a specialization calculus for program verification
DESCRIPTION
A specialization calculus for program verification. Cristian Gherghina Joint work with: Wei- Ngan Chin, Razvan Voicu , Quang Loc Le Florin Craciun , Shengchao Qin. TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A. Focus. - PowerPoint PPT PresentationTRANSCRIPT
A specialization calculus for program verification
Cristian GherghinaJoint work with:
Wei-Ngan Chin, Razvan Voicu, Quang Loc Le Florin Craciun, Shengchao Qin
Focus
Logics with inductive predicates provide an expressive abstraction mechanism
Becoming popular in the field of program analysis
Tricky to efficiently reason with
2
Folding/Unfolding Given a predicate definition
Unfolding performance loss Unfolded states are costlier due to disjunctions
3
Unfolding
Folding
ProposalWe introduce a sound and complete calculus to
support pruning of infeasible disjunctsUse predicate specialization.Benefits:
eagerly discards unsatisfiable disjunctsstate in abstracted form
4
OverviewMotivating example
Informal description of the calculus
Predicate Specialization
Annotation inference
Experiments5
Motivating Example
6
Consider the entailment:
The LHS unfolds to:
Motivation
7
Performance penaltiesUnfold operations are followed by costly
satisfiability checks
The remaining satisfiable disjuncts expose considerable information Detailed information not always needed Reasoning with larger formulas is inherently costly
8
OverviewMotivating example
Informal description of the calculus
Predicate Specialization
Correctness
Experiments9
Predicate definition changes
10
Invariant family
Pruning conditions
The previous entailment with annotations
Predicate specialization , for list x1. Pruning
2. Invariant enrichment
Entailment - revisited
11
Predicate specialization, for list y
1. Pruning
2. Invariant enrichment
Entailment - revisited
12
OverviewMotivating example
Informal description of the calculus
Predicate Specialization
Annotation inference
Experiments13
Predicate Specialization Convention:
We will use the term context ( C ) to denote the pure part of the formula
The rationale is that C will be the context in which predicate specialization takes place
14
Predicate SpecializationPredicate specialization
Aims forfewer viable branches : L2L1 fewer possible pruning conditions : R2
R1 stronger context : C1 C2 15
Given 1. Pick a pruning condition 2. Drop the infeasible branches from L3. Enrich the context 4. Drop irrelevant pruning conditions
Predicate Specialization
16
L={1,2} ; C : ;
1. From pick: Contradicts with C : -> such checks can be
syntactic
2. Drop infeasible branches :
3. Add the invariant of to C C1 :
4. Drop irrelevant pruning conditions
17
Irrelevant pruning conditionsGiven:
C : L : {1}
Result:
18
Predicate specialization gains
Simple implication checks (mostly syntactic)
Considerable drop in formula size after an unfold
Increase in formula information without an unfold
19
OverviewMotivating example
Informal description of the calculus
Predicate Specialization
Annotation inference
Experiments20
Annotation inferenceWe need a mechanism for computing
Invariant family Pruning conditions
21
Inferring the invariant familyGiven a predicate definition
Compute fixpoint for the predicate definition
For each possible set of branches compute a conjunctive invariant
22
Inferring the invariant family (for dll)1. Replace recursive points with , the fixpoint of2. For each possible subset of the branches:
23
Branch
{1}{2}{1,2}
Pick the pure part of the branches root=null ( root=null) ∨
Transform to simple constraints root=null
( root=null) ∨()
Approximate to a conjunction root=null
Inferring the pruning conditionsGiven a predicate definition and the invariant
families
Compute an approximation of the closure of branch invariants
For each atomic constraint in all closures construct the list of branches in which it appears (by which it is implied)
24
Inferring the pruning conditionsCompute an approximation of the transitive closure of each
branch invariant
Group all branches that imply an atomic constraint
25
Branch
branch invariant Transitive closure
{1} root=null root=null{2} {1,2} Guard Branch
esGuard Branch
es
{1}Guard Branche
s
OverviewMotivating example
Informal description of the calculus
Predicate Specialization
Annotation inference
Experiments26
ExperimentsAdded the calculus to a program verifier
(HIP)Verified functional correctness for small and
medium-sized programs with moderate complexity.
A benchmark of 17 small programs (7% faster)Singly, doubly, sorted and circular linked lists, selection-
sort, insertion- sort, methods for handling heaps an perfect trees
Complex shapes and invariants (12-90% faster) Red black trees, balanced binary trees, quick sort,
merge sort
27
28
17 small progs
Bubblesort
Quicksort
Mergesort
Complete
AVL (h, s,b)
Heap Trees
AVL (h, s)
AVL (h, s, s)
Red Black
0
20
40
60
80
100
Avg. Dis-juncts
Avg. Size
Time
HIP %
HIP + Spec :
ChangesFormula size 13%Disjuncts per formula 36%Total verification time 15%
ConclusionsPresented an effective, sound and complete
calculus for predicate specialization
Application of the calculus benefits in two ways: Keep abstraction, where possible Improve verification performance by
Pruning unsatisfiable disjuncts Propagate invariant constraints Various optimization techniques (details in paper).
29
Questions?
Thank you!
30