Static analysis of numerical programs

Similar documents
A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

SCADE Suite in Space Applications

A Tool for Generating Partition Schedules of Multiprocessor Systems

A REVIEW ON KALMAN FILTER FOR GPS TRACKING

EECS 556 Image Processing W 09. Interpolation. Interpolation techniques B splines

Numerical Analysis An Introduction

Forecasting in supply chains

CS321. Introduction to Numerical Methods

AN INTRODUCTION TO NUMERICAL METHODS AND ANALYSIS

Astrée: Building a Static Analyzer for Real-Life Programs

10. Proximal point method

Abstract Interpretation-based Static Analysis Tools:

Static Analysis of Dynamic Properties - Automatic Program Verification to Prove the Absence of Dynamic Runtime Errors

GPR Polarization Simulation with 3D HO FDTD

IKOS: A Framework for Static Analysis based on Abstract Interpretation (Tool Paper)

GI01/M055 Supervised Learning Proximal Methods

Basics of Polynomial Theory

Software Testing & Analysis (F22ST3): Static Analysis Techniques 2. Andrew Ireland

Introduction to time series analysis

CHAPTER 5 Round-off errors

Vector and Matrix Norms

Høgskolen i Narvik Sivilingeniørutdanningen STE6237 ELEMENTMETODER. Oppgaver

The Effects of Start Prices on the Performance of the Certainty Equivalent Pricing Policy

Nonlinear Algebraic Equations. Lectures INF2320 p. 1/88

Static analysis: from theory to practice

Signal to Noise Instrumental Excel Assignment

2.3 Convex Constrained Optimization Problems

Comprehensive Static Analysis Using Polyspace Products. A Solution to Today s Embedded Software Verification Challenges WHITE PAPER

Combining Static Analysis and Test Generation for C Program Debugging

7. Some irreducible polynomials

Secure Software Programming and Vulnerability Analysis

Contrôle dynamique de méthodes d approximation

AP Physics 1 and 2 Lab Investigations

How To Develop A Static Analysis System For Large Programs

Mapping an Application to a Control Architecture: Specification of the Problem

Concepts in Investments Risks and Returns (Relevant to PBE Paper II Management Accounting and Finance)

Information Theory and Coding Prof. S. N. Merchant Department of Electrical Engineering Indian Institute of Technology, Bombay

DYNAMIC RANGE IMPROVEMENT THROUGH MULTIPLE EXPOSURES. Mark A. Robertson, Sean Borman, and Robert L. Stevenson

The string of digits in the binary number system represents the quantity

MPI-Checker Static Analysis for MPI

Balance Accuracy. FlexiWeigh

Numerical Matrix Analysis

System Identification for Acoustic Comms.:

Safety and Hazard Analysis

InvGen: An Efficient Invariant Generator

Global Positioning System

in a Nutshell (c) 2007 Mauro Pezzè & Michal Young Ch 1, slide 1

LEVERAGING DEDUCTIVE VERIFICATION IN INDUSTRIAL CONTEXTS

Office of Institutional Research & Planning

TOPO Trajectory Operations Officer

Computer Graphics. Geometric Modeling. Page 1. Copyright Gotsman, Elber, Barequet, Karni, Sheffer Computer Science - Technion. An Example.

α = u v. In other words, Orthogonal Projection

Set-based Simulation for Design and Verification of Simulink Models

KS3 Computing Group 1 Programme of Study hours per week

Algebra Unpacked Content For the new Common Core standards that will be effective in all North Carolina schools in the school year.

Analysis of Bayesian Dynamic Linear Models

Continued Fractions and the Euclidean Algorithm

Time Domain and Frequency Domain Techniques For Multi Shaker Time Waveform Replication

Quotient Rings and Field Extensions

Investigation of the Effect of Dynamic Capillary Pressure on Waterflooding in Extra Low Permeability Reservoirs

Experiment #1, Analyze Data using Excel, Calculator and Graphs.

9 More on differentiation

Formal Verification Coverage: Computing the Coverage Gap between Temporal Specifications

UFO: Verification with Interpolants and Abstract Interpretation

Parameter identification of a linear single track vehicle model

INF5140: Specification and Verification of Parallel Systems

µz An Efficient Engine for Fixed points with Constraints

We shall turn our attention to solving linear systems of equations. Ax = b

Introduction to Engineering System Dynamics

The p-norm generalization of the LMS algorithm for adaptive filtering

SOLUTIONS FOR PROBLEM SET 2

a 11 x 1 + a 12 x a 1n x n = b 1 a 21 x 1 + a 22 x a 2n x n = b 2.

Static Program Transformations for Efficient Software Model Checking

Chair of Software Engineering. Software Verification. Assertion Inference. Carlo A. Furia

Some facts about polynomials modulo m (Full proof of the Fingerprinting Theorem)

Data Storage 3.1. Foundations of Computer Science Cengage Learning

A new binary floating-point division algorithm and its software implementation on the ST231 processor

Adaptive Tolerance Algorithm for Distributed Top-K Monitoring with Bandwidth Constraints

D-optimal plans in observational studies

Section A. Index. Section A. Planning, Budgeting and Forecasting Section A.2 Forecasting techniques Page 1 of 11. EduPristine CMA - Part I

Math 181 Handout 16. Rich Schwartz. March 9, 2010

Transcription:

Sylvie Putot with Eric Goubault, Franck Védrine and Karim Tekkal (Digiteo) Laboratory for the Modelling and Analysis of Interacting Systems, CEA LIST RAIM 09: 3es Rencontres Arithmétique de l Informatique Mathématique - LIP, ENS Lyon Sylvie Putot with Eric Goubault, Franck Védrine and Karim Tekkal Static (Digiteo) analysislaboratory of numerical forprograms the Modelling and Analysis of Int

Validation of numerical programs Conception designed in real numbers: what is the impact of a finite precision implementation, what is a correct program? No run-time error, such as division by 0, overflow, etc The program does compute something not too far from what is expected (=the result computed in real numbers) No problematic control-flow difference between real and floating-point computation (same nb of iterations) Can we also prove the algorithm correct (method error)?

Householder scheme for square root computation Execution of Householder scheme

Static Analysis Analysis of the source code, for a set of inputs and parameters, without executing it: does the program always terminate? does the program ever reach a bad state? is there a possibility of run-time error, such as division by zero? synchronization errors (deadlocks, data races)? does the program compute accurately? The ideal automatic static analyzer (eg for run-time error) is sound: if there is an error, the analyzer reports it complete: if the analyzer reports an error, it is a genuine one Interesting program properties are undecidable in general: in general choose sound (but not complete) then focus on trade-off between performance and accuracy

Static Analysis by Abstract Interpretation (Cousot 77) Computable over-approximations of sets of values at any point in the program, for any possible execution: the program is considered as a discrete dynamical system invariants are computed as solution of a fix-point equation

FLUCTUAT static analyzer: models float as real + error float x,y,z; x = 0.1; // [1] y = 0.5; // [2] z = x+y; // [3] t = x*z; // [4] f x = 0.1 + 1.49e 9 [1] f y = 0.5 f z = 0.6 + 1.49e 9 [1] + 2.23e 8 [3] f t = 0.06 + 1.04e 9 [1] + 2.23e 9 [3] 8.94e 10 [4] 3.55e 17 [ho] Then abstraction for each term (real value and errors)

Sound abstraction based on Affine Arithmetic The real value of variable x is represented by an affine form ˆx : ˆx = x 0 + x 1 ε 1 +... + x n ε n, where x i R and the ε i are independent symbolic variables with unknown value in [ 1, 1]. Sharing ε i between variables expresses implicit dependency: concretization as a zonotope 15 y ˆx = 20 4ε 1 + 2ε 3 + 3ε 4 10 ŷ = 10 2ε 1 + ε 2 ε 4 5 x 10 15 20 25 30

Abstract domain based on affine arithmetic Assignment of a variable x whose value is given in a range [a, b] introduces a noise symbol ε i : ˆx = (a + b) 2 + (b a) 2 functional abstraction: link to the inputs via the noise symbols, allowing sensitivity analysis and worst case generation Addition is computed componentwise (no new noise symbol): ˆx + ŷ = (α x 0 + α y 0 ) + (αx 1 + α y 1 )ε 1 +... + (α x n + α y n)ε n Non linear operations : approximate linear form (Taylor expansion), new noise term for the approximation error Efficient join operator (on-going work for a better meet operator) ε i.

Union over affine forms We define z = x y by z = α z 0 + i αz i ε i + β z ε U with α0 z = mid([ˆx] [ŷ]) αi z = argmin α, i 1 α x i αy i α αx i αy i β z = sup γ(ˆx) γ(ŷ) α z 0 z 1 argmin α = {α [u v, u v], α minimal} u v α u v Intuitively, α z i expresses the common dependency to symbol ε i, and the remainder is associated to a new noise symbol ε U efficient (linear in the number of symbols, and eliminates part of the symbols) range of values taken by the union is the union of the ranges

Example ˆx = 3 + ε 1 + 2ε 2 ŷ = 1 2ε 1 + ε 2 û = ε 1 + ε 2 ˆx et ŷ functions of û

Example ˆx = 3 + ε 1 + 2ε 2 ŷ = 1 2ε 1 + ε 2 û = ε 1 + ε 2 ˆx et ŷ functions of û ẑ = ˆx ŷ = 2 + ε 2 + 3ε U ˆx, ŷ et ẑ functions of û γ(ẑ) = [ 2, 6] = γ(ˆx) γ(ŷ)

FLUCTUAT Takes source C code (most of ANSI C, except union types and malloc most notably), with assertions (for instance range of values and imprecision on input, but also range of gradient of evolution of values) Gives, fully automatically, characterization of ranges/errors, and describe the origins of errors: identification of pieces of code with numerical difficulties But also, in some cases, weak functional proof of algorithms Is/has been used for a wide variety of codes (automotive, nuclear industry, aeronautics, aerospace) of size up to about 50000 LOCs (on laptop PCs 1Gb)

Back to the Householder scheme Householder

Second order filters Filters

Astrium ST case study for ATV (33KLoc) Central control module that monitors the behaviour of the spacecraft while docking ISS station: Kalman filter Iterate, up to 1200 seconds: Computation of the estimated state (based on data from the navigation module and from previous predicted states) and commanded acceleration Filtering and saturation of the acceleration (8 th order linear filter) Control of the real acceleration of the engine (using inputs from sensors) Computation of the predicted state : integration of the motion equations using 4 th order Runge-Kutta scheme

Indentifying sources of errors

Explanation Each global step of 1 second is divided in two integration steps step 1 = 0.075 and step 2 = 0.925, step 1 and step 2 are not exactly represented as float (error on step 1 is about 3e 9 and error on step 2 is about 1.2e 8 ). The integration is thus computed on more than one second at each step. Naturally the error on step 2 prevails, as found by FLUCTUAT. Relative error insignificant considering the maximum duration of integration (1.8e 5 for 1200s), but exactly representable steps with sum equal to 1, such as 0.078125 and 0.921875 would be much better.

References Abstract domains based on affine forms for the computation of invariants on numerical programs: Static Analysis of Numerical Algorithms, SAS 2006 (Static Analysis Symposium) Under-Approximations of Computations in Real Numbers Based on Generalized Affine Arithmetic, SAS 2007 (Static Analysis Symposium) Perturbed affine arithmetic for invariant computation in numerical program analysis, arxiv:0807.2961, july 2008 The Zonotope Abstract Domain Taylor1+, CAV 2009 (Computer Aided Verification) A Zonotopic Framework for Functional Abstractions, arxiv:0910.1763, october 2009

References Implementation and use of FLUCTUAT; industrial case studies Static Analysis of the Accuracy in Control Systems: Principles and Experiments (with IRSN - Institut de Radioprotection et de Sécurité Nucléaire - and Hispano Suiza), FMICS 2007 (Formal Methods for Industrial Critical Systems) Validation using Abstract Interpretation (with ESA, ASTRIUM SAS, ENS), DASIA 2009 (DAta Systems In Aerospace Space Software) HybridFluctuat: A Static Analyzer of Numerical Programs within a Continuous Environment, CAV 2009 Towards an industrial use of FLUCTUAT on safety-critical avionics software (with Airbus), FMICS 2009

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information