Abstract
Symbolic complexity bounds help programmers understand the performance characteristics of their implementations. Existing work provides techniques for statically determining bounds of procedures with simple control-flow. However, procedures with nested loops or multiple paths through a single loop are challenging.
In this paper we describe two techniques, control-flow refinement and progress invariants, that together enable estimation of precise bounds for procedures with nested and multi-path loops. Control-flow refinement transforms a multi-path loop into a semantically equivalent code fragment with simpler loops by making the structure of path interleaving explicit. We show that this enables non-disjunctive invariant generation tools to find a bound on many procedures for which previous techniques were unable to prove termination. Progress invariants characterize relationships between consecutive states that can arise at a program location. We further present an algorithm that uses progress invariants to compute precise bounds for nested loops. The utility of these two techniques goes beyond our application to symbolic bound analysis. In particular, we discuss applications of control-flow refinement to proving safety properties that otherwise require disjunctive invariants.
We have applied our methodology to over 670,000 lines of code of a significant Microsoft product and were able to find symbolic bounds for 90% of the loops. We are not aware of any other published results that report experiences running a bound analysis on a real code-base.
- Phoenix Compiler. research.microsoft.com/Phoenix/.Google Scholar
- Z3 Theorem Prover. research.microsoft.com/projects/Z3/.Google Scholar
- Elvira Albert, Puri Arenas, Samir Genaim, and Germán Puebla. Automatic inference of upper bounds for recurrence relations in cost analysis. In SAS, 2008. Google Scholar
Digital Library
- G. Balakrishnan, S. Sankaranarayanan, F. Ivancic, O. Wei, and A. Gupta. SLR: Path-sensitive analysis through infeasible-path detection and syntactic language refinement. Lecture Notes in Computer Science, 5079, 2008. Google Scholar
Digital Library
- Josh Berdine, Aziem Chawdhary, Byron Cook, Dino Distefano, and Peter W. O'Hearn. Variance analyses from invariance analyses. In POPL, 2007. Google Scholar
Digital Library
- Byron Cook, Andreas Podelski, and Andrey Rybalchenko. Termination proofs for systems code. In PLDI, 2006. Google Scholar
Digital Library
- Patrick Cousot and Nicolas Halbwachs. Automatic discovery of linear restraints among variables of a program. In POPL, 1978.\pagebreak Google Scholar
Digital Library
- Karl Crary and Stephanie Weirich. Resource bound certification. In POPL, 2000. Google Scholar
Digital Library
- Simon Goldsmith, Alex Aiken, and Daniel Shawcross Wilkerson. Measuring empirical computational complexity. In ESEC/SIGSOFT FSE, 2007. Google Scholar
Digital Library
- Denis Gopan and Thomas W. Reps. Lookahead widening. In CAV, 2006. Google Scholar
Digital Library
- Denis Gopan and Thomas W. Reps. Guided static analysis. In SAS, 2007. Google Scholar
Digital Library
- Bhargav S. Gulavani and Sumit Gulwani. A numerical abstract domain based on expression abstraction and max operator with application in timing analysis. In CAV, 2008. Google Scholar
Digital Library
- Bhargav S. Gulavani, Thomas A. Henzinger, Yamini Kannan, Aditya V. Nori, and Sriram K. Rajamani. SYNERGY: A new algorithm for property checking. In FSE, 2006. Google Scholar
Digital Library
- Sumit Gulwani and Nebojsa Jojic. Program verification as probabilistic inference. In POPL, 2007. Google Scholar
Digital Library
- Sumit Gulwani, Krishna Mehra, and Trishul Chilimbi. SPEED: Precise and efficient static estimation of program computational complexity. In POPL, 2009. Google Scholar
Digital Library
- Jan Gustafsson, Andreas Ermedahl, Christer Sandberg, and Bjorn Lisper. Automatic derivation of loop bounds and infeasible paths for wcet analysis using abstract execution. In RTSS, 2006. Google Scholar
Digital Library
- Nicolas Halbwachs, Yann-Erick Proy, and Patrick Roumanoff. Verification of real--time systems using linear relation analysis. FMSD, 1997. Google Scholar
Digital Library
- Christopher A. Healy, Mikael Sjodin, Viresh Rustagi, David B. Whalley, and Robert van Engelen. Supporting timing analysis by automatic bounding of loop iterations. Real-Time Systems, 18(2/3), 2000. Google Scholar
Digital Library
- Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, and Grégoire Sutre. Lazy abstraction. In POPL, 2002. Google Scholar
Digital Library
- Björn Lisper. Fully automatic, parametric worst--case execution time analysis. In WCET, 2003.Google Scholar
- Ali Mili. Reflexive transitive loop invariants: A basis for computing loop functions. In WING, 2007.Google Scholar
- Antoine Miné. The Octagon Abstract Domain. Higher-Order and Symbolic Computation, 19(1), 2006. Google Scholar
Digital Library
- A. Podelski and A. Rybalchenko. A complete method for the synthesis of linear ranking functions. LNCS, 2003.Google Scholar
- A. Podelski and A. Rybalchenko. Transition invariants. In LICS, 2004. Google Scholar
Digital Library
- Sriram Sankaranarayanan, Franjo Ivancic, Ilya Shlyakhter, and Aarti Gupta. Static analysis in disjunctive numerical domains. In SAS, 2006. Google Scholar
Digital Library
- Chao Wang, Zijiang Yang, Aarti Gupta, and Franjo Ivancic. Using counterexamples for improving the precision of reachability computation with polyhedra. In CAV, 2007. Google Scholar
Digital Library
- Reinhard Wilhelm, Jakob Engblom, Andreas Ermedahl, Niklas Holsti, Stephan Thesing, David Whalley, Guillem Bernat, Christian Ferdinand, Reinhold Heckmann, Frank Mueller, Isabelle Puaut, Peter Puschner, Jan Staschulat, and Per Stenström. The Determination of Worst-Case Execution Times-Overview of the Methods and Survey of Tools. In TECS, 2007. Google Scholar
Digital Library
Index Terms
Control-flow refinement and progress invariants for bound analysis
Recommendations
Path invariants
PLDI '07: Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and ImplementationThe success of software verification depends on the ability to find a suitable abstraction of a program automatically. We propose a method for automated abstraction refinement which overcomes some limitations of current predicate discovery schemes. In ...
Control-flow refinement and progress invariants for bound analysis
PLDI '09: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and ImplementationSymbolic complexity bounds help programmers understand the performance characteristics of their implementations. Existing work provides techniques for statically determining bounds of procedures with simple control-flow. However, procedures with nested ...
Automated Program Verification Using Generation of Invariants
QSIC '10: Proceedings of the 2010 10th International Conference on Quality SoftwareProgram verification based on invariant generation is a central issue in recent years. Invariants are key to deductive verification of imperative programs. In this paper, depending on linear invariants and polynomial loop invariants, we present a ...







Comments