Results 1  10
of
12
A numerical abstract domain based on expression abstraction and max operator with application in timing analysis
 In CAV
, 2008
"... Abstract. This paper describes a precise numerical abstract domain for use in timing analysis. The numerical abstract domain is parameterized by a linear abstract domain and is constructed by means of two domain lifting operations. One domain lifting operation is based on the principle of expression ..."
Abstract

Cited by 20 (5 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes a precise numerical abstract domain for use in timing analysis. The numerical abstract domain is parameterized by a linear abstract domain and is constructed by means of two domain lifting operations. One domain lifting operation is based on the principle of expression abstraction (which involves defining a set of expressions and specifying their semantics using a collection of directed inference rules) and has a more general applicability. It lifts any given abstract domain to include reasoning about a given set of expressions whose semantics is abstracted using a set of axioms. The other domain lifting operation domain via introduction of max expressions. We present experimental results demonstrating the potential of the new numerical abstract domain to discover a wide variety of timing bounds (including polynomial, disjunctive, logarithmic, exponential, etc.) for small C programs. 1
A data driven approach for algebraic loop invariants
, 2012
"... We describe a GuessandCheck algorithm for computing algebraic equation invariants of the form ∧ifi(x1,..., xn) = 0, where each fi is a polynomial over the variables x1,..., xn of the program. The “guess” phase is data driven and derives a candidate invariant from data generated from concrete exe ..."
Abstract

Cited by 12 (6 self)
 Add to MetaCart
We describe a GuessandCheck algorithm for computing algebraic equation invariants of the form ∧ifi(x1,..., xn) = 0, where each fi is a polynomial over the variables x1,..., xn of the program. The “guess” phase is data driven and derives a candidate invariant from data generated from concrete executions of the program. This candidate invariant is subsequently validated in a “check ” phase by an offtheshelf SMT solver. Iterating between the two phases leads to a sound algorithm. Moreover, we are able to prove a bound on the number of decision procedure queries which GuessandCheck requires to obtain a sound invariant. We show how GuessandCheck can be extended to generate arbitrary boolean combinations of linear equalities as invariants, which enables us to generate expressive invariants to be consumed by tools that cannot handle nonlinear arithmetic. We have evaluated our technique on a number of benchmark programs from recent papers on invariant generation. Our results are encouraging – we are able to efficiently compute algebraic invariants in all cases, with only a few tests.
Transfer Function Synthesis without Quantifier Elimination
"... Abstract. Recently it has been shown how transfer functions for linear template constraints can be derived for bitvector programs by operating over propositional Boolean formulae. The drawback of this method is that it relies on existential quantifier elimination, which induces a computational bott ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Recently it has been shown how transfer functions for linear template constraints can be derived for bitvector programs by operating over propositional Boolean formulae. The drawback of this method is that it relies on existential quantifier elimination, which induces a computational bottleneck. The contribution of this paper is a novel method for synthesising transfer functions that does not rely on quantifier elimination. We demonstrate the practicality of the method for generating transfer functions for both intervals and octagons. 1
Verification as Learning Geometric Concepts
"... Abstract. We formalize the problem of program verification as a learning problem, showing that invariants in program verification can be regarded as geometric concepts in machine learning. Safety properties define bad states: states a program should not reach. Program verification explains why a pro ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We formalize the problem of program verification as a learning problem, showing that invariants in program verification can be regarded as geometric concepts in machine learning. Safety properties define bad states: states a program should not reach. Program verification explains why a program’s set of reachable states is disjoint from the set of bad states. In Hoare Logic, these explanations are predicates that form inductive assertions. Using samples for reachable and bad states and by applying well known machine learning algorithms for classification, we are able to generate inductive assertions. By relaxing the search for an exact proof to classifiers, we obtain complexity theoretic improvements. Further, we extend the learning algorithm to obtain a sound procedure that can generate proofs containing invariants that are arbitrary boolean combinations of polynomial inequalities. We have evaluated our approach on a number of challenging benchmarks and the results are promising.
ChangeOfBases Abstractions for NonLinear Systems.
, 2012
"... We present abstraction techniques that transform a given nonlinear dynamical system into a linear system or an algebraic system described by polynomials of bounded degree, such that, invariant properties of the resulting abstraction can be used to infer invariants for the original system. The abstr ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We present abstraction techniques that transform a given nonlinear dynamical system into a linear system or an algebraic system described by polynomials of bounded degree, such that, invariant properties of the resulting abstraction can be used to infer invariants for the original system. The abstraction techniques rely on a changeofbasis transformation that associates each state variable of the abstract system with a function involving the state variables of the original system. We present conditions under which a given change of basis transformation for a nonlinear system can define an abstraction. Furthermore, the techniques developed here apply to continuous systems defined by Ordinary Differential Equations (ODEs), discrete systems defined by transition systems and hybrid systems that combine continuous as well as discrete subsystems. The techniques presented here allow us to discover, given a nonlinear system, if a change of bases transformation involving degreebounded polynomials yielding an algebraic abstraction exists. If so, our technique yields the resulting abstract system, as well. This approach is further extended to search for a change of bases transformation that abstracts a given nonlinear system into a system of linear differential inclusions. Our techniques enable the use of analysis techniques for linear systems to infer invariants for nonlinear systems. We present preliminary evidence of the practical feasibility of our ideas using a prototype implementation. 1
CEA, LIST and LIX, Ecole Polytechnique (MeASI),
"... Coupling policy iteration with semidefinite relaxation to compute accurate numerical invariants in static analysis ..."
Abstract
 Add to MetaCart
(Show Context)
Coupling policy iteration with semidefinite relaxation to compute accurate numerical invariants in static analysis
COUPLING POLICY ITERATION WITH SEMIDEFINITE RELAXATION TO COMPUTE ACCURATE NUMERICAL INVARIANTS IN STATIC ANALYSIS
"... Abstract. We introduce a new domain for finding precise numerical invariants of programs by abstract interpretation. This domain, which consists of sublevel sets of nonlinear functions, generalizes the domain of linear templates introduced by Manna, Sankaranarayanan, and Sipma. In the case of qua ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We introduce a new domain for finding precise numerical invariants of programs by abstract interpretation. This domain, which consists of sublevel sets of nonlinear functions, generalizes the domain of linear templates introduced by Manna, Sankaranarayanan, and Sipma. In the case of quadratic templates, we use Shor’s semidefinite relaxation to derive computable yet precise abstractions of semantic functionals, and we show that the abstract fixpoint equation can be solved accurately by coupling policy iteration and semidefinite programming. We demonstrate the interest of our approach on a series of examples (filters, integration schemes) including a degenerate one (symplectic scheme). 1.
+ CEA, LIST and LIX, Ecole Polytechnique (MeASI),
"... Coupling policy iteration with semidefinite relaxation to compute accurate numerical ..."
Abstract
 Add to MetaCart
(Show Context)
Coupling policy iteration with semidefinite relaxation to compute accurate numerical
The APRON library for Numerical . . .
"... The APRON library is dedicated to the static analysis of the numerical variables of a program by Abstract Interpretation [1]. The aim of such an analysis is to infer invariants about the values of numerical variables, like “at control point k, variables x, y and z satisfy the property 1 ≤ x + y ≤ z” ..."
Abstract
 Add to MetaCart
The APRON library is dedicated to the static analysis of the numerical variables of a program by Abstract Interpretation [1]. The aim of such an analysis is to infer invariants about the values of numerical variables, like “at control point k, variables x, y and z satisfy the property 1 ≤ x + y ≤ z”. In this context, the APRON library provides a common interface to various libraries implementing numerical abstract domains.
The Parma Polyhedra Library: Toward a Complete Set of Numerical Abstractions for the Analysis and Verification of Hardware and Software Systems ⋆
, 2006
"... Since its inception as a student project in 2001, initially just for the handling (as the name implies) of convex polyhedra, the Parma Polyhedra Library has been continuously improved and extended by joining scrupulous research on the theoretical foundations of (possibly nonconvex) numerical abstra ..."
Abstract
 Add to MetaCart
(Show Context)
Since its inception as a student project in 2001, initially just for the handling (as the name implies) of convex polyhedra, the Parma Polyhedra Library has been continuously improved and extended by joining scrupulous research on the theoretical foundations of (possibly nonconvex) numerical abstractions to a total adherence to the best available practices in software development. Even though it is still not fully mature and functionally complete, the Parma Polyhedra Library already offers a combination of functionality, reliability, usability and performance that is not matched by similar, freely available libraries. In this paper, we present the main features of the current version of the library, emphasizing those that distinguish it from other similar libraries and those that are important for applications in the field of analysis and verification of hardware and software systems.