Combining Abstract Interpreters - PowerPoint PPT Presentation
1 / 19
Title:
Combining Abstract Interpreters
Description:
Combining Abstract Interpreters. Sumit Gulwani. Microsoft Research. Redmond, Group. Ashish Tiwari ... be verified only over the combined abstraction. Outline ... – PowerPoint PPT presentation
Number of Views:56
Avg rating:3.0/5.0
Title: Combining Abstract Interpreters
1
Combining Abstract Interpreters
- Sumit Gulwani
- Microsoft Research
- Redmond, Group
Ashish Tiwari SRI
RAD
2
Motivation
a1 0 a2 0 b1 1 b2 F(1) c1 2
c2 2
a1 a11 a2 a22 b1 F(b1) b2
F(b2) c1 F(2c1-c2) c2 F(c2)
True
b1lt b2
False
- Abstract interpretation over the abstractions of
linear arithmetic and uninterpreted functions can
verify the first and second assertions
respectively. - Third assertion can be verified only over the
combined abstraction.
Assert(a22a1) Assert(b2 F(b1)) Assert(c2c1)
3
Outline
- Logical product combination of lattices
- Abstract interpreter for logical product lattice
- Join operator
- Existential quantification operator
- Correctness and Complexity
4
Logical Product of Lattices
- A lattice L consists of a domain DL and partial
order ¹L. - A lattice L is a logical lattice over theory T if
- DL finite conjunctions of atomic facts over T
- E ¹L E iff E )T E
- Let L1 and L2 be logical lattices over T1 and T2
resp. Then logical product of L1 and L2 is L1L2,
where - DL1L2 finite conjunctions of atomic facts over
T1 T2 - E ¹L1L2 E iff E )T1 T2 E
- and AlienTerms(E) µ
Terms(E)
5
Outline
- Logical product combination of lattices
- Abstract interpreter for logical product lattice
- Join operator
- Existential quantification operator
- Correctness and Complexity
6
Abstract Interpreter for L1L2
E
E2
E1
E
p
x g
False
True
E
E
E1
E2
Conditional Node
Assignment Node
Join Node
E JoinL1L2(E1,E2) We show how to get
JoinL1L2 from JoinL1 and JoinL2.
E EQL1L2(E, x) E Ex/x Æ
x(gx/x) We show how to get EQL1L2 from EQL1
and EQL2.
E1 MeetL1L2(E, p) E2 E MeetL1L2(E,E) E
Æ E
7
Outline
- Logical product combination of lattices
- Abstract interpreter for logical product lattice
- Join operator
- Existential quantification operator
- Correctness and Complexity
8
Background Combining Decision Procedures
y1 4y3 F(2y2-y1) Æ y1F(y1) Æ y2F(F(y1))
y1 4y3
Purification
a12y2-y1 y1 4y3 a2 y1 y2 y1 a2
a2F(a1) y1F(y1) Æ y2F(F(y1)) y1 a1
Saturation
y1 4y3
This classic algorithm was given by Nelson and
Oppen in 1979.
9
Join Operator
- If E JoinL(E1,E2), then E is the least upper
bound of E1 and E2 in lattice L - Examples
- Joinla(z0 Æ y10, z5 Æ y5) zy10 Æ 0z 5
- Joinuf(za Æ yF(a), zb Æ yF(b)) yF(z)
- Joinlauf(za-1 Æ yF(a), zb-1 Æ yF(b)) ?
10
Join Operator
- If E JoinL(E1,E2), then E is the least upper
bound of E1 and E2 in lattice L - Examples
- Joinla(z0 Æ y10, z5 Æ y5) zy10 Æ 0z 5
- Joinuf(za Æ yF(a), zb Æ yF(b)) yF(z)
- Joinlauf(za-1 Æ yF(a), zb-1 Æ yF(b))
yF(1z) - We next show how to construct JoinL1L2 using
JoinL1 and JoinL2.
11
Combining Join Operators
za-1 Æ yF(a)
zb-1 Æ yF(b)
Joinufla
za-1 aha,bi
yF(a) aha,bi
zb-1 bha,bi
yF(b) bha,bi
Joinuf
Joinla
ha,bi1z
yF(ha,bi)
EQufla
ha,bi
yF(1z)
12
Outline
- Logical product combination of lattices
- Abstract interpreter for logical product lattice
- Join operator
- Existential quantification operator
- Correctness and Complexity
13
Existential Quantification Operator
- If E EQL(E,V), then E is the least (i.e., most
precise) element in lattice L such that - E ¹L E
- Vars(E) Ã… V
- Examples
- EQla(xa Æ ay, a) x y
- EQuf(xF(a) Æ yF2(a), a) yF(x)
- EQlauf(aby Æ zc1 Æ aF2(b) Æ cF(b),
a,b,c) ?
14
Existential Quantification Operator
- If E EQL(E,V), then E is the least (i.e., most
precise) element in lattice L such that - E ¹L E
- Vars(E) Ã… V
- Examples
- EQla(xa Æ ay, a) x y
- EQuf(xF(a) Æ yF2(a), a) yF(x)
- EQlauf(aby Æ zc1 Æ aF2(b) Æ cF(b),
a,b,c) F(z-1)y - We can construct EQL1L2 using EQL1 and EQL2.
15
Combining Existential Quantification Operators
aby Æ zc1 Æ aF2(b) Æ cF(b)
a, b, c
EQufla
aby Æ zc1
aF2(b) Æ cF(b)
Defla
Defuf
b
EQla
EQuf
c ? z-1 a ?F(z-1)
a y Æ zc1
a F(c)
Substitute
F(z-1) y
16
Outline
- Logical product combination of lattices
- Abstract interpreter for logical product lattice
- Join operator
- Existential Quantification operator
- Correctness and Complexity
17
Correctness
- Our algorithms for JoinL1L2 and EQL1L2 are
sound. - They are complete when the underlying theories T1
and T2 are convex, stably infinite, and disjoint. - Proof of correctness is non-trivial.
18
Computational Complexity
- Complexity of JoinL1L2 and EQL1L2 is worst-case
quadratic in complexity of JoinL1, JoinL2, EQL1,
EQL2. - Steps required for fixed-point computation
- DL(E) max of elements in a chain above E in
lattice L - DL1 L2(E) DL1(E1) DL2(E2) AlienTerms(E)
- where E1 and E2 are purified and saturated
components of E.
19
Conclusion and Future Work
- Defined combination L1L2 of two lattices L1 and
L2. - This logical product is more precise than reduced
product. - Described abstract interpretation operators for
L1L2 in terms of corresponding operators for L1
and L2. - Lends modularity to design implementation of
abstract interpreters. - Future Work
- Handle non-convex theories (eg. arrays) more
precisely. - Handle non-atomic facts involving negation
disjunction. - Perform experiments.
Recommended
CrystalGraphics Presentations
