Join Algorithms for the Theory of Uninterpreted Functions Sumit Gulwani Ashish Tiwari George Necula UC-Berkeley SRI UC-Berkeley.

Slides:

Advertisements

Similar presentations

Assertion Checking over Combined Abstraction of Linear Arithmetic and Uninterpreted Functions Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.

Advertisements

Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,

A Polynomial-Time Algorithm for Global Value Numbering SAS 2004 Sumit Gulwani George C. Necula.

Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions SAS 2004 Sumit Gulwani George Necula EECS Department University of California,

Program Verification using Probabilistic Techniques Sumit Gulwani Microsoft Research Invited Talk: VSTTE Workshop August 2006 Joint work with George Necula.

Global Value Numbering using Random Interpretation Sumit Gulwani George C. Necula CS Department University of California, Berkeley.

- 1 - Using an SMT Solver and Craig Interpolation to Detect and Remove Redundant Linear Constraints in Representations of Non-Convex Polyhedra Christoph.

Precise Interprocedural Analysis using Random Interpretation Sumit Gulwani George Necula UC-Berkeley.

Program Analysis using Random Interpretation Sumit Gulwani UC-Berkeley March 2005.

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.

§ 1.10 Properties of the Real Number System. Angel, Elementary Algebra, 7ed 2 Commutative Property Commutative Property of Addition If a and b represent.

Slide 1 Insert your own content. Slide 2 Insert your own content.

Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.

Managerial Accounting

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.

Combining Like Terms. Only combine terms that are exactly the same!! Whats the same mean? –If numbers have a variable, then you can combine only ones.

SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

1 First order theories (Chapter 1, Sections 1.4 – 1.5)

Sorting suffixes of two-pattern strings F. Franek & W.F. Smyth Algorithms Research Group Computing and Software McMaster University Hamilton, Ontario Canada.

Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los.

1 Linked List Demo Node third = new Node(); third.item = "Carol"; third.next = null; Node second = new Node(); second.item = "Bob"; second.next = third;

CSci 4011 INHERENT LIMITATIONS OF COMPUTER PROGRAMS.

5.9 + = 10 a)3.6 b)4.1 c)5.3 Question 1: Good Answer!! Well Done!! = 10 Question 1:

1 Decision Procedures An algorithmic point of view Equality Logic and Uninterpreted Functions.

Solving Absolute Value Equations Solving Absolute Value Equations

Problems and Their Classes

Kleene's Theorem We have defined the regular languages, using regular expressions, which are convenient to write down and use. We have also defined the.

Bi-intervals for backtracking on temporal constraint networks Jean-François Baget and Sébastien Laborie.

Collin Wells Tim Green Precision Linear Analog Applications

Addition 1’s to 20.

Test B, 100 Subtraction Facts

11 = This is the fact family. You say: 8+3=11 and 3+8=11

Chapter 11 Limitations of Algorithm Power Copyright © 2007 Pearson Addison-Wesley. All rights reserved.

Epp, section 10.? CS 202 Aaron Bloomfield

Discrete Structures Chapter 6: Set Theory

The Pumping Lemma for CFL’s

Daniel Kroening and Ofer Strichman 1 Decision Procedures in First Order Logic Decision Procedures for Equality Logic.

Interprocedural Analysis. Currently, we only perform data-flow analysis on procedures one at a time. Such analyses are called intraprocedural analyses.

Abstract Interpretation with Alien Expressions and Heap Structures Bor-Yuh Evan ChangK. Rustan M. Leino University of California, BerkeleyMicrosoft Research.

1 Cover Algorithms and Their Combination Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond.

Discovering Affine Equalities Using Random Interpretation Sumit Gulwani George Necula EECS Department University of California, Berkeley.

Lifting Abstract Interpreters to Quantified Logical Domains Sumit Gulwani, MSR Bill McCloskey, UCB Ashish Tiwari, SRI 1.

Assertion Checking Unified Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.

Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.

Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.

Automated Theorem Proving Lecture 4.   Formula := A |  |    A  Atom := b | t = 0 | t < 0 | t  0 t  Term := c | x | t + t | t – t | ct | Select(m,t)

Program Analysis Using Randomization Sumit Gulwani, George Necula (U.C. Berkeley)

Global Value Numbering Using Random Interpretation OSQ Retreat, May 2003 Sumit Gulwani George Necula EECS Department University of California, Berkeley.

Technion 1 (Yet another) decision procedure for Equality Logic Ofer Strichman and Orly Meir Technion.

Randomized Analysis with Repeated Conditionals for Affine Equalities Bor-Yuh Evan Chang CS263 Final Project December 4, 2002.

1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University.

A Polynomial-Time Algorithm for Global Value Numbering SAS 2004 Sumit Gulwani George C. Necula.

Prof. Necula CS Lecture 111 Theorem Proving for FOL Satisfiability Procedures CS Lecture 11.

Daniel Kroening and Ofer Strichman 1 Decision Procedures in First Order Logic Decision Procedures for Equality Logic.

Deciding a Combination of Theories - Decision Procedure - Changki pswlab Combination of Theories Daniel Kroening, Ofer Strichman Presented by Changki.

By: Hector L Contreras SSGT / USMC

Program Analysis and Verification Spring 2015 Program Analysis and Verification Lecture 12: Abstract Interpretation IV Roman Manevich Ben-Gurion University.

Random Interpretation Sumit Gulwani UC-Berkeley. 1 Program Analysis Applications in all aspects of software development, e.g. Program correctness Compiler.

Daniel Kroening and Ofer Strichman Decision Procedures An Algorithmic Point of View Deciding Combined Theories.

8.4 Closures of Relations Definition: The closure of a relation R with respect to property P is the relation obtained by adding the minimum number of.

Deciding Combined Theories Presented by Adi Sosnovich Based on presentation from: Decision Procedures An Algorithmic Point of View Daniel Kroening and.

Computer Systems Laboratory Stanford University Clark W. Barrett David L. Dill Aaron Stump A Framework for Cooperating Decision Procedures.

Daniel Kroening and Ofer Strichman 1 Decision Procedures in First Order Logic Decision Procedures for Equality Logic.

Decision Procedures in First Order Logic

Lifting Abstract Interpreters to Quantified Logical Domains (POPL’08)

Presentation transcript:

Join Algorithms for the Theory of Uninterpreted Functions Sumit Gulwani Ashish Tiwari George Necula UC-Berkeley SRI UC-Berkeley

1 Definition: Join in theory T E = Join T (E 1,E 2 ) iff 1.E 1 ) T E and E 2 ) T E 2.If (E 1 ) T g) and (E 2 ) T g), then E ) T g E 1, E 2, E: conjunction of ground facts in theory T g: ground fact in theory T E is the strongest conjunction of ground facts that is implied by both E 1 and E 2 in theory T

2 Example of Joins LE: Linear Arithmetic with Equality Join LE (x=1 Æ y=4, x=3 Æ y=2) = x+y=5 LI: Linear Arithmetic with Inequalities Join LI (x=1 Æ y=4, x=3 Æ y=2) = x+y=5 Æ 1 · x · 3 UF: Uninterpreted Functions Join UF (x=a Æ y=F(a), x=b Æ y=F(b)) = y=F(x)

3 Motivation: Program Analysis using Abstract Interpretation x := a; y := F(a); x := b; y := F(x); u := F(x); v := y; assert (u=v); assert (v=F(a)); u := F(a); v := F(a); True False Disadvantages of using decision procedure: Exponential # of paths Loop invariants required Cannot discover invariants Abstract Interpretation avoids these problems Join Algorithm required to merge facts at join points True * *

4 Join for Uninterpreted Functions is not easy Join(F(a)=a Æ F(b)=b Æ G(a)=G(b), a=b) = GF i (a)=GF i (b) The result of join is not finitely representable using standard data-structures like EDAGs

5 Relatively Complete Join: Definition Recall, Join(E 1,E 2 ): strongest conjunction of ground facts g s.t. E 1 ) T g and E 2 ) T g RCJoin(E 1,E 2,K): strongest conjunction of ground facts g s.t. E 1 ) T g and E 2 ) T g and Terms(g) 2 K Example E 1 : F(a)=a Æ F(b)=b Æ G(a)=G(b) E 2 : a=b K: { GF(a),GF(b) } RCJoin(E 1,E 2,K): GF(a) = GF(b)

6 Relatively Complete Join: Algorithm RCJoin(E 1,E 2,K): 1.Let D 1 =EDAG(E 1 ) and D 2 =EDAG(E 2 ) 2.Extend D 1 and D 2 to represent K 3.Congruence close D 1 and D 2 4.Let D=product construction of D 1 and D 2 Output D

7 Step 1: Constructing EDAGs F a GG b F Nodes represent terms Dotted edges represent equalities E 1 : F(a)=a Æ F(b)=b Æ G(a)=G(b) E 2 : a=b K: { GF(a),GF(b) } D 1 = EDAG(E 1 )D 2 = EDAG(E 2 ) ab

8 Step 2: Extending EDAGs F a GG b F ab F GG F Add extra nodes to EDAGs s.t. terms in K are represented E 1 : F(a)=a Æ F(b)=b Æ G(a)=G(b) E 2 : a=b K: { GF(a),GF(b) } D 1 = EDAG(E 1 )D 2 = EDAG(E 2 )

9 Step 3: Congruence Closure F a GG b F ab F GG F F(n) = F(m) if n=m E 1 : F(a)=a Æ F(b)=b Æ G(a)=G(b) E 2 : a=b K: { GF(a),GF(b) } D 1 = EDAG(E 1 )D 2 = EDAG(E 2 )

10 Step 4: Product Construction (Intuition) F a GG b F ab F GG F E 1 : F(a)=a Æ F(b)=b Æ G(a)=G(b) E 2 : a=b K: { GF(a),GF(b) } D 1 = EDAG(E 1 )D 2 = EDAG(E 2 ) C1: {a, Fa, F 2 (a), …} C4: {b, Fb, F 2 (b), …} C6: {G(a), GF(a), … G(b), GF(b), …} C1 0 : {a, b} C2 0 : {F(a), F(b)} C3 0 : {GF(a), GF(b)} C6 Å C3 0 : { GF(a), GF(b)}

11 Step 4: Product Construction (Algorithm) F a GG b F ab F GG F [n,m] 2 D if n:v Æ m:v, or n:F(n 1 ) Æ m:F(m 1 ) Æ [n 1,m 1 ] 2 D [n 1,m 1 ] = [n 2,m 2 ] if n 1 =n 2 and m 1 =m 2 ab F GG F [1,1 0 ] [2,2 0 ] [3,3 0 ] [6,6 0 ] [5,5 0 ] [4,4 0 ] E 1 : F(a)=a Æ F(b)=b Æ G(a)=G(b) E 2 : a=b K: { GF(a),GF(b) } D 1 = EDAG(E 1 )D 2 = EDAG(E 2 ) D

12 Future Work: Join Algorithm for other theories For example, theory of commutative functions (CF) –Useful in modeling floating point operations –More challenging than uninterpreted functions (UF) E 1 : x=a Æ y=b E 2 : x=b Æ y=a Join UF (E 1,E 2 ) = true Join CF (E 1,E 2 ) = F(C[a],C[b]) = F(C[b], C[a])

13 Future Work: Combining Join Algorithms For example, theory of linear arithmetic and uninterpreted functions (LA+UF) E 1 : x=a Æ y=b E 2 : x=b Æ y=a Join UF (E 1,E 2 ) = true Join LA (E 1,E 2 ) = x+y=a+b Join LA+UF (E 1,E 2 ) = F(x+c)+F(y+c) = F(a+c)+F(b+c) Æ.….

14 Future Work: Context-sensitive Join Algorithms Join(E 1,E 2 ) Æ E = Join(E 1 Æ E, E 2 Æ E) Useful in interprocedural analysis This is a representation issue. –Representing result of join using conjunction of ground facts is not context-sensitive. E 1 : x=a Æ y=F(a) E 2 : x=b Æ y=F(b) Join UF (E 1,E 2 ) Æ a=b = y=F(x) Æ a=b Join UF (E 1 Æ a=b,E 2 Æ a=b) = y=F(x) Æ x=a=b

15 Conclusion Join Algorithms are useful in program analysis. They are generalization of decision procedure. Join T (E, g) = g iff E ) T g E: conjunction of ground facts in theory T g: ground fact in theory T We showed a relatively complete join algorithm for uninterpreted functions. Join algorithms open up several interesting problems.