Invariant Generation via Genetic Programming

Size: px

Start display at page:

Download "Invariant Generation via Genetic Programming"

Abel Andrews
5 years ago
Views:

1 Invariant Generation via Genetic Programming Soonho Kong 12 Mar 2010 ROPAS Show&Tell

2 Problem: Inductive Invariant Generation For the annotated loop {δ} while ρ do S end {} Find an invariant I satisfying the following conditions: (A) ( holds when entering the loop) δ ι (B) ι ρ Pre(ι, S) ( holds at each iteration) ι ρ (C) ( gives after leaving the loop) ι ι ι ι strongest under-approximation of an invariant δ I ρ ι weakest over-approximation of an invariant

3 Precondition Loop Body Postcondition { phase = F success = F give up = F cutoff =0 count =0} 1 while (success give up) do 2 entered phase := F; 3 if phase then 4 if cutoff = 0 then cutoff := 1; 5 else if cutoff =1 maxcost > 1 then cutoff := maxcost; 6 else phase := T; entered phase := T; cutoff := 1000; 7 if cutoff = maxcost search then give up := T; 8 else 9 count := count + 1; 10 if count > words then give up := T; 11 if entered phase then count := 1; 12 linkages := nondet; 13 if linkages > 5000 then linkages := 5000; 14 canonical := 0; valid := 0; 15 if linkages = 0then 16 valid := nondet; assume 0 valid valid linkages; 17 canonical := linkages; 18 if valid > 0 then success := T; 19 end { (valid > 0 count > words (cutoff = maxcost search)) valid linkages canonical = linkages linkages 5000 } Fig. 3. A Sample Loop in SPEC2000 Benchmark PARSER with 20 Atomic Propositions (Building Blocks)

{ phase = F success = F give up = F cutoff =0 count =0} 1 while (success give up) do 2 entered phase := F; 3 if phase then 4 if cutoff = 0then cutoff := 1; 5 else if cutoff =1 maxcost > 1 then cutoff

4 { phase = F success = F give up = F cutoff =0 count =0} 1 while (success give up) do 2 entered phase := F; 3 if phase then 4 if cutoff = 0then cutoff := 1; 5 else if cutoff =1 maxcost > 1 then cutoff := maxcost; 6 else phase := T; entered phase := T; cutoff := 1000; 7 if cutoff = maxcost search then give up := T; 8 else 9 count := count + 1; 10 if count > words then give up := T; 11 if entered phase then count := 1; 12 linkages := nondet; 13 if linkages > 5000 then linkages := 5000; 14 canonical := 0; valid := 0; 15 if linkages = 0then 16 valid := nondet; assume 0 valid valid linkages; 17 canonical := linkages; 18 if valid > 0 then success := T; 19 end { (valid > 0 count > words (cutoff = maxcost search)) valid linkages canonical = linkages linkages 5000 } with One of the found invariants is the following: success (valid linkages linkages 5000 canonical = linkages) success ( search count > words valid = 0) success (count > words cutoff = maxcost (canonical = 0 valid = 0 linkages = 0)) give up ((valid =0 linkages =0 canonical = linkages) (canonical = 0 valid linkages linkages 5000 canonical = linkages)) give up (cutoff = maxcost count > words (canonical = 0 valid = 0 linkages = 0)) give up ( search count > words valid = 0) scribes the conditions when success or give up are true. For onical = Fig. 3. A Sample Loop in SPEC2000 Benchmark PARSER with 20 Atomic Propositions (Building Blocks) An Invariant

5 Observations on Algorithmic Learning Approach Query Answer Teacher... Query Answer Algorithmic Learning ι A Loop Invariant (Propositional Formula)

6 Observations on Algorithmic Learning Approach Query Answer Teacher... Query Answer Algorithmic Learning ι A Loop Invariant (Propositional Formula) Problem #1: Active Learning Teacher can guide the learner only through the form of answers.

7 Observations on Algorithmic Learning Approach Solution Space Over Approximation Under Approximation Problem #1: Active Learning Teacher can guide the learner only through the form of answers.

8 Observations on Algorithmic Learning Approach Solution Space Over Approximation Under Approximation Yes Problem #1: Active Learning Teacher can guide the learner only through the form of answers.

9 Observations on Algorithmic Learning Approach Solution Space Over Approximation No Under Approximation Yes Problem #1: Active Learning Teacher can guide the learner only through the form of answers.

10 Observations on Algorithmic Learning Approach Solution Space No Yes Yes No Problem #1: Active Learning Teacher can guide the learner only through the form of answers.

11 Observations on Algorithmic Learning Approach Solution Space No No No No No Yes Yes Yes Yes No No Problem #1: Active Learning Teacher can guide the learner only through the form of answers.

12 Observations on Algorithmic Learning Approach Solution Space No No No No No Yes Yes Yes Yes No No Problem #1: Active Learning Invariant approximations are not directly utilized.

13 Observations on Algorithmic Learning Approach Solution Space Over Approximation Under Approximation Problem #2: Naive Randomized Mechanism Teacher solely relies on naive randomized mechanism when approximations are not helpful.

14 Observations on Algorithmic Learning Approach Solution Space? Unknown Over Approximation Under Approximation Problem #2: Naive Randomized Mechanism Teacher solely relies on naive randomized mechanism when approximations are not helpful.

15 Observations on Algorithmic Learning Approach Solution Space Over Approximation? Random Answer Under Approximation Problem #2: Naive Randomized Mechanism Teacher solely relies on naive randomized mechanism when approximations are not helpful.

16 Observations on Algorithmic Learning Approach Query Answer Teacher... Query Answer Algorithmic Learning Problem #3: Serialized Query-Answer Process Queries are dependent on the previous query/ answer pairs and make parallelization difficult.

17 Observations on Algorithmic Learning Approach Query Answer Teacher... Query Answer Algorithmic Learning Problem #3: Serialized Query-Answer Process Queries are dependent on the previous query/ answer pairs and make parallelization difficult.

18 Genetic Programming

19 Genetic Programming Initial Population

20 Genetic Programming Initial Population Crossover

21 Genetic Programming Initial Population Crossover Mutation

22 Genetic Programming Initial Population Crossover Mutation Fitness

23 Genetic Programming Initial Population Crossover Mutation Fitness Selection X

24 Genetic Programming Previous Population Crossover Mutation Fitness Selection X

25 Genetic Programming as a Solution Problem #1: Active Learning Teacher can guide the learner only through the form of answers. Query Answer Teacher... Query Answer Algorithmic Learning

26 Genetic Programming as a Solution Problem #1: Active Learning Teacher can guide the learner only through the form of answers. Solution: Active Teaching In genetic programming, we can manipulate the formula directly: Solution Space c (c ι) ι Solution Space Over Approximation Candidate Under Approximation Local optimization Over Approximation Candidate Under Approximation

27 Genetic Programming as a Solution Problem #2: Naive Randomized Mechanism Teacher solely relies on naive randomized mechanism when approximations are not helpful.

28 Genetic Programming as a Solution Problem #2: Naive Randomized Mechanism Teacher solely relies on naive randomized mechanism when approximations are not helpful. Solution: Natural Selection Genetic programming favors better solutions. Fitness Selection X

29 Genetic Programming as a Solution Problem #3: Serialized Query-Answer Process Queries are dependent on the previous query/ answer pairs and make parallelization difficult. Query Answer Teacher... Query Answer Algorithmic Learning

30 Genetic Programming as a Solution Problem #3: Serialized Query-Answer Process Queries are dependent on the previous query/ answer pairs and make parallelization difficult. Solution: Crossover Mutation Fitness Selection X

31 Genetic Programming as a Solution Problem #3: Serialized Query-Answer Process Queries are dependent on the previous query/ answer pairs and make parallelization difficult. Solution: Crossover Mutation Fitness Selection X

32 Genetic Programming as a Solution Problem #3: Serialized Query-Answer Process Queries are dependent on the previous query/ answer pairs and make parallelization difficult. Solution: Crossover Mutation Fitness Selection X

33 Genetic Programming as a Solution Problem #3: Serialized Query-Answer Process Queries are dependent on the previous query/ answer pairs and make parallelization difficult. Solution: Crossover Mutation Fitness Selection X

34 Genetic Programming as a Solution Problem #3: Serialized Query-Answer Process Queries are dependent on the previous query/ answer pairs and make parallelization difficult. Solution: Crossover Mutation Fitness Parallelizable! Selection X

35 Genetic Programming as a Solution Problem #3: Serialized Query-Answer Process Queries are dependent on the previous query/ answer pairs and make parallelization difficult. Solution: Crossover Mutation Fitness Parallelizable! Selection X

36 Key Issue: How to define Fitness Function? Fitness

37 Role of Fitness Function For the annotated loop {δ} while ρ do S end {} Find an invariant I satisfying the following conditions: (A) ι ι ( holds when entering the loop) (B) ι ρ Pre(ι, S) ( holds at each iteration) (C) ι ι ( gives after leaving the loop) ι ι ι

38 Role of Fitness Function For the annotated loop {δ} while ρ do S end {} Find an invariant I satisfying the following conditions: (A) ι ι ( holds when entering the loop) (B) ι ρ Pre(ι, S) ( holds at each iteration) (C) ι ι ( gives after leaving the loop) ι ι ι Solution Space Solution Space Over Approximation Candidate Under Approximation Local optimization Over Approximation Candidate Under Approximation

39 Role of Fitness Function For the annotated loop {δ} while ρ do S end {} Find an invariant I satisfying the following conditions: (A) ι ι ( holds when entering the loop) (B) ι ρ Pre(ι, S) ( holds at each iteration) (C) ι ι ( gives after leaving the loop) ι ι ι Solution Space Solution Space Over Approximation Candidate Under Approximation Local optimization Over Approximation Candidate Under Approximation

Role of Fitness Function For the annotated loop {δ} while ρ do S end {} Find an invariant I satisfying the following conditions: (A) ι ι ( holds when entering the loop) (B) ι ρ Pre(ι, S) ( holds at

40 Role of Fitness Function For the annotated loop {δ} while ρ do S end {} Find an invariant I satisfying the following conditions: (A) ι ι ( holds when entering the loop) (B) ι ρ Pre(ι, S) ( holds at each iteration) (C) ι ι ( gives after leaving the loop) ι ι ι Solution Space Solution Space Over Approximation Candidate Under Approximation Local optimization Over Approximation Candidate Under Approximation

41 Role of Fitness Function (B) ι ρ Pre(ι, S) ( ι holds at each iteration) If (B) holds, then we find an invariant. Pre(ι, S) ι ρ

42 Role of Fitness Function (B) ι ρ Pre(ι, S) ( ι holds at each iteration) If (B) does not hold, we need to quantify how bad the candidate is. Pre(ι, S) ι ρ

43 Role of Fitness Function (B) ι ρ Pre(ι, S) ( ι holds at each iteration) If (B) does not hold, we need to quantify how bad the candidate is. ι ρ Pre(ι, S) Fitness Function Property Diff (ι) =ι ρ \ Pre(ι, S) Diff (ι 1 ) Diff (ι 2 ) Fit(ι 1 ) Fit(ι 2 )

44 Infeasible Fitness Function Count the number of models in concrete domain. Example Diff (ι) =x<3 y>10 Fit(ι) = {(2, 11), (10, 15), (0, 0),} y 10 3 x Can not count them all in general.

45 Feasible Fitness Function Count the number of models in abstract domain. Example Diff (ι) =x<3 y>10 y x

46 Feasible Fitness Function Count the number of models in abstract domain. Example Diff (ι) =x<3 y>10 SMT: (10, 15) = Diff (ι) y x

47 Feasible Fitness Function Count the number of models in abstract domain. Example Diff (ι) =x<3 y>10 SMT: (10, 15) = Diff (ι) y x

48 Feasible Fitness Function Count the number of models in abstract domain. Example Diff (ι) =x<3 y>10 SMT: ( 3, 7) = Diff (ι) [(x >5) (y >5)] y x

49 Feasible Fitness Function Count the number of models in abstract domain. Example Diff (ι) =x<3 y>10 SMT: ( 3, 7) = Diff (ι) [(x >5) (y >5)] y x

50 Feasible Fitness Function Count the number of models in abstract domain. Example Diff (ι) =x<3 y>10 SMT: ( 5, 5) = Diff (ι) [(x >5) (y >5)] [(x <= 5) (y >5)] y x

51 Feasible Fitness Function Count the number of models in abstract domain. Example Diff (ι) =x<3 y>10 SMT: ( 5, 5) = Diff (ι) [(x >5) (y >5)] [(x <= 5) (y >5)] y x

52 Feasible Fitness Function Count the number of models in abstract domain. Example Diff (ι) =x<3 y>10 SMT (Diff (ι) [(x >5) (y >5)] [(x <= 5) (y >5)] [(x <= 5) (y <= 5)]) = UNSAT y x

53 Feasible Fitness Function Count the number of models in abstract domain. Example Diff (ι) =x<3 y>10 SMT (Diff (ι) [(x >5) (y >5)] [(x <= 5) (y >5)] [(x <= 5) (y <= 5)]) = UNSAT y x Fit(ι) =3

54 Feasible Fitness Function Count the number of models in abstract domain. Example Diff (ι) =x<3 y>10 SMT (Diff (ι) [(x >5) (y >5)] [(x <= 5) (y >5)] [(x <= 5) (y <= 5)]) = UNSAT y x Fitness Function Property Diff (ι 1 ) Diff (ι 2 ) Fit(ι 1 ) Fit(ι 2 )

55 Complexity of Fitness Function Number of SMT calls could raise up to 2 n if we have n atomic propositions in predicate abstraction.

56 Complexity of Fitness Function Number of SMT calls could raise up to 2 n if we have n atomic propositions in predicate abstraction. In practice, that is not the case because of dependencies among atomic propositions.

57 Complexity of Fitness Function Number of SMT calls could raise up to 2 n if we have n atomic propositions in predicate abstraction. In practice, that is not the case because of dependencies among atomic propositions. y 1 x

58 Complexity of Fitness Function Number of SMT calls could raise up to 2 n if we have n atomic propositions in predicate abstraction. In practice, that is not the case because of dependencies among atomic propositions. y x =

59 Issue: Formula Size Formula size can grow infinitely. 1. Crossover operation 2. Fitness Function SMT: (10, 15) = Diff (ι) ( 3, 7) = Diff (ι) [(x >5) (y >5)] ( 5, 5) = Diff (ι) [(x >5) (y >5)] [(x <= 5) (y >5)] Solution: Simplify formulae.

60 Progress 1. Design and implement abstract data type for formula to share subformulae (Heejae Shin & Wonchan Lee) Initial Population Crossover

61 Plan Initial Population Crossover Mutation Fitness Selection X

62 ank you

Automatically Inferring Loop Invariants via Algorithmic Learning

Under consideration for publication in Math. Struct. in Comp. Science Automatically Inferring Loop Invariants via Algorithmic Learning Y U N G B U M J U N G 1, S O O N H O K O N G, C R I S T I N A D A