Presentation is loading. Please wait.

Presentation is loading. Please wait.

Parametric Shape Analysis via 3-Valued Logic

Published byClaud Carter Modified over 6 years ago

Similar presentations

Presentation on theme: "Parametric Shape Analysis via 3-Valued Logic"— Presentation transcript:

1 Parametric Shape Analysis via 3-Valued Logic
Mooly Sagiv Thomas Reps Reinhard Wilhelm

2 Goals Capture storage invariants May-alias information
x points to a list, tree, dag, etc. May-alias information Sharing of structures x and y point to structures that do not share cells Parametric Framework for a collection of analyses Basis for an analysis-generation tool

3 The Shape-Analysis Problem
For every program point, compute a finite characterization of the possible “shapes” of the heap-allocated data structures.

4 Formalizing “. . .” Informal: x y Formal: x y

5 Formalizing “. . .” Informal: Formal: x y x y {x} transitively
pointed to by

6 Formalizing “. . .” Informal: t1 x y t2 Formal: x y t2 t1

7 Formalizing “. . .” Informal: t1 t2 Formal: t1 t2 x y x y {x} {x}
{t2,y} {t2,y}

8 Abstract Interpretation
f(a,b) = (16 * b + 3) * (2 * a + 1) * + b 1 2 a 3 16

9 Abstract Interpretation
f(a,b) = (16 * b + 3) * (2 * a + 1) O * + b 1 2 a 3 16 O O O E E O E ? E ? f : _  _  O

10 Abstract Interpretation
Concrete

11 Outline Using logic to describe stores
Using logic to express store transformations Forming abstractions of stores Three-valued logic Using three-valued logic to express transformations of abstract stores

12 Logic (Syntax) Vocabulary Formulas
Predicate symbols: p1, p2, . . ., pn Constant symbols: c1, c2, . . ., cm Function symbols: f1, f2, . . ., fk Formulas Variables Equality-predicate symbol: = Logical constant symbols: 0, 1 Connectives: , ,  Quantifiers: , 

13 Using Logic to Describe Stores
Predicate Symbols Whether variable x points to location u: x(u) Pointer fields: n(u1, u2) car(u1, u2) cdr(u1, u2) x u u1 u2 u1 u2 u1 u2

14 Using Logic to Describe Stores
Formulas: Other Properties of Locations un(v)   v1,v2 : n(v1,v)  n(v2,v)  v1 = v2 u3 u4 u1 u2 un(u1) = 1 un(u2) = 1 un(u4) = 1 un(u3) = 1 u3 u1 u2 un(u1) = 1 un(u2) = 0 un(u3) = 1

15 Logic (Semantics) Truth values: 0, 1 Logical Structures
Individuals: U = {u1, u2, . . ., un} Predicates: pi : U arity(pi)  {0, 1}

16 An Example Individuals: U = {u1, u2, u3} Predicates: x u1 x u1 u3 u1
y u3 y u3 Individuals: U = {u1, u2, u3} Predicates:

17 Logic (Semantics) Assignments Z: free variables  individuals
Meaning of a formula (Z)

18 Meaning of a Formula  (v,v1,v2) = n(v1,v)  n(v2,v)  v1 = v2
x u1 u2 y u3  (v,v1,v2) = n(v1,v)  n(v2,v)  v1 = v2 Z = { v  u2, v1  u1, v2  u3} (Z) = ???

19 Meaning of a Formula (Z)
pi(v1, …, vk) (Z) = pi (Z(v1), …, Z(vk)) 1  2(Z) = 1 (Z)  2(Z) 1  2(Z) = 1 (Z)  2(Z) 1  2(Z) = 1 (Z)  2(Z)

20 Meaning of a Formula  (v,v1,v2) = n(v1,v)  n(v2,v)  v1 = v2
y x  (v,v1,v2) = n(v1,v)  n(v2,v)  v1 = v2 Z = { v  u2, v1  u1, v2  u3} (Z) = n(v1,v)  n(v2,v) (Z)  v1 = v2(Z) = n(u1, u2)  n(u3, u2)  u1 = u3 = 1  1  0 = 0

21 Outline Using logic to describe stores
Using logic to express store transformations Forming abstractions of stores Three-valued logic Using three-valued logic to express transformations of abstract stores

22 Using Logic to Change Stores
x = null Before: x u3 u1 u2 y z After: u3 u1 u2 y z x

23 Predicate-Alteration Formulas for x = null
Old: x u3 u1 u2 y z New: u3 u1 u2 x[x = null](v)  0

24 Predicate-Alteration Formulas for x = null
Old: x u3 u1 u2 y z New: u3 u1 u2 y y[x = null](v)  y(v)

25 Predicate-Alteration Formulas for x = null
Old: x u3 u1 u2 y z New: u3 u1 u2 y z z[x = null](v)  z(v)

26 Predicate-Alteration Formulas for x = null
Old: x u3 u1 u2 y z New: y u1 u2 z u3

27 Predicate-Alteration Formulas for x = null
Old: x u3 u1 u2 y z New: y u1 u2 z u3 n[x = null](v1,v2)  n(v1,v2) n n

28 Predicate-Alteration Formulas for x = null
Old: x u3 u1 u2 y z New: y u1 u2 z u3 n n

29 Predicate-Alteration Formulas for x = null
Old: x u3 u1 u2 y z New: y u1 u2 z u3 n n

30 Outline Using logic to describe stores
Using logic to express store transformations Forming abstractions of stores Three-valued logic Using three-valued logic to express transformations of abstract stores

31 Abstraction Principle
u1 u2 u3 u4 x u1 u234 x

32 Abstraction Principle
u1 u2 u3 u4 x un(v)   v1,v2 : n(v1,v)  n(v2,v)  v1 = v2 u1 u234 x

33 Outline Using logic to describe stores
Using logic to express store transformations Forming abstractions of stores Three-valued logic Using three-valued logic to express transformations of abstract stores

34 Two- vs. Three-Valued Logic
1 Two-valued logic {0,1} {0} {1} Three-valued logic

35 Two- vs. Three-Valued Logic
Two-valued logic Three-valued logic {1} {0,1} {0} 1 1

36 Outline Using logic to describe stores
Using logic to express store transformations Forming abstractions of stores Three-valued logic Using three-valued logic to express transformations of abstract stores

Download ppt "Parametric Shape Analysis via 3-Valued Logic"

Similar presentations

1 First order theories (Chapter 1, Sections 1.4 – 1.5)

1 First order theories (Chapter 1, Sections 1.4 – 1.5)
Techniques for proving programs with pointers A. Tikhomirov.

Techniques for proving programs with pointers A. Tikhomirov.
The Logic of Quantified Statements

The Logic of Quantified Statements
Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.

Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J.
3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.

3-Valued Logic Analyzer (TVP) Tal Lev-Ami and Mooly Sagiv.
August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.
Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.

Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.
Computability and Complexity 9-1 Computability and Complexity Andrei Bulatov Logic Reminder (Cnt’d)

Computability and Complexity 9-1 Computability and Complexity Andrei Bulatov Logic Reminder (Cnt’d)
Computability and Complexity 8-1 Computability and Complexity Andrei Bulatov Logic Reminder.

Computability and Complexity 8-1 Computability and Complexity Andrei Bulatov Logic Reminder.
1 Lecture 07 – Shape Analysis Eran Yahav. Previously  LFP computation and join-over-all-paths  Inter-procedural analysis  call-string approach  functional.

1 Lecture 07 – Shape Analysis Eran Yahav. Previously  LFP computation and join-over-all-paths  Inter-procedural analysis  call-string approach  functional.
1 Lecture 08(a) – Shape Analysis – continued Lecture 08(b) – Typestate Verification Lecture 08(c) – Predicate Abstraction Eran Yahav.

1 Lecture 08(a) – Shape Analysis – continued Lecture 08(b) – Typestate Verification Lecture 08(c) – Predicate Abstraction Eran Yahav.
1 Operational Semantics Mooly Sagiv Tel Aviv University 640-6706 Textbook: Semantics with Applications.

1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.
Specialized Reference Counting Garbage Collection using Data Structure Annotations By Eric Watkins and Dzin Avots for CS 343 Spring 2002.

Specialized Reference Counting Garbage Collection using Data Structure Annotations By Eric Watkins and Dzin Avots for CS 343 Spring 2002.
Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.

Establishing Local Temporal Heap Safety Properties with Applications to Compile-Time Memory Management Ran Shaham Eran Yahav Elliot Kolodner Mooly Sagiv.
1 2. Constraint Databases Next level of data abstraction: Constraint level – finitely represents by constraints the logical level.

1 2. Constraint Databases Next level of data abstraction: Constraint level – finitely represents by constraints the logical level.
Finite Differencing of Logical Formulas for Static Analysis Thomas Reps University of Wisconsin Joint work with M. Sagiv and A. Loginov.

Finite Differencing of Logical Formulas for Static Analysis Thomas Reps University of Wisconsin Joint work with M. Sagiv and A. Loginov.
1 Verifying Temporal Heap Properties Specified via Evolution Logic Eran Yahav, Tom Reps, Mooly Sagiv and Reinhard Wilhelm

1 Verifying Temporal Heap Properties Specified via Evolution Logic Eran Yahav, Tom Reps, Mooly Sagiv and Reinhard Wilhelm
Model Checking of Concurrent Software: Current Projects Thomas Reps University of Wisconsin.

Model Checking of Concurrent Software: Current Projects Thomas Reps University of Wisconsin.
1 Shape Analysis via 3-Valued Logic Mooly Sagiv Tel Aviv University Shape analysis with applications Chapter 4.6

1 Shape Analysis via 3-Valued Logic Mooly Sagiv Tel Aviv University Shape analysis with applications Chapter 4.6
Invisible Invariants: Underapproximating to Overapproximate Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.

Invisible Invariants: Underapproximating to Overapproximate Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.

Similar presentations

Ads by Google