Presentation is loading. Please wait.

Presentation is loading. Please wait.

Quantitative Abstraction Refinement Pavol Černý IST Austria joint work with Thomas Henzinger, Arjun Radhakrishna Haifa, Israel November 2012 TexPoint fonts.

Published byMarilyn Copeland Modified over 9 years ago

Similar presentations

Presentation on theme: "Quantitative Abstraction Refinement Pavol Černý IST Austria joint work with Thomas Henzinger, Arjun Radhakrishna Haifa, Israel November 2012 TexPoint fonts."— Presentation transcript:

1 Quantitative Abstraction Refinement Pavol Černý IST Austria joint work with Thomas Henzinger, Arjun Radhakrishna Haifa, Israel November 2012 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAA A A A A A A A

2 Quantitative analysis of programs Quantitative requirements: Resource consumption (energy usage) Worst-case execution time, timeliness of response Application domains: (Embedded) software (Partial-)program synthesis

3 1 st correct solution: “Lock inside the loop” 2 nd correct solution: “Lock outside the loop” int buf[4] while (true) { buf = getBuffer(); i = 0; while (i<4) { dr = setTransf(buf,i); write(device,dr); i++; } int buf[4] while (true) { buf = getBuffer(); i = 0; while (i<4) { dr = setTransf(buf,i); lock(lock); write(device,dr); unlock(lock); i++; } int buf[4] while (true) { buf = getBuffer(); i = 0; lock(lock); while (i<4) { dr = setTransf(buf,i); write(device,dr); i++; } unlock(lock); } Quantitative analysis: Application to partial-program synthesis Spec: Mutual exclusion on device.

4 a,b,c,i,v:int; input v; if (v==1) for (i=0;i<16;i++) read(a); else if (v==2) for (i=0;i<16;i++) if (i mod 2 = 0) read(b); else for (i=0;i<16;i++) if (i mod 4 = 0) read(c); Example: Cache behavior for worst-case execution time No cache  worst case execution for (v==1) Cache contains address of a  worst case execution for (v==2) Cache contains address of b  worst case execution for all other values of v Cache hit < miss Abstraction has cache of limited size

5 Abstraction Boolean case: Safety What if the abstract system is too coarse? Answer: Abstraction refinement

6 Question: How do we perform abstraction with respect to quantitative objectives? Question: How do we perform abstraction refinement with respect to quantitative objectives? Based on: C., Henzinger, Radhakrishna Quantitative abstraction refinement POPL 2013 Questions for this talk

7 Outline Quantitative Abstractions – State-based abstrations Abstract state = set of states + numbers – Segment-based abstractions Abstract state = set of segments + numbers Abstraction refinement

8 Model of systems Weighted transition systems (Q,Σ,Δ,δ,q 0 ) where Δ is a subset of Q £ Q δ is a function from Δ to R A trace q 0 q 1 q 2 … (where q i and q i+1 is in ¢ ) δ extended to traces δ(q 0 q 1 q 2 …)=r 0 r 1 … (where δ(q i,q i+1 )=r i ) 3 10 2 3 1 1 1 1 1 1 1

9 Properties A quantitative property f: a function from S to R f 1 evaluates a trace: f 2 summarizes the values f 1 of all traces: 3 10 2 3 1 1 1 1 1 1 1 Limit-average objective: f 1 evaluates a trace: f 2 summarizes the values f 1 of all traces: f(S)=3

10 Discounted-sum objective: f 1 evaluates a trace: f 2 summarizes the values f 1 of all traces: Properties A quantitative property f: a function from S to R f 1 evaluates a trace: f 2 summarizes the values f 1 of all traces:

11 Properties A quantitative property f: a function from S to R f 1 evaluates a trace: f 2 summarizes the values f 1 of all traces: 0 0 0 0 1 0 1 0 0 0 Safety objective: f 1 evaluates a trace: f 2 summarizes the values f 1 of all traces:

12 Safety objective: f 1 evaluates a trace: f 2 summarizes the values f 1 of all traces: Properties A quantitative property f: a function from S to R f 1 evaluates a trace: f 2 summarizes the values f 1 of all traces: 0 0 0 0 1 0 1 0 0 0

13 Properties: we consider properties that admit memoryless extremal traces. Properties A quantitative property f: a function from S to R f 1 evaluates a trace: f 2 summarizes the values f 1 of all traces: 3 10 2 3 1 1 1 1 1 1 1

14 Given a quantitative property f, construct ® and f ® such that, for all S, and for all relations where is a WTS with set of states given by the equivalence classes of Abstraction for quantitative (accumulative) properties 3 10 2 3 1 1 1 1 1 1 1

15 ExistsMax abstraction 3 10 2 3 1 1 1 1 1 1 1 3 3 Existential abstraction weight of abstract edge = max of corresponding concrete edges Lim-avg objective f: f(S)=3 f em (S em )=10 1

16 Refinement of ExistsMax 3 10 2 3 1 1 1 1 1 1 1 3 3 2 Lim-avg objective f: f(S)=3 f em (S em )=16/3 1

17 PathBound Abstraction 3 10 2 3 1 1 1 1 1 1 1 val = max value of an internal edge maxp = the longest internal simple path minp = the shortest internal simple path loop/noloop -- is there internal loop Idea: For more precision, keep facts about paths, not states. Boolean case: segment-based abstraction [Cousot,Cousot 12, Podelski, Rybalchenko 04] 111 1111

18 PathBound Abstraction 3 10 2 3 1 1 1 1 1 1 3 val = 10 maxp = 2 minp = 2 noloop 10 Lim-avg objective f: f(S)=3 f pb (S pb ) = (10*2+3+1*3+3)/(1+2+3+1)= = 29/7 = 4.1 3 1 val = 1 maxp = 4 minp = 3 noloop 111 1111 2

19 If ¼ is a refinement of ≡, it is desirable that: Monotonicity of Refinement 3 10 2 3 1 1 1 1 1 1 Monotonicity enables anytime verification:  analysis can be stopped at any time, and return a sound approximation  the approximation gets better if analysis is given more time 1

20 Characteristics of abstractions 3 10 2 3 1 1 1 1 1 1 1  ExistMax is an overapproximation where f is LimAvg, DiscSum, Safety, Liveness, etc  ExistMax is monotonic If ¼ is a refinement of ≡, then  PathBound is an overapproximation  PathBound is not monotonic

21 Characteristics of abstractions  PathBound is not monotonic : Counterexample 10 Concrete system S 4 4 Lim-avg objective f: f(S)=48/6=8 10 Abstract System 4 4 10 Abstract System 4 4 10 f pb (S pb ) = (10*4+4+4)/(4+1+1) = 8 f pb (S pb )= (10*3+10*3+10+4+4)/ (3+3+1+1+1) = 78/9 > 8 Proposed solution: introduce a hierarchical abstraction to not lose the previous estimates.

22 Hierarchical segment-based abstraction Hierarchical segment-based abstraction [Cousot, Cousot 2012] suitable for software with hierarchical structure - nested loops, function calls init Loop1 All traces Loop2 Loop3 Concatenated segments of children nodes cover the segments in parent node

23 Hierarchical Segment-Based Abstraction while (true) { j  0; while (j<10) { if B then costlyOp; B  not B; j++ }; while (j<20) { cheapOp; j++ } [true] j  0; [j<10] [not B] [B] costlyOp B  not B j++ [j>=10] [j<20] cheapOp j++ [j>=10] Example program costlyOp - 10 everything else - 0 Overall cost: (5*10/79)

24 ABC Loop1 HPathBound [true] j  0; [j<10] [not B] [B] costlyOp B  not B j++ [j>=10] [j<20] cheapOp j++ [j>=20] A B C D E F G H I J All traces Loop2CH HA CDEFGC CDFGC HIJH

25 Outline Quantitative Abstractions – State-based abstrations Abstract state = set of states + numbers – Segment-based abstractions Abstract state = set of segments + numbers Abstraction refinement

26 Abstraction Refinement for ExistsMax 2 3 1 4 5 3 3 3 2 handle loop  Does “handle” correspond to a real path?  Does “loop” correspond to a concrete loop with the same cost? 10

27 Abstraction Refinement for ExistsMax 5 3 3 2 handle loop  Does “handle” correspond to a real path? 10

28 Abstraction Refinement for ExistsMax 2 4 5 3 3 3 2 handle loop  Does “loop” correspond to a concrete loop with the same cost?  Loop needs to be unrolled 1+min | l j |, where l j is a size of an abstract state in the loop 10 2

29 Abstraction Refinement for ExistsMax 2 3 1 4 5 3 3 3 2 2 handle loop  Classical CEGAR: two heuristics:  choice of ctrex  choice of refinement  Quantitative refinement  extremal ctrex  split where the difference between abstract and concrete transition is largest

30 ABC Loop1 Hierarchical Segment Abstraction Refinement All traces Loop2CH HA CDEFGC CDFGC HIJH Counterexample: a trace (CDEFG) ω Remove it by: adding B – prevent every iteration going through costlyOp adding loop bounds – forcing to go out of Loop1 [true] j  0; [j<10] [not B] [B] costlyOp B  not B j++ [j>=10] [j<20] cheapOp j++ [j>=20] A B C D E F G H I J

31 ABC Loop1 Hierarchical Segment Abstraction Refinement All traces Loop2CH HA CDEFGC HIJH Counterexample: a trace (CDEFG) ω Remove it by: adding B – prevent every iteration going through costlyOp [true] j  0; [j<10] [not B] [B] costlyOp B  not B j++ [j>=10] [j<20] cheapOp j++ [j>=20] A B C D E F G H I J CDFGC

32 ABC Loop1 Hierarchical Segment Abstraction Refinement All traces Loop2CH HA CDEFGC CDFGC HIJH Counterexample: a trace (CDEFG) ω Remove it by: adding loop bounds – forcing to go out of Loop1 [true] j  0; [j<10] [not B] [B] costlyOp B  not B j++ [j>=10] [j<20] cheapOp j++ [j>=20] A B C D E F G H I J

33 ABC Loop1 Hierarchical Segment Abstraction Refinement All traces Loop2CH HA CDEFGC CDFGC HIJH Counterexample: a trace (CDEFG) ω Remove it by: adding loop bounds – forcing to go out of Loop1 [true] j  0; [j<10] [not B] [B] costlyOp B  not B j++ [j>=10] [j<20] cheapOp j++ [j>=20] A B C D E F G H I J j’=j+1

34 Experimental results

35 a,b,c,i,v:int; input v; if (v==1) for (i=0;i<16;i++) read(a); else if (v==2) for (i=0;i<16;i++) if (i mod 2 = 0) read(b); else for (i=0;i<16;i++) if (i mod 4 = 0) read(c); Example: Worst-case execution time analysis steptrackedlim-avg value analysis time 014.141240 1i6.502102 2a4.872675 3b4.753275 4c1.273864 5v1.034631

36 while(true) input(s); l = 0; r = N - 1; do { m = l + r / 2; if(s > a[m]) l = m + 1; else r = m - 1; } while(l <= r & a[m] != s) } Worst-case execution time analysis steptrackedlim-avg value analysis time 015.77908 1m11.151130 2r8.231369 3l5.01707 4s3.761895 5a[(N - 1)/2]3.02211 6a[(N - 3)/4]2.972527 7a[(3N - 1)/4]2.853071 Example: Binary search

37 ExistsMax vs PathBound Partition size ExistsMax lim-avg value PathBound lim-avg value 22524.99 32523.82 52517.31 9254.43 Example: Karp’s algorithm for finding min-mean cycle. unsigned int graph[SIZE][SIZE]; unsigned int D[SIZE + 1][SIZE]; int main() { initialize(D); D[0][0] = 0; for(k = 1; k <= SIZE; k++) { for(v = 0; v < SIZE; v++) { for(u = 0; u < SIZE; u++) { if(D[k][u] < D[k - 1][v] + graph[u][v]) D[k][u] = D[k - 1][v] + graph[u][v]; } vNum = 0; vDen = 1; for(v = 0; v < SIZE; v++) { currNum = 1000000000; currDen = 1; for(k = 0; k < SIZE; k++) { if((D[SIZE][v] - D[k][v]) * currDen < (SIZE - k) * currNum) { currNum = D[SIZE][v] - D[k][v]; currDen = SIZE - k; } if(currNum * vDen > currDen * vNum) { vNum = currNum; vDen = currDen; }

38 Conclusion Contributions – Framework for abstractions for quantitative (accumulative) properties – State-based and segment-based abstractions – Counterexample-guided abstraction algorithm – Hierarchical segment-based abstraction and refinement Future work – Quantitative reasoning for CEGAR in Boolean systems – Application to partial-program synthesis

39 Quantitative Abstraction Refinement Pavol Černý IST Austria joint work with Thomas Henzinger, Arjun Radhakrishna Haifa, Israel November 2012 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAA A A A A A A A

Download ppt "Quantitative Abstraction Refinement Pavol Černý IST Austria joint work with Thomas Henzinger, Arjun Radhakrishna Haifa, Israel November 2012 TexPoint fonts."

Similar presentations

The Primal-Dual Method: Steiner Forest TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA A A AA A A A AA A A.

The Primal-Dual Method: Steiner Forest TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA A A AA A A A AA A A.
Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.

Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.
SPEED: Precise & Efficient Static Estimation of Symbolic Computational Complexity Sumit Gulwani MSR Redmond TexPoint fonts used in EMF. Read the TexPoint.

SPEED: Precise & Efficient Static Estimation of Symbolic Computational Complexity Sumit Gulwani MSR Redmond TexPoint fonts used in EMF. Read the TexPoint.
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } P1() Challenge: Correct and Efficient Synchronization { ……………………………

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } P1() Challenge: Correct and Efficient Synchronization { ……………………………
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Approximations of points and polygonal chains

Approximations of points and polygonal chains
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.

CS 267: Automated Verification Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking.
C&O 355 Mathematical Programming Fall 2010 Lecture 21 N. Harvey TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA A.

C&O 355 Mathematical Programming Fall 2010 Lecture 21 N. Harvey TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AA A.
Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl Computer.

Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl Computer.
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University Simplifying Loop Invariant Generation Using Splitter Predicates.

Rahul Sharma Işil Dillig, Thomas Dillig, and Alex Aiken Stanford University Simplifying Loop Invariant Generation Using Splitter Predicates.
Algorithm Strategies Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Algorithm Strategies Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Probabilistic CEGAR* Björn Wachter Joint work with Holger Hermanns, Lijun Zhang TexPoint fonts used in EMF. Read the TexPoint manual before you delete.

Probabilistic CEGAR* Björn Wachter Joint work with Holger Hermanns, Lijun Zhang TexPoint fonts used in EMF. Read the TexPoint manual before you delete.
Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.

Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.
Belief Propagation in a Continuous World Andrew Frank 11/02/2009 Joint work with Alex Ihler and Padhraic Smyth TexPoint fonts used in EMF. Read the TexPoint.

Belief Propagation in a Continuous World Andrew Frank 11/02/2009 Joint work with Alex Ihler and Padhraic Smyth TexPoint fonts used in EMF. Read the TexPoint.
1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.

1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.
White Box Testing and Symbolic Execution Written by Michael Beder.

White Box Testing and Symbolic Execution Written by Michael Beder.

Similar presentations

Ads by Google