research-article

Control-flow refinement and progress invariants for bound analysis

Authors:

Eric KoskinenAuthors Info & Claims

ACM SIGPLAN Notices, Volume 44, Issue 6

Pages 375 - 385

https://doi.org/10.1145/1543135.1542518

Published: 15 June 2009 Publication History

Abstract

Symbolic complexity bounds help programmers understand the performance characteristics of their implementations. Existing work provides techniques for statically determining bounds of procedures with simple control-flow. However, procedures with nested loops or multiple paths through a single loop are challenging.

In this paper we describe two techniques, control-flow refinement and progress invariants, that together enable estimation of precise bounds for procedures with nested and multi-path loops. Control-flow refinement transforms a multi-path loop into a semantically equivalent code fragment with simpler loops by making the structure of path interleaving explicit. We show that this enables non-disjunctive invariant generation tools to find a bound on many procedures for which previous techniques were unable to prove termination. Progress invariants characterize relationships between consecutive states that can arise at a program location. We further present an algorithm that uses progress invariants to compute precise bounds for nested loops. The utility of these two techniques goes beyond our application to symbolic bound analysis. In particular, we discuss applications of control-flow refinement to proving safety properties that otherwise require disjunctive invariants.

We have applied our methodology to over 670,000 lines of code of a significant Microsoft product and were able to find symbolic bounds for 90% of the loops. We are not aware of any other published results that report experiences running a bound analysis on a real code-base.

References

[1]

Phoenix Compiler. research.microsoft.com/Phoenix/.

[2]

Z3 Theorem Prover. research.microsoft.com/projects/Z3/.

[3]

Elvira Albert, Puri Arenas, Samir Genaim, and Germán Puebla. Automatic inference of upper bounds for recurrence relations in cost analysis. In SAS, 2008.

Digital Library

[4]

G. Balakrishnan, S. Sankaranarayanan, F. Ivancic, O. Wei, and A. Gupta. SLR: Path-sensitive analysis through infeasible-path detection and syntactic language refinement. Lecture Notes in Computer Science, 5079, 2008.

Digital Library

[5]

Josh Berdine, Aziem Chawdhary, Byron Cook, Dino Distefano, and Peter W. O'Hearn. Variance analyses from invariance analyses. In POPL, 2007.

Digital Library

[6]

Byron Cook, Andreas Podelski, and Andrey Rybalchenko. Termination proofs for systems code. In PLDI, 2006.

Digital Library

[7]

Patrick Cousot and Nicolas Halbwachs. Automatic discovery of linear restraints among variables of a program. In POPL, 1978.\pagebreak

Digital Library

[8]

Karl Crary and Stephanie Weirich. Resource bound certification. In POPL, 2000.

Digital Library

[9]

Simon Goldsmith, Alex Aiken, and Daniel Shawcross Wilkerson. Measuring empirical computational complexity. In ESEC/SIGSOFT FSE, 2007.

Digital Library

[10]

Denis Gopan and Thomas W. Reps. Lookahead widening. In CAV, 2006.

Digital Library

[11]

Denis Gopan and Thomas W. Reps. Guided static analysis. In SAS, 2007.

Digital Library

[12]

Bhargav S. Gulavani and Sumit Gulwani. A numerical abstract domain based on expression abstraction and max operator with application in timing analysis. In CAV, 2008.

Digital Library

[13]

Bhargav S. Gulavani, Thomas A. Henzinger, Yamini Kannan, Aditya V. Nori, and Sriram K. Rajamani. SYNERGY: A new algorithm for property checking. In FSE, 2006.

Digital Library

[14]

Sumit Gulwani and Nebojsa Jojic. Program verification as probabilistic inference. In POPL, 2007.

Digital Library

[15]

Sumit Gulwani, Krishna Mehra, and Trishul Chilimbi. SPEED: Precise and efficient static estimation of program computational complexity. In POPL, 2009.

Digital Library

[16]

Jan Gustafsson, Andreas Ermedahl, Christer Sandberg, and Bjorn Lisper. Automatic derivation of loop bounds and infeasible paths for wcet analysis using abstract execution. In RTSS, 2006.

Digital Library

[17]

Nicolas Halbwachs, Yann-Erick Proy, and Patrick Roumanoff. Verification of real--time systems using linear relation analysis. FMSD, 1997.

Digital Library

[18]

Christopher A. Healy, Mikael Sjodin, Viresh Rustagi, David B. Whalley, and Robert van Engelen. Supporting timing analysis by automatic bounding of loop iterations. Real-Time Systems, 18(2/3), 2000.

Digital Library

[19]

Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, and Grégoire Sutre. Lazy abstraction. In POPL, 2002.

Digital Library

[20]

Björn Lisper. Fully automatic, parametric worst--case execution time analysis. In WCET, 2003.

[21]

Ali Mili. Reflexive transitive loop invariants: A basis for computing loop functions. In WING, 2007.

[22]

Antoine Miné. The Octagon Abstract Domain. Higher-Order and Symbolic Computation, 19(1), 2006.

Digital Library

[23]

A. Podelski and A. Rybalchenko. A complete method for the synthesis of linear ranking functions. LNCS, 2003.

[24]

A. Podelski and A. Rybalchenko. Transition invariants. In LICS, 2004.

Digital Library

[25]

Sriram Sankaranarayanan, Franjo Ivancic, Ilya Shlyakhter, and Aarti Gupta. Static analysis in disjunctive numerical domains. In SAS, 2006.

Digital Library

[26]

Chao Wang, Zijiang Yang, Aarti Gupta, and Franjo Ivancic. Using counterexamples for improving the precision of reachability computation with polyhedra. In CAV, 2007.

Digital Library

[27]

Reinhard Wilhelm, Jakob Engblom, Andreas Ermedahl, Niklas Holsti, Stephan Thesing, David Whalley, Guillem Bernat, Christian Ferdinand, Reinhold Heckmann, Frank Mueller, Isabelle Puaut, Peter Puschner, Jan Staschulat, and Per Stenström. The Determination of Worst-Case Execution Times-Overview of the Methods and Survey of Tools. In TECS, 2007.

Digital Library

Cited By

Al-Bataineh OFilkov VRay BZhou M(2024)A Formal Treatment of Performance BugsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695288(2220-2224)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695288
Al-Bataineh OMoonen LHuyen PTan SMechtaev SKhurshid S(2024)Towards Developing Effective Fault localization Technique for Termination Bugs in Loop ProgramsProceedings of the 5th ACM/IEEE International Workshop on Automated Program Repair10.1145/3643788.3648008(5-8)Online publication date: 20-Apr-2024
https://dl.acm.org/doi/10.1145/3643788.3648008
Al-Bataineh OMoonen LVidziunas L(2024)Extending the range of bugs that automated program repair can handleJournal of Systems and Software10.1016/j.jss.2023.111918209(111918)Online publication date: Mar-2024
https://doi.org/10.1016/j.jss.2023.111918
Show More Cited By

Index Terms

Recommendations

Control-flow refinement and progress invariants for bound analysis
PLDI '09: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation

Symbolic complexity bounds help programmers understand the performance characteristics of their implementations. Existing work provides techniques for statically determining bounds of procedures with simple control-flow. However, procedures with nested ...
LLM-Generated Invariants for Bounded Model Checking Without Loop Unrolling
ASE '24: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering

We investigate a modification of the classical Bounded Model Checking (BMC) procedure that does not handle loops through unrolling but via modifications to the control flow graph (CFG). A portion of the CFG representing a loop is replaced by a node ...
Temporal property verification as a program analysis task

We describe a reduction from temporal property verification to a program analysis problem. First we present a proof system that, unlike the standard formulation, is more amenable to reasoning about infinite-state systems: disjunction is treated by ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 44, Issue 6

PLDI '09

June 2009

478 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/1543135

Issue’s Table of Contents

PLDI '09: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2009
492 pages
ISBN:9781605583921
DOI:10.1145/1542476
General Chair:
Michael Hind
IBM Research, USA
,
Program Chair:
Amer Diwan
University of Colorado at Boulder, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 June 2009

Published in SIGPLAN Volume 44, Issue 6

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

128
Total Citations
View Citations
717
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)1

Reflects downloads up to 22 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Al-Bataineh OFilkov VRay BZhou M(2024)A Formal Treatment of Performance BugsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695288(2220-2224)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695288
Al-Bataineh OMoonen LHuyen PTan SMechtaev SKhurshid S(2024)Towards Developing Effective Fault localization Technique for Termination Bugs in Loop ProgramsProceedings of the 5th ACM/IEEE International Workshop on Automated Program Repair10.1145/3643788.3648008(5-8)Online publication date: 20-Apr-2024
https://dl.acm.org/doi/10.1145/3643788.3648008
Al-Bataineh OMoonen LVidziunas L(2024)Extending the range of bugs that automated program repair can handleJournal of Systems and Software10.1016/j.jss.2023.111918209(111918)Online publication date: Mar-2024
https://doi.org/10.1016/j.jss.2023.111918
Zhang EWu FLu X(2024)An Intelligent Scheduling System for Large-Scale Online JudgingComputer Science and Education. Computer Science and Technology10.1007/978-981-97-0730-0_24(265-279)Online publication date: 26-Feb-2024
https://doi.org/10.1007/978-981-97-0730-0_24
Al-Bataineh OMoonen L(2022)Towards Extending the Range of Bugs That Automated Program Repair Can Handle2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS57517.2022.00031(209-220)Online publication date: Dec-2022
https://doi.org/10.1109/QRS57517.2022.00031
Kafle BGallagher JHermenegildo MKlemen MLópez-García PMorales J(2021)Regular Path Clauses and Their Application in Solving LoopsElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.344.3344(22-35)Online publication date: 13-Sep-2021
https://doi.org/10.4204/EPTCS.344.3
Ishimwe DNguyen KNguyen T(2021)Dynaplex: analyzing program complexity using dynamically inferred recurrence relationsProceedings of the ACM on Programming Languages10.1145/34855155:OOPSLA(1-23)Online publication date: 15-Oct-2021
https://dl.acm.org/doi/10.1145/3485515
Zhu SKincaid ZFreund SYahav E(2021)Termination analysis without the tearsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454110(1296-1311)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454110
KAFLE BGANGE GSTUCKEY PSCHACHTE PSØNDERGAARD H(2021)Transformation-Enabled Precondition InferenceTheory and Practice of Logic Programming10.1017/S147106842100027221:6(700-716)Online publication date: 23-Sep-2021
https://doi.org/10.1017/S1471068421000272
DE ANGELIS EFIORAVANTI FGALLAGHER JHERMENEGILDO MPETTOROSSI APROIETTI M(2021)Analysis and Transformation of Constrained Horn Clauses for Program VerificationTheory and Practice of Logic Programming10.1017/S147106842100021122:6(974-1042)Online publication date: 15-Nov-2021
https://doi.org/10.1017/S1471068421000211
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents