Enhancing Program Verification Through Optimization Strategies

Slide Note
Embed
Share

Explore the realm of program transformations and optimizations targeted at improving program verification processes. Delve into inlining-based verifiers, deep assertions, and goal-directed search strategies to enhance program reliability and efficiency.

kael_719
kael_719 Follow

Uploaded on Oct 11, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research

  2. Optimizations In the context of compilers, an optimization is: A program transformation that preserves semantics Aimed at improving the execution time of the program We propose an optimization targeted towards program verification The optimization is semantics preserving Aimed at improving the verification time Targets Deep Assertions

  3. Deep Assertions Assertion Search in a large call graph Main

  4. Deep Assertions Search in a large call graph Path of length 5

  5. Deep Assertions Search in a large call graph Path of length 15

  6. Deep Assertions Statically, distance from main to the assertion was up to 38!

  7. Deep Assertions Goal-directed verifiers try to establish relevant information For instance, SLAM infers only predicates relevant to the property Contrast this with symbolic-execution-based testing or explicit modelcheckers that are not goal-directed When the target is far away, knowing what is relevant is that much harder

  8. Example // global variables var s, g: int; procedure P1() { P2(); P2(); } procedure Pn() { // loop while(*) { if(g == 1) Open(); Close(); } } procedure Open() { s := 1; } procedure main() { // Initialization s := 0; g := 1; P1(); } procedure Close() { assert s > 0; s := 0; } procedure P2() { P3(); P3(); } Deep call graph!

  9. Inlining-Based Verifiers Example: BMC, Corral Based on exploring the call graph by unfolding it Inline procedures, unroll loops Either in forward or backward direction Use invariants to help prune search

  10. Lazy Inlining Algorithms

  11. Example // global variables var s, g: int; procedure P1() { P2(); P2(); } procedure Pn() { // loop while(*) { if(g == 1) Open(); Close(); } } procedure Open() { s := 1; } procedure main() { // Initialization s := 0; g := 1; P1(); } procedure Close() { assert s > 0; s := 0; } procedure P2() { P3(); P3(); } Corral, forward Corral, backward Full inlining: O(2^n)*R, Or Produce the invariant for each Pi: (old(g) == 1 && old(s) == 0) ==> (s == 0 && !err) Full inlining: O(2^n)*R, Or Produce the precondition for each Pi: (g == 1)

  12. Example // global variables var s, g: int; procedure P1() { P2(); P2(); } procedure Pn() { // loop while(*) { if(g == 1) Open(); Close(); } } procedure Open() { s := 1; } procedure main() { // Initialization s := 0; g := 1; P1(); } procedure Close() { assert s > 0; s := 0; } procedure P2() { P3(); P3(); } After our transformation: Corral, forward: O(1) Corral, backward: O(1) No invariants needed!

  13. Our Transformation Key Guarantee: Lift all assertions to main, that is for any procedure call, it will be to a procedure that cannot fail How? Call-Return semantics: a procedure call stores the return address on the stack, jumps to the procedure, and on exit returns to the address on stack. When a procedure call doesn t fail, then we already have our guarantee When a procedure call will fail then we don t need the return address!

  14. Our Transformation foo_start: assert blah; halt; { ... // guess if the call fails if(*) { // it does! goto foo_start; } else { // it doesn t! call foo(); } ... } { ... call foo(); ... } procedure foo() { foo_start: assume blah; return; } procedure foo() { foo_start: assert blah; return; }

  15. Our Transformation main() { A; call foo(); B; assert e1; } main() { A; call foo(); B; assert e1; } foo() { call bar(); C; assert e2; } foo() { call bar(); C; assume e2; } bar() { D; assert e3; } bar() { D; assume e3; }

  16. Our Transformation main() { A; call foo(); B; assert e1; } main() { A; if(*) { goto foo_start; } else { call foo(); } B; assert e1; } foo() { call bar(); C; assert e2; } foo() { call bar(); C; assume e2; } bar() { D; assert e3; } bar() { D; assume e3; }

  17. Our Transformation main() { A; call foo(); B; assert e1; } main() { A; if(*) { goto foo_start; } else { call foo(); } B; assert e1; } foo_start: call bar(); C; assert e2; halt; foo() { call bar(); C; assert e2; } foo() { call bar(); C; assume e2; } bar() { D; assert e3; } bar() { D; assume e3; }

  18. Our Transformation main() { A; call foo(); B; assert e1; } main() { A; if(*) { goto foo_start; } else { call foo(); } B; assert e1; } foo_start: if(*) { goto bar_start; } else { call bar(); } C; assert e2; halt; foo() { call bar(); C; assert e2; } foo() { call bar(); C; assume e2; } bar() { D; assert e3; } bar() { D; assume e3; }

  19. Our Transformation main() { A; call foo(); B; assert e1; } main() { A; if(*) { goto foo_start; } else { call foo(); } B; assert e1; } foo_start: if(*) { goto bar_start; } else { call bar(); } C; assert e2; halt; bar_start: D; assert e3; halt; foo() { call bar(); C; assert e2; } foo() { call bar(); C; assume e2; } Remarks: 1. The algorithm terminates 2. At most one copy of each procedure absorbed into main (unlike inlining) 3. All assertions in main! 4. Semantically equivalent bar() { D; assert e3; } bar() { D; assume e3; }

  20. Our Transformation Additional Guarantee: Loops don t have assertions How? Only the last iteration can fail loop( ?); if(*) { b } loop(b) loop(b); if(*) { b }

  21. Example // global variables var s, g: int; procedure P1() { P2(); P2(); } procedure Pn() { // loop while(*) { if(g == 1) Open(); Close(); } } procedure Open() { s := 1; } procedure main() { // Initialization s := 0; g := 1; P1(); } procedure Close() { assert s > 0; s := 0; } procedure P2() { P3(); P3(); } Deep call graph!

  22. Example var s, g: int; procedure main() { s := 0; g := 1; if(*) goto P1_start; else P1(); return; Pn_start: while(*) { if(g == 1) Open(); Close(); } if(*) { if(g == 1) Open(); if(*) { assert s > 0; s := 0; } else Close(); } } // end main Inline: Open ensures s == 1 P1_start: if(*) goto P2_start; else P2(); if(*) goto P2_start; else P2(); return; ...

  23. Transforming Concurrent Programs Concurrent Programs: We still retain our guarantee Key Idea: At most one thread can fail Main thread guesses the failing thread upfront and starts running it (But it blocks until the thread is actually spawned) Rest all of the threads run failure free Failing thread transformed, as for sequential programs

  24. Programming Model Execution starts in main Additional threads can be spawned as: async call foo(x) Preemptions are explicit: yield Note: unbounded threads, but finite (fixed) number of thread entrypoints

  25. Transforming Concurrent Programs { ... // guess if this is the failing thread if(*) { // it is not async call foo(x); } else { // it is assume flag == nil; a := x; flag := foo ; } ... } { ... async call foo(x); ... }

  26. Transforming Concurrent Programs { flag := nil; if(*) { flag := main ; goto main_entry; } async call main(); yield; goto lfoo, lbar; lfoo: assume flag == foo ; args := a; goto foo_start; main lbar: assume flag == bar ; args := a; goto bar_start; main_entry: <main>; die; foo_entry: <foo>; die; bar_entry: <bar>; die; }

  27. Evaluation Two verifiers Corral: Based on procedure inlining Yogi: Based on testing and refinement via lazy predicate abstraction Implementation Less than 1000 lines of code! Evaluation Criteria Number of instances solved Running time Memory consumption Effect on summary generation (discussed in the paper)

  28. Benchmarks (Sequential) Windows Device Drivers, source: The Static Driver Verifier

  29. Summary of the Results

  30. Results: SI Number of instances: 2516 Reduction in Timeouts: 297 10X speedup: 54 2X speedup: 220 2X slowdown: 5 Program size increase: 1.1X to 1.6X Memory consumption: reduced!

  31. Results: SI+Houdini Number of instances: 2516 Reduction in Timeouts: 30 2X speedup: 80 2X slowdown: 4

  32. Results: Yogi Third party tool Number of instances: 802 Reduction in Timeouts: 7 10X speedup: 36 Slowdown mostly limited to trivial instances

  33. Results on Concurrent Programs

  34. Summary A program transformation that lifts all assertions to main Considerable speedups, up to 10X for two different verifiers Very little implementation effort Try it out in your verifier today! Thank You!

Related


Program Verification via an Intermediate Verification Language

Program Verification via an Intermediate Verification Language

dee_ana
Importance of Timely Verification in Care After Death

Importance of Timely Verification in Care After Death

willow
Overview of Program Verification Tools and Techniques

Overview of Program Verification Tools and Techniques

bowe_635
Advanced Program Optimization Techniques for Efficient Verification and Goal-Directed Search

Advanced Program Optimization Techniques for Efficient Verification and Goal-Directed Search

terajib
Machine Learning Applications for EBIS Beam Intensity and RHIC Luminosity Maximization

Machine Learning Applications for EBIS Beam Intensity and RHIC Luminosity Maximization

drub
Understanding Discrete Optimization in Mathematical Modeling

Understanding Discrete Optimization in Mathematical Modeling

heloise
Integrated Verification and Repair in Control Plane

Integrated Verification and Repair in Control Plane

buddy
Formal Verification and Automata Abstraction in Esterel

Formal Verification and Automata Abstraction in Esterel

edelweiss
Comprehensive Solution for EU Digital COVID Certificate Verification

Comprehensive Solution for EU Digital COVID Certificate Verification

mall878
Introduction to UVM: Verification Methodologies Overview

Introduction to UVM: Verification Methodologies Overview

wtav
Gradual Program Verification and its Techniques

Gradual Program Verification and its Techniques

adi_sco
DNN Inference Optimization Challenge Overview

DNN Inference Optimization Challenge Overview

buddy
Insights into Recent Progress on Sampling Problems in Convex Optimization

Insights into Recent Progress on Sampling Problems in Convex Optimization

lilyroseh
Software Bugs and Formal Verification in Critical Systems

Software Bugs and Formal Verification in Critical Systems

jama_ico
Automated Static Verification of Higher-order Functional Programs

Automated Static Verification of Higher-order Functional Programs

aaka860
Understanding Swarm Intelligence: Concepts and Applications

Understanding Swarm Intelligence: Concepts and Applications

syeda
Generalization of Empirical Risk Minimization in Stochastic Convex Optimization by Vitaly Feldman

Generalization of Empirical Risk Minimization in Stochastic Convex Optimization by Vitaly Feldman

layton
Approximation Algorithms for Stochastic Optimization: An Overview

Approximation Algorithms for Stochastic Optimization: An Overview

hule_mus
Flower Pollination Algorithm: Nature-Inspired Optimization

Flower Pollination Algorithm: Nature-Inspired Optimization

weak_ssa
Electors Verification Programme Overview

Electors Verification Programme Overview

fionn
ICAO Strategic Objective: Economic Development of Air Transport Verification and Validation Overview

ICAO Strategic Objective: Economic Development of Air Transport Verification and Validation Overview

sbrig
Criticisms and Defenses of Verification and Falsification Principles

Criticisms and Defenses of Verification and Falsification Principles

esmee
Formal Verification of Cyberphysical Systems and Future Certification Methods

Formal Verification of Cyberphysical Systems and Future Certification Methods

knox_roy
Warning Verification and Scoring Guidelines in Weather Forecasting Workshop

Warning Verification and Scoring Guidelines in Weather Forecasting Workshop

mfouc

More Related Content