PPL ??????? 2006?9?12? - PowerPoint PPT Presentation

About This Presentation
Title:

PPL ??????? 2006?9?12?

Description:

Title: Author: Last modified by: y-tanabe Created Date: 1/1/1601 12:00:00 AM Document presentation format – PowerPoint PPT presentation

Number of Views:99
Avg rating:3.0/5.0
Slides: 98
Provided by: 9381
Category:
Tags: ppl | majumdar

less

Transcript and Presenter's Notes

Title: PPL ??????? 2006?9?12?


1
????????????????? ???????????
  • PPL ???????2006?9?12?
  • ????????? ????????????????????????????
  • ????

2
  • ??????????,????????????????????????.
  • ?????? (????????????) ?,???URL????????????
    http//staff.aist.go.jp/tanabe.yoshinori/06/09/12/

3
???????????
root
4
???????????
root
5
?????????????????
root
6
?????????????????
root
7
Deutcsh-Schorr-Waite???????????
root
8
Deutcsh-Schorr-Waite???????????
  • void dsw(node root)
  • node t root
  • node p NULL
  • while (p ! NULL (t ! NULL ! t-gtm))
  • if (!(t NULL t-gtm)) / push /
  • node q p
  • p t t t-gtl
  • p-gtl q p-gtm 1 p-gtc 0
  • else if (! p-gtc) / swing /
  • node q t
  • t p-gtr p-gtr p-gtl
  • p-gtl q p-gtc 1
  • else / pop /
  • node q t
  • t p p p-gtr t-gtr q

root
9
?????
  • ?? DSW???????????
  • ?? ??,?????,...
  • ????????????????
  • ????????
  • ???????????
  • ??????????????
  • ??????
  • 3???
  • ?????????
  • ???TVLA

?? ????C?????
?? DSW???????????
10
?? ??,?????,????????...
11
???????????
  • ?????
  • ???????????????.
  • ??????????
  • ?????????????.
  • ????
  • ????????,???????????????.
  • ??? ?????
  • ??????????????,????????????.
  • ??

12
?????
  • ????? ??? (??,????) ??????????????????,??????????
    ????.
  • ???????????.
  • ???????????.
  • ???????????????
  • ????
  • ?????????????
  • ???10120?????????.

13
?????????????????
  • ?????,??????????.
  • ?????
  • int?????10?????,????(232)10
  • ??????????????.
  • ???????????????????,???????????.
  • ????????????
  • ??????????????,?????????????????

14
?????????
  • ?????????? / ????????.
  • ????????
    ???????????????....

15
????????????????
16
Running Example
  • ???????????????????
  • ??????????????????????
  • Example()
  • do
  • lock()
  • old new
  • q q-gtnext
  • if (q ! NULL)
  • q-gtdata new
  • unlock()
  • new
  • while (new ! old)
  • unlock()
  • return

17
Running Example
  • Example()
  • LOCK 0
  • do
  • lock()
  • old new
  • q q-gtnext
  • if (q ! NULL)
  • q-gtdata new
  • unlock()
  • new
  • while (new ! old)
  • unlock()
  • return

void lock() if (LOCK 1) ERROR LOCK
1 void unlock() if (LOCK 0) ERROR
LOCK 0
ERROR?????????
18
?????????
???
????
  • ????? ????????????????
  • ??/?????? gt????????

??
????
????
19
?????????????
????
????
1???????????????????.
????(?????????)??????
?????
??????.??????,??????
?????????????????,?????????????.
20
??????....
????
????
???????????
???????
?????????
?????????????
?????????????????
???????????????????????????
21
???????
??
??
?????????????
PC 9 LOCK 1 old 5 new 5 q 0x4a18
PC 10 LOCK 1 old 5 new 6 q 0x4a18
??
  • new

??????????
??
??
PC 6 LOCK 0 old 15 new 15 q 0x6b20
PC 7 LOCK 0 old 15 new 15 q 0x6b20
??
q ! NULL
22
??????....
????
????
???????????
???????
?????????
?????????????
?????????????????
???????????????????????????
23
????????
  • ?????? P1, ..., Pn ????.
  • ????
  • PC (?????????)
  • P1???
  • ...
  • Pn ???
  • (?)
  • P1 LOCK 1
  • P2 old new

..... .....
PC3LOCK1oldnew
PC3LOCK1old!new
PC3LOCK0oldnew
PC3LOCK0old!new
PC4LOCK1oldnew
PC4LOCK1old!new
PC4LOCK0oldnew
PC4LOCK0old!new
..... .....
24
??????....
????
????
???????????
?????????
?????????????
?????????????????
???????????????????????????
25
???????
  • Existential Abstraction?????2??????????,????????
    ?2??????????.

????
????
26
???????
  • Existential Abstraction ?????,????????????????????
    ??,??????????????????????.

?? ??????????????????????,??????????.
27
???????
  • Existential Abstraction ?????,????????????????????
    ??,??????????????????????.

?????????.
28
??????....
????
????
?????????
?????????????
Existential Abstraction??????
???????????????????????????
29
??????
  • P ??, OP ??
  • WP(P, OP) ????????????P' ?OP???????P'????????
    ?, OP?????P?????.?
  • ? WP(P, xe) Pe/x WP(new old, new
    new1) new1 old

30
???????(1)
op
?P2
P2
?P2
P2
P1
P1
?P1
?P1
(P1?P2) gt WP(P1, op) ??? P1?P2 ??,op
???,?? P1 ???. P1?P2
??,?P1 ???????.
31
??????? (2)
  • (F,PC)??????????????
  • PC??OP???.
  • ?Pn ????,WP(Pn, OP), WP(?Pn, OP) ????.
  • ????????, F gt WP(Pn,
    OP)????????????????.
  • Yes ??,?Pn?????????????.(No???????.)
  • ??? F gt WP(?Pn, OP) ?????,Pn?????????????.

F P1??P2??P3
OP
F' ?
32
?????????
  • ??????,Existential Abstraction ???.

????
????
P1??P2
s'
OP
OP
?
s
?P1?P2
????????????. ?P1?P2 gt WP(?P1, OP) ???????.s ?
?P1?P2 ??????,s?WP(?P1, OP)?????????.?????,s'
??P1??????.??,s'???????????P1?????.??????????????.
???, ?P1?P2 gt WP(P2, OP) ??????. ?????,???????.
33
???????? (1)
LOCK1oldnew
LOCK1oldnew
new new 1
  • WP(LOCK ! 1, OP) LOCK ! 1LOCK1?oldnew gt
    LOCK ! 1 ?????
  • WP(old ! new, OP) old ! new
    1LOCK1?oldnew gt old ! new1 ??

34
???????? (2)
LOCK1oldnew
LOCK1old!new
new new 1
  • WP(LOCK ! 1, OP) LOCK ! 1LOCK1?oldnew gt
    LOCK ! 1 ?????
  • WP(old new, OP) old new
    1LOCK1?oldnew gt old new1 ?????

35
??????....
????
????
?????????
?????????????
Existential Abstraction??????
36
??????? (??)
  • Existential Abstraction ?????,????????????????????
    ?,??????????????????????.

????
?????????.
????
37
???
  • ??????????????????,???????????????????.????
    (spurious counterexample)?

????
38
?????? (1)
C1WP(op1, C2)false
C1WP(op1, C2)?false
C2 WP(op2, C3)
C2 WP(op2, C3)
C3 WP(op3,C4)
C3 WP(op3,C4)
C4true
C4true
op1
op1
op3
op2
op3
op2
S4
S3
S2
S1
S4
S3
S2
S1
????
???
39
?????? (2)
  • ?????????? (??????????????? S1, ..., Sn
    ???????????
  • Si ?? Si1 ????? OPi ???.
  • Cn true
  • Ci-1 WP(Ci, OPi-1) (i n, ..., 2)
  • C1 ? false ?????,???????.
  • C1 ? false ????,??????.

40
????????
  • ?????? ???????????.
  • ???????????,??????????.???????? (CEGAR
    CounterExample-Guided Abstraction Refinement)

C3
C2
  • C2?C3????????

41
??? ?????????
C2
C3
  • C2?S2??????????.
  • C3?S3??????????

S4
S3
S2
S1
42
????????????? ???
???????????
OK
??????????
??
NG
????
?????????????
??????
??
???
43
???
  • ?????????(?)????????????????
  • SLAM (Microsoft)
  • BLAST (UC Berkeley)
  • Bandera (Kansas State Univ)
  • Java PathFinder (NASA)
  • MAGIC (CMU)
  • CBMC (CMU)

44
BLAST
  • Berkeley Lazy Abstraction Software Verification
    Tool
  • UC Berkeley
  • T. Henzinger, R. Jhala, R. Majumdar, G. Sutre, D.
    Beyer, ...
  • http//www.eecs.berkeley.edu/blast
  • C????????????
  • "lazy abstraction" ??????

45
????????????
46
??????
  • ??????????????????????
  • ??????,??????,?,DAG, ...
  • DSW????,??????????.
  • ?????????
  • TVLA (Sagiv, Reps, Wilhelm, ... )
  • PALE (Møller, Schwartzbach, ...)
  • ?????????
  • Separation Logic (Reynolds, O'Hearn, ...)

47
TVLA
  • Three-Valued Logic Analysis engine
  • Tel-Aviv University
  • M. Sagiv, T. Reps, R. Wilhelm, ...
  • http//www.cs.tau.ac.il/tvla/
  • ???????????????????????,????????????.

48
Running Example
  • ?????????????????
  • ?? x???????????
  • ?? y???????????
  • ??
  • ???,NULL??????????????.
  • ???????????????????.
  • ??????????????? (?????) ???????.

x
n
n
n
n
y
n
n
n
n
49
Running Example
/ reverse.c / include "list.h" List
reverse(List x) List y, t y NULL
while (x ! NULL) t y y x x
x-gtn y-gtn t return y
  • / list.h /
  • typedef struct node
  • struct node n
  • int data
  • List

50
Running Example
ty
y NULL while (x ! NULL) t y y x
x x-gtn y-gtn t
yx
xx-gtn
y-gtnt
51
Running Example
ty
ty
yx
yx
xx-gtn
xx-gtn
y-gtnt
y-gtnt
52
Running Example
y NULL while (x ! NULL) t y y x
x x-gtn y-gtn t
53
?? Kleene ?3???
  • ??? 0(?), 1(?), 1/2(??)

0 1/2 1
? 1 1/2 0
???
? 0 1/2 1
0 0 0 0
1/2 0 1/2 1/2
1 0 1/2 1
? 0 1/2 1
0 0 1/2 1
1/2 1/2 1/2 1
1 1 1 1
??
???
54
?? Kleene ?3???
  • ?x. p(x) ???
  • 1 p(u)???1???u???.
  • 0 p(u)??????0.
  • 1/2 ????.
  • ?x. p(x) ???
  • 1 p(u)??????1.
  • 0 p(u)???0???u???.
  • 1/2 ????.

1/2
1
0
0
0
0
1/2
0
0
1/2
1/2
1/2
55
?? Kleene ?3???
  • ????? a b (a, b 0, 1,
    1/2)?a?b?????,a?????????????
  • 0 1/2, 1 1/2, 0 0, 1 1, 1/2 1/2

0
1/2
1
56
???
????
????
???????????
???????
?????????
?????????????
?????????????????
???????????????????????????
57
????
  • ????(2???) ???????

y
t
x
n
n
u1
u2
u3
u4
  • ?? x(), y(), t(), n(,)
    ???????????????????.

x y t
u1 0 0 0
u2 0 0 1
u3 0 1 0
u4 1 0 0
n u1 u2 u3 u4
u1 0 0 0 0
u2 1 0 0 0
u3 0 0 0 1
u4 0 0 0 0
58
????
  • ???????
  • ???? (3???) ??????3??????? (0, 1/2, 2) ??????.

n u1 u2 u3 u4
u1 0 0 0 0
u2 1/2 0 1/2 0
u3 0 0 0 1
u4 0 0 0 0
x y t
u1 0 0 0
u2 0 0 1
u3 0 1/2 0
u4 1 0 0
y
t
x
n
n
n
u1
u2
u3
u4
59
??
  • core predicates ???????????.
  • (??????) ?? x ????,???? x() ?x???????
  • (??????) ????? n ????,2??? n(,)
    ?n????????????
  • ???? sm() ?2????????????? 2????????0,
    3??????0???1/2.(SuMmary)
  • instrumentation predicates core predicate
    ??????????.???????????????.(???,???3??,?????????.)
  • ???? isn() ????? n ????,2????????????????.(IsSh
    ared)
  • ???? rx,n() ????? n ??????????,??x???????.(Reac
    hable)
  • ???? cn() ????? n ??????????,?????????.
    (Cyclic)

60
2?????
instrumentation??
core??
core??
sm x y isn rx ry
u1 0 0 0 0 0 1
u2 0 0 0 1 0 1
u3 0 0 1 0 0 1
u4 0 1 0 0 1 0
n u1 u2 u3 u4
u1 0 1 0 0
u2 1 0 0 0
u3 0 1 0 0
u4 0 0 0 0
2?????,??sm???0
2?????,instrumentation?????core?????????.
y
x
isn
n
n
u1
u2
u3
u4
n
rx
ry
ry
ry
61
3?????
instrumentation??
core??
core??
sm x y isn rx ry
v2 1/2 0 0 1/2 0 1
v3 0 0 1 0 0 1
v4 0 1 0 0 1 0
n v2 v3 v4
v2 1/2 0 0
v3 1/2 0 0
v4 0 1/2 0
3?????,instrumentation?????core??????????????????.
sm?0?1/2
???1/2???
isn
y
x
n
n
n
v3
v4
rx
??????(sm1/2)?2?????
ry
ry
62
???
????
????
???????????
?????????
???????
?????????
?????????????
?????????????????
???????????????????????????
63
??
T (3???)
S (2?/3? ??)
f
p
p
n
n
n
n
n
q
q
  • f S ? T ??? iff
  • f ???
  • ??? p ???, pS(u,..) pT(f(u),...)
  • v?T ???,f(u)v ?? u ?2???????,smT(v) 1/2

64
?????
T (3???)
S (2?/3? ??)
f
p
p
n
n
n
n
n
q
q
  • ?? f S?T ??????,????T ? ????S ?????.(?????)

65
????? (2)
  • ?? ?????????,?????????????????.
  • ?? ????????,????.

x
x
x
x
x
66
????
  • 3???T??? (bounded) iffv1,v2?T, v1?v2 ???,
    ???? p ???? pT(v1) ?
    pT(v2).
  • ?????????,????????????.
  • ???2?/3????,????? (?????) ????,???3?????????.
  • ?????,????????????????????,??????????????????.

n
n
n
n
p
p
q
q
p
??
?????
67
????? (1)
  • 3??? S ????,??????,???3??? T ?,?? f S ? T
    ????.???,????? (canonical abstraction) ???.

p
p,q
p,q
q
S
68
????? (2)
  • 3??? S ????,??????,???3??? T ?,?? f S ? T
    ????.???,????? (canonical abstraction) ???.
  • ???????? p1,...,pn ???.
  • ? u ? S ????,?? n ? 0, 1/2, 1 ????????.i?????
    pnS(u).
  • ?? n ? 0, 1/2, 1 ??v?,????u?S??????????? T
    ???.f(u) v.????u?1??,smS(u)0????? smT(v) 0,
    ????????? smT(v) 1/2.
  • ???????????,???? nT(v,v') V
    nS(u,u') f(u) v, f(u') v'

69
???
????
????
?????????
?????????
?????????????
?????????????????
???????????????????????????
70
pre ????????? (1)
  • ?? p ??? op ????,??? pre(p, op) ???? ?? op
    ????,2??? S ? S' ??????, pre(p,
    op)S(v,...) pS'(v,...)
  • ?
  • pre( y, y x-gtn )(v) ?u ( x(u) ? n(u, v) )
  • pre( ry,n, y x-gtn )(v) rx,n(v) ? (cn(v) V
    ?x(v))

71
pre ????????? (2)
  • pre( y, y x-gtn )(v)

?u ( x(u) ? n(u, v) )
v?x???????????????
n
n
n
y x-gtn
n
n
n
72
pre ????????? (3)
  • pre( ry,n, y x-gtn )(v)

rx,n(v) ? ?x(v)
( cn(v) V )
n
n
n
x , rxn
rxn
rxn
n
n
n
y, rxn, ryn
rxn, ryn
x , rxn
73
???????
  • 3??? T ? ?? op ???????3??? T' ??????
  • ????????.sm???.
  • p ???,pre(p, op) ????????pT'(v, ...) (pre(p,
    op))T(v, ... )

n
n
T
x, yrxn, ryn
rxn, ryn
op
y x-gtn
  • pre(x, op) (v) x(v)
  • pre(n, op)(v,v') n(v,v')
  • pre(rxn, op) (v) rxn (v)
  • pre(y, op) (v) ?u. x(u)?n(u,v)
  • pre(ryn, op)(v) rxn(v)?(cn(v)??x(v))

x
x, rxn
rxn
rxn, ryn
74
????????....
  • pre(y, op) (v) ?u. x(u)?n(u,v)

n
n
v1
T
x, yrxn, ryn
rxn, ryn
pre(y,op) (v1) ?u. x(u)?n(u,v1) (
x(v1)?n(v1,v1) ) ? ( x(v2)?n(v2,v1) )
( 1 ? 0 ) ? ( 0 ?
0 ) 0
pre(y,op) (v2) ?u. x(u)?n(u,v2) (
x(v1)?n(v1,v2) ) ? ( x(v2)?n(v2,v2) )
( 1 ? 1/2 ) ? ( 0 ?
1/2 ) 1/2
75
???
????
????
?????????
?????????????
???????????????????????????
76
??????? ??
2???
3???
S
T
??f
op
op
S'
T'
??f'
  • S'??T'????????.

77
???????
????
????
?????????????????,???????????????.
f1
T1
op1
f2
T2
op2
f3
?????,??????????,??????,?????????.
T3
op3
f4
T4
78
??????? ?????
2???
3???
S
T
u ?
? f(u)
??f
op
op
pS'(u,..) pre(p,op)S(u,...)
pre(p,op)T(f(u),...) pT'(f'(u),...)
S'
T'
u ?
? f(u) f'(u)
??f'
  • f S ? T ??? iff
  • f ???
  • v?T ???,f(u)v ?? u ?2???????,smT(v) 1/2
  • ??? p ???, pS(u,..) pT(f(u),...)

79
???
????
????
???????????????????????????
80
???? (??????)
y NULL while (x ! NULL) t y y x
x x-gtn y-gtn t
81
???? (??????)
y NULL while (x ! NULL) t y y x
x x-gtn y-gtn t
82
???? (??????)
y NULL while (x ! NULL) t y y x
x x-gtn y-gtn t
83
???? (??????)
y NULL while (x ! NULL) t y y x
x x-gtn y-gtn t
84
???? (??????)
y NULL while (x ! NULL) t y y x
x x-gtn y-gtn t
85
???? (??????)
y NULL while (x ! NULL) t y y x
x x-gtn y-gtn t
n
x, y, rxn
ryn
t, rtn
86
????????
  • ????????????,???????????????????.
  • ??1 ???????,??????????.???,??????????????,???????
    .
  • ??2 ??????????,??????????????????.?????????????.

87
????????(2)
focus
S
S1, S2, S3
??
?????????
????????
T1, T2, T3
??
coerce
????
U2, U3
T
88
focus
  • ? y y-gtn
  • focus ??? F(v) ?u. y(u)?n(u, v)
    pre(y, yy-gtn)
  • ??????y???????,????F(v) ?????.
  • focus ?????? 1/2 ??????????????

89
focus (2)
F() ?u1. y(u1)?n(u1,)
focus?
n(u1,u) 1/2
focus?
n(u1,u3) 0, n(u1, u2) 1
90
focus (2)
91
??
n
n
n
n
n
n
u1
n
u1
u1
n
?F
x, yrxn, ryn
F
rxn, ryn
x, yrxn, ryn
F
?F
rxn, ryn
x, yrxn, ryn
rxn, ryn
rxn, ryn
y y-gtn
n
n
n
n
n
n
u1
n
u1
u1
n
x, rxn
y
rxn, ryn
x, rxn
y
rxn, ryn
x, rxn
rxn, ryn
rxn, ryn
92
coerce
  • ??????????????.
  • y????????,ry,n???????????.
  • cn???????????,n???????.
  • ???1/2?????????????0???1??????.
  • isn(v) 0, n(u,v) 1, n(w,v) 1/2 ???,n(w,v)
    0 ????????.
  • rxn(u) 1, n(u,v) 1, rxn(v) 1/2 ???,rxn (v)
    1 ????????.

93
coerce (2)
coerce?
n
n
n
n
n
n
u1
n
u1
u1
n
x, rxn
y
rxn, ryn
x, rxn
y
x, rxn
rxn, ryn
rxn, ryn
rxn, ryn
coerce?
n
n
n
n
u1
u2
u1
u2
y
x, rxn
y
rxn, ryn
x, rxn
rxn, ryn
rxn, ryn
94
????????(3)
n
n
x, yrxn, ryn
rxn, ryn
??
focus ?? coerce
n
n
n
y
n
n
n
x, rxn
rxn, ryn
y
y
x, rxn
x, rxn
rxn, ryn
rxn, ryn
rxn, ryn
95
??? (TVLA)
  • ...??????...

96
??
  • ??????????
  • ????????
  • ????????????????
  • ?????
  • ??????????????
  • ??????
  • 3???????????
  • focus/coerce??????

97
????
E.M. Clarke, O.Grumberg, and D.Peled Model
Checking. MIT Press, 1999 ?????? (???????)
???.???????????????. Thomas A. Henzinger, Ranjit
Jhala, Rupak Majumdar and Gregoire Sutre Lazy
Abstraction. In ACM SIGPLAN-SIGACT Conference on
Principles of Programming Languages, pages 58-70,
2002. BLAST???????????????????????. Susanne Graf,
Hassen Saidi Construction of abstract state
graphs with PVS. Conference on Computer Aided
Verification CAV'97 (LNCS 1254) pp.72-83,
1997 ?????????.(???????????????) Thomas Ball,
Rupak Majumdar, Todd Millstein, Sriram K.
Rajamani Automatic Predicate Abstraction of C
Programs. Conference on Programming Language
Design and Implementation 2001, SIGPLAN Notices
36(5), pp. 203-213 BLAST????(????????)????????????
??SLAM?????????????. Edmund M. Clarke, Orna
Grumberg, Somesh Jha, Yuan Lu and Helmut Veith
Counterexample-Guided Abstraction Refinement.
Computer Aided Verification, 12th International
Conference (CAV 2000) ?????????????. Sagiv M.,
Reps T, and Wilhelm R. Parametric shape analysis
via 3-valued logic TOPLAS, 243
(2002) TVLA????????3????????????????. Alexey
Loginov, Thomas Reps and Mooly Sagiv Automated
Verification of the Deutsch-Schorr-Waite
Tree-Traversal Algorithm. The 13th International
Static Analysis Symposium (SAS 2006) TVLA???Deutsc
h-Schorr-Waite?????????.???????????????????.
98
(??????)
  • ??????(????????????)?,???URL????????????
    http//staff.aist.go.jp/tanabe.yoshinori/06/09/12/
Write a Comment
User Comments (0)
About PowerShow.com