Download presentation
Presentation is loading. Please wait.
1
Assertion Checking Unified Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI
2
Example a := a £ c; b := b £ c; u := u+(a £ c); v := v+(a £ c)+(c £ a); f := f-1; z := z-2; Assert(v = 2u) a := 1; b := 1; z := f+f; Assert(a=b) Assert(z=2w) f w False True f := w; u := 0; v := 0; * Green assertion requires modeling £ as uninterpreted. Red assertion requires modeling £ as commutative, and reasoning about disequality guard f w. Blue assertion requires reasoning about equality guard f=w.
3
Abstract Program Model / Problem Statement Linear Arithmetic e = y | c | e 1 § e 2 | c e Uninterpreted Functions e = y | F(e 1,e 2 ) Combination e = y | c | e 1 § e 2 | c e | F(e 1,e 2 ) Assignment y := e Non-det Conditional * True False Non-det Assignment y := ? Disequality Guard Assume(e 1 e 2 ) Assert(e 1 e 2 )
4
Summary of Results Unification type of theory of program expressions Disequality Guards Complexity of assertion checking Examples Strict UnitaryNoPTIMELinear Arithmetic (LA) Uninterpreted Fns (UF) BitaryNocoNP-hardLA + UF Commutative (C) Finitary-ConvexYesDecidableLA + UF + C + AC
5
Outline Unification type of theory Assertion checking algorithm (unitary/finitary theories) coNP-hardness (bitary theories)
6
Unification Terminology A substitution is a (acyclic) mapping of some variables to expressions. A substitution 1 is more general than 2 if there exists such that 1 = ( 2 ). A substitution is a unifier for an equality e 1 =e 2 if e 1 [ (y)/y] = e 2 [ (y)/y]. Example Consider the equality F(u) + F(v) = F(a) + F(b). {u à a, v à b} is a unifier for it and so is {u à 1, a à 1, v à b}. The former unifier is more general than the latter.
7
Unification Terminology Continued … A set of unifiers { 1,…, k } for e 1 =e 2 is complete if for all unifiers of e 1 =e 2, 9 i s.t. i is more general than Let Unif(e 1 =e 2 ) = Ç Æ y = i (y) i=1 k y Example Consider the equality F(u) + F(v) = F(a) + F(b). {{u à a, v à b}, {u à b, v à a}} is a complete set of unifiers for it. Hence, Unif(F(u)+F(v)=F(a)+F(b)) = (u=a Æ v=b) Ç (u=b Æ v=a).
8
Unification Type of Theories Unitary: All equalities e 1 =e 2 have a complete set of unifiers that is singleton. Finitary: All equalities e 1 =e 2 have a complete set of unifiers whose cardinality is finite. Bitary: There exists an equality e 1 =e 2 whose complete set of unifiers has 2 unifiers of the form y à z 1 and y à z 2
9
Examples of Bitary Theories Bitary: There exists an equality e 1 =e 2 whose complete set of unifiers has 2 unifiers of the form y à z 1 and y à z 2 Commutative Functions F(F(y,y),F(z 1,z 2 )) = F(F(y,z 1 ),F(y,z 2 )) Combination of Linear Arithmetic + Uninterpreted Functions F(F(y)+F(y)) + F(F(z 1 )+F(z 2 )) = F(F(y)+F(z 1 )) + F(y)+F(z 2 ))
10
Summary of Results Unification type of theory of program expressions Disequality Guards Complexity of assertion checking Examples Strict UnitaryNoPTIMELinear Arithmetic (LA) Uninterpreted Fns (UF) BitaryNocoNP-hardLA + UF Commutative (C) Finitary-ConvexYesDecidableLA + UF + C + AC
11
Outline Unification type of theory Assertion checking algorithm (unitary/finitary theories) coNP-hardness (bitary theories)
12
An assertion e 1 = e 2 holds at a program point iff the assertion Unif(e 1 =e 2 ) holds at Connection between Assertion Checking & Unification Example To prove, F(u)+F(v) = F(a)+F(b), we need to prove that (u=a Æ v=b) Ç (u=b Æ v=a) is true.
13
Assertion Checking Algorithm Backward analysis strengthened with Unification –Perform weakest precondition computation. –At each step replace the formula by Unif( ), which is a stronger and simpler formula. Termination (reach fixpoint across loops)? –Yes, because of unifier computations. –PTIME for unitary theories (no disequality guards). Bounded for finitary theories.
14
Advantage of Backward Analysis with Unification u := F(u); v := F(v); a := F(a); b := F(b); Assert(u+v=a+b) u := a; v := b; u := b; v := a; * Forward Analysis: needs to maintain an infinite number of facts: F i (u) + F i (v) = F i (a) + F i (b) at the first join point. Backward Analysis: does not terminate: F i (u) + F i (v) = F i (a) + F i (b) Backward Analysis with Unification: Terminates in 2 steps: [(u=a Æ v=b) Ç (u=b Æ v=a)] *
15
Handling equality guards Assume (x y) Ç [x/y] Ç [y/x] Assume (x y) Ç x=y We perform standard weakest precondition computation Standard weakest precondition will lead to disequalities in formulas. Instead we can use heuristics as above. Disequality Guards Equality Guards
16
Outline Unification type of theory Assertion checking algorithm (unitary/finitary theories) coNP-hardness (bitary theories)
17
Reducing Unsatisfiability to Assertion Checking boolean 3-SAT instance with m clauses IsUnsatisfiable( ) { for j=1 to m c j := F; for i=1 to k do if (*) 8 j s.t. var i occurs positively in clause j, c j := T; else 8 j s.t. var i occurs negatively in clause j, c j := T; Assert (c 1 =F Ç c 2 =F … Ç c m =F); }
18
Encoding disjunction The check c 1 =F Ç c 2 =F can be encoded by some appropriate assertion e 1 =e 2 in a bitary theory. The above trick can be recursively applied to construct an assertion that encodes c 1 =F Ç c 2 =F Ç … Ç c m =F
19
Conclusion Complexity of assertion checking depends on the unification type of the theory of program expressions: Unitary (PTIME), Bitary (coNP-hard), Finitary (Decidable) The assertion checking algorithm is based on backward analysis strengthened with unification. –For some infinite-height abstract domains, a (goal- driven) backward analysis is more efficient than forward analysis. –Use of unification is yet another non-trivial use of theorem proving in program analysis.
20
Proof of Termination At each program point, the proof obligation has the form: Ç Æ y = i (y) i=1 k y In each successive loop iteration, above formula becomes stronger. We prove this cannot happen indefinitely: –Assign the following measure to the above formula { # of conjuncts representing unifier i | i=1 to k } –Show this measure decreases in some well-founded ordering.
21
Discussion The assertion checking algorithm is based on backward analysis strengthened with unification. Backward Analysis vs. Forward Analysis Use of Theorem Proving in Program Analysis –Combining (Forward) Abstract Interpreters [PLDI 06]: using an extension of Nelson-Oppen combination method. –This paper: Backward Analysis using Unification
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.