Table Of ContentUgo Dal Lago
Ricardo Peña (Eds.)
Foundational
2
5 and Practical Aspects
5
8
S
C of Resource Analysis
N
L
Third International Workshop, FOPARA 2013
Bertinoro, Italy, August 29–31, 2013
Revised Selected Papers
123
Lecture Notes in Computer Science 8552
Commenced Publication in 1973
Founding and Former Series Editors:
Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen
Editorial Board
David Hutchison
Lancaster University, Lancaster, UK
Takeo Kanade
Carnegie Mellon University, Pittsburgh, PA, USA
Josef Kittler
University of Surrey, Guildford, UK
Jon M. Kleinberg
Cornell University, Ithaca, NY, USA
Friedemann Mattern
ETH Zurich, Zürich, Switzerland
John C. Mitchell
Stanford University, Stanford, CA, USA
Moni Naor
Weizmann Institute of Science, Rehovot, Israel
C. Pandu Rangan
Indian Institute of Technology, Madras, India
Bernhard Steffen
TU Dortmund University, Dortmund, Germany
Demetri Terzopoulos
University of California, Los Angeles, CA, USA
Doug Tygar
University of California, Berkeley, CA, USA
Gerhard Weikum
Max Planck Institute for Informatics, Saarbruecken, Germany
More information about this series at http://www.springer.com/series/7408
ñ
Ugo Dal Lago Ricardo Pe a (Eds.)
(cid:129)
Foundational
and Practical Aspects
of Resource Analysis
Third International Workshop, FOPARA 2013
–
Bertinoro, Italy, August 29 31, 2013
Revised Selected Papers
123
Editors
UgoDal Lago Ricardo Peña
UniversitàdiBologna Universidad Complutensede Madrid
Bologna Madrid
Italy Spain
ISSN 0302-9743 ISSN 1611-3349 (electronic)
ISBN 978-3-319-12465-0 ISBN 978-3-319-12466-7 (eBook)
DOI 10.1007/978-3-319-12466-7
LibraryofCongressControlNumber:2014953270
LNCSSublibrary:SL2–ProgrammingandSoftwareEngineering
SpringerChamHeidelbergNewYorkDordrechtLondon
©SpringerInternationalPublishingSwitzerland2014
Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow
knownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnectionwith
reviewsorscholarlyanalysisormaterialsuppliedspecificallyforthepurposeofbeingenteredandexecuted
onacomputersystem,forexclusiveusebythepurchaserofthework.Duplicationofthispublicationor
partsthereofispermittedonlyundertheprovisionsoftheCopyrightLawofthePublisher’slocation,inits
currentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Permissionsforusemaybe
obtainedthroughRightsLinkattheCopyrightClearanceCenter.Violationsareliabletoprosecutionunder
therespectiveCopyrightLaw.
Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication
doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant
protectivelawsandregulationsandthereforefreeforgeneraluse.
Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpublication,
neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforanyerrorsor
omissions that may be made. The publisher makes no warranty, express or implied, with respect to the
materialcontainedherein.
Printedonacid-freepaper
SpringerispartofSpringerScience+BusinessMedia(www.springer.com)
Preface
The Third InternationalWorkshopon FoundationalandPractical Aspects ofResource
Analysis(FOPARA2013)washeldinBertinoro,Italy,duringAugust29–31,2013.It
washostedbytheBertinoroInternationalConferenceCenter.Inthisedition,FOPARA
was co-located with the 13th International Workshop on Termination (WST 2013).
Given the thematic proximity of the events, the Program Chairs decided to have not
only a co-location, but also interleaved sessions, so as to stimulate exchange of ideas
between the two communities.
The FOPARA workshop serves as a forum for presenting original research results
that are relevant to the analysis of resource consumption by computer programs. The
workshop aimsatbringingtogether researcherswhoworkonfoundationalissueswith
researchers who focus more on practical results. Therefore, both theoretical and
practical contributions were encouraged. Papers that combined theory and practice
were also welcome. The scientific program ofthis edition included three invited talks,
all of them joint with WST 2013:
(cid:129) GillesBarthe,fromIMDEASoftware,on“Computer-AidedCryptographicProofs”;
(cid:129) Amir Ben-Amram, from The Academic College of Tel-Aviv Yaffo, on “Ranking
Functions for Linear-Constraint Loops”;
(cid:129) Byron Cook, from Microsoft Research, who gave a talk entitled “Beyond
Termination.”
Of the 10 contributed talks, seven were on traditional approaches to complexity
analysis, while three were on topics that were hardly treated in previous editions of the
workshop,includingdifferentialprivacyandprobabilisticanalysisofprograms.Duringthe
workshoplively,inspiringdiscussionsemergedbetweenthemorepracticalandthemore
theoreticalresearchers.TheinteractionwithresearchersattendingWST2013wasstrong.
The FOPARA workshop is held every two years. The first two workshops of this
series were organized by the Radboud University Nijmegen at Eindhoven (The Neth-
erlands) in November 2009 and by the Universidad Complutense de Madrid at Madrid
(Spain) in May 2011. After the workshop, nine of the presented works were submitted
for formal publication. Also, an open call for more contributions was issued and three
more works were included in the formal peer-reviewing process. The Program Com-
mittee then selected nine papers for publication which are the ones included in this
volume.EachsubmissionwasreviewedbyatleastthreeProgramCommitteemembers.
We thank all the speakers, the authors, the Program Committee, and the rest of the
participants for contributing to the success of FOPARA 2013. We also acknowledge
the generous funding and support of the Department of Computer Science and Engi-
neering of the University of Bologna.
August 2014 Ugo Dal Lago
Ricardo Peña
Organization
Program Committee
Roberto M. Amadio Université Paris Diderot, France
Ugo Dal Lago University of Bologna, Italy
Marco Gaboardi University of Dundee, UK
Miguel Gomez-Zamalloa Universidad Complutense de Madrid, Spain
Steffen Jost University of St Andrews, UK
Hans-Wolfgang Loidl Heriot-Watt University, UK
Damiano Mazza CNRS, UMR 7030, LIPN, Université Paris 13,
Sorbonne Paris Cité, France
Georg Moser University of Innsbruck, Austria
Ricardo Peña Universidad Complutense de Madrid, Spain
Ulrich Schöpp Ludwig-Maximilians-Universität München,
Germany
Marko Van Eekelen Radboud University Nijmegen, The Netherlands
Pedro Vasconcelos University of Porto, Portugal
Additional Reviewers
Alonso, Diego Esteban Hsu, Justin
Avanzini, Martin Kersten, Rody
Correas, Jesus Montenegro, Manuel
Eguchi, Naohi Perrinel, Matthieu
Gimenez, Stéphane van Gastel, Bernard
Hoffmann, Jan
Contents
Certified Complexity (CerCo). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Roberto M. Amadio, Nicolas Ayache, Francois Bobot, Jaap P. Boender,
Brian Campbell, Ilias Garnier, Antoine Madet, James McKinna,
Dominic P. Mulligan, Mauro Piccolo, Randy Pollack,
Yann Régis-Gianas, Claudio Sacerdoti Coen,
Ian Stark, and Paolo Tranquilli
On the Modular Integration of Abstract Semantics for WCET Analysis . . . . . 19
Mihail Asăvoae and Irina Măriuca Asăvoae
Can a Light Typing Discipline Be Compatible with an Efficient
Implementation of Finite Fields Inversion?. . . . . . . . . . . . . . . . . . . . . . . . . 38
Daniele Canavese, Emanuele Cesena, Rachid Ouchary, Marco Pedicini,
and Luca Roversi
Probabilistic Analysis of Programs: A Weak Limit Approach. . . . . . . . . . . . 58
Alessandra Di Pierro and Herbert Wiklicky
Predicative Lexicographic Path Orders: An Application of Term Rewriting
to the Region of Primitive Recursive Functions. . . . . . . . . . . . . . . . . . . . . . 77
Naohi Eguchi
A Hoare Logic for Energy Consumption Analysis. . . . . . . . . . . . . . . . . . . . 93
Rody Kersten, Paolo Parisen Toldin, Bernard van Gastel,
and Marko van Eekelen
Reasoning About Resources in the Embedded Systems Language Hume . . . . 110
Hans-Wolfgang Loidl and Gudmund Grov
On Paths-Based Criteria for Polynomial Time Complexity in Proof-Nets . . . . 127
Matthieu Perrinel
Collected Size Semantics for Strict Functional Programs over General
Polymorphic Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Olha Shkaravska, Marko van Eekelen, and Alejandro Tamalet
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Certified Complexity (CerCo)
Roberto M. Amadio4, Nicolas Ayache3,4, Francois Bobot3,4, Jaap P. Boender1,
Brian Campbell2, Ilias Garnier2, Antoine Madet4, James McKinna2,
B
Dominic P. Mulligan1( ), Mauro Piccolo1, Randy Pollack2,
Yann R´egis-Gianas3,4, Claudio Sacerdoti Coen1, Ian Stark2,
and Paolo Tranquilli1
1 Dipartimento di Informatica - Scienza e Ingegneria,
Universit´a di Bologna, Bologna, Italy
[email protected]
2 LFCS, School of Informatics, University of Edinburgh, Edinburgh, UK
3 INRIA (Team πr2), Paris-Rocquencourt, France
4 Universit`e Paris Diderot, Paris, France
Abstract. We provide an overview of the FET-Open Project CerCo
(‘Certified Complexity’). Our main achievement is the development of
a technique for analysing non-functional properties of programs (time,
space) at the source level with little or no loss of accuracy and a small
trustedcodebase.ThecorecomponentisaCcompiler,verifiedinMatita,
thatproducesaninstrumentedcopyofthesourcecodeinadditiontogen-
erating object code. This instrumentation exposes, and tracks precisely,
the actual (non-asymptotic) computational cost of the input program
at the source level. Untrusted invariant generators and trusted theorem
provers may then be used to compute and certify the parametric execu-
tion time of the code.
1 Introduction
Programs can be specified with both functional constraints (what the program
must do) and non-functional constraints (what time, space or other resources
the program may use). In the current state of the art, functional properties are
verified by combining user annotations—preconditions, invariants, and so on—
with a multitude of automated analyses—invariant generators, type systems,
abstract interpretation, theorem proving, and so on—on the program’s high-
levelsourcecode.Bycontrast,manynon-functionalpropertiesareverifiedusing
analysesonlow-levelobjectcode,buttheseanalysesmaythenneedinformation
about the high-level functional behaviour of the program that must then be
reconstructed. This analysis on low-level object code has several problems:
– Itcanbehardtodeducethehigh-levelstructureoftheprogramaftercompiler
optimisations.Theobjectcodeproducedbyanoptimisingcompilermayhave
radically different control flow to the original source code program.
The project CerCo acknowledges the financial support of the Future and Emerg-
ing Technologies (FET) programme within the Seventh Framework Programme for
Research of the European Commission, under FET-Open grant number: 243881.
(cid:2)c SpringerInternationalPublishingSwitzerland2014
U.DalLagoandR.Pen˜a(Eds.):FOPARA2013,LNCS8552,pp.1–18,2014.
DOI:10.1007/978-3-319-12466-71
2 R.M. Amadio et al.
– Techniquesthatoperateonobjectcodearenotusefulearlyinthedevelopment
processofaprogram,yetproblemswithaprogram’sdesignorimplementation
are cheaper to resolve earlier in the process, rather than later.
– Parametric cost analysis is very hard: how can we reflect a cost that depends
on the execution state, for example the value of a register or a carry bit, to a
cost that the user can understand looking at the source code?
– Performingfunctionalanalysesonobjectcodemakesithardfortheprogram-
mer to provide information about the program and its expected execution,
leading to a loss of precision in the resulting analyses.
Vision and approach. Wewanttoreconcilefunctionalandnon-functionalanaly-
ses:toshareinformationandperformbothatthesametimeonhigh-levelsource
code. What has previously prevented this approach is the lack of a uniform and
precise cost model for high-level code as each statement occurrence is compiled
differently, optimisations may change control flow, and the cost of an object
code instruction may depend on the runtime state of hardware components like
pipelines and caches, all of which are not visible in the source code.
We envision a new generation of compilers that track program structure
through compilation and optimisation and exploit this information to define a
precise,non-uniformcostmodelforsourcecodethataccountsforruntimestate.
Withsuchacostmodelwecanreducenon-functionalverificationtothefunctional
caseandexploitthestateoftheartinautomatedhigh-levelverification[18].The
techniques currently used by the Worst Case Execution Time (WCET) commu-
nity,whoperformanalysesonobjectcode,arestillavailablebutcanbecoupled
withadditionalsource-levelanalyses.Whereourapproachproducesoverlycom-
plexcostmodels,safeapproximationscanbeusedtotradecomplexitywithpre-
cision.Finally,sourcecodeanalysiscanbeusedearlyinthedevelopmentprocess,
whencomponentshavebeenspecifiedbutnotimplemented,asmodularitymeans
thatitisenoughtospecifythenon-functionalbehaviourofmissingcomponents.
Contributions. We have developed the labelling approach [5], a technique to
implement compilers that induce cost models on source programs by very light-
weight tracking of code changes through compilation. We have studied how to
formally prove the correctness of compilers implementing this technique, and
have implemented sucha compiler from Cto object binaries for the8051 micro-
controller for predicting execution time and stack space usage, verifying it in an
interactivetheoremprover.Aswearetargetinganembeddedmicrocontrollerwe
do not consider dynamic memory allocation.
To demonstrate source-level verification of costs we have implemented a
Frama-C plugin [10] that invokes the compiler on a source program and uses
it to generate invariants on the high-level source that correctly model low-level
costs. The plugin certifies that the program respects these costs by calling auto-
matedtheoremprovers,anewandinnovativetechniqueinthefieldofcostanaly-
sis. Finally, we have conducted several case studies, including showing that the
