153 research outputs found
Amortised resource analysis with separation logic
Type-based amortised resource analysis following Hofmann and Jost—where resources are associated with individual elements of data structures and doled out to the programmer under a linear typing discipline—have been successful in providing concrete resource bounds for functional programs, with good support for inference. In this work we translate the idea of amortised resource analysis to imperative languages by embedding a logic of resources, based on Bunched Implications, within Separation Logic. The Separation Logic component allows us to assert the presence and shape of mutable data structures on the heap, while the resource component allows us to state the resources associated with each member of the structure. We present the logic on a small imperative language with procedures and mutable heap, based on Java bytecode. We have formalised the logic within the Coq proof assistant and extracted a certified verification condition generator. We demonstrate the logic on some examples, including proving termination of in-place list reversal on lists with cyclic tails
A Logical Product Approach to Zonotope Intersection
We define and study a new abstract domain which is a fine-grained combination
of zonotopes with polyhedric domains such as the interval, octagon, linear
templates or polyhedron domain. While abstract transfer functions are still
rather inexpensive and accurate even for interpreting non-linear computations,
we are able to also interpret tests (i.e. intersections) efficiently. This
fixes a known drawback of zonotopic methods, as used for reachability analysis
for hybrid sys- tems as well as for invariant generation in abstract
interpretation: intersection of zonotopes are not always zonotopes, and there
is not even a best zonotopic over-approximation of the intersection. We
describe some examples and an im- plementation of our method in the APRON
library, and discuss some further in- teresting combinations of zonotopes with
non-linear or non-convex domains such as quadratic templates and maxplus
polyhedra
Complexity Bounds for Ordinal-Based Termination
`What more than its truth do we know if we have a proof of a theorem in a
given formal system?' We examine Kreisel's question in the particular context
of program termination proofs, with an eye to deriving complexity bounds on
program running times.
Our main tool for this are length function theorems, which provide complexity
bounds on the use of well quasi orders. We illustrate how to prove such
theorems in the simple yet until now untreated case of ordinals. We show how to
apply this new theorem to derive complexity bounds on programs when they are
proven to terminate thanks to a ranking function into some ordinal.Comment: Invited talk at the 8th International Workshop on Reachability
Problems (RP 2014, 22-24 September 2014, Oxford
Flow- and context-sensitive points-to analysis using generalized points-to graphs
© Springer-Verlag GmbH Germany 2016. Bottom-up interprocedural methods of program analysis construct summary flow functions for procedures to capture the effect of their calls and have been used effectively for many analyses. However, these methods seem computationally expensive for flow- and context- sensitive points-to analysis (FCPA) which requires modelling unknown locations accessed indirectly through pointers. Such accesses are com- monly handled by using placeholders to explicate unknown locations or by using multiple call-specific summary flow functions. We generalize the concept of points-to relations by using the counts of indirection levels leaving the unknown locations implicit. This allows us to create sum- mary flow functions in the form of generalized points-to graphs (GPGs) without the need of placeholders. By design, GPGs represent both mem- ory (in terms of classical points-to facts) and memory transformers (in terms of generalized points-to facts). We perform FCPA by progressively reducing generalized points-to facts to classical points-to facts. GPGs distinguish between may and must pointer updates thereby facilitating strong updates within calling contexts. The size of GPGs is linearly bounded by the number of variables and is independent of the number of statements. Empirical measurements on SPEC benchmarks show that GPGs are indeed compact in spite of large procedure sizes. This allows us to scale FCPA to 158 kLoC using GPGs (compared to 35 kLoC reported by liveness-based FCPA). Thus GPGs hold a promise of efficiency and scalability for FCPA without compro- mising precision
SAT Modulo Linear Arithmetic for Solving Polynomial
Polynomial constraint solving plays a prominent role in several areas of
hardware and software analysis and verification, e.g., termination proving, program
invariant generation and hybrid system verification, to name a few. In this paper we
propose a new method for solving non-linear constraints based on encoding the problem
into an SMT problem considering only linear arithmetic. Unlike other existing methods,
our method focuses on proving satisfiability of the constraints rather than on proving
unsatisfiability, which is more relevant in several applications as we illustrate with
several examples. Nevertheless, we also present new techniques based on the analysis
of unsatisfiable cores that allow one to efficiently prove unsatisfiability too for a broad
class of problems. The power of our approach is demonstrated by means of extensive
experiments comparing our prototype with state-of-the-art tools on benchmarks taken
both from the academic and the industrial world
Using Bounded Model Checking to Focus Fixpoint Iterations
Two classical sources of imprecision in static analysis by abstract
interpretation are widening and merge operations. Merge operations can be done
away by distinguishing paths, as in trace partitioning, at the expense of
enumerating an exponential number of paths. In this article, we describe how to
avoid such systematic exploration by focusing on a single path at a time,
designated by SMT-solving. Our method combines well with acceleration
techniques, thus doing away with widenings as well in some cases. We illustrate
it over the well-known domain of convex polyhedra
General Program Synthesis using Guided Corpus Generation and Automatic Refactoring
Program synthesis aims to produce source code based on a user specification, raising the abstraction level of building systems and opening the potential for non-programmers to synthesise their own bespoke services. Both genetic programming (GP) and neural code synthesis have proposed a wide range of approaches to solving this problem, but both have limitations in generality and scope. We propose a hybrid search-based approach which combines (i) a genetic algorithm to autonomously generate a training corpus of programs centred around a set of highly abstracted hints describing interesting features; and (ii) a neural network which trains on this data and automatically refactors it towards a form which makes a more ideal use of the neural network’s representational capacity. When given an unseen program represented as a small set of input and output examples, our neural network is used to generate a rank-ordered search space of what it sees as the most promising programs; we then iterate through this list up to a given maximum search depth. Our results show that this approach is able to find up to 60% of a human-useful target set of programs that it has never seen before, including applying a clip function to the values in an array to restrict them to a given maximum, and offsetting all values in an array
Evaluating Design Tradeoffs in Numeric Static Analysis for Java
Numeric static analysis for Java has a broad range of potentially useful
applications, including array bounds checking and resource usage estimation.
However, designing a scalable numeric static analysis for real-world Java
programs presents a multitude of design choices, each of which may interact
with others. For example, an analysis could handle method calls via either a
top-down or bottom-up interprocedural analysis. Moreover, this choice could
interact with how we choose to represent aliasing in the heap and/or whether we
use a relational numeric domain, e.g., convex polyhedra. In this paper, we
present a family of abstract interpretation-based numeric static analyses for
Java and systematically evaluate the impact of 162 analysis configurations on
the DaCapo benchmark suite. Our experiment considered the precision and
performance of the analyses for discharging array bounds checks. We found that
top-down analysis is generally a better choice than bottom-up analysis, and
that using access paths to describe heap objects is better than using summary
objects corresponding to points-to analysis locations. Moreover, these two
choices are the most significant, while choices about the numeric domain,
representation of abstract objects, and context-sensitivity make much less
difference to the precision/performance tradeoff
Syntactic generation of practice novice programs in Python
Abstract: In the present day, computer programs are written in high level languages and parsed syntactically as part of a compilation process. These parsers are defined with context-free grammars (CFGs), a language recogniser for the respective programming language. Formal grammars in general are used for language recognition or generation. In this paper, we present the automatic generation of procedural programs in Python using a CFG. We have defined CFG rules to model program templates and implemented these rules to produce infinitely many distinct practice programs in Python. Each generated program is designed to test a novice programmer’s knowledge of functions, expressions, loops, and/or conditional statements. The CFG rules are highly generic and can be extended to generate programs in other procedural languages. The resulting programs can be used as practice, test or examination problems in introductory programming courses. 500,000 iterations of generated programs can be found at: https://tinyurl.com/ pythonprogramgenerator. A survey of 103 students’ perception showed that 93.1% strongly agreed that these programs can help them in practice and improve their programming skills
Invariant Synthesis for Incomplete Verification Engines
We propose a framework for synthesizing inductive invariants for incomplete
verification engines, which soundly reduce logical problems in undecidable
theories to decidable theories. Our framework is based on the counter-example
guided inductive synthesis principle (CEGIS) and allows verification engines to
communicate non-provability information to guide invariant synthesis. We show
precisely how the verification engine can compute such non-provability
information and how to build effective learning algorithms when invariants are
expressed as Boolean combinations of a fixed set of predicates. Moreover, we
evaluate our framework in two verification settings, one in which verification
engines need to handle quantified formulas and one in which verification
engines have to reason about heap properties expressed in an expressive but
undecidable separation logic. Our experiments show that our invariant synthesis
framework based on non-provability information can both effectively synthesize
inductive invariants and adequately strengthen contracts across a large suite
of programs
- …