9,365 research outputs found
Hardware-Dependent Proofs of Numerical Programs
International audienceWe present an approach for proving behavioral properties of numerical programs by analyzing their compiled assembly code. We focus on the issues and traps that may arise on floating-point computa- tions. Direct analysis of the assembly code allows us to take into account architecture- or compiler-dependent features such as the possible use of extended precision registers. The approach is implemented on top of the generic Why platform for deductive verifi cation, which allows us to perform experiments where proofs are discharged by combining several back-end automatic provers
Thread-Modular Static Analysis for Relaxed Memory Models
We propose a memory-model-aware static program analysis method for accurately
analyzing the behavior of concurrent software running on processors with weak
consistency models such as x86-TSO, SPARC-PSO, and SPARC-RMO. At the center of
our method is a unified framework for deciding the feasibility of inter-thread
interferences to avoid propagating spurious data flows during static analysis
and thus boost the performance of the static analyzer. We formulate the
checking of interference feasibility as a set of Datalog rules which are both
efficiently solvable and general enough to capture a range of hardware-level
memory models. Compared to existing techniques, our method can significantly
reduce the number of bogus alarms as well as unsound proofs. We implemented the
method and evaluated it on a large set of multithreaded C programs. Our
experiments showthe method significantly outperforms state-of-the-art
techniques in terms of accuracy with only moderate run-time overhead.Comment: revised version of the ESEC/FSE 2017 pape
Certifying cost annotations in compilers
We discuss the problem of building a compiler which can lift in a provably
correct way pieces of information on the execution cost of the object code to
cost annotations on the source code. To this end, we need a clear and flexible
picture of: (i) the meaning of cost annotations, (ii) the method to prove them
sound and precise, and (iii) the way such proofs can be composed. We propose a
so-called labelling approach to these three questions. As a first step, we
examine its application to a toy compiler. This formal study suggests that the
labelling approach has good compositionality and scalability properties. In
order to provide further evidence for this claim, we report our successful
experience in implementing and testing the labelling approach on top of a
prototype compiler written in OCAML for (a large fragment of) the C language
Hardware-Independent Proofs of Numerical Programs
On recent architectures, a numerical program may give different answers depending on the execution hardware and the compilation. Our goal is to formally prove properties about numerical programs that are true for multiple architectures and compilers. We propose an approach that states the rounding error of each floating-point computation whatever the environment. This approach is implemented in the Frama-C platform for static analysis of C code. Small case studies using this approach are entirely and automatically prove
Automatic Termination Analysis of Programs Containing Arithmetic Predicates
For logic programs with arithmetic predicates, showing termination is not
easy, since the usual order for the integers is not well-founded. A new method,
easily incorporated in the TermiLog system for automatic termination analysis,
is presented for showing termination in this case.
The method consists of the following steps: First, a finite abstract domain
for representing the range of integers is deduced automatically. Based on this
abstraction, abstract interpretation is applied to the program. The result is a
finite number of atoms abstracting answers to queries which are used to extend
the technique of query-mapping pairs. For each query-mapping pair that is
potentially non-terminating, a bounded (integer-valued) termination function is
guessed. If traversing the pair decreases the value of the termination
function, then termination is established. Simple functions often suffice for
each query-mapping pair, and that gives our approach an edge over the classical
approach of using a single termination function for all loops, which must
inevitably be more complicated and harder to guess automatically. It is worth
noting that the termination of McCarthy's 91 function can be shown
automatically using our method.
In summary, the proposed approach is based on combining a finite abstraction
of the integers with the technique of the query-mapping pairs, and is
essentially capable of dividing a termination proof into several cases, such
that a simple termination function suffices for each case. Consequently, the
whole process of proving termination can be done automatically in the framework
of TermiLog and similar systems.Comment: Appeared also in Electronic Notes in Computer Science vol. 3
- …