Invariant Generation for Parametrized Systems using Self-Reflection

Similar documents
Proofs of Correctness: Introduction to Axiomatic Verification

CS256/Winter 2009 Lecture #6. Zohar Manna

The algorithmic analysis of hybrid system

Formal Methods in Software Engineering

AN INTRODUCTION TO SEPARATION LOGIC. 2. Assertions

A Brief History of Shared memory C M U

Program Verification Using Separation Logic

Algebraic Trace Theory

The State Explosion Problem

On simulations and bisimulations of general flow systems

Lecture 3: Semantics of Propositional Logic

COMP2111 Glossary. Kai Engelhardt. Contents. 1 Symbols. 1 Symbols 1. 2 Hoare Logic 3. 3 Refinement Calculus 5. rational numbers Q, real numbers R.

Trace semantics: towards a unification of parallel paradigms Stephen Brookes. Department of Computer Science Carnegie Mellon University

Axiomatic semantics. Semantics and Application to Program Verification. Antoine Miné. École normale supérieure, Paris year

Theories of Programming Languages Assignment 5

Termination Analysis of Loops

Program Verification using Separation Logic Lecture 0 : Course Introduction and Assertion Language. Hongseok Yang (Queen Mary, Univ.

A Short Introduction to Hoare Logic

Size-Change Termination and Transition Invariants

Proving Liveness of Parameterized Programs

Inductive Data Flow Graphs

Simply Typed Lambda-Calculi (II)

1 Introduction. 2 Recap The Typed λ-calculus λ. 3 Simple Data Structures

Predicate Logic. Xinyu Feng 09/26/2011. University of Science and Technology of China (USTC)

Chapter 2. Assertions. An Introduction to Separation Logic c 2011 John C. Reynolds February 3, 2011

Algebraic Trace Theory

Clojure Concurrency Constructs, Part Two. CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014

COP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen

Verification Constraint Problems with Strengthening

Efficient Strongly Relational Polyhedral Analysis

Formal Verification. Lecture 1: Introduction to Model Checking and Temporal Logic¹

Incremental Proof-Based Verification of Compiler Optimizations

Floyd-Hoare Style Program Verification

Semantics and Verification of Software

Predicate Logic. x. x + 0 = x. Predicate logic over integer expressions: a language of logical assertions, for example. Why discuss predicate logic?

Verifying Safety Properties of Hybrid Systems.

Predicate Logic. Xinyu Feng 11/20/2013. University of Science and Technology of China (USTC)

Online Appendix to: Types for Atomicity: Static Checking and Inference for Java

State-Dependent Representation Independence (Technical Appendix)

Scalable Analysis of Linear Systems using Mathematical Programming

Abstract Interpretation II

Dynamic logic for Hybrid systems

CS256/Winter 2009 Lecture #1. Zohar Manna. Instructor: Zohar Manna Office hours: by appointment

The Polyranking Principle

Decision Theory and the Logic of Provability

Program Analysis Part I : Sequential Programs

Beyond First-Order Logic

The TLA + proof system

Automata-Theoretic Model Checking of Reactive Systems

Learning Methods for Online Prediction Problems. Peter Bartlett Statistics and EECS UC Berkeley

NICTA Advanced Course. Theorem Proving Principles, Techniques, Applications

Lecture 4 Event Systems

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

DERIVING AND PROVING ABSTRACT NON-INTERFERENCE

Views: Compositional Reasoning for Concurrent Programs

Applied Logic. Lecture 1 - Propositional logic. Marcin Szczuka. Institute of Informatics, The University of Warsaw

Linearity and Passivity

FAIRNESS FOR INFINITE STATE SYSTEMS

Restricted truth predicates in first-order logic

Static Program Analysis using Abstract Interpretation

Automatic Generation of Polynomial Invariants for System Verification

Syntax and semantics of a GPU kernel programming language

The Leader Election Protocol (IEEE 1394)

Integrating State Constraints and Obligations in Situation Calculus

Program verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program

CSE 505, Fall 2008, Midterm Examination 29 October Please do not turn the page until everyone is ready.

Realizability Semantics of Parametric Polymorphism, General References, and Recursive Types

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Bringing class diagrams to life

An Abstract Domain to Infer Ordinal-Valued Ranking Functions

Constraint Solving for Program Verification: Theory and Practice by Example

Institute of Theoretical Computer Science, ETH Zurich

Operational Semantics Using the Partiality Monad

Logical Abduction and its Applications in Program Verification. Isil Dillig MSR Cambridge

MAKING THE UNOBSERVABLE, UNOBSERVABLE.

Coinductive big-step semantics and Hoare logics for nontermination

Discrete Fixpoint Approximation Methods in Program Static Analysis

Temporal Logic of Actions

Hybrid systems and computer science a short tutorial

Relational Reasoning in Natural Language

Scalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa

Functional Object Calculus

arxiv: v1 [cs.lo] 29 May 2014

Verifying Concurrent Memory Reclamation Algorithms with Grace

Logics For Epistemic Programs

Interpolation. Seminar Slides. Betim Musa. 27 th June Albert-Ludwigs-Universität Freiburg

Automatic Verification of Parameterized Data Structures

Anti-unification algorithms and their applications

Imperative Data Parallelism (Correctness)

Extending the Lambda Calculus: An Eager Functional Language

Control Synthesis of Discrete Manufacturing Systems using Timed Finite Automata

OPTIMAL TOKEN ALLOCATION IN TIMED CYCLIC EVENT GRAPHS

Notes on Abstract Interpretation

PSL Model Checking and Run-time Verification via Testers

CSE 505, Fall 2005, Midterm Examination 8 November Please do not turn the page until everyone is ready.

Predicate Abstraction: A Tutorial

An Algorithm Inspired by Constraint Solvers to Infer Inductive Invariants in Numeric Programs

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and

Transcription:

Invariant Generation for Parametrized Systems using Self-Reflection Alejandro Sánchez 1 César Sánchez 1,3 Sriram Sankaranarayanan 2 Bor-Yuh Evan Chang 2 1 IMDEA Software Institute, Spain 2 University of Colorado, USA 3 Spanish Council for Scientific Research (CSIC), Spain Rich Model Toolkit COST Action Meeting, Malta, 17 June 2013

Motivation

Motivation P 1 P 2 P N Consider a finite but unbounded set of processes

Motivation P 1 P 2 P N Consider a finite but unbounded set of processes Running the same program in paralallel

Motivation P 1 P 2 P N Consider a finite but unbounded set of processes Running the same program in paralallel Classical scenarios include: Device drivers Distributed algorithms Concurrent datastructures Robotic swarms Biological Systems

Motivation P 1 P 2 P N GOAL : Automatic Infer Parametrized Invariants Consider a finite but unbounded set of processes Running the same program in paralallel Classical scenarios include: Device drivers Distributed algorithms Concurrent datastructures Robotic swarms Biological Systems

Our Contribution

Our Contribution An automatic abstract-interpretation-based framework Able to reason over parametrized programs Capable of infering indexed invariants

Our Contribution An automatic abstract-interpretation-based framework Able to reason over parametrized programs Capable of infering indexed invariants... and even more important... Adapting existing invariant synthesis techniques Leveraging off-the-shelf sequential invariant generators

Our Contribution An automatic abstract-interpretation-based framework Able to reason over parametrized programs Capable of infering indexed invariants... and even more important... Adapting existing invariant synthesis techniques Leveraging off-the-shelf sequential invariant generators In this talk Introduce the notion of Reflective Abstraction Report first empirical evaluation

Motivating Example: Workstealing

Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: }

Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } next len-1 data

Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } next len-1 data

Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } next len-1 data c end

Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } next len-1 data c end

Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } data c end

Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } data T 1 T i T j T N

Motivating Example: Workstealing global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } data As example, for a 2-indexed invariant T 1 T i T j T N P [1] P [2] materialized materialized

Motivating Example: Workstealing data global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } As example, for a 2-indexed invariant T 1 T i T j T N P [1] P [2] materialized materialized

Motivating Example: Workstealing data global Int len > 0; Array[len] data; Int next = 0; procedure Workstealing local Int c = 0; Int end = 0; 1: if next + 4 len{c := next; end := next + 5; next := next + 5; } 2: while c < end{ 3: data[c] := processdata[c]; 4: c := c + 1; 5: } As example, for a 2-indexed invariant T 1 T i T j T N P [1] P [2] materialized materialized Reflective Abstraction

Motivating Example: Workstealing Invariant examples # Mat. Threads Ψ 0 : next mod 5 = 0 0 Ψ 1 : ( i) 0 c[i] < len 1 Ψ 2 : ( i 1, i 2 ) c[i 1 ] c[i 2 ] 2 data T 1 T i T j T N P [1] P [2] materialized materialized Reflective Abstraction

Reflective Invariants in a Nutshell

Reflective Invariants in a Nutshell Materialized

Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 l 2

Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 next + 5 > len l 2

Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 next + 5 > len l 2 c < end l 3

Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 next + 5 > len l 2 c < end c = c + 1 l 3 processdata[c] l 4

Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 l 2 next + 5 > len c end c < end c = c + 1 l 3 l 5 processdata[c] l 4

Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 l 2 next + 5 > len c end c < end c = c + 1 l 3 l 5 processdata[c] l 4 Transition modifying shared variable next

Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 processdata[c] l 4 Transition modifying shared variable next

Reflective Invariants in a Nutshell Materialized next + 5 len c = next next = next + 5 end = next + 5 l 1 l 2 next + 5 > len c end ( c, end, c, end ) Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 processdata[c] l 4 Transition modifying shared variable next

Reflective Invariants in a Nutshell Materialized l 1 ( c, end, c, end ) l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 processdata[c] l 4

Reflective Invariants in a Nutshell Materialized l 1 ( c, end, c, end ) l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 processdata[c] l 4

Reflective Invariants in a Nutshell Materialized l 1 ( c, end, c, end ) l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 processdata[c] l 4 Over approximation True

Reflective Invariants in a Nutshell Materialized l 1 ( c, end, c, end ) l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 processdata[c] l 4 Over approximation True False

Reflective Invariants in a Nutshell Materialized l 1 ( c, end, c, end ) l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 1. Begin, l Loc, Inv 1 (l) = false processdata[c] l 4

Reflective Invariants in a Nutshell Materialized l 1 ( c, end, c, end ) l 2 next + 5 > len c end Inv@l 1 next + 10 len c = next next = next + 10 end = next + 10 c < end m c = c + 1 l 3 l 5 1. Begin, l Loc, Inv 1 (l) = false l 4 processdata[c] 2. Compute Σ j using Inv j 3. Obtain Inv j+1 = AbsInt(Σ j ) 4. Stop when l Loc, Inv j+1 (l) Inv j (l)

Reflective Abstraction and Inductive Invariants

Reflective Abstraction and Inductive Invariants We define as usual: Parametrized Transition System: Π = G, X, Trs, l 0, Θ Transition: τ = l src, l dst, ρ A reflective abstraction over approximates all parametrized instances of Π by a finite transition system

Reflective Abstraction and Inductive Invariants We define as usual: Parametrized Transition System: Π = G, X, Trs, l 0, Θ Transition: τ = l src, l dst, ρ A reflective abstraction over approximates all parametrized instances of Π by a finite transition system Let Γ[X] be some fixed first-order language of assertions An assertion map η : Loc fin Γ[X] is inductive when: 1. Θ η(l 0 ) 2. for any τ : l src, l dst, ρ, τ(η(l src )) η(l dst )

Reflective Abstraction and Inductive Invariants We define as usual: Parametrized Transition System: Π = G, X, Trs, l 0, Θ Transition: τ = l src, l dst, ρ A reflective abstraction over approximates all parametrized instances of Π by a finite transition system Let Γ[X] be some fixed first-order language of assertions An assertion map η : Loc fin Γ[X] is inductive when: 1. Θ η(l 0 ) 2. for any τ : l src, l dst, ρ, τ(η(l src )) η(l dst ) In formal verification, to show Ψ, we seek an inductive assertion map η s.t. l Loc, η(l) Ψ

Reflective Abstraction and Inductive Invariants Given Π = G, X, Loc, Trs, l 0, Θ and assertion map η, we define: Reflect Π (η) as a sequential transition system with: variables : G X locations : Loc transitions : Trs { (τ, η, l) τ Trs and l Loc } pres(x) ( Y, Y ) ( η(l src )[G, Y ] ρ[g, Y, G, Y ] ) l

Theorem: Reflection Soundness Let η be an inductive assertion map for Reflect Π (η), then for each location l of Π, η(l) is a 1-index invariant

Theorem: Reflection Soundness Let η be an inductive assertion map for Reflect Π (η), then for each location l of Π, η(l) is a 1-index invariant What about k-index invariants? Start from Π Π }{{} k To obtain an assertion map η k : Loc Loc fin Γ[X]

Reflective Abstract Interpretation We iteratively generate invariants for parametrized systems As fix point of a monotone operator over an abstract domain Applying abstract interpretation on reflective abstractions η = lfp F (, Σ)

Reflective Abstract Interpretation We consider 3 schemas: Lazy: η Lazy = lfp G L,Π ( ) G L,Π ( η) def = lfp F (, Reflect Π (γ η)) Eager: η Eager = lfp G E,Π ( ) G E,Π ( η) def = F ( η, Reflect Π (γ η)) Eager+: η Eager+ = lfp G E +,Π( ) G E,Π ( η) def = lfp F (, Reflect Π (γ η Eager ))

Reflective Abstraction vs. Interference Abstraction

Reflective Abstraction vs. Interference Abstraction Consider the following example: global Int g 0; Thread P { local Int x = 0; 1: await(g > 0); x := g; g := 0; 2: x := x + 1 3: g := x 4: }

Reflective Abstraction vs. Interference Abstraction Consider the following example: global Int g 0; Thread P { local Int x = 0; 1: await(g > 0); x := g; g := 0; 2: x := x + 1 3: g := x 4: } For the, considering transition 3, we have: ( x) η(l 3 ) g = x

Reflective Abstraction vs. Interference Abstraction Consider the following example: global Int g 0; Thread P { local Int x = 0; 1: await(g > 0); x := g; g := 0; 2: x := x + 1 3: g := x 4: } For the, considering transition 3, we have: ( x) η(l 3 ) g = x Interference Abstraction Reflective Abstraction

Reflective Abstraction vs. Interference Abstraction Consider the following example: global Int g 0; Thread P { local Int x = 0; 1: await(g > 0); x := g; g := 0; 2: x := x + 1 3: g := x 4: } For the, considering transition 3, we have: ( x) η(l 3 ) g = x Interference Abstraction over approximates from True Reflective Abstraction fails to derive g 0 (a non- deterministic update to g)

Reflective Abstraction vs. Interference Abstraction Consider the following example: global Int g 0; Thread P { local Int x = 0; 1: await(g > 0); x := g; g := 0; 2: x := x + 1 3: g := x 4: } For the, considering transition 3, we have: ( x) η(l 3 ) g = x Interference Abstraction over approximates from True Reflective Abstraction over approximates from False fails to derive g 0 (a non- deterministic update to g) incrementally infers invs over x (derives g 0)

Empirical Evaluation We study these examples (2-75 locs., 6-24 vars., 4-49 trans.): Simple software barrier Centralized software barrier Workstealing Generalized dinning philosophers Robot swarm moving on a m n grid

Empirical Evaluation We study these examples (2-75 locs., 6-24 vars., 4-49 trans.): Simple software barrier Centralized software barrier Workstealing Generalized dinning philosophers Robot swarm moving on a m n grid We compare 4 schemes: Lazy Eager Eager+ Interference

Empirical Evaluation Results: ID Dom Prps Lazy Eager Eager+ Interf. Time Wid* Prp Time Wid Prp Time Wid Prp Time Wid Prp Tbar I 4 0.1 2 0 0.1 5 0 0.1 5 0 0.1 4 0 P 0.2 4 4 0.1 5 4 0.1 5 4 0.1 4 4 O 0.8 3 3 0.1 5 3 0.1 5 3 0.1 4 3 Wsteal I 5 0.3 6 2 0.1 5 1 0.1 5 1 0.1 4 0 P 2.4 6 1 0.1 7 1 0.2 7 3 0.1 7 5 O 8.2 6 4 7.5 6 4 0.2 6 4 6.2 5 4 Cbar I 9 0.9 3 4 0.1 7 0 0.1 8 0 0.1 7 0 P TO 0 1.7 11 4 2.7 12 5 1.1 10 6 O TO 0 7.5 9 6 11.3 9 6 6.2 8 4 Phil I 14 1.9 4 2 0.1 8 2 0.1 8 2 0.1 7 0 P 11.8 6 14 1.1 11 8 1.8 11 8 6.3 13 14 O TO 0 25 12 4 40 12 4 20 12 4 Rb(2,2) I 16 31.3 8 4 0.4 10 4 0.4 11 4 0.2 10 0 P TO 0 9.3 22 3 15 23 3 5.8 15 4 O TO 0 142 25 3 225 26 3 105 18 3 Rb(2,3) I 18 133 8 6 0.7 10 6 0.9 11 6 0.5 10 0 P TO 0 23 22 5 36.8 23 5 16 15 5 O TO 0 404 25 5 629 26 5 320 18 5 Rb(3,3) I 23 1141 8 9 1.6 10 9 2.1 11 9 0.9 10 0 P TO 0 68.2 22 8 111.5 23 8 52 15 8 O TO 0 1414 25 8 2139 26 8 1168 18 8 Rb(4,4) I 29 TO 0 6.7 11 16 9.4 11 16 3.2 11 0 P TO 0 49 23 15 396 23 15 303 15 15 O TO 0 TO 0 TO 0 TO 0

Empirical Evaluation Results: ID Dom Prps Lazy Eager Eager+ Interf. Time Wid* Prp Time Wid Prp Time Wid Prp Time Wid Prp Tbar I 4 0.1 2 0 0.1 5 0 0.1 5 0 0.1 4 0 P 0.2 4 4 0.1 5 4 0.1 5 4 0.1 4 4 O 0.8 3 3 0.1 5 3 0.1 5 3 0.1 4 3 Wsteal I 5 0.3 6 2 0.1 5 1 0.1 5 1 0.1 4 0 P 2.4 6 1 0.1 7 1 0.2 7 3 0.1 7 5 O 8.2 6 4 7.5 6 4 0.2 6 4 6.2 5 4 Cbar I 9 0.9 3 4 0.1 7 0 0.1 8 0 0.1 7 0 P TO 0 1.7 11 4 2.7 12 5 1.1 10 6 O TO 0 7.5 9 6 11.3 9 6 6.2 8 4 Phil I 14 1.9 4 2 0.1 8 2 0.1 8 2 0.1 7 0 P 11.8 6 14 1.1 11 8 1.8 11 8 6.3 13 14 O TO 0 25 12 4 40 12 4 20 12 4 Rb(2,2) I 16 31.3 8 4 0.4 10 4 0.4 11 4 0.2 10 0 P TO 0 9.3 22 3 15 23 3 5.8 15 4 O TO 0 142 25 3 225 26 3 105 18 3 Rb(2,3) I 18 133 8 6 0.7 10 6 0.9 11 6 0.5 10 0 P TO 0 23 22 5 36.8 23 5 16 15 5 O TO 0 404 25 5 629 26 5 320 18 5 Rb(3,3) I 23 1141 8 9 1.6 10 9 2.1 11 9 0.9 10 0 P TO 0 68.2 22 8 111.5 23 8 52 15 8 O TO 0 1414 25 8 2139 26 8 1168 18 8 Rb(4,4) I 29 TO 0 6.7 11 16 9.4 11 16 3.2 11 0 P TO 0 49 23 15 396 23 15 303 15 15 O TO 0 TO 0 TO 0 TO 0 Still interference abstraction is the fastest

Empirical Evaluation Results: ID Dom Prps Lazy Eager Eager+ Interf. Time Wid* Prp Time Wid Prp Time Wid Prp Time Wid Prp Tbar I 4 0.1 2 0 0.1 5 0 0.1 5 0 0.1 4 0 P 0.2 4 4 0.1 5 4 0.1 5 4 0.1 4 4 O 0.8 3 3 0.1 5 3 0.1 5 3 0.1 4 3 Wsteal I 5 0.3 6 2 0.1 5 1 0.1 5 1 0.1 4 0 P 2.4 6 1 0.1 7 1 0.2 7 3 0.1 7 5 O 8.2 6 4 7.5 6 4 0.2 6 4 6.2 5 4 Cbar I 9 0.9 3 4 0.1 7 0 0.1 8 0 0.1 7 0 P TO 0 1.7 11 4 2.7 12 5 1.1 10 6 O TO 0 7.5 9 6 11.3 9 6 6.2 8 4 Phil I 14 1.9 4 2 0.1 8 2 0.1 8 2 0.1 7 0 P 11.8 6 14 1.1 11 8 1.8 11 8 6.3 13 14 O TO 0 25 12 4 40 12 4 20 12 4 Rb(2,2) I 16 31.3 8 4 0.4 10 4 0.4 11 4 0.2 10 0 P TO 0 9.3 22 3 15 23 3 5.8 15 4 O TO 0 142 25 3 225 26 3 105 18 3 Rb(2,3) I 18 133 8 6 0.7 10 6 0.9 11 6 0.5 10 0 P TO 0 23 22 5 36.8 23 5 16 15 5 O TO 0 404 25 5 629 26 5 320 18 5 Rb(3,3) I 23 1141 8 9 1.6 10 9 2.1 11 9 0.9 10 0 P TO 0 68.2 22 8 111.5 23 8 52 15 8 O TO 0 1414 25 8 2139 26 8 1168 18 8 Rb(4,4) I 29 TO 0 6.7 11 16 9.4 11 16 3.2 11 0 P TO 0 49 23 15 396 23 15 303 15 15 O TO 0 TO 0 TO 0 TO 0 Lazy abstraction was the slowest (with many TO)

Empirical Evaluation Results: ID Dom Prps Lazy Eager Eager+ Interf. ID Dom Time(Lazy) Time(Eager) Time(Eager+) Time(Interf) Time Wid* Prp Time Wid Prp Time Wid Prp Time Wid Prp Tbar I 4 0.1 2 0 0.1 5 0 0.1 5 0 0.1 4 0 P 0.2 4 4 0.1 5 4 0.1 5 4 0.1 4 4 O 0.8 3 3 0.1 5 3 0.1 5 3 0.1 4 3 Wsteal P 2.4 0.1 0.2 0.1 O 8.2 7.5 0.2 6.2 Wsteal I 5 0.3 6 2 0.1 5 1 0.1 5 1 0.1 4 0 P 2.4 6 1 0.1 7 1 0.2 7 3 0.1 7 5 O 8.2 6 4 7.5 6 4 0.2 6 4 6.2 5 4 Cbar I 9 0.9 3 4 0.1 7 0 0.1 8 0 0.1 7 0 Cbar P TO P 0 TO 1.7 11 1.7 4 2.7 12 2.75 1.1 1.1 10 6 O TO 0 7.5 9 6 11.3 9 6 6.2 8 4 O TO 7.5 11.3 6.2 Phil I 14 1.9 4 2 0.1 8 2 0.1 8 2 0.1 7 0 P 11.8 6 14 1.1 11 8 1.8 11 8 6.3 13 14 O TO 0 25 12 4 40 12 4 20 12 4 Phil P 11.8 1.1 1.8 6.3 Rb(2,2) I 16 31.3 8 4 0.4 10 4 0.4 11 4 0.2 10 0 P TO 0 9.3 22 3 15 23 3 5.8 15 4 O TO O 0 TO 142 25 25 3 225 26 403 105 20 18 3 Rb(2,3) I 18 133 8 6 0.7 10 6 0.9 11 6 0.5 10 0 P TO 0 23 22 5 36.8 23 5 16 15 5 O TO 0 404 25 5 629 26 5 320 18 5 Rb(3,3) P TO 68.2 111.5 52 O TO 1414 2139 1168 Rb(3,3) I 23 1141 8 9 1.6 10 9 2.1 11 9 0.9 10 0 P TO 0 68.2 22 8 111.5 23 8 52 15 8 O TO 0 1414 25 8 2139 26 8 1168 18 8 Rb(4,4) I 29 TO 0 6.7 11 16 9.4 11 16 3.2 11 0 P TO 0 49 23 15 396 23 15 303 15 15 O TO 0 TO 0 TO 0 TO 0 Polyhedra in general results faster than octagons (possibly due to Apron library)

Empirical Evaluation Results: ID Dom Prps Lazy Eager Eager+ Interf. ID Dom Prps Prp(Lazy) Prp(Eager) Prp(Eager+) Prp(Interf) Time Wid* Prp Time Wid Prp Time Wid Prp Time Wid Prp Tbar I 4 0.1 2 0 0.1 5 0 0.1 5 0 0.1 4 0 P 0.2 4 4 0.1 5 4 0.1 5 4 0.1 4 4 O 0.8 3 3 0.1 5 3 0.1 5 3 0.1 4 3 Wsteal I 5 2 1 1 0 Wsteal I 5 0.3 6 2 0.1 5 1 0.1 5 1 0.1 4 0 P P2.4 6 1 0.1 1 7 1 1 0.2 7 3 3 0.1 7 5 5 O 8.2 6 4 7.5 6 4 0.2 6 4 6.2 5 4 Cbar I 9 0.9 3 4 0.1 7 0 0.1 8 0 0.1 7 0 Cbar P TO I 9 0 1.7 4 11 4 0 2.7 12 5 0 1.1 10 0 6 O TO 0 7.5 9 6 11.3 9 6 6.2 8 4 P 0 4 5 6 Phil I 14 1.9 4 2 0.1 8 2 0.1 8 2 0.1 7 0 P 11.8 6 14 1.1 11 8 1.8 11 8 6.3 13 14 O TO 0 25 12 4 40 12 4 20 12 4 Phil I 14 2 2 2 0 P 14 8 8 14 Rb(2,2) I 16 31.3 8 4 0.4 10 4 0.4 11 4 0.2 10 0 P TO 0 9.3 22 3 15 23 3 5.8 15 4 O TO 0 142 25 3 225 26 3 105 18 3 Rb(2,3) I 18 133 8 6 0.7 10 6 0.9 11 6 0.5 10 0 P TO 0 23 22 5 36.8 23 5 16 15 5 O TO 0 404 25 5 629 26 5 320 18 5 Rb(4,4) I 29 0 16 16 0 Rb(3,3) I 23 1141 8 9 1.6 10 9 2.1 11 9 0.9 10 0 P TO P 0 68.2 0 22 8 15111.5 23 815 52 15 15 8 O TO 0 1414 25 8 2139 26 8 1168 18 8 Rb(4,4) I 29 TO 0 6.7 11 16 9.4 11 16 3.2 11 0 P TO 0 49 23 15 396 23 15 303 15 15 O TO 0 TO 0 TO 0 TO 0 Interference infers more properties in polyhedra,

Empirical Evaluation Results: ID Dom Prps Lazy Eager Eager+ Interf. ID Dom Prps Prp(Lazy) Prp(Eager) Prp(Eager+) Prp(Interf) Time Wid* Prp Time Wid Prp Time Wid Prp Time Wid Prp Tbar I 4 0.1 2 0 0.1 5 0 0.1 5 0 0.1 4 0 P 0.2 4 4 0.1 5 4 0.1 5 4 0.1 4 4 O 0.8 3 3 0.1 5 3 0.1 5 3 0.1 4 3 Wsteal I 5 2 1 1 0 Wsteal I 5 0.3 6 2 0.1 5 1 0.1 5 1 0.1 4 0 P P2.4 6 1 0.1 1 7 1 1 0.2 7 3 3 0.1 7 5 5 O 8.2 6 4 7.5 6 4 0.2 6 4 6.2 5 4 Cbar I 9 0.9 3 4 0.1 7 0 0.1 8 0 0.1 7 0 Cbar P TO I 9 0 1.7 4 11 4 0 2.7 12 5 0 1.1 10 0 6 O TO 0 7.5 9 6 11.3 9 6 6.2 8 4 P 0 4 5 6 Phil I 14 1.9 4 2 0.1 8 2 0.1 8 2 0.1 7 0 P 11.8 6 14 1.1 11 8 1.8 11 8 6.3 13 14 O TO 0 25 12 4 40 12 4 20 12 4 Phil I 14 2 2 2 0 P 14 8 8 14 Rb(2,2) I 16 31.3 8 4 0.4 10 4 0.4 11 4 0.2 10 0 P TO 0 9.3 22 3 15 23 3 5.8 15 4 O TO 0 142 25 3 225 26 3 105 18 3 Rb(2,3) I 18 133 8 6 0.7 10 6 0.9 11 6 0.5 10 0 P TO 0 23 22 5 36.8 23 5 16 15 5 O TO 0 404 25 5 629 26 5 320 18 5 Rb(4,4) I 29 0 16 16 0 Rb(3,3) I 23 1141 8 9 1.6 10 9 2.1 11 9 0.9 10 0 P TO P 0 68.2 0 22 8 15111.5 23 815 52 15 15 8 O TO 0 1414 25 8 2139 26 8 1168 18 8 Rb(4,4) I 29 TO 0 6.7 11 16 9.4 11 16 3.2 11 0 P TO 0 49 23 15 396 23 15 303 15 15 O TO 0 TO 0 TO 0 TO 0 Interference infers more properties in polyhedra, but less in intervals

Empirical Evaluation Relative strengths of inferred invariants ID Dom L:E L:E+ L:In E:In E+:In E:E+ Tbar I + + + = P = = + + + = O = = + + + = Wsteal I + + + + + = P + O = = + + + = Cbar I + + + = P TO TO TO O TO TO TO + + = Phil I + + + + + = P + + + = O TO TO TO + + = Rb(2,2) I + + + + + = P TO TO TO O TO TO TO + Rb(2,3) I + + + + + = P TO TO TO O TO TO TO + Rb(3,3) I + + + + + = P TO TO TO O TO TO TO + Rb(4,4) I TO TO TO + + = P TO TO TO O TO TO TO TO TO TO

Empirical Evaluation Relative strengths of inferred invariants ID Dom L:E L:E+ L:In E:In E+:In E:E+ Tbar I + + + = P = = + + + = O = = + + + = Wsteal I + + + + + = P + O = = + + + = Cbar I + + + = P TO TO TO O TO TO TO + + = Phil I + + + + + = P + + + = O TO TO TO + + = Rb(2,2) I + + + + + = P TO TO TO O TO TO TO + Rb(2,3) I + + + + + = P TO TO TO O TO TO TO + Rb(3,3) I + + + + + = P TO TO TO O TO TO TO + Rb(4,4) I TO TO TO + + = P TO TO TO O TO TO TO TO TO TO Lazy, eager and eager+ prove stronger invariants for interval domain compared to interference

Empirical Evaluation Relative strengths of inferred invariants ID Dom L:E L:E+ L:In E:In E+:In E:E+ Tbar I + + + = P = = + + + = O = = + + + = Wsteal I + + + + + = P + O = = + + + = Cbar I + + + = P TO TO TO O TO TO TO + + = Phil I + + + + + = P + + + = O TO TO TO + + = Rb(2,2) I + + + + + = P TO TO TO O TO TO TO + Rb(2,3) I + + + + + = P TO TO TO O TO TO TO + Rb(3,3) I + + + + + = P TO TO TO O TO TO TO + Rb(4,4) I TO TO TO + + = P TO TO TO O TO TO TO TO TO TO Trend is reversed for polyhedra domain

Conclusions We presented a new technique: Reflective Abstraction Helpful to infer k-indexed invariants on parametrized systems Enables leveraging off-the-shelf invariant generators We studied three variants of reflective abstraction, analyzing their relative strength in inferring invariants Possible future directions, study the possibility of additional structure on the summarized threads

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback