 1; if( x > 50 ) y = y + 1; } assert( y == 100); x = 0; y = 50; while( x < 100 ) { x = x + 1; if( x > 50 ) y = y + 1; } assert( y == 100); x = 50, x = 51, …, x = 99

9 Multi-phase Loops Continued… Phase transition C : predicate of if inside loop Phase: contiguous iterations with C constant Transition: C changes value Restrict to 2-phase loops C transitions from false to true

10 Basic Idea Disjunctive Invariant Conjunctive Invariants! x = 0; y = 50; while( x < 100 ) { x = x + 1; if( x > 50 ) y = y + 1; } assert( y == 100); x = 0; y = 50; while( x <= 49 ) { x = x + 1; } while( x 49) { x = x + 1; y = y + 1; } assert( y == 100); x<=50 && y=50 50<=x<=100 && y=x (x<=50 && y=50) || (50<=x<=100 && y=x)

11 Our Goal Reduce the problem of inferring disjunctive invariants for a multi-phase loop to inferring conjunctive invariants for a sequence of loops

12 Our Approach Identify multi-phase loops Split the multi-phase loops. Use standard invariant generation technique infer conjunctive invariants

13 Example Before Splitting After Splitting x = 0; y = 50; while( x < 100 ) { x = x + 1; if( x > 50 ) y = y + 1; } assert( y == 100); x = 0; y = 50; while( x<100 && x <= 49 ) { x = x + 1; if( false ) y = y + 1; } while( x 49 ) { x = x + 1; if( true ) y = y + 1; } assert( y == 100);

14 Splitter Predicate (Q) while P { B [C] } } while P && !Q { B [false] } while P && Q { B [true] }

15 Last Notational Hurdle x = 0; y = 50; while( x < 100 ) { x = x + 1; if( x > 50 ) y = y + 1; } assert( y == 100);

16 Properties of Splitter Predicates Theorem: For a loop while P { B[C] }, if Q satisfies these three properties then it is a splitter predicate.

17 Splitter Predicate while (P) { B [C] } } while (P && !Q) { B [C] } while (P && Q) { B [C] } while (P && !Q) { B [false] } while (P && Q) { B [true] }

18 Algorithm

19 Example Revisited Before Splitting After Splitting x = 0; y = 50; while( x < 100 ) { x = x + 1; if( x > 50 ) y = y + 1; } assert( y == 100); x = 0; y = 50; while( x<100 && x <= 49 ) { x = x + 1; if( false ) y = y + 1; } while( x 49 ) { x = x + 1; if( true ) y = y + 1; } assert( y == 100); Q = WP ( x = x + 1, x > 50 ) Q = x > 49

20 Optimizations Splitting preserves splitter predicates Simplify precondition computation Process if top down For nested loops, process inside out

21 Experimental Framework Interproc abstract interpretation-based InvGen constraint solving-based Our implementation in C++ MISTRAL for precondition and constraint solving

22 Experiments : verification succeeded; : verification failed + : better invariants; | : incomparable; = : exactly same

23 Conclusion Static analysis to identify phase transitions Decompose multi-phase loops Preserve semantics Benefit standard invariant generation tools Better invariants Handle more loops Simple, easy to implement, and can be integrated with any invariant generation tool

24 References Balakrishnan, G., Sankaranarayanan, S., Ivancic, F., Gupta, A.: Refining the control structure of loops using static analysis. In: EMSOFT (2009), pp. 49-58. Gulwani, S., Jain, S., Koskinen, E.: Control-flow refinement and progress invariants for bound analysis. In: PLDI (2009), pp. 375-385. Mauborgne, L., Rival, X.: Trace partitioning in abstract interpretation based static analyzers. In: ESOP (2005), pp. 5-20. Gopan, D., Reps, T.: Guided static analysis. In: SAS (2007), pp. 349-365.

Download ppt "Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University Simplifying Loop Invariant Generation Using Splitter Predicates."

Similar presentations

Demand-driven inference of loop invariants in a theorem prover

Demand-driven inference of loop invariants in a theorem prover
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Constraint-based Invariant Inference over Predicate Abstraction Sumit Gulwani Ramarathnam Venkatesan Microsoft Research, Redmond Saurabh Srivastava University.

Constraint-based Invariant Inference over Predicate Abstraction Sumit Gulwani Ramarathnam Venkatesan Microsoft Research, Redmond Saurabh Srivastava University.
De necessariis pre condiciones consequentia sine machina P. Consobrinus, R. Consobrinus M. Aquilifer, F. Oratio.

De necessariis pre condiciones consequentia sine machina P. Consobrinus, R. Consobrinus M. Aquilifer, F. Oratio.
Termination Proofs from Tests

Termination Proofs from Tests
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } P1() Challenge: Correct and Efficient Synchronization { ……………………………

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } P1() Challenge: Correct and Efficient Synchronization { ……………………………
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.

Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.

1 PROPERTIES OF A TYPE ABSTRACT INTERPRETATER. 2 MOTIVATION OF THE EXPERIMENT § a well understood case l type inference in functional programming à la.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN 2006 -

Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN
1 Eran Yahav Technion Joint work with Martin Vechev (ETH), Greta Yorsh (ARM), Michael Kuperstein (Technion), Veselin Raychev (ETH)

1 Eran Yahav Technion Joint work with Martin Vechev (ETH), Greta Yorsh (ARM), Michael Kuperstein (Technion), Veselin Raychev (ETH)
Logic as the lingua franca of software verification Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A Joint work with Andrey Rybalchenko.

Logic as the lingua franca of software verification Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A Joint work with Andrey Rybalchenko.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
Rahul Sharma, Saurabh Gupta, Bharath Hariharan, Alex Aiken, and Aditya Nori (Stanford, UC Berkeley, Microsoft Research India) Verification as Learning.

Rahul Sharma, Saurabh Gupta, Bharath Hariharan, Alex Aiken, and Aditya Nori (Stanford, UC Berkeley, Microsoft Research India) Verification as Learning.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

Similar presentations

Ads by Google