Advertisement

Improving Strategies via SMT Solving

  • Thomas Martin Gawlitza
  • David Monniaux
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6602)

Abstract

We consider the problem of computing numerical invariants of programs by abstract interpretation. Our method eschews two traditional sources of imprecision: (i) the use of widening operators for enforcing convergence within a finite number of iterations (ii) the use of merge operations (often, convex hulls) at the merge points of the control flow graph. It instead computes the least inductive invariant expressible in the domain at a restricted set of program points, and analyzes the rest of the code en bloc. We emphasize that we compute this inductive invariant precisely. For that we extend the strategy improvement algorithm of Gawlitza and Seidl [17]. If we applied their method directly, we would have to solve an exponentially sized system of abstract semantic equations, resulting in memory exhaustion. Instead, we keep the system implicit and discover strategy improvements using SAT modulo real linear arithmetic (SMT). For evaluating strategies we use linear programming. Our algorithm has low polynomial space complexity and performs for contrived examples in the worst case exponentially many strategy improvement steps; this is unsurprising, since we show that the associated abstract reachability problem is Π2 P -complete.

Keywords

Complete Lattice Strategy Improvement Strategy Iteration Variable Assignment Program Variable 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Adjé, A., Gaubert, S., Goubault, E.: Computing the smallest fixed point of nonexpansive mappings arising in game theory and static analysis of programs. ArXiv e-prints (June 2008)Google Scholar
  2. 2.
    Adjé, A., Gaubert, S., Goubault, E.: Coupling policy iteration with semi-definite relaxation to compute accurate numerical invariants in static analysis. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 23–42. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. 3.
    Ball, T., Jones, R.B. (eds.): CAV 2006. LNCS, vol. 4144. Springer, Heidelberg (2006)Google Scholar
  4. 4.
    Björklund, H., Sandberg, S., Vorobyov, S.: Optimization on completely unimodal hypercubes. Technichal report 2002-18, Uppsala University (2002)Google Scholar
  5. 5.
    Bjorklund, H., Sandberg, S., Vorobyov, S.: Complexity of Model Checking by Iterative Improvement: the Pseudo-Boolean Framework. In: Broy, M., Zamulin, A.V. (eds.) PSI 2003. LNCS, vol. 2890, pp. 381–394. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. In: Programming Language Design and Implementation (PLDI), ACM, New York (2003)Google Scholar
  7. 7.
    Cochet-Terrasson, J., Gaubert, S., Gunawardena, J.: A Constructive Fixed Point Theorem for Min-Max Functions. Dynamics and Stability of Systems 14(4), 407–433 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Colón, M.A., Sankaranarayanan, S., Sipma, H.: Linear invariant generation using non-linear constraint solving. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 420–432. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Costan, A., Gaubert, S., Goubault, E., Martel, M., Putot, S.: A Policy Iteration Algorithm for Computing Fixed Points in Static Analysis of Programs. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 462–475. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Cousot, P.: Proving program invariance and termination by parametric abstraction, Lagrangian relaxation and semidefinite programming. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 1–24. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Cousot, P., Cousot, R.: Static Determination of Dynamic Properties of Programs. In: Second Int. Symp. on Programming, Dunod, Paris, France (1976)Google Scholar
  12. 12.
    Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL (1977)Google Scholar
  13. 13.
    Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL (1978)Google Scholar
  14. 14.
    Dutertre, B., de Moura, L.: The Yices SMT solver. Tool paper (August 2006), http://yices.csl.sri.com/tool-paper.pdf
  15. 15.
    Dutertre, B., de Moura, L.M.: A fast linear-arithmetic solver for dpll(t). In: Ball, Jones [3]Google Scholar
  16. 16.
    Gaubert, S., Goubault, E., Taly, A., Zennou, S.: Static analysis by policy iteration on relational domains. In: Nicola [38]Google Scholar
  17. 17.
    Gawlitza, T., Seidl, H.: Precise relational invariants through strategy iteration. In: Duparc, J., Henzinger, T.A. (eds.) CSL 2007. LNCS, vol. 4646, pp. 23–40. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Gawlitza, T., Seidl, H.: Precise fixpoint computation through strategy iteration. In: Nicola [38]Google Scholar
  19. 19.
    Gawlitza, T., Seidl, H.: Precise interval analysis vs. parity games. In: Cuéllar, J., Maibaum, T.S.E., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 342–357. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Gawlitza, T., Leroux, J., Reineke, J., Seidl, H., Sutre, G., Wilhelm, R.: Polynomial precise interval analysis revisited. In: Albers, S., Alt, H., Näher, S. (eds.) Efficient Algorithms. LNCS, vol. 5760, pp. 422–437. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    Gawlitza, T.M., Seidl, H.: Solving systems of rational equations through strategy iteration. Technical report, TUM (2009)Google Scholar
  22. 22.
    Gawlitza, T.M., Seidl, H.: Computing relaxed abstract semantics w.r.t. quadratic zones precisely. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 271–286. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Gonnord, L.: Accelération abstraite pour l’amélioration de la précision en analyse des relations linéaires. PhD thesis, Université Joseph Fourier (October 2007), http://tel.archives-ouvertes.fr/tel-00196899/en/
  24. 24.
    Gonnord, L., Halbwachs, N.: Combining widening and acceleration in linear relation analysis. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 144–160. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. 25.
    Gopan, D., Reps, T.W.: Lookahead widening. In: Ball, Jones [3]Google Scholar
  26. 26.
    Rice, H.G.: Classes of recursively enumerable sets and their decision problems. In: Transactions of the American Mathematical Society, vol. 74. AMS, Providence (1953)Google Scholar
  27. 27.
    Halbwachs, N.: Delay analysis in synchronous programs. In: Courcoubetis, C. (ed.) CAV 1993. LNCS, vol. 697, pp. 333–346. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  28. 28.
    Hoffman, A., Karp, R.: On Nonterminating Stochastic Games. Management Sci. 12, 359–370 (1966)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Howard, R.: Dynamic Programming and Markov Processes. Wiley, NY (1960)zbMATHGoogle Scholar
  30. 30.
    Leconte, J., Roux, S.L., Liberti, L., Marinelli, F.: Code verification by static analysis: a mathematical programming approach. Technical report, LIX, Ecole Polytechnique, Palaiseau (August 2009)Google Scholar
  31. 31.
    Leroux, J., Sutre, G.: Accelerated data-flow analysis. In: Riis Nielson, H., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 184–199. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  32. 32.
    Megiddo, N.: On the Complexity of Linear Programming. In: Bewley, T. (ed.) Advances in Economic Theory: 5th World Congress, Cambridge University Press, Cambridge (1987)Google Scholar
  33. 33.
    Miné, A.: A new numerical abstract domain based on difference-bound matrices. In: Danvy, O., Filinski, A. (eds.) PADO 2001. LNCS, vol. 2053, pp. 155–172. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  34. 34.
    Miné, A.: The octagon abstract domain. In: WCRE (2001)Google Scholar
  35. 35.
    Miné, A.: Domaines numériques abstraits faiblement relationnels. PhD thesis, École polytechnique (2004)Google Scholar
  36. 36.
    Monniaux, D.: A quantifier elimination algorithm for linear real arithmetic. In: Cervesato, I., Veith, H., Voronkov, A. (eds.) LPAR 2008. LNCS (LNAI), vol. 5330, pp. 243–257. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  37. 37.
    Monniaux, D.: Automatic modular abstractions for linear constraints. In: Shao, Z., Pierce, B.C. (eds.) POPL, pp. 140–151. ACM, New York (2009)Google Scholar
  38. 38.
    Nicola, R.D.: Programming Languages and Systems, ESOP 2007. LNCS, vol. 4421. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  39. 39.
    Puri, A.: Theory of Hybrid and Discrete Systems. PhD thesis, University of California, Berkeley (1995)Google Scholar
  40. 40.
    Puterman, M.L.: Markov Decision Processes: Discrete Stochastic Dynamic Programming. Wiley, New York (1994)CrossRefzbMATHGoogle Scholar
  41. 41.
    Sankaranarayanan, S., Sipma, H., Manna, Z.: Constraint-based linear-relations analysis. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 53–68. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  42. 42.
    Sankaranarayanan, S., Sipma, H.B., Manna, Z.: Scalable analysis of linear systems using mathematical programming. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 25–41. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  43. 43.
    Schrijver, A.: Theory of linear and integer programming. John Wiley & Sons, Inc., New York (1986)zbMATHGoogle Scholar
  44. 44.
    Stockmeyer, L.J.: The polynomial-time hierarchy. Theoretical Computer Science 3(1), 1–22 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  45. 45.
    Vöge, J., Jurdziński, M.: A Discrete Strategy Improvement Algorithm for Solving Parity Games. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 202–215. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  46. 46.
    Wrathall, C.: Complete sets and the polynomial-time hierarchy. Theor. Comput. Sci. 3(1), 23–33 (1976)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Thomas Martin Gawlitza
    • 1
  • David Monniaux
    • 1
  1. 1.CNRS/VERIMAGFrance

Personalised recommendations