Liqian Chen,Dengping Wei,Banghu Yin,Ji Wang

DOI: https://doi.org/10.1016/j.scico.2022.102906

IF: 1.039

2022-01-01

Science of Computer Programming

Abstract:The classic linear (technically, affine) equality abstract domain, which can infer linear equality relations among variables of a program automatically, is one of the earliest and fundamental abstract domains. However, it cannot express non-convex properties that appear naturally due to the inherent disjunctive behaviors in programs. In this paper, we introduce a new abstract domain, namely the abstract domain of linear absolute value equalities (AVE), which generalizes the linear equality abstract domain with absolute value terms of variables. More clearly, we leverage the absolute value function to design the new abstract domain for discovering linear equality relations among values and absolute values of program variables. Moreover, since linear absolute value equalities can only express limited form of inequalities while programs often involve various inequalities, to help the AVE domain, we propose a so-called signed interval abstract domain as an extension of the classic interval abstract domain. The key idea is to use two intervals to track respectively the positive part and the negative part of the interval range for each variable. On this basis, we propose to combine the two new abstract domains to improve precision of each other during analysis. Experimental results are encouraging: In practice, the AVE abstract domain (together with the signed interval abstract domain) can find interesting piece-wise linear invariants that are non-convex and out of the expressiveness of the linear equality domain.

Liqian Chen,Banghu Yin,Dengping Wei,Ji Wang

DOI: https://doi.org/10.1109/tase52547.2021.00020

2021-01-01

Abstract:The classic linear (technically, affine) equality abstract domain, which can infer linear equality relations among variables of a program automatically, is one of the earliest and fundamental abstract domains. As a lightweight relational abstract domain, it has been widely used in program analysis. However, it cannot express non-convex properties that appear naturally due to the inherent disjunctive behaviors in a program. In this paper, we introduce a new abstract domain, namely the abstract domain of linear absolute value equalities, which generalizes the linear equality abstract domain with absolute value terms of variables. More clearly, we leverage the absolute value function to design the new abstract domain for discovering linear equality relations among values and absolute values of program variables. The new abstract domain can be used to infer piecewise linear behaviors (e.g., due to conditional branches, absolute value function calls, max/min function calls, etc.) in a program. Experimental results of our prototype are encouraging: In practice, the new abstract domain can find interesting piece-wise linear invariants that are non-convex and out of the expressiveness of the linear equality domain.

Milan Hladík,David Hartman

2023-07-07

Abstract:We deal with linear programming problems involving absolute values in their formulations, so that they are no more expressible as standard linear programs. The presence of absolute values causes the problems to be nonconvex and nonsmooth, so hard to solve. In this paper, we study fundamental properties on the topology and the geometric shape of the solution set, and also conditions for convexity, connectedness, boundedness and integrality of the vertices. Further, we address various complexity issues, showing that many basic questions are NP-hard to solve. We show that the feasible set is a (nonconvex) polyhedral set and, more importantly, every nonconvex polyhedral set can be described by means of absolute value constraints. We also provide a necessary and sufficient condition when a KKT point of a nonconvex quadratic programming reformulation solves the original problem.

Optimization and Control,Numerical Analysis

Tengbin Wang,Liqian Chen,Taoqing Chen,Guangsheng Fan,Ji Wang

DOI: https://doi.org/10.4230/lipics.cp.2021.57

2021-01-01

Abstract:Linear programming is a key technique for analysis and verification of numerical properties in programs, neural networks, etc. In particular, in program analysis based on abstract interpretation, many numerical abstract domains (such as Template Constraint Matrix, constraint-only polyhedra, etc.) are designed on top of linear programming. However, most state-of-the-art linear programming solvers use floating-point arithmetic in their implementations, leading to an approximate result that may be unsound. On the other hand, the solvers implemented using exact arithmetic are too costly. To this end, this paper focuses on advancing rigorous linear programming techniques based on floating-point arithmetic for building sound and efficient program analysis. Particularly, as a supplement to existing techniques, we present a novel rigorous linear programming technique based on Fourier-Mozkin elimination. On this basis, we implement a tool, namely, RlpSolver, combining our technique with existing techniques to lift effectiveness of rigorous linear programming in the scene of analysis and verification. Experimental results show that our technique is complementary to existing techniques, and their combination (RlpSolver) can achieve a better trade-off between cost and precision via heuristic rules.

Liqian Chen,Antoine Miné,Ji Wang,Patrick Cousot

DOI: https://doi.org/10.1007/978-3-642-03237-0_21

2009-01-01

Abstract:We introduce a new numerical abstract domain, so-called interval polyhedra (itvPol), to infer and propagate interval linear constraints over program variables. itvPol, which allows to represent constraints of the form ∑  k [a k ,b k ]x k  ≤ c, is more expressive than the classic convex polyhedra domain and allows to express certain non-convex (even unconnected) properties. The implementation of itvPol can be constructed based on interval linear programming and an interval variant of Fourier-Motzkin elimination. The preliminary experimental results of our prototype are encouraging, especially for programs affected by interval uncertainty, e.g., due to uncertain input data or interval-based abstractions of disjunctive, non-linear, or floating-point expressions. To our knowledge, this is the first application of interval linear algebra to static analysis.

Liqian Chen,Jiangchao Liu,Antoine Miné,Deepak Kapur,Ji Wang

DOI: https://doi.org/10.1007/978-3-319-10936-7_7

2014-01-01

Abstract:The octagon abstract domain, devoted to discovering octagonal constraints (also called Unit Two Variable Per Inequality or UTVPI constraints) of a program, is one of the most commonly used numerical abstractions in practice, due to its quadratic memory complexity and cubic time complexity. However, the octagon domain itself is restricted to express convex sets and has limitations in handling non-convex properties which are sometimes required for proving some numerical properties in a program. In this paper, we intend to extend the octagon abstract domain with absolute value, to infer certain non-convex properties by exploiting the absolute value function. More precisely, the new domain can infer relations of the form {+/- X +/- Y <= c, +/- X +/- |Y| = d, +/-| X| +/- |Y| <= e}. We provide algorithms for domain operations such that the new domain still enjoys the same asymptotic complexity as the octagon domain. Moreover, we present an approach to support strict inequalities over rational or real-valued variables in this domain, which also fits for the octagon domain. Experimental results of our prototype are encouraging; The new domain is scalable and able to find non-convex invariants of interest in practice but without too much overhead (compared with that using octagons).

Jia-Hong JIANG,Bang-Hu YIN,Li-Qian CHEN

DOI: https://doi.org/10.11897/SP.J.1016.2018.00545

2018-01-01

Chinese Journal of Computers

Abstract:The problem of automatically inferring numerical invariants in a program has received wide attention in the analysis and verification of programs.Abstract interpretation is a general theory to soundly approximate program semantics.It provides a general framework to analyze value ranges of program variables,guaranteeing the soundness of the analysis.Abstract domain is key to the framework of abstract interpretation,which achieves a trade-off between efficiency and precision,and especially various numerical abstract domains have been proposed under this framework.In particular,the expressiveness of the template constraint matrix domain (TCM) subsumes most weakly relational abstract domains that are commonly used in practical program analysis,for example,interval abstract domain (a ≤x ≤b),octagon abstract domain (± x ± y ≤c),etc.During the analysis and verification of real-life systems,due to uncertainty,the application data in the model or program may not be known exactly,which is then often provided or modelled in terms of intervals.Moreover,in practice,floating-point arithmetic and non-linear expressions are often abstracted into linear expressions with interval coefficients.In other words,interval coefficients appear naturally during program analysis in practice.Hence,abstract domains that can infer interval linear relationships among variables are desired.This paper extends classical template constraint matrix domain which is based on linear template constraints,to support interval linear template constraints,and proposes a new numerical domain-interval template constraint matrix domain (itvTCM),which could infer interval linear inequality relations among variables in the program in the form of "∑ [ak,bk]xk ≤c"(where the interval coefficient [ak,bk] is determined before analysis).itvTCM makes use of "weak solution" as the semantics of the solution of interval linear constraints,which could represent certain non-convex (even non-connected) properties,and thus it is more expressive than TCM.Each itvTCM element could be considered as a disjunction of multiple TCMs but without using any explicit disjunctive operations.From the geometric point of view,each itvTCM element maps each orthant to a convex polyhedron (maybe an empty polyhedron).This paper provides domain representation and domain operations (such as join,meet,widening,etc.) of itvTCM,and most domain operations of itvTCM are implemented based on interval linear programming.Theoretically,the complexity of some domain operations of itvTCM is at worst exponential of that of the corresponding domain operations in classic TCM.However,in practice,we could alleviate this problem through restricting the number of interval coefficients.In this paper,we also discuss how to generate templates for itvTCM.Finally,we have implemented itvTCM in the numerical abstract domain library APRON,and conducted experiments.The preliminary experimental results show that itvTCM is useful to capture disjunctive behaviors of a program.

Liqian Chen,Antoine Miné,Ji Wang,Patrick Cousot

DOI: https://doi.org/10.1007/978-3-642-11319-2_11

2010-01-01

Abstract:We introduce a new abstract domain, namely the domain of Interval Linear Equalities (itvLinEqs) , which generalizes the affine equality domain with interval coefficients by leveraging results from interval linear algebra. The representation of itvLinEqs is based on a row echelon system of interval linear equalities, which natively allows expressing classical linear relations as well as certain topologically non-convex (even unconnected or non-closed) properties. The row echelon form limits the expressiveness of the domain but yields polynomial-time domain operations. Interval coefficients enable a sound adaptation of itvLinEqs to floating-point arithmetic. itvLinEqs can be used to infer and propagate interval linear constraints, especially for programs involving uncertain or inexact data. The preliminary experimental results are encouraging: itvLinEqs can find a larger range of invariants than the affine equality domain. Moreover, itvLinEqs provides an efficient alternative to polyhedra-like domains.

Qi Zhan

2024-05-02

Abstract:We propose a new static program analysis called program behavior analysis. The analysis aims to calculate possible symbolic expressions for every variable at each program point. We design a new lattice, transfer function, and widening operator to accommodate the analysis. Furthermore, we extend the analysis to interprocedural.

Software Engineering

Ze-wen DING,Hong-chang GUO,Shuang-long KAN,Chi ZHANG

DOI: https://doi.org/10.3969/j.issn.1007-130X.2017.04.018

2017-01-01

Abstract:Static program analysis with interpretation has been successfully applied to industry in order to avoid runtime errors and ensure the correctness of the software.Abstract domain is one of the important aspects in abstract interpretation theory.However,most of the existing numerical abstract domains cannot express non-convex properties.These limitations often affect the precision of numerical analysis and even lead to more false alarms.We propose a numerical abstract domain based on two-interval octagonal constraints.This abstract domain allows us to represent invariants of the form x±y ∈ [a,b] ∪ [c,d],where a and y are variable values and a,b,c,d ∈ R.Domain elements in this abstract domain are represented by two-interval octagonal constraints,so the new abstract domain can express certain non-convex properties and is more expressive than the octagon abstract domain,with only a small overhead in the computational complexity of domain operation.

Banghu Yin,Liqian Chen,Jiangchao Liu,Ji Wang

DOI: https://doi.org/10.1109/tr.2019.2925037

IF: 5.883

2020-01-01

IEEE Transactions on Reliability

Abstract:Numerical computation is often involved in software of embedded control systems, cyber-physical systems, artificial neural network systems, big data processing systems, etc. Automatically discovering numerical loop invariants is fundamental for checking the safety of such software. Abstract interpretation provides a framework to automatically discover sound invariants but which may be not precise enough due to over-approximations. One major source of precision loss is due to the limited linear expressiveness of most widely used numerical abstract domains and the widening operation. This becomes more serious when analyzing all variables simultaneously as a whole for programs that involve nonlinear behaviors. Based on the observation that the dependency among variables in a loop can be hierarchical, in this article, we propose a hierarchical static analysis to analyze a loop by utilizing relaxed abstract transformers. The main idea is to first partition all variables involved in a loop into different hierarchical layers, then compute invariants over the variables layer by layer in a bottom-up manner. During the iterative process, the computed invariants over lower layer variables are then used to relax transfer functions when analyzing the higher layer variables. One benefit of our method lies in that it can generate linear invariants to soundly enclose nonlinear behaviors in a loop. Finally, we present encouraging experimental results on benchmark programs involving nonlinear behaviors.

Liqian Chen,Renjian Li,Xueguang Wu,Ji Wang

DOI: https://doi.org/10.1016/j.scico.2014.06.004

IF: 1.039

2014-01-01

Science of Computer Programming

Abstract:We present an approach in the framework of abstract interpretation to analyze list-manipulating programs by combining shape and numerical abstractions. The analysis automatically divides a list into non-overlapping list segments according to the reachability property of pointer variables to list nodes. The list nodes in each segment are abstracted by a bit-vector wherein each bit corresponds to a pointer variable and indicates whether the nodes can be reached by that pointer variable. Moreover, for each bit-vector, we introduce an auxiliary integer variable, namely a counter variable, to record the number of nodes in the segment abstracted by that bit-vector. On this basis, we leverage the power of numerical abstractions to discover numerical relations among counter variables, so as to infer relational length properties among list segments. Furthermore, we show how our approach works for circular lists. Our approach stands out in its ability to find intricate properties that involve both shape and numerical information, which are important for checking program properties such as memory safety. A prototype is implemented and preliminary experimental results are encouraging.

Kristian Kersting,Martin Mladenov,Pavel Tokmakov

DOI: https://doi.org/10.48550/arXiv.1410.3125

2014-10-13

Abstract:We propose relational linear programming, a simple framework for combing linear programs (LPs) and logic programs. A relational linear program (RLP) is a declarative LP template defining the objective and the constraints through the logical concepts of objects, relations, and quantified variables. This allows one to express the LP objective and constraints relationally for a varying number of individuals and relations among them without enumerating them. Together with a logical knowledge base, effectively a logical program consisting of logical facts and rules, it induces a ground LP. This ground LP is solved using lifted linear programming. That is, symmetries within the ground LP are employed to reduce its dimensionality, if possible, and the reduced program is solved using any off-the-shelf LP solver. In contrast to mainstream LP template languages like AMPL, which features a mixture of declarative and imperative programming styles, RLP's relational nature allows a more intuitive representation of optimization problems over relational domains. We illustrate this empirically by experiments on approximate inference in Markov logic networks using LP relaxations, on solving Markov decision processes, and on collective inference using LP support vector machines.

Artificial Intelligence,Logic in Computer Science,Programming Languages,Optimization and Control

Xueguang Wu,Liqian Chen,Ji Wang

DOI: https://doi.org/10.1016/j.entcs.2014.08.004

2014-01-01

Electronic Notes in Theoretical Computer Science

Abstract:The value range information of program variables is useful in many applications such as compiler optimization and program analysis. In the framework of abstract interpretation, the interval abstract domain infers numerical bounds for each program variable. However, in certain applications such as automatic parallelization, symbolic ranges are often desired. In this paper, we present a new numerical abstract domain, namely the abstract domain of parametric ranges, to infer symbolic ranges over nonnegative parameters for each program variable. The new domain is designed based on the insight that in certain contexts, program procedures often have nonnegative parameters, such as the length of an input list and the size of an input array. The domain of parametric ranges seeks to infer the lower and upper bounds for each program variable where each bound is a linear expression over nonnegative parameters. The time and memory complexity of the domain operations of parametric ranges is O(nm) where n is the number of program variables and m is the number of nonnegative parameters. On this basis, we show the application of parametric ranges to infer symbolic ranges of the sizes of list segments in programs manipulating singly-linked lists. Finally, we show preliminary experimental results.

Jinhua Wang,Tianming Gao,Chong Li,Xiaoqi Yang

DOI: https://doi.org/10.1016/j.jmaa.2023.127982

IF: 1.417

2024-01-01

Journal of Mathematical Analysis and Applications

Abstract:The bounded linear regularity property plays a key role in the study of the strong convergence and/or convergence rate of the CQ algorithm for solving split feasibility problems. To establish some sufficient conditions ensuring the bounded linear regularity property for split feasibility problems in normed linear spaces, we introduce the notion of a relative regularity condition and its associated relative regularity constant in spirit of the regularity condition used in Burke and Ferris (1995) [12]. Based on convex analysis techniques, we explore equivalent characterizations of the relative regularity condition, which in particular extend the classical results in Burke and Ferris (1995) [12] from the Euclidean space to general normed linear spaces, and then establish some important and useful properties in terms of the related relative regularity constant. Consequently, we develop a new technique to establish some sufficient conditions ensuring the bounded linear regularity property for split feasibility problems in normed linear spaces. The sufficient conditions presented in this paper are in terms of the relative regularity constant, which seem completely new. Applied to the case of Hilbert spaces, our results extend and improve the corresponding ones in Wang et al. (2017) [35] by relaxing the relevant assumptions.(c) 2023 Elsevier Inc. All rights reserved.

Liqian Chen,Renjian Li,Xueguang Wu,Ji Wang

DOI: https://doi.org/10.1145/2480362.2480589

2013-01-01

Abstract:We present an approach under the framework of abstract interpretation to analyze list-manipulating programs by combining shape and numerical abstractions. The analysis automatically divides a list into non-overlapping list segments according to the reachability property of pointer variables to list nodes. The list nodes in each segment are abstracted by a bit-vector wherein each bit corresponds to a pointer variable and indicates whether the nodes can be reached by that pointer variable. Moreover, for each bit-vector, we introduce an auxiliary integer variable, namely a counter variable, to record the number of nodes in the segment abstracted by that bit-vector. On this basis, we leverage the power of numerical abstractions to discover numerical relations among counter variables, so as to infer relational length properties among list segments. Our approach stands out in its ability to find intricate properties that involve both shape and numerical information, which are important for checking program properties such as memory safety and termination. A prototype is implemented and preliminary experimental results are encouraging.

YANG Zhi-xiao,FAN Yan-feng,HE Hua-can

DOI: https://doi.org/10.3969/j.issn.1002-137X.2013.01.045

2013-01-01

Computer Science

Abstract:Not only the continuous changeability of propositional truth value,but also the continuous changeability of relations among propositions influence the operation models of propositional connectives in flexible logics.Flexible logic operators are continuously variable operator cluster along with both generalized self-correlation coefficient k and genera-lized correlation coefficient h.This paper studied the flexible average operators,and presented the definition of 0-level and 1-level [0,∞) value logic average operation models.To ensure the 0-level integrity of the model,the average operator cluster in its existential domain,continuously and monotonously transforms from the maximal average operator,passing through probability average operator and central average operator to the minimal average operator,and the four special operators on [0,∞) are proved.

P. Emelyanov

DOI: https://doi.org/10.48550/arXiv.cs/0609092

2006-09-16

Programming Languages

Abstract:In this article, we discuss a flow--sensitive analysis of equality relationships for imperative programs. We describe its semantic domains, general purpose operations over abstract computational states (term evaluation and identification, semantic completion, widening operator, etc.) and semantic transformers corresponding to program constructs. We summarize our experiences from the last few years concerning this analysis and give attention to applications of analysis of automatically generated code. Among other illustrating examples, we consider a program for which the analysis diverges without a widening operator and results of analyzing residual programs produced by some automatic partial evaluator. An example of analysis of a program generated by this evaluator is given.

Antoine Miné

DOI: https://doi.org/10.48550/arXiv.cs/0703084

2007-03-16

Abstract:This article presents a new numerical abstract domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on Difference-Bound Matrices and allows us to represent invariants of the form (+/-x+/-y<=c), where x and y are program variables and c is a real constant. We focus on giving an efficient representation based on Difference-Bound Matrices - O(n2) memory cost, where n is the number of variables - and graph-based algorithms for all common abstract operators - O(n3) time cost. This includes a normal form algorithm to test equivalence of representation and a widening operator to compute least fixpoint approximations.

Programming Languages

HOU Su-ning,CHEN Li-qian,WANG Zhao-fei,WANG Ji

DOI: https://doi.org/10.3969/j.issn.1007-130x.2011.03.018

2011-01-01

Abstract:The validation of program correctness is a challenge problem in computer science.The theory of abstract interpretation provides a general framework for static analysis which can deduce programs' dynamic property automatically.A value range analysis based on abstract interpretation can give the invariant relationship of variables at every program point,which is very important to compilation optimization and error examination.We propose an interprocedural framework that analyses the value range information of numerical programs,which can process C and Fortran programs.The C or Fortran source program is first preprocessed to an uniform representation,and then we draw the semantic equation which is equivalent to the source semantics.Finally,the iterative computation is done on this syntax equation to get the program invariant.Besides,we model some complex syntax structures such as array.The experiment indicates that our framework is very extensive and precise,and can process most problems brought by the usage of array.