Presentation is loading. Please wait.

Presentation is loading. Please wait.

Generating Precise and Concise Procedure Summaries Greta Yorsh Eran Yahav Satish Chandra.

Published byJames Sparks Modified over 9 years ago

Similar presentations

Presentation on theme: "Generating Precise and Concise Procedure Summaries Greta Yorsh Eran Yahav Satish Chandra."— Presentation transcript:

1 Generating Precise and Concise Procedure Summaries Greta Yorsh Eran Yahav Satish Chandra

2 2 Our Framework abstract domain & transformers Summary Generator foo(…) { … } summary of foo function from input to output abstract values

3 3 Our Framework abstract domain & transformers bar(…) { … foo(); … } summary of foo summary of bar Summary Generator

4 4 Our Framework Summaries abstract domain & transformers Analyzer client library preciseprecise efficientefficient conciseconcise Summary Generator   (restricted) client …

5 5 class DataReader { FileComp f;... void setComponent(FileComp p) { this.f = p; } FileComp getComponent() { return this.f; }... void nop() { FileComp t; t = getComponent(); setComponent(t); } Example Composition of transformers tr 13  tr 12  tr 23 (A1)(A2) (A3) tr 13 tr 12 A1: A2: A3: tr 23

6 6 … Main Challenge Composition of transformers Finite representation of iterated composition of transformers loop iterations calling contexts …

7 7 Express constraints on intermediate states in terms of initial and final states Restrict the representation of transformers –covers all basic statements –closed under composition –finite language Our Approach tr 13 tr 12 tr 23

8 8 Our Contributions precise, efficient and conciseFramework for generating precise, efficient and concise summaries –language of transformers –composition algorithm Instances of the framework include –known classes: IFDS, IDE –modular constant propagation with aliasing –modular typestate verification with aliasing Prototype and evaluation for typestate

9 9 Transformers are defined using conditional micro-transformers –partition values into finite number of classes with uniform behavior –compose using case-splitting –restrict the way partitions defined  e.g., no quantifiers Lift to aggregate domains –powerset, product, union –transformers follow domain structure –dependencies between components Key Ideas tr 13 tr 23 tr 12

10 10 Simple Example: Tracking “Nullness” Abstract value is a set of access paths –e.g., { x.f, y } must have null value Abstract transformer tr operates pointwise on individual access paths using tr AP : tr(X) =   X tr AP (  ) Conditional micro-transformer tr AP maps an access path  to a set of access paths

11 11 Example: Conditional Micro-Transformer   t  =this.f  t   this.f  =this.f this.f t = this.f { this.f, t } if  = this.f { } if  = t {  }if   t    this.f tr AP (  ) ≡ preconditions (under certain restrictions)

12 12 class DataReader { FileComp f;... void setComponent(FileComp p) { this.f = p; } FileComp getComponent() { return this.f; }... void nop() { FileComp t; t = getComponent(); setComponent(t); } Example: Composition Algorithm A1: A2: A3: (A1)(A2) (A3) tr 13 tr 12 tr 23 tr 13 (X) =   X (tr AP  tr AP )(  ) 1223 tr 12 (X) =   X tr AP (  ) 12 23 tr 23 (X) =   X tr AP (  )

13 13 t = getComponent() setComponent(t)   t  =this.f  t   this.f  =this.f this.f   t  =t  this.f   t  =t this.f   t  =t  this.f   t  =t this.f   t  =t  this.f   t  =t this.f  :=this.f  := t  :=  Example: Composition Algorithm substitution t = getComponent(); setComponent(t) tr AP 12 23

14 14    =this.f  t   this.f  =this.f  t  =t this.f this.f=t this.f t=t tttthis.f this.f  this.f  this.f  t  this.f   t t  this.f  t  t    t  this.f  :=this.f  :=t  :=  Example: Composition Algorithm t = getComponent(); setComponent(t)

15 15   =this.f  t   this.f  t=t tthis.f  this.f   t  Example: Composition Algorithm t = getComponent(); setComponent(t)  t  =this.f  t   this.f  =this.f this.f  t = getComponent(); setComponent(t)

16 16 Case splitting Substitution Consistency checking Simplification Invert operation (details in the paper) Basic Ingredients of Composition t = getComponent(); setComponent(t)   t  =this.f  t   this.f  =this.f this.f t = getComponent() setComponent(t)   t  =t  this.f   t  =t this.f  t  =this.f  t   this.f  =this.f this.f  

17 17 Related Work Static determination of dynamic properties of recursive procedures [Cousot-Cousot ’79] Functional approach [Sharir-Pnueli ‘81] IFDS problems [Reps-Horwitz-Sagiv POPL’95] IDE problems [Sagiv-Reps-Horwitz TCS ‘96] Relevant Context Inference [Chatterjee-Ryder-Landi POPL’99]

18 18 Summary Language of transformers Composition algorithm The language is closed under composition The language is expressive Precise and concise procedure summaries

Download ppt "Generating Precise and Concise Procedure Summaries Greta Yorsh Eran Yahav Satish Chandra."

Similar presentations

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Data-Flow Analysis II CS 671 March 13, 2008. CS 671 – Spring 2008 1 Data-Flow Analysis Gather conservative, approximate information about what a program.

Data-Flow Analysis II CS 671 March 13, CS 671 – Spring Data-Flow Analysis Gather conservative, approximate information about what a program.
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Programming Languages and Paradigms

Programming Languages and Paradigms
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.

Automated Software Verification with a Permission-Based Logic 20 th June 2014, Zürich Malte Schwerhoff, ETH Zürich.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN 2006 -

Inferring Disjunctive Postconditions Corneliu Popeea and Wei-Ngan Chin School of Computing National University of Singapore - ASIAN
Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani

Bebop: A Symbolic Model Checker for Boolean Programs Thomas Ball Sriram K. Rajamani
Type checking © Marcelo d’Amorim 2010.

Type checking © Marcelo d’Amorim 2010.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.
Hawkeye: Effective Discovery of Dataflow Impediments to Parallelization Omer Tripp John Field Greta Yorsh Mooly Sagiv.

Hawkeye: Effective Discovery of Dataflow Impediments to Parallelization Omer Tripp John Field Greta Yorsh Mooly Sagiv.
(c) 2007 Mauro Pezzè & Michal Young Ch 7, slide 1 Symbolic Execution and Proof of Properties.

(c) 2007 Mauro Pezzè & Michal Young Ch 7, slide 1 Symbolic Execution and Proof of Properties.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
The Z Specification Language

The Z Specification Language

Similar presentations

Ads by Google