Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Combination Framework for Tracking Partition Sizes Sumit Gulwani, Microsoft Research Tal Lev-Ami, Tel-Aviv University Mooly Sagiv, Tel-Aviv University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A Combination Framework for Tracking Partition Sizes Sumit Gulwani, Microsoft Research Tal Lev-Ami, Tel-Aviv University Mooly Sagiv, Tel-Aviv University."— Presentation transcript:

1 A Combination Framework for Tracking Partition Sizes Sumit Gulwani, Microsoft Research Tal Lev-Ami, Tel-Aviv University Mooly Sagiv, Tel-Aviv University POPL January 22, 2009 Savannah, Georgia

2 What? Framework for constructing static analyses – Tracking the sizes of dynamically allocated data structures h h.size =

3 Why? Sizes of data structures are important – Partial correctness – Termination – Memory bounds

4 How? x y z Shape analysis Numerical analysis A+B=C

5 How? x y z A+B=C = C = B = A + Shape analysis Numerical analysis

6 Partial Correctness: StringBuffer { SB(x), |x|=n } x. remove (s,e) { SB(x), |x|=n-(e-s) }

7 StringBuffer (from MS code) Linked lists of chunks – Reversed order (fast append) – Partially filled (fast remove) chunk.len = number of used chars in chunk x 10011181931 used(nil) =  used(z) = used(z.succ)  z.data[0.. z.len] y used(y)

8 remove(s, e) s e x |used(x)| = n |used(x)| = n – (e – s) x remove(s,e)

9 Termination: BubbleSort Termination is non-trivial BubbleSort(int* A, int n) { change := true; while (change) { change := false; for (j:=0; j<n–1; j:=j+1) { if (A[j] > A[j+1]) { Swap(A[j], A[j+1]); change := true; } }

10 Termination: BubbleSort Termination is non-trivial Prove c  n – c  number of elements in the correct position BubbleSort(int* A, int n) { change := true; c := 0; while (change) { c := c + 1; change := false; for (j:=0; j<n–1; j:=j+1) { if (A[j] > A[j+1]) { Swap(A[j], A[j+1]); change := true; } }

11 The Key Idea Modular abstract-domain combination approach Reuse existing domains – Set Domain Track sets of memory locations Such as domains for shape analysis E.g., Canonical Abstraction [SRW’02], Separation Domain [DOY’06], Boolean Heaps [PW’05] – Numerical Domain Track sizes and correlations with numerical variables E.g., Polyhedra [CH’78], Octagon [Miné’01], Intervals [CC’07]

12 Abstracting Lists x  _,nil  ls(y,nil)  z = nil  x yz nil

13 Reasoning about Sets and Sizes ls(x,nil)  ls(y,nil) x  _,nil  y  _,nil  z=nil z = x.next x  _,nil  ls (y,nil)  z=nil  x  _,z  ls (z,nil)  ls (y,nil)  |ls(x,nil)| = |ls(y,nil)|  |ls(z,nil)|+1 = |ls(y,nil)|  |x  _,nil| = |ls(y,nil)|  |x  _,nil| = |y  _,nil|

14 Division of labor Share information between the domains – Similar to Nelson-Oppen [NO’80] [x  _,nil] A  [ls(y,nil)] B  z = nilA=B  |x  _,nil| = A |ls(y,nil)| = B x  _,nil  ls(y,nil)  z = nil

15 Extra Operations Required of Set Domain BaseSets – List the base sets of a given set-domain element Example BaseSets (x  _,nil  ls(y,nil)  z = nil) = {x  _,nil, ls(y,nil)}

16 Extra Operations Required of Set Domain BaseSets – List the base sets of a given set-domain element Witness – Relate the base sets before and after a set-domain operation Example Witness (ls(x,nil) x  _,z  ls(z,nil)) = {ls(x,nil)  x  _,z  ls(z,nil)} z=x.next

17 Extra Operations Required of Set Domain BaseSets – List the base sets of a given set-domain element Witness – Relate the base sets of two set-domain elements Generate – Generate constraints of the form |p|  c or |p|  c PostPredicate ( |p| = c ) – Inform the set-domain element that a base-set is of given size [c = 0, 1]

18 Combination Approach Construct the standard operations for the combined domain – Use the operations of the base domains and the extra operations of the set domain

19 Example: Join [x  _,nil] A  [ls(y,nil)] B A=1  B = n-1  B  1  [ls(x,nil)] C  [y  _,nil] D D=1  C = n-1  C  1   [ls(x,nil)] E  [ls(y,nil)] F A=E  B=F  A=1  B=n-1  B  1 C=E  D=F  D=1  C=n-1  C  1 E+F = n  E  1  F  1  Join Set Join Num Witness

20 In the Paper Set Domains that support the extra operations – Canonical Abstraction – Boolean Heaps – Separation Domain Algorithms for combined domain operations – Soundness and precision claims and proofs Tradeoffs between complexity of set and numerical domains

21 Prototype Implementation Set Domain – Canonical Abstraction - TVLA [LS’00] Numerical Domain – Polyhedra - PPL [BHZ’08]

22 The Benchmarks Category ProgramTime (secs)OverheadStates String Buffer SB.remove295.212.8350,615 SB.toString79.533.1510,176 Termination BubbleSort3.570.54886 Mark2.443.021,530 Linked List Reverse0.341.6490 Filter0.760.54238 Merge1.081.88341 MergeNoDups4.062.531,838 Data AcyclicList.copy0.391.4474 Structure CyclicList.copy4.541.02155 Copy Tree.copy4.151.45642 NaryTree.copy138.2N/A5,439 ListOfLists.copy39.951.445,353 ListOfArrays.copy12.671.022,260 ArrayOfLists.copy7.993.001,628 JDK LinkedList.add1.452.2317 Collections LinkedList.addAll10.932.00215 Library LinkedList.remove2.512.10173 HashMap.put9.451.023,132 HashMap.putAll111.842.5922,431 HashMap.remove2.131.92725

23 Thank you! Questions?

24 Related Work Domain constructors [CC’79] – Logical Abstract Domains [GT’06] Combination of numeric and pointer analysis [Detsch’92] – Type systems [HP’99, HJ’03] – Tracking lengths of linked lists [YB’02, BBHIMV’06, MBCC’07] – Tracking other numerical properties [GDDRS’04, Rugina’04] Reducing Pointer to Integer Programs [DRS’03, BBHIMV’06, MBCC’07] Decision Procedures – BAPA [KR’07] – Entailment for separation logic with arithmetic [NDQC’07]

25 Our Basic Operation 1: Saturate Share Information between the domains – Similar to Nelson-Oppen [NO’80] [x  _,nil] A  [ls(y,nil)] B  z = nilA=B  A=1 B=1 [x  _,nil] A  [y  _,nil] B  z = nil  B=1  A=1

26 Our Basic Operation 2: P2N Relate the partition sizes of two representations of the same memory [x  _,nil] A  [ls(y,nil)] B [ls(x,nil)] C  [ls(y,nil)] D  N 1 : A+B=n  N 2 : ? Witness (P 1, P 2 ) x  _,nil  ls(x,nil) ls(y,nil)  ls(y,nil) P1:P1: P2:P2: P2N (P 1, P 2, A+B=n) A+B=n  A=C  B=D

27 Extra Operations Required of Set Domain BaseSets – List the base sets of a given set-domain element Witness – Relate the base sets of two set-domain elements Example Witness (x  _,nil  y  _,z  ls(z,nil), ls(x,nil)  ls(y,nil)) = {y  _,z  ls(z,nil)  ls(y,nil), x  _,nil  ls(x,nil) }

28 Termination: BubbleSort Termination is non-trivial Prove correlation between c and number of elements in the correct position 1 5 3 8 7 4 6 2 9 c=0 BubbleSort(int* A, int n) { change := true; c := 0; while (change) { c := c + 1; change := false; for (j:=0; j<n–1; j:=j+1) { if (A[j] > A[j+1]) { Swap(A[j], A[j+1]); change := true; } }

29 Termination: BubbleSort Termination is non-trivial Prove correlation between c and number of elements in the correct position 1 3 5 7 4 6 2 8 9 c=1 BubbleSort(int* A, int n) { change := true; c := 0; while (change) { c := c + 1; change := false; for (j:=0; j<n–1; j:=j+1) { if (A[j] > A[j+1]) { Swap(A[j], A[j+1]); change := true; } }

30 Termination: BubbleSort Termination is non-trivial Prove correlation between c and number of elements in the correct position BubbleSort(int* A, int n) { change := true; c := 0; while (change) { c := c + 1; change := false; for (j:=0; j<n–1; j:=j+1) { if (A[j] > A[j+1]) { Swap(A[j], A[j+1]); change := true; } } 1 3 5 4 6 2 7 8 9 c=2

Download ppt "A Combination Framework for Tracking Partition Sizes Sumit Gulwani, Microsoft Research Tal Lev-Ami, Tel-Aviv University Mooly Sagiv, Tel-Aviv University."

Similar presentations

Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.

Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.
A Framework for describing recursive data structures Kenneth Roe Scott Smith.

A Framework for describing recursive data structures Kenneth Roe Scott Smith.
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Abstract Interpretation Part II

Abstract Interpretation Part II
Code Generator Translator Architecture Parser Tokenizer string of characters (source code) string of tokens abstract program string of integers (object.

Code Generator Translator Architecture Parser Tokenizer string of characters (source code) string of tokens abstract program string of integers (object.
Automated Verification with HIP and SLEEK Asankhaya Sharma.

Automated Verification with HIP and SLEEK Asankhaya Sharma.
SPEED: Precise & Efficient Static Estimation of Symbolic Computational Complexity Sumit Gulwani MSR Redmond TexPoint fonts used in EMF. Read the TexPoint.

SPEED: Precise & Efficient Static Estimation of Symbolic Computational Complexity Sumit Gulwani MSR Redmond TexPoint fonts used in EMF. Read the TexPoint.
Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.

Shape Analysis by Graph Decomposition R. Manevich M. Sagiv Tel Aviv University G. Ramalingam MSR India J. Berdine B. Cook MSR Cambridge.
Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv.

Interprocedural Shape Analysis for Recursive Programs Noam Rinetzky Mooly Sagiv.
Programming Paradigms Introduction. 6/15/2005 Copyright 2005, by the authors of these slides, and Ateneo de Manila University. All rights reserved. L1:

Programming Paradigms Introduction. 6/15/2005 Copyright 2005, by the authors of these slides, and Ateneo de Manila University. All rights reserved. L1:
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
Abstract Interpretation with Alien Expressions and Heap Structures Bor-Yuh Evan ChangK. Rustan M. Leino University of California, BerkeleyMicrosoft Research.

Abstract Interpretation with Alien Expressions and Heap Structures Bor-Yuh Evan ChangK. Rustan M. Leino University of California, BerkeleyMicrosoft Research.
Relational Inductive Shape Analysis Bor-Yuh Evan Chang University of California, Berkeley Xavier Rival INRIA POPL 2008.

Relational Inductive Shape Analysis Bor-Yuh Evan Chang University of California, Berkeley Xavier Rival INRIA POPL 2008.
CS412/413 Introduction to Compilers Radu Rugina Lecture 16: Efficient Translation to Low IR 25 Feb 02.

CS412/413 Introduction to Compilers Radu Rugina Lecture 16: Efficient Translation to Low IR 25 Feb 02.
Lifting Abstract Interpreters to Quantified Logical Domains Sumit Gulwani, MSR Bill McCloskey, UCB Ashish Tiwari, SRI 1.

Lifting Abstract Interpreters to Quantified Logical Domains Sumit Gulwani, MSR Bill McCloskey, UCB Ashish Tiwari, SRI 1.
Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.

Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.
Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly.

Local Heap Shape Analysis Noam Rinetzky Tel Aviv University Joint work with Jörg Bauer Universität des Saarlandes Thomas Reps University of Wisconsin Mooly.
Program analysis Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc06.html.

Program analysis Mooly Sagiv html://
Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India.

Purity Analysis : Abstract Interpretation Formulation Ravichandhran Madhavan, G. Ramalingam, Kapil Vaswani Microsoft Research, India.

Similar presentations

Ads by Google