Interval Polyhedra: An Abstract Domain to Infer Interval Linear Relationships

Size: px

Start display at page:

Download "Interval Polyhedra: An Abstract Domain to Infer Interval Linear Relationships"

Chester Wilson
5 years ago
Views:

1 Interval Polyhedra: An Abstract Domain to Infer Interval Linear Relationships Liqian Chen 1,2 Antoine Miné 3,2 Ji Wang 1 Patrick Cousot 2,4 1 National Lab. for Parallel and Distributed Processing, Changsha, China 2 École Normale Supérieure, Paris, France 3 CNRS, France 4 CIMS, New York University, New York, NY, USA 11/08/2009 SAS 2009 L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 1 / 25

2 Overview Interval polyhedra domain of interval polyhedra domain Conclusion L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 2 / 25

3 L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 3 / 25

4 Goal: numerical static analysis discover statically and automatically numerical properties on the (abstract) variables of a program : program analysis and verification infer numerical relationships check for runtime errors: array out-of-bounds, arithmetic overflows, division by zero,... check for user provided assertions, contracts optimize programs... L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 4 / 25

5 Numerical abstract domains An abstract domain in the framework of abstract interpretation a specific kind of computer-representable properties e.g., a family of constraints sound (but maybe incomplete) algorithms for abstract operations e.g., join, meet, widening,... Numerical abstract domains infer relationships among numerical variables examples Intervals (a x b) [Cousot Cousot 76] Octagons (±x ± y c) [Miné 01] Convex Polyhedra (Σ k a k x k b) [Cousot Halbwachs 78]... L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 5 / 25

6 with inexact data: only known to lie in certain intervals uncertainty from modelling physical objects interval-based abstractions for programs non-linear operations: x y [x, x] y floating-point arithmetic: x f,r y [1 ɛ, 1 + ɛ] x + [1 ɛ, 1 + ɛ] y + [ ε, ε] program analysis using floating-point implementations real/rational numbers in the analyzed program: 1 10 [ , ] e.g., floating-point convex polyhedra [Chen Miné Cousot 08] Intervals appear naturally in real-life! L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 6 / 25

7 Idea Main idea: Interval polyhedra a new numerical abstract domain to infer interval linear relationships constraint representation: Σ k [a k, a k ] x k b intuition: interval version of convex polyhedra (Σ k a k x k b) core domain operations interval variant of Fourier-Motzkin variable elimination interval linear programming L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 7 / 25

8 L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 8 / 25

9 Preliminaries Interval Linear Algebra interval matrix A = [A, A] = {A R m n : A A A} center matrix: A c = 1 2 (A + A) radius matrix: A = 1 2 (A A) interval linear system: Ax b x R n is a weak solution of Ax b, if it satisfies Ax b for some A A Theorem ([Gerlach 81]) A vector x R n is a weak solution of Ax b iff it satisfies A c x A x b. L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 9 / 25

10 Interval Polyhedra (itvpol) An interval polyhedron P representation: an interval linear system Ax b semantics: γ(p) = {x R n : A A. Ax b} Topological properties: can be non-convex, even unconnected a (possibly empty) convex polyhedron in each orthant k [a k, a k ] x k b k a k x k b, where An example: a k = { ak if x k 0, a k if x k 0 P = { [ 1, 0]x + y 1, [0, 1]x y 0 } (++) { 1 x + y 1, 0 x y 0 } (+ ) { 1 x + y 1, 0 x y 0 } ( ) { 0 x + y 1, 1 x y 0 } ( +) { 0 x + y 1, 1 x y 0 } y x L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 10 / 25

11 Interval Linear Programming (ILP) Interval linear programming: max{c T x : Ax b} max{c T x : Ax b} sup{f (A, b, c): A A, c c} where f (A, b, c) = max{c T x : Ax b} with data satisfying A A, c c Note: we use ILP as a black box here.[chineck Ramadan 00][Jansson 04] e.g., one LP for each orthant : given ϕ=( k [a k, a k ] x k c) and P=(Ax b) entailment check: P = ϕ? (max{ k [a k, a k ] x k : Ax b} c?) redundancy removal: ϕ redundant w.r.t. P? (P\{ϕ} = ϕ?) inclusion test: P P? ( ϕ P.P = ϕ?) L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 11 / 25

12 Projection Classic Fourier-Motzkin elimination: eliminate x i FM(P, x i ) = { k i a kx k β) P a i = 0 } { ( ) ( ) ak k i a a k i a i x k b a b ( i a i k a } kx k b) P, a i > 0 ( k a k x k b ) P, a i < 0 Interval Fourier-Motzkin elimination: eliminate x i IFM(P, x i ) = {( k i [a k, a k ]x k b) ˆP [a i, a i ] = [0, 0] } { ( [ak, a k ] k i [a i, a i ] [a k, a k ] ) [a i, a x k b ( k [a k, a k ]x k b) ˆP, a i > 0 i] ( k [a k, a k ]x k b ) ˆP, a i < 0 ( ) where ˆP = {ι(ϕ, x i ) ϕ P} and b = sup b [a i, a i ] b [a i, a. i] } Note: IFM is sound but not necessarily exact (independently from ι) L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 12 / 25

13 Projection (cont.) Goal: linearize non-zero interval coefficients containing 0 into scalars Partial linearization: ϕ = ( k [a k, a k ]x k b) { ϕ if ai ι(ϕ, x i ) def =a i =0 or a i >0 or a i <0 = c x i + [a k, a k ]x k b otherwise k i where c can be any real number and b = sup(b [a i c, a i c] [x i, x i ]). Soundness: x.(x i [x i, x i ] x γ(ϕ)) x γ(ι(ϕ, x i )) Example ϕ : ([0, 2]x + y 2) w.r.t. x, y [ 2, 4] c=1 = ι(ϕ, x) = (x + y 6) L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 13 / 25

14 Projection (cont.) Application of projection assignment [[x j := k [a k, a k ]x k + [c, c]]] # add the constraint x j k [a k, a k]x k [c, c] = 0 (x j is fresh) project out x j rename x j into x j E.g., perform assignment transfer function [[x := [ 3, 1]x + 1]] # on P = {[ 1, 0]x + y = [0, 1], x = [ 2, 2]} x + [ 1, 3]x = 1 x + x = [ 3, 5] [ 1, 0]x + y = [0, 1] 0.5x + y = [ 1, 2] x = [ 2, 2] {x + 2y = [ 5, 9], x = [5, 7], y = [ 2, 3]} {x + 2y = [ 5, 9], x = [5, 7], y = [ 2, 3]} L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 14 / 25

15 Join Definition (Interval Combination ) Given ϕ : ( k [a k, a k ] x k b ) and ϕ : ( k [a k, a k ] x k b ), their interval combination is defined as ϕ ϕ def = ( k [a k, a k ] x k b), where b = max(b, b ) and [a k, a k ] = [min(a k, a k ), max(a k, a k )]. P P def = {ϕ ϕ ϕ P ϕ P } y Example Given P = {y 1, y 1}(i.e., {y = 1}) and P = { x + y 0, x y 0}(i.e., {x y = 0}), P = P P = {[ 1, 0]x + y = [0, 1]} (best!) x L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 15 / 25

16 Join (cont.) Definition (Envelope) The envelope of P 1 and P 2 is defined as env(p 1, P 2 ) def = S 1 S 2 where S 1 = { ϕ 1 P 1 P 2 = ϕ 1 }, S 2 = { ϕ 2 P 2 P 1 = ϕ 2 }. env(p i ):the set of nonenvelope constraints in P i BB(P): the bounding box of P Definition (Weak Join) We define a weak join operation for the itvpol domain as P 1 w P 2 def = env(p 1, P 2 ) (env(p 1 ) env(p 2 )) (BB(P 1 ) itv BB(P 2 )). L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 16 / 25

17 Join (cont.) Example: weak join P 1 = {[ 1, 1]x + 2y 2, 2x y 2, x y 1, y 0} P 2 = {[ 1, 1]x 2y 2, 2x + y 2, x + y 1, y 0} y x env(p 1, P 2 ) = {[ 1, 1]x + 2y 2, [ 1, 1]x 2y 2} = {[ 1, 1]x + 2y = [ 2, 2]}. env(p 1 ) env(p 2 ) = { 2x y 2, x y 1, y 0} {2x + y 2, x + y 1, y 0} = {2x + [ 2, 1]y = [ 2, 2]} P 1 w P 2 = {[ 1, 1]x + 2y = [ 2, 2], 2x + [ 2, 1]y = [ 2, 2]} exact! L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 17 / 25

18 Widening Definition (Widening of itvpol) Given a threshold k and two interval polyhedra P 1 P 2 in the i-th iteration, we define the widening in the i-th iteration as { P 1 [k] def S1 S i P 2 = 2 if i k otherwise S 1 where S 1 = {ϕ 1 P 1 P 2 = ϕ 1 }, S 2 = {ϕ 2 P 2 ϕ 1 P 1, γ(p 1 ) = γ((p 1 \ {ϕ 1 }) {ϕ 2 })}. {(Q n ) n N }, the sequence P n+1 = P n Q n converges in finite time. L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 18 / 25

19 of the L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 19 / 25

20 Handling Disjunctions Interval-linear-algebra based abstraction for disjunctions a CNF(Conjunctive Normal Form) formula each CNF-term: abstracted as an interval linear inequality the whole CNF formula: as an interval polyhedron a DNF(Disjunctive Normal Form) formula each DNF-term: a convex polyhedron the whole DNF formula: as an interval polyhedron using w Example int x, y; if (x 1 and x 1) then 1 y := x 1; else 2 y := x; endif; 3 Loc Pol itvpol 1 1 x 1 1 x 1 2 [ 1, 1]x x y 1 0 x y 1 [ 1, 1]x + [0, 1]y 1 x + [ 1, 0]y 1 L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 20 / 25

21 Handling Non-Linear Expressions Interval-linear-algebra based abstraction for nonlinearity Example linearization [Miné 06]: abstract arbitrary expressions e into interval linear form Σ k [a k, a k ] x k + [c, c]. int x, y, z; assume 5 z 5; assume x 2; y := z x + 1; 1 assume y == 14; 2 Loc Pol itvpol 1 5 z 5 x 2 5 z 5 x 2 5x + y 21 [ 5, 5]x + y = 1 5x y 19 2 y = 14 5 z 5 y = 14 5 z 5 x 1 x 3 L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 21 / 25

22 Handling Floating-Point Arithmetic How to deal with rounding errors in the program? Interval-linear-algebra based abstraction for floating-point arithmetic Example make rounding explicit as intervals [Miné 04]: X Y Z X [1 ɛ, 1 + ɛ](y + Z) + [ ε, ε] real x, y; if random() then y := 2 r x r 1; else y := x r 1; endif; 1 assume y == 0; 2 x := x r 1; Loc Pol itvpol 1 [ , ]x + y [ , ]x + y y = 0 y = x L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 22 / 25

23 Prototype Prototype implementation using: interval arithmetic based on double-precision floating-point numbers (64 bits) GNU Linear Programming Kit (GLPK) for simplex solving to implement an interval linear programming solver rigorous linear programming technique for soundness [Chen Miné Cousot APLAS 08] Interface: plugged into the Apron library programs analyzed with Interproc Comparison with FPPol (floating-point convex polyhedra) [Chen Miné Cousot APLAS 08] L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 23 / 25

24 Early Experimental Results Program itvpol FPPol Result name #vars(#±) #iter. time(ms) #iter. time(ms) Invar. program1 2(2) > program2 3(3) > program3 2(2) > program4 1(1) > program5 2(1) > sequencewhiles 3(1) > ratelimiter f 5(4) > bubblesort 4(4) > maccarthy91 3(2) > heapsort 7(7) < symmetricalstairs 2(1) < ackerman 4(2) < itvpol can often find some interesting non-convex invariants without much overhead. L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 24 / 25

25 Conclusion Summary: a new numerical abstract domain: interval polyhedra (itvpol) introduce interval linear algebra to static analysis manipulate interval linear constraints k [a k, b k ]x k c attractive features: natively allows expressing certain non-convex (even unconnected) properties possible applications: for programs affected by interval uncertainty programs involving disjunctive constraints programs involving non-linear expressions floating-point programs Future Work: more precise abstractions for the join test itvpol on large realistic programs L. Chen, A. Miné, J. Wang, P. Cousot The Interval Polyhedra Abstract Domain p. 25 / 25

The Apron Library. Bertrand Jeannet and Antoine Miné. CAV 09 conference 02/07/2009 INRIA, CNRS/ENS

The Apron Library. Bertrand Jeannet and Antoine Miné. CAV 09 conference 02/07/2009 INRIA, CNRS/ENS The Apron Library Bertrand Jeannet and Antoine Miné INRIA, CNRS/ENS CAV 09 conference 02/07/2009 Context : Static Analysis What is it about? Discover properties of a program statically and automatically.