Formal Methods in System Design

, Volume 46, Issue 2, pp 163–196 | Cite as

Practical policy iterations

A practical use of policy iterations for static analysis: the quadratic case
  • Pierre Roux
  • Pierre-Loïc Garoche


Policy iterations is a technique based on game theory that relies on a sequence of numerical optimization queries to compute the fixpoint of a set of equations. It has been proposed to support the static analysis of programs as an alternative to widening, when the latter is ineffective. This happens for instance with highly numerical codes, such as found at cores of control command applications. In this paper we present a complete, yet practical, description of the use of policy iteration in this context. We recall the rationale behind policy iteration and address required steps towards an automatic use of it: synthesis of numerical templates, floating point semantics of the analyzed program and issues with the accuracy of numerical solvers.


Policy iterations Abstract interpretation Static analysis Quadratic templates Ellipsoids Lyapunov functions Widening Controllers 



We would like to deeply thank the anonymous reviewers for their highly relevant comments to improve this paper. This work has been partially supported by the ANR-INSE-2012-007 Grant CAFEIN and the Aerospace Valley competitivity cluster.


  1. 1.
    Adjé A, Gaubert S, Goubault E (2010) Coupling policy iteration with semi-definite relaxation to compute accurate numerical invariants in static analysis. In: ESOP, pp 23–42Google Scholar
  2. 2.
    Alegre F, Féron E, Pande S (2009) Using ellipsoidal domains to analyze control systems software. arXiv:0909.1977
  3. 3.
    Boldo S, Melquiond G (2011) Flocq: a unified library for proving floating-point algorithms in Coq. In: Proceedings of the 20th IEEE symposium on computer arithmetic. Tübingen, pp 243–252Google Scholar
  4. 4.
    Bouissou O, Seladji Y, Chapoutot A (2012) Acceleration of the abstract fixpoint computation in numerical program analysis. J Symb Comput 47(12):1479–1511CrossRefzbMATHMathSciNetGoogle Scholar
  5. 5.
    Boyd S, El Ghaoui L, Féron E, Balakrishnan V (1994) Linear matrix inequalities in system and control theory, volume 15 of SIAM. SIAM, PhiladelphiaCrossRefGoogle Scholar
  6. 6.
    Boyd S, Vandenberghe L (2004) Convex optimization. Cambridge University Press, CambridgeCrossRefzbMATHGoogle Scholar
  7. 7.
    Champion A, Delmas R, Dierkes M, Garoche P-L, Jobredeaux R, Roux P (2013) Formal methods for the analysis of critical control systems models: combining non-linear and linear analyses. In: Charles P, Michael D, (eds), Formal methods for industrial critical systems—18th international workshop, FMICS 2013, Madrid, Spain, September 23–24, 2013. Proceedings, volume 8187 of Lecture Notes in Computer Science, pp 1–16. SpringerGoogle Scholar
  8. 8.
    Costan A, Gaubert S, Goubault E, Martel M, Putot S (2005) A policy iteration algorithm for computing fixed points in static analysis of programs. In: CAV, pp 462–475Google Scholar
  9. 9.
    Cousot P, Cousot R (1977) Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp 238–252Google Scholar
  10. 10.
    Cousot P, Cousot R (1979) Systematic design of program analysis frameworks. In: POPL, pp 269–282Google Scholar
  11. 11.
    Cousot P, Cousot R (1992) Abstract interpretation frameworks. J Log Comput 2(4):511–547CrossRefzbMATHMathSciNetGoogle Scholar
  12. 12.
    Cousot P, Halbwachs N (1978) Automatic discovery of linear restraints among variables of a program. In: POPL, pp 84–96Google Scholar
  13. 13.
    Feautrier P, Gonnord L (2010) Accelerated invariant generation for c programs with aspic and c2fsm. Electron Notes Theor Comput Sci 267(2):3–13CrossRefGoogle Scholar
  14. 14.
    Feret J (2004) Static analysis of digital filters. In: ESOP, number 2986 in LNCS. SpringerGoogle Scholar
  15. 15.
    Feret J (2005) Numerical abstract domains for digital filters. In: International workshop on Numerical and Symbolic Abstract Domains (NSAD)Google Scholar
  16. 16.
    Féron E (2010) From control systems to control software. IEEE Control Syst 30(6):50–71CrossRefMathSciNetGoogle Scholar
  17. 17.
    Gaubert S, Goubault E, Taly A, Zennou S (2007) Static analysis by policy iteration on relational domains. In: ESOP, pp 237–252Google Scholar
  18. 18.
    Gawlitza T, Seidl H (2007) Precise fixpoint computation through strategy iteration. In: ESOP, pp 300–315Google Scholar
  19. 19.
    Gawlitza TM, Seidl H (2010) Computing relaxed abstract semantics w.r.t. quadratic zones precisely. In: SAS, pp 271–286Google Scholar
  20. 20.
    Gawlitza TM, Seidl H, Adjé A, Gaubert S, Goubault E (2012) Abstract interpretation meets convex optimization. J Symb Comput 47(12):1416–1446CrossRefzbMATHGoogle Scholar
  21. 21.
    Ghorbal K, Goubault E, Putot S (2009) The zonotope abstract domain taylor1+. In: CAV, pp 627–633Google Scholar
  22. 22.
    Gopan D, Reps TW (2006) Lookahead widening. In: CAV, pp 452–466Google Scholar
  23. 23.
    Goubault E, Putot S (2011) Static analysis of finite precision computations. In: VMCAI, pp 232–247Google Scholar
  24. 24.
    Haddad WM, Chellaboina VS (2008) Nonlinear dynamical systems and control: a lyapunov-based approach. Princeton University Press, PrincetonGoogle Scholar
  25. 25.
    Halbwachs N, Henry J (2012) When the decreasing sequence fails. In: SAS, pp 198–213Google Scholar
  26. 26.
    Halbwachs Nicolas, Proy Yann-Erick, Roumanoff Patrick (1997) Verification of real-time systems using linear relation analysis. Formal Methods in System Design 11(2):157–185CrossRefGoogle Scholar
  27. 27.
    Higham NJ (1996) Accuracy and stability of numerical algorithms. Society for Industrial and Applied Mathematics, PhiladelphiazbMATHGoogle Scholar
  28. 28.
    IEEE Computer Society (2008) IEEE standard for floating-point arithmetic. In: IEEE Standard 754–2008Google Scholar
  29. 29.
    Lyapunov AM (1947) Problème général de la stabilité du mouvement. Annals of Mathematics Studies 17. Princeton University Press, PrincetonGoogle Scholar
  30. 30.
    Miné A (2001) The octagon abstract domain. In: AST 2001 in WCRE 2001, IEEE, pp 310–319. IEEE CS PressGoogle Scholar
  31. 31.
    Miné A (2004) Relational abstract domains for the detection of floating-point run-time errors. In: ESOP, volume 2986 of LNCS, pp 3–17. Springer,
  32. 32.
    Monniaux D (2005) Compositional analysis of floating-point linear numerical filters. In: CAV, pp 199–212Google Scholar
  33. 33.
    Roozbehani M, Féron E, Megretski A (2005) Modeling, optimization and computation for software verification. In: HSCC, pp 606–622Google Scholar
  34. 34.
    Roux P (2013) Static analysis of control command systems: synthetizing non linear invariants. PhD thesis, Institut Supérieur de l’Aéronautique et de l’EspaceGoogle Scholar
  35. 35.
    Roux P, Garoche P-L (2013) Integrating policy iterations in abstract interpreters. In: Dang Van Hung and Mizuhito Ogawa, (eds), Automated technology for verification and analysis—11th international symposium, ATVA 2013, Hanoi, Vietnam, October 15–18, 2013. Proceedings, volume 8172 of Lecture Notes in Computer Science, pp 240–254. SpringerGoogle Scholar
  36. 36.
    Roux P, Garoche P-L (2014) Computing quadratic invariants with min- and max-policy iterations: a practical comparison. In: Jones CB, Pihlajasaari P, Sun J (eds), FM 2014: formal methods—19th international symposium, Singapore, May 12–16, 2014. Proceedings, volume 8442 of Lecture Notes in Computer Science, pp 563–578. SpringerGoogle Scholar
  37. 37.
    Roux P, Jobredeaux R, Garoche P-L, Féron E (2012) A generic ellipsoid abstract domain for linear time invariant systems. In: HSCC, pp 105–114Google Scholar
  38. 38.
    Rump SM (2006) Verification of positive definiteness. BIT Numer Math 46:433–452CrossRefzbMATHMathSciNetGoogle Scholar
  39. 39.
    Rump SM (2010) Verification methods: Rigorous results using floating-point arithmetic. Acta Numer 19:287–449CrossRefzbMATHMathSciNetGoogle Scholar
  40. 40.
    Schrammel P, Jeannet B (2011) Logico-numerical abstract acceleration and application to the verification of data-flow programs. In: SAS, pp 233–248Google Scholar
  41. 41.
    Seladji Y, Bouissou O (2013) Numerical abstract domain using support functions. NFM 7871:155–169Google Scholar
  42. 42.
    The Coq Development Team (2013) The Coq proof assistant reference manual, 2012. Version 8.4. Springer, HeidelbergGoogle Scholar
  43. 43.
    Vandenberghe L, Boyd S (1996) Semidefinite programming. SIAM Rev 38(1):49–95CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.ISAEUniversity of ToulouseToulouseFrance
  2. 2.ONERA - The French Aerospace LabToulouseFrance

Personalised recommendations