Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shape Analysis Termination Analysis Linear Time

Published byDenis Carr Modified over 6 years ago

Similar presentations

Presentation on theme: "Shape Analysis Termination Analysis Linear Time"— Presentation transcript:

1 Shape Analysis Termination Analysis Linear Time
From to in Shape Analysis Termination Analysis Linear Time Roman Manevich Ben-Gurion University of the Negev Noam Rinetzky Tel Aviv University Boris Dogadov Tel Aviv University [Required math fonts available here]

2 UPGRADE YOUR SHAPE ANALYSIS
START PROVING TOTAL CORRECTNESS TODAY FOR JUST 5% OF THE RUNNING TIME

3 Research problem Automatically verify termination of heap-manipulating programs Dynamic memory allocation Destructive updates Applications Systems codes, e.g., Windows device drivers containing linked data structures: lists, trees, etc. Object-oriented programs utilizing containers: sets, maps, and graphs

4 Scalability “dimensions”
Shape complexity (complexity of heap invariants) PL features overlaid hierarchical numeric data containers concurrency recursive recursion Code size

5 Shape analysis-specific Termination undecidable
Classic approach Naughty idea: Once shape analysis does the heavy lifting termination is easy Shape analysis-specific Heavyweight Heap-manipulating Program Instrumented Shape Analyzer Termination undecidable Safety property  Integer Program [Berdine et al. CAV 2006] [Berdine et al. POPL 2007] [Magill et al. POPL 2010] TRS [AProVE Giesl et al. CAV 2012, RTA 2011, IJCAR 2014] Logic Program [Albert et al. FMOOBDS 2008] [Spoto et al. TOPLAS 2010] Always terminates Termination Analyzer May not terminate

6 Our solution Partition-based Shape Analyzer Termination Analyzer
Termination checked in linear time Most shape analyses (Sep. Logic, TVLA, Boolean heaps, TRS) Abstract transition relation Heap-manipulating Program Partition-based Shape Analyzer Safety property  Evolution relation Always terminates Termination Analyzer May not terminate Easy to implement Induced by shape analysis

7 Main results Termination analysis parametrized by partition-based shape analysis Enables handling wide range of shape invariants (both inductive data structures and unstructured graphs) Novel ranking function based on evolution relation Featherweight analysis Linear time modulo shape analysis Modular Handles recursion very precisely Limited support for concurrency Precise enough on a variety of benchmarks  Shape complexity  Code size  PL features

8 Agenda Our recipe for proving termination Apply recipe for shape analysis Handling nested loops and recursion Experiments and conclusion

9 Reminder: general recipe for proving termination
To show that a transition system (, ) does not contain infinite paths: Find well-founded ordering  :    (all descending chains finite) Show that every infinite path must contain an infinite -descending chain * * * * 1 i j k

10 Our recipe To show that a transition system (, ) does not contain infinite paths: Find well-founded ordering  :    that is monotone:   ’  ’   Compute a (finite) abstract transition system (, ) 3. Find all decreasing transitions  := {} for each   ’   do if   ’ then  :=   (, ’) fi od // linear time 4. Check for cutting set if  \  contains no cycles then answer true else answer “may not terminate” fi // linear time

11 Agenda Our recipe for proving termination Apply recipe for shape analysis Handling nested loops and recursion Experiments and conclusion

12 Partition-based shape analysis: symbolic heaps example
1 = ls(x, y) * ls(y, nil) x y nil Concrete heaps abstracted into heap descriptors that partition the set of concrete objects into a finite number of heap regions

13 Abstract transition relation
A shape analysis results in a finite abstract transition relation 1 = ls(x, y) * ls(y, nil) x y nil y := y.n x y nil ls(x, y) ls(y, nil) * 2 =

14 Concrete evolution relation
A consistent renaming of object identifiers x y nil y := y.n x y nil

15 Abstract evolution relation
May/must edges express how objects change membership in regions 1 = ls(x, y) * ls(y, nil) x y nil y := y.n x y nil 2 = ls(x, y) * ls(y, nil)

16 Must evolution edges help deplete regions
May/must edges express how objects change membership in regions 1 = ls(x, y) * ls(y, nil) x y nil y := y.n Region size decreases x y nil 2 = ls(x, y) * ls(y, nil)

17 Modeling dynamic allocation/deallocation
1 = ls(x, nil) * free Infinite region x nil y := new x y nil 2 = ls(x, nil) * yv * free

18 Defining a monotone WF for shape analysis
Use evolution relation to define monotone WF relation for objects Use it to define monotone WF relation for heaps

19 Abstract evolution relation is a finite graph
Nodes are region:descriptor pairs 1 = ls(x, y) * ls(y, nil) * free y := y.n 2 = ls(x, y) ls(y, nil) * * free

20 Abstract evolution relation to WF over regions
Nodes are region:descriptor pairs Lemma: collapsing strongly-connected component yields WF relation (linear time) 1:ls(x, y) 1:ls(y, nil) free 2:ls(x, y) 2:ls(y, nil) free

21 Ranking objects Merged nodes = region ranks
Assign each object its respective region ranks Suffix rank 1:ls(y, nil) free 2:ls(y, nil) Prefix rank Condensation graph 1:ls(x, y) 2:ls(x, y) x y P P S S S S nil P

22 Before y:=y.n Merged nodes = region ranks
Assign each object its respective region ranks Lemma: monotone WF Suffix rank 1:ls(y, nil) free 2:ls(y, nil) Prefix rank 1:ls(x, y) 2:ls(x, y) x y P P S S S S nil P

23 After y:=y.n Merged nodes = region ranks
Assign each object its respective region ranks Lemma: monotone WF Suffix rank 1:ls(y, nil) free 2:ls(y, nil) Prefix rank 1:ls(x, y) 2:ls(x, y) x y P P P S S S nil P

24 Monotone WF relation for heaps
Order heaps by comparing the ranks of their objects points-wise Lemma: monotone WF (have to be careful with memory allocation) x y P P S S S S nil P = y := y.n = = = = = x y P P P S S S nil P

25 Agenda Our recipe for proving termination Apply recipe for shape analysis Handling nested loops and recursion Experiments and conclusion

26 Assume control-flow graphs are structured
assume innil out := nil x := in N2 N3 if xnil return out N4 y := out N5 if ynil  y.nnil  y.d<x.d InsertionSort FindPos N6 y := y.n N7 if y=out then // replace list head out := new Node(out, x.d) else // insert element after y y.n := new Node(y.n, x.d) x := x.n

27 Handling nested loops Problem: proving termination for nested loops often requires lexicographic ranking functions Solution: summarize loops Simply compose relations across statements: precise Linear time Prove termination from inner loop up to outer loop Limited to structured programs Improved in ongoing work [Boris Dogadov, M.Sc. thesis]

28 Termination for recursive procedures
Model call stack as linked list [Rinetzky & Sagiv, CC 2001] [Rival & Chang POPL 2011] Call modelled as allocation of stack object and insertion to call stack list Return modelled as removing from call stack For precision use predicates to capture shape patterns across calls Our algorithms can be applied without change Future work: extend to local interprocedural analysis based on heap cutpoints [Rinetzky et al. POPL 2005, SAS 2005]

29 Agenda Our recipe for proving termination Apply recipe for shape analysis Handling nested loops and recursion Experiments and conclusion

30 Required (manual) abstraction refinement
Implementation Use TVLA as underlying shape analysis No need to refine abstraction (two exceptions) Overhead usually < 5% Required (manual) abstraction refinement

31 Thanks for listening Questions?
Conclusion Upgrade almost any shape analysis to automatically prove termination Simple to implement Featherweight reasoning Linear time in output of shape analysis Usually 5% of overall running time Naturally supports recursion Some support for concurrency Improving with ongoing work Practically quite precise Thanks for listening Questions?

32 Suggested questions How easy it is to extend a shape analysis with an abstract evolution relation? Which programs defeat your analysis? How would you handle integer/string-valued fields? How would you handle integer variables?

33 Inference rules extended with evolution relation
v, Q  H * ls(E, F)  Unroll1 v, Q  H * ls(E, F)  Unroll>1 v, Q  H * (Ez) * ls(z, F)  Fold v, Q  H * (EF) v, Q  H * (Ez) * ls(z, F) where z is fresh v, Q  H * ls(E, F) v, Q  H * (yw) y := y.n  Next v, Q  H assume EF  assume EF v’, Q  H[y/w, z/y] * (zy) where z is fresh v’, Q  EF  H

Download ppt "Shape Analysis Termination Analysis Linear Time"

Similar presentations

A Framework for describing recursive data structures Kenneth Roe Scott Smith.

A Framework for describing recursive data structures Kenneth Roe Scott Smith.
Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.

Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.

Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
Shape Analysis with Structural Invariant Checkers Bor-Yuh Evan Chang Xavier Rival George C. Necula May 10, 2007 OSQ Retreat.

Shape Analysis with Structural Invariant Checkers Bor-Yuh Evan Chang Xavier Rival George C. Necula May 10, 2007 OSQ Retreat.
Extensible Shape Analysis by Designing with the User in Mind Bor-Yuh Evan Chang Bor-Yuh Evan Chang, Xavier Rival, and George Necula University of California,

Extensible Shape Analysis by Designing with the User in Mind Bor-Yuh Evan Chang Bor-Yuh Evan Chang, Xavier Rival, and George Necula University of California,
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
MATH 224 – Discrete Mathematics

MATH 224 – Discrete Mathematics
Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.

Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.

Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Relational Inductive Shape Analysis Bor-Yuh Evan Chang University of California, Berkeley Xavier Rival INRIA POPL 2008.

Relational Inductive Shape Analysis Bor-Yuh Evan Chang University of California, Berkeley Xavier Rival INRIA POPL 2008.
Reduction in End-User Shape Analysis Dagstuhl - Typing, Analysis, and Verification of Heap-Manipulating Programs – July 24, 2009 Xavier Rival INRIA and.

Reduction in End-User Shape Analysis Dagstuhl - Typing, Analysis, and Verification of Heap-Manipulating Programs – July 24, 2009 Xavier Rival INRIA and.
Termination Proofs for Systems Code Andrey Rybalchenko, EPFL/MPI joint work with Byron Cook, MSR and Andreas Podelski, MPI PLDI’2006, Ottawa.

Termination Proofs for Systems Code Andrey Rybalchenko, EPFL/MPI joint work with Byron Cook, MSR and Andreas Podelski, MPI PLDI’2006, Ottawa.
1 Operational Semantics Mooly Sagiv Tel Aviv University 640-6706 Textbook: Semantics with Applications.

1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.
Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly.

Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly.
Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.

Modular Shape Analysis for Dynamically Encapsulated Programs Noam Rinetzky Tel Aviv University Arnd Poetzsch-HeffterUniversität Kaiserlauten Ganesan RamalingamMicrosoft.

Similar presentations

Ads by Google