Presentation is loading. Please wait.

Presentation is loading. Please wait.

Constraint-based Invariant Inference. Invariants Dictionary Meaning: A function, quantity, or property which remains unchanged Property (in our context):

Published byMaximillian Gallagher Modified over 9 years ago

Similar presentations

Presentation on theme: "Constraint-based Invariant Inference. Invariants Dictionary Meaning: A function, quantity, or property which remains unchanged Property (in our context):"— Presentation transcript:

1 Constraint-based Invariant Inference

2 Invariants Dictionary Meaning: A function, quantity, or property which remains unchanged Property (in our context): a predicate that holds for some, all, or no states Invariant is a property of a program at a specific program location that holds for every program state that reaches the program point Specifications are invariants at exit points of programs or procedures Also called reachability properties.

3 Invariants x = 0 y = n while(y > 0){ x = x + 1 y = y - 1 } //invariant: x+y = n //invariant: y>=0 => x<=n

4 Inductive Invariants Invariant holds initially Invariant holds at the start of the loop => invariant holds at the end of the loop

5 Not all Invariants are Inductive Invariant cannot be proved by induction

6 Inductive Strengthening Implied by the stronger inductive invariant

7 Formulating Inductiveness x = 0 y = n while(y > 0){ x = x + 1 y = y – 1 } //invariant: y>=0 => x<=n Guard Transition Generally referred to as the verification condition (VC)

8 Formulating Inductive Strengthening x = 0 y = n while(y > 0){ x = x + 1 y = y – 1 } //invariant: y>=0 => x<=n Guard Transition

9 Finding Linear Invariants [Colon et al. CAV ‘03] x = 0 y = n while(y > 0){ x = x + 1 y = y – 1 } //invariant: y>=0 => x<=n Guard Transition Perhaps could be called a parametric VC

10 Finding Template Coefficients Find values for a,b,c s.t. the formula becomes valid Find values for a,b,c s.t. the formula becomes unsatisfiable Farkas’ Lemma: A conjunction of linear inequalities is unsatisfiable iff we can derive 1 <= 0 by performing the following operations: Multiplying the inequalities by a non-negative constant Adding two inequalities Adding (or subtracting) a non-negative constant to one side

11 Farkas’ Lemma Example Farkas’ Lemma: A conjunction of linear inequalities (over reals) is unsatisfiable iff we can derive 1 <= 0 by performing the following operations: Multiplying the inequalities by a non-negative constant Adding two inequalities Adding (or subtracting) a non-negative constant to one side

12 Automating Coefficient Finding Prove unsat Multiplying by unknown non- negative values Adding the inequalities Adding an unknown non-neg value Equate to 1 <= 0

13 Automating Coefficient Finding [Cont.] Every solution for the constraints will make the inequalities unsatisfiable

14 Template-based Invariant Inference Find values for a,b,c s.t. the formula becomes unsatisfiable Multiplying by unknown non- negative values Adding the inequalities Adding an unknown non-neg value Equate to 1 <= 0

15 Farkas’ Constraints [Cont.] Every solution for the constraints will make the inequalities unsatisfiable

16 In summary

17 Limitations The Farkas’ Lemma approach provides a way to find linear invariants for programs that do not have many disjunctions do not have functions do not have data structures do not have nonlinear arithmetic

18 Further Reading and Software We developed an approach that addresses some of these limitations. For more details see: “Symbolic Resource Bounds Inference For Functional Programs”, CAV 2014: pdf, slidespdf slides An extension of Leon (a slightly old version) that supports templates: Orb : http://lara.epfl.ch/w/rboundhttp://lara.epfl.ch/w/rbound More Related Works “Linear invariant generation using non-linear constraint solving.”, Colon et al., CAV 2003 “Program analysis as constraint solving.”, S. Gulwani et al., PLDI 2008 “Constraint solving for interpolation.”, A.Rybalchenko et al., VMCAI 2007 “Non-linear loop invariant generation using grobner bases.” Sankaranarayanan et al., POPL 2004

Download ppt "Constraint-based Invariant Inference. Invariants Dictionary Meaning: A function, quantity, or property which remains unchanged Property (in our context):"

Similar presentations

Linear Programming Sensitivity Analysis How will a change in a coefficient of the objective function affect the optimal solution? How will a change in.

Linear Programming Sensitivity Analysis How will a change in a coefficient of the objective function affect the optimal solution? How will a change in.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
Program Analysis as Constraint Solving Sumit Gulwani (MSR Redmond) Ramarathnam Venkatesan (MSR Redmond) Saurabh Srivastava (Univ. of Maryland) TexPoint.

Program Analysis as Constraint Solving Sumit Gulwani (MSR Redmond) Ramarathnam Venkatesan (MSR Redmond) Saurabh Srivastava (Univ. of Maryland) TexPoint.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
 Symbolic manipulation with artificial applications …  With little or no connection to the real world…

 Symbolic manipulation with artificial applications …  With little or no connection to the real world…
Interpolants [Craig 1957] G(y,z) F(x,y)

Interpolants [Craig 1957] G(y,z) F(x,y)
Formal Verification Group © Copyright IBM Corporation 2008 IBM Haifa Labs SAT-based unbounded model checking using interpolation Based on a paper “Interpolation.

Formal Verification Group © Copyright IBM Corporation 2008 IBM Haifa Labs SAT-based unbounded model checking using interpolation Based on a paper “Interpolation.
A Numerical Abstract Domain based on Expression Abstraction + Max Operator with Application in Timing Analysis Sumit Gulwani (MSR Redmond) Bhargav Gulavani.

A Numerical Abstract Domain based on Expression Abstraction + Max Operator with Application in Timing Analysis Sumit Gulwani (MSR Redmond) Bhargav Gulavani.
1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University.

1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University.
8.3 Solving Systems of Linear Equations by Elimination

8.3 Solving Systems of Linear Equations by Elimination
Solving Linear Inequalities A Linear Equation in One Variable is any equation that can be written in the form: A Linear Inequality in One Variable is any.

Solving Linear Inequalities A Linear Equation in One Variable is any equation that can be written in the form: A Linear Inequality in One Variable is any.
Recall that the absolute value of a number x, written |x|, is the distance from x to zero on the number line. Because absolute value represents distance.

Recall that the absolute value of a number x, written |x|, is the distance from x to zero on the number line. Because absolute value represents distance.
Solving Linear Inequalities Chapter 1.6 Part 3. Properties of Inequality.

Solving Linear Inequalities Chapter 1.6 Part 3. Properties of Inequality.
6-1 Solving Inequalities by Addition and Subtraction Objective: Students will be able to solve linear inequalities by using addition and subtraction.

6-1 Solving Inequalities by Addition and Subtraction Objective: Students will be able to solve linear inequalities by using addition and subtraction.
Algebra 2 Chapter 1.

Algebra 2 Chapter 1.
Table of Contents First, isolate the absolute value expression. Linear Absolute Value Equation: Solving Algebraically Example 1: Solve Next, examine the.

Table of Contents First, isolate the absolute value expression. Linear Absolute Value Equation: Solving Algebraically Example 1: Solve Next, examine the.
Solve each with substitution. 2x+y = 6 y = -3x+5 3x+4y=4 y=-3x- 3

Solve each with substitution. 2x+y = 6 y = -3x+5 3x+4y=4 y=-3x- 3
I can use multiplication or division to solve inequalities.

I can use multiplication or division to solve inequalities.
Linear Programming - Standard Form

Linear Programming - Standard Form
If x=3 and y=0.5 then what is the value for z when z=(2x+1)(x+3y)?

If x=3 and y=0.5 then what is the value for z when z=(2x+1)(x+3y)?

Similar presentations

Ads by Google