24 research outputs found
A Dual-Engine for Early Analysis of Critical Systems
This paper presents a framework for modeling, simulating, and checking
properties of critical systems based on the Alloy language -- a declarative,
first-order, relational logic with a built-in transitive closure operator. The
paper introduces a new dual-analysis engine that is capable of providing both
counterexamples and proofs. Counterexamples are found fully automatically using
an SMT solver, which provides a better support for numerical expressions than
the existing Alloy Analyzer. Proofs, however, cannot always be found
automatically since the Alloy language is undecidable. Our engine offers an
economical approach by first trying to prove properties using a
fully-automatic, SMT-based analysis, and switches to an interactive theorem
prover only if the first attempt fails. This paper also reports on applying our
framework to Microsoft's COM standard and the mark-and-sweep garbage collection
algorithm.Comment: Workshop on Dependable Software for Critical Infrastructures (DSCI),
Berlin 201
Using Program Synthesis for Program Analysis
In this paper, we identify a fragment of second-order logic with restricted
quantification that is expressive enough to capture numerous static analysis
problems (e.g. safety proving, bug finding, termination and non-termination
proving, superoptimisation). We call this fragment the {\it synthesis
fragment}. Satisfiability of a formula in the synthesis fragment is decidable
over finite domains; specifically the decision problem is NEXPTIME-complete. If
a formula in this fragment is satisfiable, a solution consists of a satisfying
assignment from the second order variables to \emph{functions over finite
domains}. To concretely find these solutions, we synthesise \emph{programs}
that compute the functions. Our program synthesis algorithm is complete for
finite state programs, i.e. every \emph{function} over finite domains is
computed by some \emph{program} that we can synthesise. We can therefore use
our synthesiser as a decision procedure for the synthesis fragment of
second-order logic, which in turn allows us to use it as a powerful backend for
many program analysis tasks. To show the tractability of our approach, we
evaluate the program synthesiser on several static analysis problems.Comment: 19 pages, to appear in LPAR 2015. arXiv admin note: text overlap with
arXiv:1409.492
Synchronous Counting and Computational Algorithm Design
Consider a complete communication network on nodes, each of which is a
state machine. In synchronous 2-counting, the nodes receive a common clock
pulse and they have to agree on which pulses are "odd" and which are "even". We
require that the solution is self-stabilising (reaching the correct operation
from any initial state) and it tolerates Byzantine failures (nodes that
send arbitrary misinformation). Prior algorithms are expensive to implement in
hardware: they require a source of random bits or a large number of states.
This work consists of two parts. In the first part, we use computational
techniques (often known as synthesis) to construct very compact deterministic
algorithms for the first non-trivial case of . While no algorithm exists
for , we show that as few as 3 states per node are sufficient for all
values . Moreover, the problem cannot be solved with only 2 states per
node for , but there is a 2-state solution for all values .
In the second part, we develop and compare two different approaches for
synthesising synchronous counting algorithms. Both approaches are based on
casting the synthesis problem as a propositional satisfiability (SAT) problem
and employing modern SAT-solvers. The difference lies in how to solve the SAT
problem: either in a direct fashion, or incrementally within a counter-example
guided abstraction refinement loop. Empirical results suggest that the former
technique is more efficient if we want to synthesise time-optimal algorithms,
while the latter technique discovers non-optimal algorithms more quickly.Comment: 35 pages, extended and revised versio
Modular Synthesis of Sketches Using Models
One problem with the constraint-based approaches to synthesis that have become popular over the last few years is that they only scale to relatively small routines, on the order of a few dozen lines of code. This paper presents a mechanism for modular reasoning that allows us to break larger synthesis problems into small manageable pieces. The approach builds on previous work in the verification community of using high-level specifications and partially interpreted functions (we call them models) in place of more complex pieces of code in order to make the analysis modular.
The main contribution of this paper is to show how to combine these techniques with the counterexample guided synthesis approaches used to efficiently solve synthesis problems. Specifically, we show two new algorithms; one to efficiently synthesize functions that use models, and another one to synthesize functions while ensuring that the behavior of the resulting function will be in the set of behaviors allowed by the model. We have implemented our approach on top of the open-source Sketch synthesis system, and we demonstrate its effectiveness on several Sketch benchmark problems.National Science Foundation (U.S.) (Grant NSF-1116362)National Science Foundation (U.S.) (Grant NSF-1139056)United States. Dept. of Energy (Grant DE-SC0005372
Verified lifting of stencil computations
This paper demonstrates a novel combination of program synthesis and verification to lift stencil computations from low-level Fortran code to a high-level summary expressed using a predicate language. The technique is sound and mostly automated, and leverages counter-example guided inductive synthesis (CEGIS) to find provably correct translations. Lifting existing code to a high-performance description language has a number of benefits, including maintainability and performance portability. For example, our experiments show that the lifted summaries can enable domain specific compilers to do a better job of parallelization as compared to an off-the-shelf compiler working on the original code, and can even support fully automatic migration to hardware accelerators such as GPUs. We have implemented verified lifting in a system called STNG and have evaluated it using microbenchmarks, mini-apps, and real-world applications. We demonstrate the benefits of verified lifting by first automatically summarizing Fortran source code into a high-level predicate language, and subsequently translating the lifted summaries into Halide, with the translated code achieving median performance speedups of 4.1X and up to 24X for non-trivial stencils as compared to the original implementation.United States. Department of Energy. Office of Science (Award DE-SC0008923)United States. Department of Energy. Office of Science (Award DE-SC0005288
Enabling Runtime Verification of Causal Discovery Algorithms with Automated Conditional Independence Reasoning (Extended Version)
Causal discovery is a powerful technique for identifying causal relationships
among variables in data. It has been widely used in various applications in
software engineering. Causal discovery extensively involves conditional
independence (CI) tests. Hence, its output quality highly depends on the
performance of CI tests, which can often be unreliable in practice. Moreover,
privacy concerns arise when excessive CI tests are performed.
Despite the distinct nature between unreliable and excessive CI tests, this
paper identifies a unified and principled approach to addressing both of them.
Generally, CI statements, the outputs of CI tests, adhere to Pearl's axioms,
which are a set of well-established integrity constraints on conditional
independence. Hence, we can either detect erroneous CI statements if they
violate Pearl's axioms or prune excessive CI statements if they are logically
entailed by Pearl's axioms. Holistically, both problems boil down to reasoning
about the consistency of CI statements under Pearl's axioms (referred to as CIR
problem).
We propose a runtime verification tool called CICheck, designed to harden
causal discovery algorithms from reliability and privacy perspectives. CICheck
employs a sound and decidable encoding scheme that translates CIR into SMT
problems. To solve the CIR problem efficiently, CICheck introduces a four-stage
decision procedure with three lightweight optimizations that actively prove or
refute consistency, and only resort to costly SMT-based reasoning when
necessary. Based on the decision procedure to CIR, CICheck includes two
variants: ED-CICheck and ED-CICheck, which detect erroneous CI tests (to
enhance reliability) and prune excessive CI tests (to enhance privacy),
respectively. [abridged due to length limit