2,074 research outputs found
Unrestricted Termination and Non-Termination Arguments for Bit-Vector Programs
Proving program termination is typically done by finding a well-founded
ranking function for the program states. Existing termination provers typically
find ranking functions using either linear algebra or templates. As such they
are often restricted to finding linear ranking functions over mathematical
integers. This class of functions is insufficient for proving termination of
many terminating programs, and furthermore a termination argument for a program
operating on mathematical integers does not always lead to a termination
argument for the same program operating on fixed-width machine integers. We
propose a termination analysis able to generate nonlinear, lexicographic
ranking functions and nonlinear recurrence sets that are correct for
fixed-width machine arithmetic and floating-point arithmetic Our technique is
based on a reduction from program \emph{termination} to second-order
\emph{satisfaction}. We provide formulations for termination and
non-termination in a fragment of second-order logic with restricted
quantification which is decidable over finite domains. The resulted technique
is a sound and complete analysis for the termination of finite-state programs
with fixed-width integers and IEEE floating-point arithmetic
Propositional Reasoning about Safety and Termination of Heap-Manipulating Programs
This paper shows that it is possible to reason about the safety and
termination of programs handling potentially cyclic, singly-linked lists using
propositional reasoning even when the safety invariants and termination
arguments depend on constraints over the lengths of lists. For this purpose, we
propose the theory SLH of singly-linked lists with length, which is able to
capture non-trivial interactions between shape and arithmetic. When using the
theory of bit-vector arithmetic as a background, SLH is efficiently decidable
via a reduction to SAT. We show the utility of SLH for software verification by
using it to express safety invariants and termination arguments for programs
manipulating potentially cyclic, singly-linked lists with unrestricted,
unspecified sharing. We also provide an implementation of the decision
procedure and use it to check safety and termination proofs for several
heap-manipulating programs
Using Program Synthesis for Program Analysis
In this paper, we identify a fragment of second-order logic with restricted
quantification that is expressive enough to capture numerous static analysis
problems (e.g. safety proving, bug finding, termination and non-termination
proving, superoptimisation). We call this fragment the {\it synthesis
fragment}. Satisfiability of a formula in the synthesis fragment is decidable
over finite domains; specifically the decision problem is NEXPTIME-complete. If
a formula in this fragment is satisfiable, a solution consists of a satisfying
assignment from the second order variables to \emph{functions over finite
domains}. To concretely find these solutions, we synthesise \emph{programs}
that compute the functions. Our program synthesis algorithm is complete for
finite state programs, i.e. every \emph{function} over finite domains is
computed by some \emph{program} that we can synthesise. We can therefore use
our synthesiser as a decision procedure for the synthesis fragment of
second-order logic, which in turn allows us to use it as a powerful backend for
many program analysis tasks. To show the tractability of our approach, we
evaluate the program synthesiser on several static analysis problems.Comment: 19 pages, to appear in LPAR 2015. arXiv admin note: text overlap with
arXiv:1409.492
Synthesising interprocedural bit-precise termination proofs
Proving program termination is key to guaranteeing absence of undesirable behaviour, such as hanging programs and even security vulnerabilities such as denial-of-service attacks. To make termination checks scale to large systems, interprocedural termination analysis seems essential, which is a largely unexplored area of research in termination analysis, where most effort has focussed on difficult single-procedure problems. We present a modular termination analysis for C programs using template-based interprocedural summarisation. Our analysis combines a context-sensitive, over-approximating forward analysis with the inference of under-approximating preconditions for termination. Bit-precise termination arguments are synthesised over lexicographic linear ranking function templates. Our experimental results show that our tool 2LS outperforms state-of-the-art alternatives, and demonstrate the clear advantage of interprocedural reasoning over monolithic analysis in terms of efficiency, while retaining comparable precision
A Typed Language for Truthful One-Dimensional Mechanism Design
We first introduce a very simple typed language for expressing allocation algorithms that allows automatic verification that an algorithm is monotonic and therefore truthful. The analysis of truthfulness is accomplished using a syntax-directed transformation which constructs a proof of monotonicity based on an exhaustive critical-value analysis of the algorithm. We then define a more high-level, general-purpose programming language with typical constructs, such as those for defining recursive functions, along with primitives that match allocation algorithm combinators found in the work of Mu'alem and Nisan [10]. We demonstrate how this language can be used to combine both primitive and user-defined combinators, allowing it to capture a collection of basic truthful allocation algorithms. In addition to demonstrating the value of programming language design techniques in application to a specific domain, this work suggests a blueprint for interactive tools that can be used to teach the simple principles of truthful mechanism desig
Complexity of Bradley-Manna-Sipma Lexicographic Ranking Functions
In this paper we turn the spotlight on a class of lexicographic ranking
functions introduced by Bradley, Manna and Sipma in a seminal CAV 2005 paper,
and establish for the first time the complexity of some problems involving the
inference of such functions for linear-constraint loops (without precondition).
We show that finding such a function, if one exists, can be done in polynomial
time in a way which is sound and complete when the variables range over the
rationals (or reals). We show that when variables range over the integers, the
problem is harder -- deciding the existence of a ranking function is
coNP-complete. Next, we study the problem of minimizing the number of
components in the ranking function (a.k.a. the dimension). This number is
interesting in contexts like computing iteration bounds and loop
parallelization. Surprisingly, and unlike the situation for some other classes
of lexicographic ranking functions, we find that even deciding whether a
two-component ranking function exists is harder than the unrestricted problem:
NP-complete over the rationals and -complete over the integers.Comment: Technical report for a corresponding CAV'15 pape
Calibrating Generative Models: The Probabilistic Chomsky-SchĂĽtzenberger Hierarchy
A probabilistic Chomsky–Schützenberger hierarchy of grammars is introduced and studied, with the aim of understanding the expressive power of generative models. We offer characterizations of the distributions definable at each level of the hierarchy, including probabilistic regular, context-free, (linear) indexed, context-sensitive, and unrestricted grammars, each corresponding to familiar probabilistic machine classes. Special attention is given to distributions on (unary notations for) positive integers. Unlike in the classical case where the "semi-linear" languages all collapse into the regular languages, using analytic tools adapted from the classical setting we show there is no collapse in the probabilistic hierarchy: more distributions become definable at each level. We also address related issues such as closure under probabilistic conditioning
Program Synthesis for Program Analysis
In this article, we propose a unified framework for designing static analysers based on program synthesis. For this purpose, we identify a fragment of second-order logic with restricted quantification that is expressive enough to model numerous static analysis problems (e.g., safety proving, bug finding, termination and non-termination proving, refactoring). As our focus is on programs that use bit-vectors, we build a decision procedure for this fragment over finite domains in the form of a program synthesiser. We provide instantiations of our framework for solving a diverse range of program verification tasks such as termination, non-termination, safety and bug finding, superoptimisation, and refactoring. Our experimental results show that our program synthesiser compares positively with specialised tools in each area as well as with general-purpose synthesisers
The Rooster and the Syntactic Bracket
We propose an extension of pure type systems with an algebraic presentation
of inductive and co-inductive type families with proper indices. This type
theory supports coercions toward from smaller sorts to bigger sorts via
explicit type construction, as well as impredicative sorts. Type families in
impredicative sorts are constructed with a bracketing operation. The necessary
restrictions of pattern-matching from impredicative sorts to types are confined
to the bracketing construct. This type theory gives an alternative presentation
to the calculus of inductive constructions on which the Coq proof assistant is
an implementation.Comment: To appear in the proceedings of the 19th International Conference on
Types for Proofs and Program
- …