c2bp: Automated Predicate Abstraction for C - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

c2bp: Automated Predicate Abstraction for C

Description:

c2bp: Automated Predicate Abstraction for C. Thomas Ball. Rupak Majumdar, Todd Millstein ... Check reachability on the boolean program abstraction B of P with bebop ... – PowerPoint PPT presentation

Number of Views:143
Avg rating:3.0/5.0
Slides: 13
Provided by: tba3
Category:

less

Transcript and Presenter's Notes

Title: c2bp: Automated Predicate Abstraction for C


1
c2bp Automated Predicate Abstraction for C
  • Thomas Ball
  • Rupak Majumdar, Todd Millstein
  • Sriram K. Rajamani

http//research.microsoft.com/slam/
2
Predicate Abstraction
  • What is the predicate language?
  • Pure C boolean expressions
  • Later recursive data types, quantification
  • Given a C program P and set of predicates E
  • Create a boolean program B(P,E) that abstracts P

3
Machinery
  • Weakest precondition WP(s,e)
  • WP(xf,e) ex/f
  • WP(xx1,x2) (x2)x/x1 (x1)
  • Does some prime implicant I over predicates in E
    imply WP(s,e)?
  • Let F(WP(s,e)) be the largest disjunction of such
    prime implicants
  • Theorem prover Simplify, Vampyre, ICS?
  • Points-to analysis
  • WP(p1,xlty)
  • One-level flow flow-insensitive PTA of Das
    PLDI00

4
Naïve c2bp(P,E)
  • For each stmt in P
  • For each predicate e in E
  • e H( F(WP(s,e)), F(WP(s,!e)) )
  • H(a,b)
  • True if atrue
  • False if btrue
  • Dont know, otherwise
  • F is compile-time H is run-time
  • Example xx1, E x2
  • WP(xx1,x2) (x1)
  • F(x1) false
  • WP(xx1,!x2) !x1
  • F(!x1) x2
  • x2 H(false,x2)

5
Optimizations
  • Cone of influence
  • Alias information
  • Visit prime implicants in the right order
  • Eliminate calls to theorem prover
  • Caching results of theorem prover
  • Examine WP(s,e) to see what predicates are in E
  • Use pairs, triples, rather than prime
    implicants
  • Special case reasoning outside of theorem prover
  • Determine which decisions procedures are
    necessary for which statements, predicates

6
Is Locking Protocol Satisfied?
  • do
  • //get the write lock
  • KeAcquireSpinLock(devExt-gtwriteListLock)
  • nPacketsOld nPackets
  • request devExt-gtWriteListHeadVa
  • if(request request-gtstatus)
  • devExt-gtWriteListHeadVa request-gtNext
  • KeReleaseSpinLock(devExt-gtwriteListLock)
  • irp request-gtirp
  • if(request-gtstatus gt 0)
  • irp-gtIoStatus.Status STATUS_SUCCESS
  • irp-gtIoStatus.Information request-gtStatus
  • else
  • irp-gtIoStatus.Status STATUS_UNSUCCESSFUL
  • irp-gtIoStatus.Information request-gtStatus
  • nPackets

7
DesiredBoolean Program
b represents the condition (nPacketsOld
nPackets)
do FSM(Acquire) b 1 if()
FSM(Release) if() else
b H(0,b) while( !b )
FSM(Release)
  • do
  • //get the write lock
  • KeAcquireSpinLock(devExt-gtwriteListLock)
  • nPacketsOld nPackets
  • request devExt-gtWriteListHeadVa
  • if(request request-gtstatus)
  • devExt-gtWriteListHeadVa request-gtNext
  • KeReleaseSpinLock(devExt-gtwriteListLock)
  • irp request-gtirp
  • if(request-gtstatus gt 0)
  • irp-gtIoStatus.Status STATUS_SUCCESS
  • irp-gtIoStatus.Information request-gtStatus
  • else
  • irp-gtIoStatus.Status STATUS_UNSUCCESSFUL
  • irp-gtIoStatus.Information request-gtStatus
  • nPackets

8
SLAMIterative Refinement
  • Given a reachability query in program P
  • Check reachability on the boolean program
    abstraction B of P with bebop
  • Use path simulation (simcl) on P to discover
    spurious counterexamples (in B)
  • Use C predicate abstractor (c2bp) to refine B

9
Boolean ProgramSkeleton
do FSM(Acquire) if()
FSM(Release) if() else
while() FSM(Release)
  • do
  • //get the write lock
  • KeAcquireSpinLock(devExt-gtwriteListLock)
  • nPacketsOld nPackets
  • request devExt-gtWriteListHeadVa
  • if(request request-gtstatus)
  • devExt-gtWriteListHeadVa request-gtNext
  • KeReleaseSpinLock(devExt-gtwriteListLock)
  • irp request-gtirp
  • if(request-gtstatus gt 0)
  • irp-gtIoStatus.Status STATUS_SUCCESS
  • irp-gtIoStatus.Information request-gtStatus
  • else
  • irp-gtIoStatus.Status STATUS_UNSUCCESSFUL
  • irp-gtIoStatus.Information request-gtStatus
  • nPackets

10
The Missing Component
  • Path simulator
  • Given a path p in a C program P, is p feasible?
  • Dont know
  • If feasible, weve found an error!
  • If infeasible, find relevant predicates E from
    examining proof
  • Use c2bp(P,E) to eliminate infeasible path(s) by

11
DesiredBoolean Program
b represents the condition (nPacketsOld
nPackets)
do FSM(Acquire) b 1 if()
FSM(Release) if() else
b H(0,b) while( !b )
FSM(Release)
  • do
  • //get the write lock
  • KeAcquireSpinLock(devExt-gtwriteListLock)
  • nPacketsOld nPackets
  • request devExt-gtWriteListHeadVa
  • if(request request-gtstatus)
  • devExt-gtWriteListHeadVa request-gtNext
  • KeReleaseSpinLock(devExt-gtwriteListLock)
  • irp request-gtirp
  • if(request-gtstatus gt 0)
  • irp-gtIoStatus.Status STATUS_SUCCESS
  • irp-gtIoStatus.Information request-gtStatus
  • else
  • irp-gtIoStatus.Status STATUS_UNSUCCESSFUL
  • irp-gtIoStatus.Information request-gtStatus
  • nPackets

12
  • Software Productivity Tools
  • Microsoft Research
  • http//research.microsoft.com/slam/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "c2bp: Automated Predicate Abstraction for C" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!