Towards Energy Consumption Verification via Static Analysis

In this paper we leverage an existing general framework for resource usage verification and specialize it for verifying energy consumption specifications of embedded programs. Such specifications can include both lower and upper bounds on energy usage, and they can express intervals within which energy usage is to be certified to be within such bounds. The bounds of the intervals can be given in general as functions on input data sizes. Our verification system can prove whether such energy usage specifications are met or not. It can also infer the particular conditions under which the specifications hold. To this end, these conditions are also expressed as intervals of functions of input data sizes, such that a given specification can be proved for some intervals but disproved for others. The specifications themselves can also include preconditions expressing intervals for input data sizes. We report on a prototype implementation of our approach within the CiaoPP system for the XC language and XS1-L architecture, and illustrate with an example how embedded software developers can use this tool, and in particular for determining values for program parameters that ensure meeting a given energy budget while minimizing the loss in quality of service.

💡 Research Summary

The paper presents a comprehensive approach for verifying energy consumption specifications of embedded programs through static analysis. Building on a previously developed general framework for resource usage verification, the authors specialize it to handle energy as a non‑functional global property. The methodology consists of several key steps. First, source code written in the XC language (or its lower‑level representations such as LL VM IR or ISA code) is transformed into an intermediate representation based on Horn clauses (HC IR). This representation naturally supports static single assignment form, recursion, and control‑flow constructs, making it well‑suited for precise resource analysis.

Second, the energy model of the target XS1‑L architecture—provided as a JSON file that maps each ISA instruction to an energy cost—is translated into a set of Ciao assertions. These assertions, together with any user‑provided “trusted” information, are fed to the CiaoPP parametric resource analyzer. The analyzer propagates the per‑instruction costs through the HC IR, automatically deriving symbolic energy consumption functions that relate the program’s input data sizes (e.g., array lengths, loop bounds) to the total energy used. The resulting functions may be polynomial, exponential, logarithmic, or combinations thereof.

Third, the verification component compares the derived energy functions against user‑written specifications. Specifications are expressed directly in XC source files using C‑style #pragma directives, which are translated into Ciao assertions. Each specification can state lower and/or upper bounds on energy, expressed as arithmetic expressions over input‑size variables, and can be annotated with a status tag (check, trust, true, checked, false). The verifier checks whether the inferred bounds satisfy the specification for all inputs that meet the pre‑condition. If the specification holds, the original assertion is marked checked. If it is violated, it is marked false. When the analysis cannot decide, the tool splits the original assertion into several parts, each covering a sub‑interval of the input domain and labeled accordingly (checked, false, or remaining check). This fine‑grained feedback enables developers to identify precisely which input ranges meet the energy budget and which do not.

The authors implemented a prototype within the CiaoPP system and integrated it with the XC compiler (xcc). The tool can operate at either the ISA level or the LL VM IR level; the paper references prior work that evaluates the trade‑offs between these levels (precision versus analysis cost). The prototype was evaluated on representative XS1‑L programs, including a simple signal‑processing kernel and an image‑filtering routine. In the case studies, the tool successfully inferred energy functions, verified specifications, and automatically suggested parameter ranges that satisfy a given energy budget while minimizing quality loss. The analysis time scaled reasonably with program size, and the static verification proved far faster than exhaustive runtime measurement.

Overall, the contribution is twofold: (1) a concrete static analysis pipeline that can handle energy consumption as a first‑class resource, and (2) a verification mechanism that not only answers “yes/no” but also produces actionable input‑size intervals. The approach is language‑agnostic beyond XC, as the core relies on Horn‑clause IR and CiaoPP’s generic resource analyzer, suggesting that the technique can be adapted to other programming languages and hardware platforms. The work demonstrates that rigorous, compile‑time energy verification is feasible and can support designers of battery‑constrained or safety‑critical embedded systems in meeting strict power budgets early in the development cycle.