Precise Interprocedural Analysis using Random Interpretation Sumit Gulwani George Necula UC-Berkeley.

Slides:



Advertisements
Similar presentations
Chapter 4 Loops Liang, Introduction to Java Programming, Eighth Edition, (c) 2011 Pearson Education, Inc. All rights reserved
Advertisements

Assertion Checking over Combined Abstraction of Linear Arithmetic and Uninterpreted Functions Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.
Join Algorithms for the Theory of Uninterpreted Functions Sumit Gulwani Ashish Tiwari George Necula UC-Berkeley SRI UC-Berkeley.
Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.
A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,
A Polynomial-Time Algorithm for Global Value Numbering SAS 2004 Sumit Gulwani George C. Necula.
Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions SAS 2004 Sumit Gulwani George Necula EECS Department University of California,
Program Verification using Probabilistic Techniques Sumit Gulwani Microsoft Research Invited Talk: VSTTE Workshop August 2006 Joint work with George Necula.
Global Value Numbering using Random Interpretation Sumit Gulwani George C. Necula CS Department University of California, Berkeley.
PDAs Accept Context-Free Languages
3.6 Support Vector Machines
2. Getting Started Heejin Park College of Information and Communications Hanyang University.
Program Analysis using Random Interpretation Sumit Gulwani UC-Berkeley March 2005.
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
EE384y: Packet Switch Architectures
Constraint Satisfaction Problems
Analysis of Computer Algorithms
Lower Bounds for Local Search by Quantum Arguments Scott Aaronson.
Copyright © 2003 Pearson Education, Inc. Slide 1.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Generating Random Spanning Trees Sourav Chatterji Sumit Gulwani EECS Department University of California, Berkeley.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
©2001 by Charles E. Leiserson Introduction to AlgorithmsDay 9 L6.1 Introduction to Algorithms 6.046J/18.401J/SMA5503 Lecture 6 Prof. Erik Demaine.
Whiteboardmaths.com © 2004 All rights reserved
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Addition Facts
Around the World AdditionSubtraction MultiplicationDivision AdditionSubtraction MultiplicationDivision.
ZMQS ZMQS
Chapter 7 Sampling and Sampling Distributions
Evaluating Window Joins over Unbounded Streams Author: Jaewoo Kang, Jeffrey F. Naughton, Stratis D. Viglas University of Wisconsin-Madison CS Dept. Presenter:
1 Outline relationship among topics secrets LP with upper bounds by Simplex method basic feasible solution (BFS) by Simplex method for bounded variables.
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
The basics for simulations
Factoring Quadratics — ax² + bx + c Topic
EE, NCKU Tien-Hao Chang (Darby Chang)
Randomized Algorithms Randomized Algorithms CS648 1.
Hash Tables.
LT Codes Paper by Michael Luby FOCS ‘02 Presented by Ashish Sabharwal Feb 26, 2003 CSE 590vg.
1 Decision Procedures An algorithmic point of view Equality Logic and Uninterpreted Functions.
1 Chapter 4 The while loop and boolean operators Samuel Marateck ©2010.
Problems and Their Classes
Chapter 5 Test Review Sections 5-1 through 5-4.
Addition 1’s to 20.
25 seconds left…...
Unit Test Practice Expressions & Equations Part 1 Unit Part 1 Unit.
Complexity ©D.Moshkovits 1 Where Can We Draw The Line? On the Hardness of Satisfiability Problems.
Week 1.
Symbolic Analysis. Symbolic analysis tracks the values of variables in programs symbolically as expressions of input variables and other variables, which.
Types of selection structures
Lilian Blot CORE ELEMENTS SELECTION & FUNCTIONS Lecture 3 Autumn 2014 TPOP 1.
PSSA Preparation.
11.2 Arithmetic Sequences & Series
Mani Srivastava UCLA - EE Department Room: 6731-H Boelter Hall Tel: WWW: Copyright 2003.
Claus Brabrand, UFPE, Brazil Aug 11, 2010DATA-FLOW ANALYSIS Claus Brabrand ((( ))) Associate Professor, Ph.D. ((( Programming, Logic, and.
9. Two Functions of Two Random Variables
The Pumping Lemma for CFL’s
1 Programming Languages (CS 550) Mini Language Interpreter Jeremy R. Johnson.
Liang, Introduction to Java Programming, Eighth Edition, (c) 2011 Pearson Education, Inc. All rights reserved Chapter 3 Loops.
Chair of Software Engineering From Program slicing to Abstract Interpretation Dr. Manuel Oriol.
1 Cover Algorithms and Their Combination Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond.
Discovering Affine Equalities Using Random Interpretation Sumit Gulwani George Necula EECS Department University of California, Berkeley.
Program Verification as Probabilistic Inference Sumit Gulwani Nebojsa Jojic Microsoft Research, Redmond.
Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.
CS 536 Spring Global Optimizations Lecture 23.
Program Analysis Using Randomization Sumit Gulwani, George Necula (U.C. Berkeley)
Global Value Numbering Using Random Interpretation OSQ Retreat, May 2003 Sumit Gulwani George Necula EECS Department University of California, Berkeley.
Prof. Bodik CS 164 Lecture 16, Fall Global Optimization Lecture 16.
Random Interpretation Sumit Gulwani UC-Berkeley. 1 Program Analysis Applications in all aspects of software development, e.g. Program correctness Compiler.
Symbolic Implementation of the Best Transformer
Presentation transcript:

Precise Interprocedural Analysis using Random Interpretation Sumit Gulwani George Necula UC-Berkeley

1 Random Interpretation = Random Testing + Abstract Interpretation Almost as simple as random testing but better soundness guarantees. Almost as sound as abstract interpretation but more precise, efficient, and simple.

2 Example a := 0; b := i;a := i-2; b := 2; c := b – a; d := i – 2b; assert(c+d = 0); assert(c = a+i) c := 2a + b; d := b – 2i; TrueFalse Random testing needs to execute all 4 paths to verify assertions. Abstract interpretation analyzes statements once but uses complicated operations. Random interpretation simply executes program once (and captures effect of all paths). True * *

3 Outline Framework for intraprocedural random interpretation –Advantages Investigate all analyses using one framework Design and proof of new analyses will be simpler A generic algorithm for interprocedural analysis

4 Outline Framework for intraprocedural random interpretation –Affine join function –Eval function –Example A generic algorithm for interprocedural analysis

5 Random Interpretation framework Goal: Detect equivalences of expressions. Generic Algorithm: Choose random values for input variables. Execute assignments. –Using Eval function to evaluate expressions. Execute both branches of conditionals and combine the program states at join points. –Using Affine Join function. Compare values of expressions to decide equality.

6 Affine Join function Used for combining program states at join points. w : State £ State ! State Let = w ( 1, 2 ). Then, (y) = def w £ 1 (y) + (1-w) £ 2 (y) 2 : [a=4, b=1] 1 : [a=2, b=3] a := 2; b := 3; a := 4; b := 1; = 7 ( 1, 2 ): [a=7 ¢ 2 + (1-7) ¢ 4, b=7 ¢ 3 +(1-7) ¢ 1] i.e. [a=-10, b=15]

7 2 : [a=4, b=1] 1 : [a=2, b=3] Properties of Affine Join Affine join preserves common linear relationships e.g. a+b=5. It does not introduce false relationships w.h.p. a := 2; b := 3; a := 4; b := 1; = 7 ( 1, 2 ): [a=7 ¢ 2 + (1-7) ¢ 4, b=7 ¢ 3 +(1-7) ¢ 1] i.e. [a=-10, b=15]

8 Eval function Eval: Expression £ State ! Value Used for executing expressions Defined in terms of Poly: Expression ! Polynomial Poly is abstraction specific Eval(e, ) = Evaluation of Poly(e) using and random choices for non-program variables Poly must satisfy: Correctness: Poly(e 1 ) = Poly(e 2 ) iff e 1 = e 2 Linearity: Poly(e) is linear in program variables.

9 Example of Poly function Linear Arithmetic (POPL 2003) Expression e := y | e 1 § e 2 | c ¢ e Poly(e) = e Uninterpreted Functions (POPL 2004) Expression e := y | F(e) Poly(y) = y Poly(F(e)) = a £ Poly(e) + b

Example: Random Interpretation for Linear Arithmetic i=3, a=0, b=3 i=3 a := 0; b := i; a := i-2; b := 2; c := b – a; d := i – 2b; assert (c+d = 0); assert (c = a+i) i=3, a=-4, b=7 c=23, d=-23 c := 2a + b; d := b – 2i; i=3, a=1, b=2 i=3, a=-4, b=7 c=-1, d=1 i=3, a=-4, b=7 c=11, d=-11 False w 1 = 5 w 2 = 2 True * *

11 Outline Framework for intraprocedural random interpretation –Affine join function –Eval function –Example A generic algorithm for interprocedural analysis –Random summary (Idea #1) –Issue of freshness (Idea #2) –Error probability and complexity –Experiments

i=3, a=0, b=3 i=3 a := 0; b := i; a := i-2; b := 2; c := b – a; d := i – 2b; assert (c+d = 0); assert (c = a+i) i=3, a=-4, b=7 c=23, d=-23 c := 2a + b; d := b – 2i; i=3, a=1, b=2 i=3, a=-4, b=7 c=-1, d=1 i=3, a=-4, b=7 c=11, d=-11 False w 1 = 5 w 2 = 2 Example True * * The second assertion is true in the context i=2. We need two new ideas to make the analysis interprocedural.

i=2 a=0, b=i a := 0; b := i;a := i-2; b := 2; c := b – a; d := i – 2b; assert (c+d = 0); assert (c = a+i) a=8-4i, b=5i-8 c=21i-40, d=40-21i c := 2a + b; d := b – 2i; a=i-2, b=2 a=8-4i, b=5i-8 c=8-3i, d=3i-8 a=8-4i, b=5i-8 c=9i-16, d=16-9i False w 1 = 5 w 2 = 2 Idea #1: Keep input variables symbolic Do not choose random values for input variables (to later instantiate by any context). Resulting program state at the end is a random summary. a=0, b=2 c=2, d=-2 True * *

14 Idea #2: Generate fresh summaries u = 5 ¢ 2 -7 = 3 v = 5 ¢ 1 -7 = -2 w = 5 ¢ 1 -7 = -2 x = 5i-7 w = 5 x = 3x = i+1 x := i+1;x := 3; return x; * Procedure P Input: i Assert (u = 3); Assert (v = w); u := P(2); v := P(1); w := P(1); Procedure Q Plugging the same summary twice is unsound. Fresh summaries can be generated by random affine combination of few independent summaries! True False

15 Generating 2 random summaries for P Procedure P x=[5i-7,7-2i] w=[5,-2] x = [3,3] x=[i+1,i+1] x := i+1;x := 3; return x; * Input: i True False x = 7 (5i-7,7-2i) = 47i-91 x = 6 (5i-7,7-2i) = 40i-77 x = 2 (5i-7,7-2i) = 19i-35 x = 0 (5i-7,7-2i) = 7-2i x = 5 (5i-7,7-2i) = 33i-63 x = 1 (5i-7,7-2i) = 5i-7 Procedure Q calls P 3 times. Hence, generating 2 random summaries for Q requires 2 £ 3 fresh summaries of P.

16 Generating 2 random summaries for Q u = [47 ¢ 2-91, 40 ¢ 2-77] =[3,3] v = [19 ¢ 1-35, 7-2 ¢ 1] =[-16,5] w = [33 ¢ 1-63, 5 ¢ 1-7] =[-30,-2] Assert (u = 3); Assert (v = w); u := P(2); v := P(1); w := P(1); Procedure Q x = 7 (5i-7,7-2i) = 47i-91 x = 6 (5i-7,7-2i) = 40i-77 x = 2 (5i-7,7-2i) = 19i-35 x = 0 (5i-7,7-2i) = 7-2i x = 5 (5i-7,7-2i) = 33i-63 x = 1 (5i-7,7-2i) = 5i-7

17 Loops and Fixed point computation In presence of loops (in procedures and call- graphs), fixed point computation is required. The number of iterations required to reach fixed point is k v (2k I +1) + 1 k v : # of visible variables k I : # of input variables

18 Error Probability and Complexity Time Complexity = nk V k I 2 t Error probability = 1/q t-m n: size of program k V, k I : # of visible and input variables t: # of random summaries q: size of set from which random values are chosen m: k I k V (generic bound) k I + k V (for linear arithmetic) 4 (for unary uninterpreted functions)

19 Related Work Intraprocedural random interpretation –Linear arithmetic (POPL 03) –Uninterpreted functions (POPL 04) Interprocedural dataflow analysis (POPL 95, TCS 96) –Sagiv, Reps, Horwitz –Cons: simpler properties, e.g. liveness, linear constants –Pro: better computational complexity Interprocedural linear arithmetic (POPL 04) –Muller-Olm, Seidl –Cons: O(k 2 ) times slower –Pro: works for non-linear relationships too

20 Related Work Intraprocedural random interpretation –Linear arithmetic (POPL 03) –Uninterpreted functions (POPL 04) Interprocedural dataflow analysis (POPL 95, TCS 96) –Sagiv, Reps, Horwitz –Cons: simpler properties, e.g. liveness, linear constants –Pro: better computational complexity Interprocedural linear arithmetic (POPL 04) –Muller-Olm, Seidl –Cons: O(k 2 ) times slower –Pro: works for non-linear relationships too

21 Experiments ProgLineInpVarTime go29K ijpeg28K li23K gzip8K Random Inter (this paper) Random Intra (POPL 2003) Det Inter (TCS 96) Var)Speedup Inp) Speedup Inp: # of input variables that were constants Var: # of local variable that were constants (Var): # of fewer local variable constants discovered Random Inter discovers 10-70% more facts; Random Intra is faster by times; Det Inter is faster by 2 times.

22 Conclusion Randomization buys efficiency, simplicity at cost of probabilistic soundness. Combining randomized techniques with symbolic techniques is powerful.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.