Download presentation
Presentation is loading. Please wait.
Published byRoss Chase Modified over 9 years ago
1
© 2015 Carnegie Mellon University Property Directed Polyhedral Abstraction Nikolaj Bjørner and Arie Gurfinkel VMCAI 2015
2
2 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Copyright 2015 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. DM-0002065
3
3 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Abstract Interpretation versus Model Checking Abstract Interpretation strength: scalability weakness: precision Domain: Convex Polyhedra Model Checking strength: precision weakness: scalability Domain: QFLRA (quantifier free fragment of FO over linear arithmetic) How to simulate Poly Abstract Interpretation in QFLRA MC
4
4 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University For the Impatient Polyhedral Abstract Interpration Convex hull Dual representation Fourier-Motzkin Quantifier Elimination Scales to a few dimensions QFLRA Model Checking Simplex Interpolation Farkas Lemma Farkas Consequences Scales to many dimensions “Simulate” Fourier-Motzkin by Simplex and Interpolation
5
5 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Abstract Interpretation Background
6
6 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Polyhedral Abstract Domain Convex hull of X 2 Q n, CH (X) = { g*x + (1-g)*y | x,y 2 X, 0 · g · 1} the smallest convex polyhedron containing X Convex closure CC(X) is a topological closure of CH(X) e.g., CC(x=0 Æ y=1 Ç x ¸ 0 Æ x = y) = 0 · x · y · x+1 Polyhedral Abstract Domain the domain of convex polyhedra abstraction: ®(X) = CC(X) concretization: °(X) = X join: P 1 t P 2 = CC(P1[ P2) meet: P 1 u P 2 = P 1 Å P 2 widening: P 1 r P 2 = {H is a half-space of P 1 | P 2 H} Abstract Transformers forward: post ® (X) = CC (post (X)) backward: pre ® (X) = CC (pre (X))
7
7 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Problem 1: Computing Best Abstract Image Assume concrete post is a forward image of a transition relation ½ post(X) = F(X), where F(X) = 9 u. (X(u) Æ ½(u,v)) Ç Init(v) and, ½(u,v) and Init(v) are in QFLRA Then, post ® ( X ) = project(u, CC (X Æ ½ (u, v) Ç Init (v) ) ) where, project(u, ) drops variables/dimensions u from How to approximate best abstract image without CC and project?
8
8 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Approximating Abstract Image Three Ingredients 1. Interpolation 1. Syntactic Convex Closure 2. Property-Directed
9
9 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Craig Interpolation Theorem Theorem (Craig 1957) Let A and B be two First Order (FO) formulae such that A ) :B, then there exists a FO formula I, denoted ITP(A, B), such that A ) I I ) :B atoms(I) 2 atoms(A) Å atoms(B) A Craig interpolant ITP(A, B) can be effectively constructed from a resolution proof of unsatisfiability of A Æ B In Model Cheching, Craig Interpolation Theorem is used to safely over- approximate the set of (finitely) reachable states
10
10 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Craig Interpolation for Linear Arithmetic Useful properties of existing interpolation algorithms [CGS10] [HB12] I 2 ITP (A, B) then :I 2 ITP (B, A) if A is syntactically convex (a monomial), then I is convex if B is syntactically convex, then I is co-convex (a clause) if A and B are syntactically convex, then I is a half-space A A B B I I
11
11 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Syntactic Convex Closure Definition: Let {P i (x) = A i * x · a i } be a set of polyhedra. A syntactic convex closure cc({P i }) is defined as the following set of constraints: Theorem: Let {P i (x) = A i * x · a i } be a set of polyhedra, then CC({P i }) = 9 V. cc({P i }) where V = {z i } [ {¾ i } Florence Benoy, Andy King, Frédéric Mesnard: Computing convex hulls with a linear solver. TPLP 5(1-2): 259-271 (2005)
12
12 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Syntactic Convex Closure Definition: Let {P i (x) = A i * x · a i } be a set of polyhedra. A syntactic convex closure cc({P i }) is defined as the following set of constraints: Theorem: Let {P i (x) = A i * x · a i } be a set of polyhedra, then CC({P i }) = 9 V. cc({P i }) where V = {z i } [ {¾ i } Florence Benoy, Andy King, Frédéric Mesnard: Computing convex hulls with a linear solver. TPLP 5(1-2): 259-271 (2005)
13
13 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Approximating Best Abstract Image Recall, post(X) = F(X), where F(X) = 9 u. (X Æ ½) Ç Init Problem: given X and a syntactically convex set of bad states B, find I 2 Poly such that post ® (X) v I and I u B = ? Solution: let D 1 Ç Ç D n be a DNF of (X Æ ½) Ç Init in let A = cc ({D 1, …, D n }) in ITP (A, B) Claim: The procedure above is sound and complete A and B are syntactically convex ITP(A,B) is a half-space SAT(A Æ B) $ post ® (X) u B A ?
14
14 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University CCSAT: An Efficient Implementation
15
15 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Programs, Cexs, Invariants A program P = (V, Init, ½, Bad) P is UNSAFE if and only if there exists a number N s.t. P is SAFE if and only if there exists a safe inductive invariant Inv s.t. Inductive Safe
16
16 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University IC3/PDR in Pictures MkSafe
17
17 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University IC3/PDR in Pictures Cex Queue Trace Frame R 0 Frame R 1 lemma cex MkSafe
18
18 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Inductive IC3/PDR in Pictures Propagate
19
19 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Inductive IC3/PDR in Pictures Propagate PDR Invariants R i : Bad Init R i R i R i+1 R i Æ ½ R i+1 PDR Invariants R i : Bad Init R i R i R i+1 R i Æ ½ R i+1
20
20 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University IC3/PDR
21
21 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University IC3/PDR
22
22 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Extending PDR to Arithmetic: APDR Model Based Projection: MBP(v, m, F) [KGC’14] generates an implicant of 9 v. F that contains the model m Counter-examples are monomials (conjunction of inequalities) Lemmas are clauses (disjunction of inequalities) APDR computes an (possibly non-convex) QFLRA invariant in CNF
23
23 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Kleene Forward Iteration
24
24 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University FPDR: Simulating Poly Kleene iteration w/ PDR Observations Counter-examples are monomials Lemmas are single inequalities (half-spaces) Invariants are conjunction of inequalities (convex) Widening is “simulated” by not generating strongest possible lemmas Observations Counter-examples are monomials Lemmas are single inequalities (half-spaces) Invariants are conjunction of inequalities (convex) Widening is “simulated” by not generating strongest possible lemmas Computed using CCSAT
25
25 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University FPDR Properties Theorem 1 (Soundness) If R i+1 R i, then post ® * (Init) u Bad = ? Theorem 2 (Abstract Completeness) If FPDR returns AbstractReachable, then post ® N (Init) u Bad A ?
26
26 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Chaotic Backward Iteration
27
27 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University BPDR: Simulating Poly Backward w/ PDR Observations One lemma per frame (each new lemma is stronger than all previous ones) Lemmas are disjunction of inequalities Computed invariant is co-convex Observations One lemma per frame (each new lemma is stronger than all previous ones) Lemmas are disjunction of inequalities Computed invariant is co-convex A set instead of a queue
28
28 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University BPDR Properties Theorem 1 (Soundness) If R i+1 R i, then pre ® * (Init) u Bad = ? Theorem 2 (Abstract Completeness) If BPDR returns AbstractReachable, then pre ® N (Init) u Bad A ?
29
29 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Conclusion We mimic Polyhedral Abstract Interpretation w/ Arithmetic PDR use syntactic convex closure to decide existence of an abstract image use interpolation to compute an abstract element compute convex inductive invariants Works well for small crafted examples see paper for details available at https://z3.codeplex.com/SourceControl/network/forks/arie/zaghttps://z3.codeplex.com/SourceControl/network/forks/arie/zag Our Forward and Backward PDR rules can be mixed see paper for details automatic abstraction refinement – use new abstract rules until counterexample is found – use APDR rules to refine
30
30 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University
31
31 PolyPDR Nikolaj Bjørner and Arie Gurfinkel © 2015 Carnegie Mellon University Contact Information Arie Gurfinkel Senior Researcher SEI / CMU Telephone: +1 412-268-5800 Email: arie@sei.cmu.edu U.S. Mail Software Engineering Institute Customer Relations 4500 Fifth Avenue Pittsburgh, PA 15213-2612 USA Web www.sei.cmu.edu www.sei.cmu.edu/contact.cfm Customer Relations Email: info@sei.cmu.edu Telephone: +1 412-268-5800 SEI Phone: +1 412-268-5800 SEI Fax: +1 412-268-6257
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.