Presentation is loading. Please wait.

Presentation is loading. Please wait.

Program Analysis Using Randomization Sumit Gulwani, George Necula (U.C. Berkeley)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Program Analysis Using Randomization Sumit Gulwani, George Necula (U.C. Berkeley)"— Presentation transcript:

1 Program Analysis Using Randomization Sumit Gulwani, George Necula (U.C. Berkeley)

2 What kind of Analysis? Any analysis that can be modeled as checking equivalence of two expressions at a point in a program Equivalent to checking Reachability Properties Complexity of our algorithm  (Almost) Linear Time  Queries answered in (almost) constant time

3 The Randomized Strategy Define a mapping F: Expression → Polynomial such that  P 1 ≡ P 2 ) E 1 ≡ E 2 (Soundness)  E 1 ≡ E 2 [according to some theory T] ) P 1 ≡ P 2 (Completeness w.r.t. T) For a loop-free program, F(E) =  i Pred i v i

4 x = 7 t = x + y y = 9 y = 5 C1C1 C2C2 Example x = 3 F(t) = C 1 C 2 (3+5) + C 1 ¬C 2 (3+9) + ¬C 1 C 2 (7+5) + ¬C 1 ¬C 2 (7+9) T TF F

5 Checking Polynomial Equivalence P 1 ≡ P 2 can be determined by random testing with small error probability (Probabilistic Soundness) F: Expression ! Polynomial can be thought of as F: Expression ! [List of numbers]

6 Algorithm Statements with side-effect x = e Mem[e 1 ] = e 2 x = e Record in the register table: Store(x) Ã F(e) Register table is simply an array Mem[e 1 ] = e 2 Record in the memory table: F(e 1 ) Ã F(e 2 )

7 Expressions E : = n (Constant) | x (Variable Reference) | Mem[e] (Memory Read) | e 1 + e 2 (Arithmetic) | e 1 - e 2 | e 1 * e 2 | (e == 0) (Conditionals) | (e ≥ 0) |  (c: e 1, ¬c: e 2 ) (Joins) |  (e 1,e 2 ) (Joins at Loop Entry) |  (x) (Loop Exit) | U(e 1, …, e n ) (Uninterpreted Functions)

8 Arithmetic and Uniterpreted Functions F(n) ! [n, n, n] F(x) ! Store(x) if x was defined before use | Rand() otherwise F(e 1 + e 2 ) ! F(e 1 ) + F(e 2 ) F(e 1 - e 2 ) ! F(e 1 ) - F(e 2 ) F(e 1 * e 2 ) ! F(e 1 ) * F(e 2 ) F(e 1 / e 2 ) ! F(e 1 ) / F(e 2 ) F(U(e 1, …, e n )) ! Rand(U, F(e 1 ), …, F(e n ))

9 Joins F (  (c: e 1, ¬c: e 2 )) = F(e 1 © r e 2 ) r = F(c) e 1 © r e 2 ≡ r × e 1 + (1-r) × e 2 Note that r + (1-r) = 1 Linear equalities are preserved Furthermore, if 0 ≤ r ≤ 1 Linear inequalities will be preserved

10 Preservation of Linear Invariants F(y) = r F(y 1 ) + (1-r) F(y 2 ) F(x) = r F(x 1 ) + (1-r) F(x 2 ) = r F(ay 1 + b) + (1-r) F(ay 2 + b) = ar F(y 1 ) + a(1-r) F(y 2 ) + r b + (1-r) b = a F(y) + b y =  (c: y 1, ¬c: y 2 ) x =  (c: x 1, ¬c: x 2 ) assert (x = ay + b) y 1 = … x 1 = a y 1 + b y 2 = … x 2 = a y 2 + b

11 Lock = L 0 assert (Lock = L 0 ) Lock - - C C Locking Example (Joins) Lock + +

12 L 1 = L 0 L 5 = Ф(c: L 4, ¬c: L 3 ) assert (L 5 = L 0 ) L 4 = L 3 -1 C C Locking Example (Joins) L 2 = L 1 + 1 L 3 = Ф(c: L 2, ¬c: L 1 ) F(L 1 ) = F(L 0 ) F(L 2 ) = F(L 1 ) + 1 F(L 3 ) = r F(L 2 ) + (1-r) F(L 1 ) = F(L 0 ) + r F(L 4 ) = F(L 3 ) – 1 F(L 5 ) = r F(L 4 ) + (1-r) F(L 3 ) = F(L 3 ) – r = F(L 0 ) + r – r = F(L 0 )

13 t = 2x - 3y assert (t = 5) Content of Conditionals x - y == 5 ? x + y == 15 ? F TF T P1 P0 P3 P2 F(x) = [1, 2, 3] F(y) = [1, 4, 9] P0:

14 t = 2x - 3y assert (t = 5) Content of Conditionals x - y == 5 ? x + y == 15 ? F TF T P1 P0 P3 P2 F(x) = [1, 2, 3] F(y) = [1, 4, 9] F(t) = F(2x – 3y) = [-1, -8, -21] P1:

15 Content of Conditionals C … = y + …… = y +... T F

16 Content of Conditionals Split F(y) into F(y T ) and F(y F ) such that F(y T ) = A(F(y)) F(y T ) © r F(y F ) = F(y), where r = F(c) A([v 1, v 2, v 3 ]) → [v 1 © r1 v 2, v 2 © r2 v 3, v 3 © r3 v 1 )] C … = y T + …… = y F +... T F

17 Example

18 t = 2x - 3y assert (t = 5) Content of Conditionals x - y == 5 ? x + y == 15 ? F TF T P1 P0 P3 P2 F(x) = [1, 2, 3] F(y) = [1, 4, 9] F(t) = [-1, -8, -21] P1:

19 t = 2x - 3y assert (t TT = 5) Example (Content of Conditionals) x - y == 5 ? x T + y T == 15 ? F TF T P1 P0 P3 P2 F(x) = [1, 2, 3] F(y) = [1, 4, 9] F(t) = [-1, -8, -21] F(x - y - 5) = [-5, -7, -11] P1:

20 t = 2x - 3y assert (t TT = 5) Example (Content of Conditionals) x - y == 5 ? x T + y T == 15 ? F TF T P1 P0 P3 P2 F(x T ) = [-3/2, 1/4, -2/3] F(y T ) = [-13/2, -19/4, -17/3] F(t T ) = [33/2, 59/4, 47/3] Note that x T – y T = 5 t T + y T = 10 Because, t = 2x - 3y = 2(x-y) - y = 10 - y P2:

21 t = 2x - 3y assert (t TT = 5) Example (Content of Conditionals) x - y == 5 ? x T + y T == 15 ? F TF T P1 P0 P3 P2 F(x T ) = [-3/2, 1/4, -2/3] F(y T ) = [-13/2, -19/4, -17/3] F(t T ) = [33/2, 59/4, 47/3] F(x T + y T – 15) = [-23, -39/2, -64/3] P2:

22 t = 2x - 3y assert (t TT = 5) Example (Content of Conditionals) x - y == 5 ? x T + y T == 15 ? F TF T P1 P0 P3 P2 F(x TT ) = [10, 10, 10] F(y TT ) = [5, 5, 5] F(t TT ) = [5, 5, 5] P3:

23 Conditionals F (c) ! 1 (if our algorithm can prove that c is always true) ! 0 (if our algorithm can prove that c is always false) ! Rand (c) (equivalent conditionals get the same random value) Let c be of the form: e == 0, Let F(e) = [v 1, v 2, v 3 ] e ≡ 0 ) c is always true Check: F(e) = F(0) e ≡ n, n ≠ 0 ) c is always false Check: v 1 = v 2 = v 3 ≠ 0 e ≡ n 1 E + n 2, 0 < n 2 < n 1 ) c is always false For e.g. 2x + 1 ≠ 0 n 1 = GCD { v 1 – v 2, v 2 – v 3 } Check: n 2 = v 1 % n 1 > 0

24 Detecting Equivalent Conditionals To Check: (e 1 == 0) ≡ (e 2 == 0) e 1 ≡ e (e 2 ), e ≠ 0 ) (e 1 == 0) ≡ (e 2 == 0)  For e.g. (x + 1 == 0) ≡ (2x + 2 == 0) e ≠ 0 can be checked if we know F(e) F(e) = F(e 1 ) / F(e 2 )

25 Loops F(  (x))= F(x 0 © r1 x i+1 ) x i+1 = g(x i ) r 1 = Rand(c(x i )) x i = x 0 © r2 g(x 0 ) r 2 = Rand() Linear Loop Invariants are preserved Automatic Discovery of Invariants Automatic Use of Invariants x = x 0 ; while c(x) { x = g(x); } t =  (x); x = x 0 ; while c(x) { x = g(x); } t = x;

26 Example (Loops) x = 0; y = 1; x = x + 1; y = y + 2; C(x) ? assert (y = 2x + 1)

27 Example (Loops) x = 0; y = 1; x = x + 1; y = y + 2; C(x) ? x’ =  (x); y’ =  (y); assert (y’ = 2x’ + 1) F(x’) = F(  (x)) = F(0 © r1 ((0 © r2 (1)) + 1)) = r 1 0 + (1-r 1 ) ((r 2 0 + (1-r 2 )1) + 1) = (1-r 1 ) (1- r 2 + 1) = 2 - 2r 1 - r 2 + r 1 r 2 F(y’) = F(  (y)) = 1 © r1 ((1 © r2 (3)) + 2) = r 1 1 + (1-r 1 ) ((r 2 1 + (1-r 2 ) 3) + 2) = r 1 + (1-r 1 ) (5- 2r 2 ) = 5 - 4r 1 -2r 2 + 2r 1 r 2

28 Memory M[x] = v 6 M[y]=v M[y+1]=v 5 M[2z] = v 4 M[2z+1] = v 3 M[4z+3] = v 2 M[2z+1] = v 1 T 1 = M[y] M[y] = v M[4z+3] = v 2 M[2z+1] = v 1 M[2z] = v 4 T 2 = M[y] assert (T 1 = T 2 )

29 Memory F (Mem[a]) = F(v 1 © r1 v 2 © r2 ….v n © rn v) = F (r 1 v 1 + r 2 v 2 + … + r n v n + (1-r 1 -r 2 -…-r n ) v) r i = F(Conditions under which v i is read)

30 Example (Memory) M[x] = v 6 M[y]=v M[y+1]=v 5 M[2z] = v 4 M[2z+1] = v 3 M[4z+3] = v 2 M[2z+1] = v 1 T 1 = M[y] = v 1 if (y == 2z+1) v 2 if (y != 2z+1 Æ y == 4z+3) v 4 if (y == 2z) v otherwise F(T 1 ) = F(M[y]) = F(r 1 v 1 + r 2 v 2 + r 4 v 4 + (1 – r 1 – r 2 – r 4 ) v) where, r 1 = F(y == 2z+1) r 2 = F(y != 2z+1 Æ y = 4z+3) r 4 = F(y == 2z)

31 Example (Memory) M[y]=v M[4z+3] = v 2 M[2z+1] = v 1 M[2z] = v 4 T 2 = M[y] = v 4 if (y == 2z) + v 1 if (y == 2z+1) + v 2 if (y != 2z+1 Æ y == 4z+3) + v otherwise F(T 2 ) = F(M[y]) = F(r 4 v 4 + r 1 v 1 + r 2 v 2 + (1 – r 4 – r 1 – r 2 ) v) where, r 4 = F(y == 2z) r 1 = F(y == 2z+1) r 2 = F(y != 2z+1 Æ y = 4z+3)

32 Example (Memory) M[x] = v 6 M[y]=v M[y+1]=v 5 M[2z] = v 4 M[2z+1] = v 3 M[4z+3] = v 2 M[2z+1] = v 1 T 1 = M[y] M[y]=v M[4z+3] = v 2 M[2z+1] = v 1 M[2z] = v 4 T 2 = M[y] F(T 1 ) = F(r 1 v 1 + r 2 v 2 + r 4 v 4 + (1 – r 1 – r 2 – r 4 ) v) F(T 2 ) = F(r 4 v 4 + r 1 v 1 + r 2 v 2 + (1 – r 4 – r 1 – r 2 ) v)

33 Applications Program Verification  Automatic discovery of useful loop invariants Translation Validation Compiler Optimizations  Eliminating redundant computations, branches, memory reads.  Partial Evaluation Interactive Debugging and Testing of Programs

34 Related Light-weight Techniques Value Numbering  Targets Structural Equivalence of expressions  Detects only equalities Random Testing  Cannot ‘prove’ equivalence of expressions  can only provide a counter-example  Exponential number of paths  Even generating input data to execute a particular path is difficult

35 Conclusion Comparison with Symbolic Analysis  very simple data structure: list of numbers  with simple operations and fast judgements There is a limit to what a linear time analysis can achieve!  Excellent base to build up more complicated analysis  Join lazily “The intriguing possibility that axioms of randomness may constitute a useful fundamental source of truth independent of, but supplementary to, the standard axiomatic structure of mathematics suggests that probabilistic algorithms ought to be sought vigorously.” - J.T. Schwartz

Download ppt "Program Analysis Using Randomization Sumit Gulwani, George Necula (U.C. Berkeley)"

Similar presentations

Join Algorithms for the Theory of Uninterpreted Functions Sumit Gulwani Ashish Tiwari George Necula UC-Berkeley SRI UC-Berkeley.

Join Algorithms for the Theory of Uninterpreted Functions Sumit Gulwani Ashish Tiwari George Necula UC-Berkeley SRI UC-Berkeley.
A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,
A Polynomial-Time Algorithm for Global Value Numbering SAS 2004 Sumit Gulwani George C. Necula.

A Polynomial-Time Algorithm for Global Value Numbering SAS 2004 Sumit Gulwani George C. Necula.
Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions SAS 2004 Sumit Gulwani George Necula EECS Department University of California,

Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions SAS 2004 Sumit Gulwani George Necula EECS Department University of California,
Program Verification using Probabilistic Techniques Sumit Gulwani Microsoft Research Invited Talk: VSTTE Workshop August 2006 Joint work with George Necula.

Program Verification using Probabilistic Techniques Sumit Gulwani Microsoft Research Invited Talk: VSTTE Workshop August 2006 Joint work with George Necula.
Global Value Numbering using Random Interpretation Sumit Gulwani George C. Necula CS Department University of California, Berkeley.

Global Value Numbering using Random Interpretation Sumit Gulwani George C. Necula CS Department University of California, Berkeley.
Precise Interprocedural Analysis using Random Interpretation Sumit Gulwani George Necula UC-Berkeley.

Precise Interprocedural Analysis using Random Interpretation Sumit Gulwani George Necula UC-Berkeley.
Program Analysis using Random Interpretation Sumit Gulwani UC-Berkeley March 2005.

Program Analysis using Random Interpretation Sumit Gulwani UC-Berkeley March 2005.
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.
Optimizing Compilers for Modern Architectures Allen and Kennedy, Chapter 13 Compiling Array Assignments.

Optimizing Compilers for Modern Architectures Allen and Kennedy, Chapter 13 Compiling Array Assignments.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Type checking © Marcelo d’Amorim 2010.

Type checking © Marcelo d’Amorim 2010.
INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.

INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
1 Cover Algorithms and Their Combination Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond.

1 Cover Algorithms and Their Combination Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond.

Similar presentations

Ads by Google