Proving programs robust

Swarat Chaudhuri, Sumit Gulwani, Roberto Lublinerman, S. Navidpour
{"title":"Proving programs robust","authors":"Swarat Chaudhuri, Sumit Gulwani, Roberto Lublinerman, S. Navidpour","doi":"10.1145/2025113.2025131","DOIUrl":null,"url":null,"abstract":"We present a program analysis for verifying quantitative robustness properties of programs, stated generally as: \"If the inputs of a program are perturbed by an arbitrary amount epsilon, then its outputs change at most by (K . epsilon), where K can depend on the size of the input but not its value.\" Robustness properties generalize the analytic notion of continuity---e.g., while the function ex is continuous, it is not robust. Our problem is to verify the robustness of a function P that is coded as an imperative program, and can use diverse data types and features such as branches and loops.\n Our approach to the problem soundly decomposes it into two subproblems: (a) verifying that the smallest possible perturbations to the inputs of P do not change the corresponding outputs significantly, even if control now flows along a different control path; and (b) verifying the robustness of the computation along each control-flow path of P. To solve the former subproblem, we build on an existing method for verifying that a program encodes a continuous function [5]. The latter is solved using a static analysis that bounds the magnitude of the slope of any function computed by a control flow path of P. The outcome is a sound program analysis for robustness that uses proof obligations which do not refer to epsilon-changes and can often be fully automated using off-the-shelf SMT-solvers.\n We identify three application domains for our analysis. First, our analysis can be used to guarantee the predictable execution of embedded control software, whose inputs come from physical sources and can suffer from error and uncertainty. A guarantee of robustness ensures that the system does not react disproportionately to such uncertainty. Second, our analysis is directly applicable to approximate computation, and can be used to provide foundations for a recently-proposed program approximation scheme called {loop perforation}. A third application is in database privacy: proofs of robustness of queries are essential to differential privacy, the most popular notion of privacy for statistical databases.","PeriodicalId":184518,"journal":{"name":"ESEC/FSE '11","volume":"174 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"132","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ESEC/FSE '11","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2025113.2025131","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 132

Abstract

We present a program analysis for verifying quantitative robustness properties of programs, stated generally as: "If the inputs of a program are perturbed by an arbitrary amount epsilon, then its outputs change at most by (K . epsilon), where K can depend on the size of the input but not its value." Robustness properties generalize the analytic notion of continuity---e.g., while the function ex is continuous, it is not robust. Our problem is to verify the robustness of a function P that is coded as an imperative program, and can use diverse data types and features such as branches and loops. Our approach to the problem soundly decomposes it into two subproblems: (a) verifying that the smallest possible perturbations to the inputs of P do not change the corresponding outputs significantly, even if control now flows along a different control path; and (b) verifying the robustness of the computation along each control-flow path of P. To solve the former subproblem, we build on an existing method for verifying that a program encodes a continuous function [5]. The latter is solved using a static analysis that bounds the magnitude of the slope of any function computed by a control flow path of P. The outcome is a sound program analysis for robustness that uses proof obligations which do not refer to epsilon-changes and can often be fully automated using off-the-shelf SMT-solvers. We identify three application domains for our analysis. First, our analysis can be used to guarantee the predictable execution of embedded control software, whose inputs come from physical sources and can suffer from error and uncertainty. A guarantee of robustness ensures that the system does not react disproportionately to such uncertainty. Second, our analysis is directly applicable to approximate computation, and can be used to provide foundations for a recently-proposed program approximation scheme called {loop perforation}. A third application is in database privacy: proofs of robustness of queries are essential to differential privacy, the most popular notion of privacy for statistical databases.
证明程序的健壮性
我们提出了一个程序分析来验证程序的定量鲁棒性,一般表述为:“如果一个程序的输入受到任意数量的epsilon的扰动,那么它的输出最多改变(K)。) K可以取决于输入的大小而不是它的值鲁棒性概括了连续性的解析概念——例如:,虽然函数ex是连续的,但它不是鲁棒的。我们的问题是验证函数P的健壮性,该函数被编码为命令式程序,并且可以使用不同的数据类型和特性,如分支和循环。我们对该问题的解决方法将其完整地分解为两个子问题:(a)验证即使控制现在沿着不同的控制路径流动,对P输入的最小可能扰动也不会显著改变相应的输出;(b)验证沿p的每个控制流路径计算的鲁棒性。为了解决前一个子问题,我们建立在验证程序编码连续函数[5]的现有方法的基础上。后者使用静态分析来解决,该分析限制了由控制流路径p计算的任何函数的斜率的大小。结果是一个可靠的鲁棒性程序分析,它使用不涉及epsilon变化的证明义务,并且通常可以使用现成的smt求解器完全自动化。我们为分析确定了三个应用程序域。首先,我们的分析可以用来保证嵌入式控制软件的可预测执行,这些软件的输入来自物理来源,可能会出现错误和不确定性。鲁棒性保证确保系统不会对这种不确定性做出不成比例的反应。其次,我们的分析直接适用于近似计算,并可用于为最近提出的称为{循环穿孔}的程序近似方案提供基础。第三个应用是数据库隐私:查询健壮性的证明对于差异隐私至关重要,差异隐私是统计数据库中最流行的隐私概念。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信