Assertion Checking Unified - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Assertion Checking Unified

Description:

Blue assertion requires reasoning about equality guard f=w. ... Consider the equality F(u) F(v) = F(a) F(b) ... There exists an equality e1=e2 whose ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 22
Provided by: ResearchM53
Category:

less

Transcript and Presenter's Notes

Title: Assertion Checking Unified


1
Assertion Checking Unified
  • Sumit Gulwani
  • Microsoft Research, Redmond
  • Ashish Tiwari
  • SRI

2
Example
  • Green assertion requires modeling as
    uninterpreted.
  • Red assertion requires modeling as commutative,
    and reasoning about disequality guard f?w.
  • Blue assertion requires reasoning about
    equality guard fw.


f w
u 0 v 0
a 1 b 1 z ff
Assert(ab) Assert(z2w)
f?w
False
True
a ac b bc u u(ac) v
v(ac)(ca) f f-1 z z-2 Assert(v 2u)
3
Abstract Program Model / Problem Statement


y e
y ?
Assert(e1e2)
False
Assume(e1?e2)
True
Non-det Conditional
Non-det Assignment
Assignment
Disequality Guard
  • Linear Arithmetic
  • e y c e1 e2 c e
  • Uninterpreted Functions
  • e y F(e1,e2)
  • Combination
  • e y c e1 e2 c e F(e1,e2)

4
Summary of Results
Unification type of theory of program expressions Disequality Guards Complexity of assertion checking Examples
Strict Unitary No PTIME Linear Arithmetic (LA) Uninterpreted Fns (UF)
Bitary No coNP-hard LA UF Commutative (C)
Finitary-Convex Yes Decidable LA UF C AC
5
Outline
  • Unification type of theory
  • Assertion checking algorithm (unitary/finitary
    theories)
  • coNP-hardness (bitary theories)

6
Unification Terminology
  • A substitution ? is a (acyclic) mapping of some
    variables to expressions.
  • A substitution ?1 is more general than ?2 if
    there exists ? such that ?1 ?(?2).
  • A substitution ? is a unifier for an equality
    e1e2 if e1?(y)/y e2?(y)/y.
  • Example
  • Consider the equality F(u) F(v) F(a) F(b).
  • uÃa, vÃb is a unifier for it and so is uÃ1,
    aÃ1, vÃb.
  • The former unifier is more general than the
    latter.

7
Unification Terminology Continued
  • A set of unifiers ?1,,?k for e1e2 is complete
    if for all unifiers ? of e1e2, 9 i s.t. ?i is
    more general than ?.

Example Consider the equality F(u) F(v) F(a)
F(b). uÃa, vÃb, uÃb, vÃa is a complete
set of unifiers for it. Hence,
Unif(F(u)F(v)F(a)F(b)) (ua Æ vb) Ç (ub Æ
va).
8
Unification Type of Theories
  • Unitary All equalities e1e2 have a complete set
    of unifiers that is singleton.
  • Finitary All equalities e1e2 have a complete
    set of unifiers whose cardinality is finite.
  • Bitary There exists an equality e1e2 whose
    complete set of unifiers has 2 unifiers of the
    form y à z1 and y à z2

9
Examples of Bitary Theories
  • Bitary There exists an equality e1e2 whose
    complete set of unifiers has 2 unifiers of the
    form y à z1 and y à z2
  • Commutative Functions
  • F(F(y,y),F(z1,z2)) F(F(y,z1),F(y,z2))
  • Combination of Linear Arithmetic Uninterpreted
    Functions
  • F(F(y)F(y)) F(F(z1)F(z2)) F(F(y)F(z1))
    F(y)F(z2))

10
Summary of Results
Unification type of theory of program expressions Disequality Guards Complexity of assertion checking Examples
Strict Unitary No PTIME Linear Arithmetic (LA) Uninterpreted Fns (UF)
Bitary No coNP-hard LA UF Commutative (C)
Finitary-Convex Yes Decidable LA UF C AC
11
Outline
  • Unification type of theory
  • Assertion checking algorithm (unitary/finitary
    theories)
  • coNP-hardness (bitary theories)

12
Connection between Assertion Checking
Unification
  • An assertion e1 e2 holds at a program point ?
    iff
  • the assertion Unif(e1e2) holds at ?.

Example To prove, F(u)F(v) F(a)F(b), we need
to prove that (ua Æ vb) Ç (ub Æ va) is true.
13
Assertion Checking Algorithm
  • Backward analysis strengthened with Unification
  • Perform weakest precondition computation.
  • At each step replace the formula ? by Unif(?),
    which is a stronger and simpler formula.
  • Termination (reach fixpoint across loops)?
  • Yes, because of unifier computations.
  • PTIME for unitary theories (no disequality
    guards). Bounded for finitary theories.

14
Advantage of Backward Analysis with Unification
  • Forward Analysis needs to maintain an infinite
    number of facts Fi(u) Fi(v) Fi(a) Fi(b) at
    the first join point.
  • Backward Analysis does not terminate Fi(u)
    Fi(v) Fi(a) Fi(b)
  • Backward Analysis with Unification Terminates in
    2 steps (ua Æ vb) Ç (ub Æ va)


u a v b
u b v a
u F(u) v F(v) a F(a) b F(b)

Assert(uvab)
15
Handling equality guards
Equality Guards
Disequality Guards
? Ç ?x/y Ç ?y/x
? Ç xy
Assume (x y)
Assume (x ? y)
?
?
  • Standard weakest precondition will lead to
    disequalities in formulas.
  • Instead we can use heuristics as above.

We perform standard weakest precondition
computation
16
Outline
  • Unification type of theory
  • Assertion checking algorithm (unitary/finitary
    theories)
  • coNP-hardness (bitary theories)

17
Reducing Unsatisfiability to Assertion Checking
  • ? boolean 3-SAT instance with m clauses
  • IsUnsatisfiable(?)
  • for j1 to m
  • cj F
  • for i1 to k do
  • if ()
  • 8 j s.t. var i occurs positively in
    clause j, cj T
  • else
  • 8 j s.t. var i occurs negatively in clause
    j, cj T
  • Assert (c1F Ç c2F Ç cmF)

18
Encoding disjunction
  • The check c1F Ç c2F can be encoded by some
    appropriate assertion e1e2 in a bitary theory.
  • The above trick can be recursively applied to
    construct an assertion that encodes c1F Ç c2F Ç
    Ç cmF

19
Conclusion
  • Complexity of assertion checking depends on the
    unification type of the theory of program
    expressions Unitary (PTIME), Bitary (coNP-hard),
    Finitary (Decidable)
  • The assertion checking algorithm is based on
    backward analysis strengthened with unification.
  • For some infinite-height abstract domains, a
    (goal-driven) backward analysis is more efficient
    than forward analysis.
  • Use of unification is yet another non-trivial use
    of theorem proving in program analysis.

20
Proof of Termination
  • At each program point, the proof obligation has
    the form

i1
Ç Æ y ?i(y)
y
k
  • In each successive loop iteration, above formula
    becomes stronger. We prove this cannot happen
    indefinitely
  • Assign the following measure to the above formula
  • of conjuncts representing unifier ?i i1
    to k
  • Show this measure decreases in some well-founded
    ordering.

21
Discussion
  • The assertion checking algorithm is based on
    backward analysis strengthened with unification.
  • Backward Analysis vs. Forward Analysis
  • Use of Theorem Proving in Program Analysis
  • Combining (Forward) Abstract Interpreters PLDI
    06 using an extension of Nelson-Oppen
    combination method.
  • This paper Backward Analysis using Unification
Write a Comment
User Comments (0)
About PowerShow.com