Add to collection(s) Add to saved
  1. No category

ppt - Microsoft Research

advertisement 
Join Algorithms for the Theory of
Uninterpreted Functions
Sumit Gulwani
UC-Berkeley
Ashish Tiwari
SRI
George Necula
UC-Berkeley
Definition: Join in theory T
E = JoinT(E1,E2) iff
1. E1 )T E and E2 )T E
2. If (E1 )T g) and (E2 )T g), then E )T g
E1, E2, E: conjunction of ground facts in theory T
g: ground fact in theory T
E is the strongest conjunction of ground facts that is implied
by both E1 and E2 in theory T
1
Example of Joins
• LE: Linear Arithmetic with Equality
JoinLE(x=1 Æ y=4, x=3 Æ y=2) = x+y=5
• LI: Linear Arithmetic with Inequalities
JoinLI(x=1 Æ y=4, x=3 Æ y=2) = x+y=5 Æ 1·x·3
•
UF: Uninterpreted Functions
JoinUF(x=a Æ y=F(a), x=b Æ y=F(b)) = y=F(x)
2
Motivation: Program Analysis using Abstract Interpretation
True
*
x := a;
y := F(a);
True
u := F(x);
v := y;
False
x := b;
y := F(x);
*
False
u := F(a);
v := F(a);
assert (u=v);
assert (v=F(a));
Disadvantages of using decision
procedure:
•Exponential # of paths
•Loop invariants required
•Cannot discover invariants
Abstract Interpretation avoids
these problems
•Join Algorithm required to
merge facts at join points
3
Join for Uninterpreted Functions is not easy
Join(F(a)=a Æ F(b)=b Æ G(a)=G(b), a=b) =
GFi(a)=GFi(b)
The result of join is not finitely representable using standard
data-structures like EDAGs
4
Relatively Complete Join: Definition
Recall, Join(E1,E2): strongest conjunction of ground facts g s.t.
E1 )T g and E2 )T g
RCJoin(E1,E2,K): strongest conjunction of ground facts g s.t.
E1 )T g and E2 )T g and Terms(g) 2 K
Example
E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)
E2: a=b
K: { GF(a),GF(b) }
RCJoin(E1,E2,K): GF(a) = GF(b)
5
Relatively Complete Join: Algorithm
RCJoin(E1,E2,K):
1. Let D1=EDAG(E1) and D2=EDAG(E2)
2. Extend D1 and D2 to represent K
3. Congruence close D1 and D2
4. Let D=product construction of D1 and D2
Output D
6
Step 1: Constructing EDAGs
E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)
E2: a=b
K: { GF(a),GF(b) }
F
G
a
G
F
b
D1 = EDAG(E1)
a
b
D2 = EDAG(E2)
• Nodes represent terms
• Dotted edges represent equalities
7
Step 2: Extending EDAGs
E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)
E2: a=b
K: { GF(a),GF(b) }
F
G
a
G
F
b
D1 = EDAG(E1)
G
G
F
F
a
b
D2 = EDAG(E2)
• Add extra nodes to EDAGs s.t. terms in K are represented
8
Step 3: Congruence Closure
E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)
E2: a=b
K: { GF(a),GF(b) }
F
G
a
G
F
b
D1 = EDAG(E1)
G
G
F
F
a
b
D2 = EDAG(E2)
• F(n) = F(m) if n=m
9
Step 4: Product Construction (Intuition)
E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)
E2: a=b
K: { GF(a),GF(b) }
2
F
3
G
1
a
6
G
4
5
F
b
D1 = EDAG(E1)
C1: {a, Fa, F2(a), …}
C4: {b, Fb, F2(b), …}
C6: {G(a), GF(a), …
G(b), GF(b), …}
30 G
0
6
G
20 F
0
5
F
10 a
0
4
b
C6 Å C30: { GF(a), GF(b)}
D2 = EDAG(E2)
C10: {a, b}
C20: {F(a), F(b)}
C30: {GF(a), GF(b)}
10
Step 4: Product Construction (Algorithm)
E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)
E2: a=b
K: { GF(a),GF(b) }
2
F
3
G
1
a
6
G
4
5
F
b
D1 = EDAG(E1)
30 G
0
6
G
[3,30] G
0]
[6,6
G
20 F
0
5
F
[2,20] F
0]
[5,5
F
10 a
0
4
b
[1,10] a
0]
[4,4
b
D2 = EDAG(E2)
D
• [n,m] 2 D if n:v Æ m:v, or n:F(n1) Æ m:F(m1) Æ [n1,m1] 2 D
• [n1,m1] = [n2,m2] if n1=n2 and m1=m2
11
Future Work: Join Algorithm for other theories
For example, theory of commutative functions (CF)
– Useful in modeling floating point operations
– More challenging than uninterpreted functions (UF)
E1: x=a Æ y=b
E2: x=b Æ y=a
JoinUF(E1,E2) = true
JoinCF(E1,E2) =
F(C[a],C[b]) = F(C[b], C[a])
12
Future Work: Combining Join Algorithms
For example, theory of linear arithmetic and uninterpreted
functions (LA+UF)
E1: x=a Æ y=b
E2: x=b Æ y=a
JoinUF(E1,E2) = true
JoinLA(E1,E2) = x+y=a+b
JoinLA+UF(E1,E2) =
F(x+c)+F(y+c) = F(a+c)+F(b+c) Æ .….
13
Future Work: Context-sensitive Join Algorithms
Join(E1,E2) Æ E = Join(E1ÆE, E2ÆE)
• Useful in interprocedural analysis
• This is a representation issue.
– Representing result of join using conjunction of ground
facts is not context-sensitive.
E1: x=a Æ y=F(a)
E2: x=b Æ y=F(b)
JoinUF(E1,E2) Æ a=b = y=F(x) Æ a=b
JoinUF(E1Æ a=b,E2 Æ a=b) = y=F(x) Æ x=a=b
14
Conclusion
• Join Algorithms are useful in program analysis. They are
generalization of decision procedure.
JoinT(E, g) = g iff E )T g
E: conjunction of ground facts in theory T
g: ground fact in theory T
• We showed a relatively complete join algorithm for
uninterpreted functions.
• Join algorithms open up several interesting problems.
15
Related documents
Structured and Unstructured Induction with ... Brian R Gaines
Structured and Unstructured Induction with ... Brian R Gaines
EXCEPTION DAGS AS KNOWLEDGE STRUCTURES
EXCEPTION DAGS AS KNOWLEDGE STRUCTURES
5thDomainSpecificA-F
5thDomainSpecificA-F
Light-Weighting Options for Vehicle Structures for Model Year 2020
Light-Weighting Options for Vehicle Structures for Model Year 2020
if although while because as before since when after
if although while because as before since when after
The Six Main Uses of the Comma CCU Writing Center
The Six Main Uses of the Comma CCU Writing Center
4thDomainSpecificA-F
4thDomainSpecificA-F
Exploring Latent Structure in Data Algorithms and Implementations
Exploring Latent Structure in Data Algorithms and Implementations
CSCI 8080: Design and Analysis of Algorithms
CSCI 8080: Design and Analysis of Algorithms
COS 423 - Princeton University
COS 423 - Princeton University
Printed Electronic Inks - Henkel
Printed Electronic Inks - Henkel
Download
advertisement