Continuity analysis of programs

We present an analysis to automatically determine if a program represents a continuous function, or equivalently, if infinitesimal changes to its inputs can only cause infinitesimal changes to its outputs. The analysis can be used to verify the robustness of programs whose inputs can have small amounts of error and uncertainty---e.g., embedded controllers processing slightly unreliable sensor data, or handheld devices using slightly stale satellite data. Continuity is a fundamental notion in mathematics. However, it is difficult to apply continuity proofs from real analysis to functions that are coded as imperative programs, especially when they use diverse data types and features such as assignments, branches, and loops. We associate data types with metric spaces as opposed to just sets of values, and continuity of typed programs is phrased in terms of these spaces. Our analysis reduces questions about continuity to verification conditions that do not refer to infinitesimal changes and can be discharged using off-the-shelf SMT solvers. Challenges arise in proving continuity of programs with branches and loops, as a small perturbation in the value of a variable often leads to divergent control-flow that can lead to large changes in values of variables. Our proof rules identify appropriate ``synchronization points'' between executions and their perturbed counterparts, and establish that values of certain variables converge back to the original results in spite of temporary divergence. We prove our analysis sound with respect to the traditional epsilon-delta definition of continuity. We demonstrate the precision of our analysis by applying it to a range of classic algorithms, including algorithms for array sorting, shortest paths in graphs, minimum spanning trees, and combinatorial optimization. A prototype implementation based on the Z3 SMT-solver is also presented.

[1]  W. R. Fried,et al.  Avionics Navigation Systems , 1969 .

[2]  Wilson A. Sutherland,et al.  Introduction to Metric and Topological Spaces , 1975 .

[3]  Thomas A. Henzinger,et al.  Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems , 1992, Hybrid Systems.

[4]  Glynn Winskel,et al.  The formal semantics of programming languages - an introduction , 1993, Foundation of computing series.

[5]  G. Winskel The formal semantics of programming languages , 1993 .

[6]  Bradford W. Parkinson,et al.  Global positioning system : theory and applications , 1996 .

[7]  Per Enge,et al.  Global Positioning System: Theory and Applications, Volume II , 1996 .

[8]  S. Pettersson,et al.  Stability and robustness for hybrid systems , 1996, Proceedings of 35th IEEE Conference on Decision and Control.

[9]  E. R. Cohen An Introduction to Error Analysis: The Study of Uncertainties in Physical Measurements , 1998 .

[10]  Eric Goubault,et al.  Static Analyses of the Precision of Floating-Point Operations , 2001, SAS.

[11]  Dick Hamlet,et al.  Continuity in sofware systems. , 2002 .

[12]  Dick Hamlet,et al.  Continuity in software systems , 2002, ISSTA '02.

[13]  Eric Goubault,et al.  Asserting the Precision of Floating-Point Computations: A Simple Abstract Interpreter , 2002, ESOP.

[14]  Matthieu Martel,et al.  Propagation of Roundoff Errors in Finite Precision Computations: A Semantics Approach , 2002, ESOP.

[15]  Joseph Y. Halpern Reasoning about uncertainty , 2003 .

[16]  Frédéric Boniol,et al.  Robustness analysis of avionics embedded systems , 2003 .

[17]  G. Bel,et al.  Robustness analysis of avionics embedded systems , 2003, LCTES '03.

[18]  Antoine Miné,et al.  Relational Abstract Domains for the Detection of Floating-Point Run-Time Errors , 2004, ESOP.

[19]  Mats Per Erik Heimdahl,et al.  Deviation Analysis: A New Use of Model Checking , 2005, Automated Software Engineering.

[20]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[21]  Andreas Podelski,et al.  Model Checking of Hybrid Systems: From Reachability Towards Stability , 2006, HSCC.

[22]  Patrick Cousot,et al.  Proving the absence of run-time errors in safety-critical avionics code , 2007, EMSOFT '07.

[23]  Edward A. Lee Cyber Physical Systems: Design Challenges , 2008, 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC).

[24]  Emilio Frazzoli,et al.  Distributed Lyapunov Functions in Analysis of Graph Models of Software , 2008, HSCC.

[25]  Alexander Aiken,et al.  A capability calculus for concurrency and determinism , 2006, TOPL.

[26]  Ofer Strichman,et al.  Regression Verification: Proving the Equivalence of Similar Programs , 2009, CAV.