190 likes | 201 Vues
Combining Abstract Interpreters. Ashish Tiwari SRI. Sumit Gulwani Microsoft Research Redmond, Group. R A D. Motivation. a 1 := 0; a 2 := 0; b 1 := 1; b 2 := F(1); c 1 := 2; c 2 := 2;. a 1 := a 1 +1; a 2 := a 2 +2; b 1 := F(b 1 ); b 2 := F(b 2 );
E N D
Combining Abstract Interpreters Ashish Tiwari SRI Sumit Gulwani Microsoft Research Redmond, Group RAD
Motivation a1 := 0; a2 := 0; b1 := 1; b2 := F(1); c1 := 2; c2 := 2; a1 := a1+1; a2 := a2+2; b1 := F(b1); b2 := F(b2); c1 := F(2c1-c2); c2 := F(c2); True b1< b2 False • Abstract interpretation over the abstractions of linear arithmetic and uninterpreted functions can verify the first and second assertions respectively. • Third assertion can be verified only over the combined abstraction. Assert(a2=2a1); Assert(b2 = F(b1)); Assert(c2=c1);
Outline • Logical product combination of lattices • Abstract interpreter for logical product lattice • Join operator • Existential quantification operator • Correctness and Complexity
Logical Product of Lattices • A lattice L consists of a domain DL and partial order ¹L. • A lattice L is a logical lattice over theory T if • DL = finite conjunctions of atomic facts over T • E ¹L E’ iff E )T E’ • Let L1 and L2 be logical lattices over T1 and T2 resp. Then logical product of L1 and L2 is L1*L2, where • DL1*L2 = finite conjunctions of atomic facts over T1 [ T2 • E ¹L1*L2 E’ iff E )T1 [ T2 E’ and AlienTerms(E’) µ Terms(E)
Outline • Logical product combination of lattices • Abstract interpreter for logical product lattice • Join operator • Existential quantification operator • Correctness and Complexity
Abstract Interpreter for L1*L2 E’ E2 E1 E p x := g; False True E E E1 E2 Conditional Node Assignment Node Join Node E = JoinL1*L2(E1,E2) We show how to get JoinL1*L2 from JoinL1 and JoinL2. E = EQL1*L2(E’’, {x’}) E’’ = E’[x’/x] Æ x=(g[x’/x]) We show how to get EQL1*L2 from EQL1 and EQL2. E1 = MeetL1*L2(E, p) E2 = E MeetL1*L2(E,E’) = E Æ E’
Outline • Logical product combination of lattices • Abstract interpreter for logical product lattice • Join operator • Existential quantification operator • Correctness and Complexity
? y1=y2 y1=a2 y1=a1 Background: Combining Decision Procedures y1 · 4y3 · F(2y2-y1) Æ y1=F(y1) Æ y2=F(F(y1)) y1 = 4y3 Purification a1=2y2-y1 y1· 4y3· a2 y1 = y2 y1 = a2 a2=F(a1) y1=F(y1) Æ y2=F(F(y1)) y1 = a1 Saturation y1 = 4y3 This classic algorithm was given by Nelson and Oppen in 1979.
Join Operator If E = JoinL(E1,E2), then E is the least upper bound of E1 and E2 in lattice L Examples: • Joinla(z=0 Æ y=10, z=5 Æ y=5) = z+y=10 Æ 0·z· 5 • Joinuf(z=a Æ y=F(a), z=b Æ y=F(b)) = y=F(z) • Joinla*uf(z=a-1 Æ y=F(a), z=b-1 Æ y=F(b)) = ?
Join Operator If E = JoinL(E1,E2), then E is the least upper bound of E1 and E2 in lattice L Examples: • Joinla(z=0 Æ y=10, z=5 Æ y=5) = z+y=10 Æ 0·z· 5 • Joinuf(z=a Æ y=F(a), z=b Æ y=F(b)) = y=F(z) • Joinla*uf(z=a-1 Æ y=F(a), z=b-1 Æ y=F(b)) = y=F(1+z) We next show how to construct JoinL1*L2 using JoinL1 and JoinL2.
Combining Join Operators z=a-1 Æ y=F(a) z=b-1 Æ y=F(b) Joinuf+la z=a-1 a=ha,bi y=F(a) a=ha,bi z=b-1 b=ha,bi y=F(b) b=ha,bi Joinuf Joinla ha,bi=1+z y=F(ha,bi) { ha,bi } EQuf*la y=F(1+z)
Outline • Logical product combination of lattices • Abstract interpreter for logical product lattice • Join operator • Existential quantification operator • Correctness and Complexity
Existential Quantification Operator If E = EQL(E’,V), then E is the least (i.e., most precise) element in lattice L such that: • E’ ¹L E • Vars(E) Å V = ; Examples: • EQla(x·a Æ a·y, {a}) = x · y • EQuf(x=F(a) Æ y=F2(a), {a}) = y=F(x) • EQla*uf(a·b·y Æ z=c+1 Æ a=F2(b) Æ c=F(b), {a,b,c}) = ?
Existential Quantification Operator If E = EQL(E’,V), then E is the least (i.e., most precise) element in lattice L such that: • E’ ¹L E • Vars(E) Å V = ; Examples: • EQla(x·a Æ a·y, {a}) = x · y • EQuf(x=F(a) Æ y=F2(a), {a}) = y=F(x) • EQla*uf(a·b·y Æ z=c+1 Æ a=F2(b) Æ c=F(b), {a,b,c}) = F(z-1)·y We can construct EQL1*L2 using EQL1 and EQL2.
c z-1 a F(z-1) Combining Existential Quantification Operators a·b·y Æ z=c+1 Æ a=F2(b) Æ c=F(b) { a, b, c } EQuf+la a·b·y Æ z=c+1 a=F2(b) Æ c=F(b) Defuf Defla { b } EQla EQuf c z-1 a F(z-1) a · y Æ z=c+1 a = F(c) Substitute F(z-1) · y
Outline • Logical product combination of lattices • Abstract interpreter for logical product lattice • Join operator • Existential Quantification operator • Correctness and Complexity
Correctness • Our algorithms for JoinL1*L2 and EQL1*L2 are sound. • They are complete when the underlying theories T1 and T2 are convex, stably infinite, and disjoint. • Proof of correctness is non-trivial.
Computational Complexity • Complexity of JoinL1*L2 and EQL1*L2 is worst-case quadratic in complexity of JoinL1, JoinL2, EQL1, EQL2. • Steps required for fixed-point computation DL(E) = max # of elements in a chain above E in lattice L DL1 £ L2(E) · DL1(E1) + DL2(E2) + |AlienTerms(E)| where E1 and E2 are purified and saturated components of E.
Conclusion and Future Work • Defined combination L1*L2 of two lattices L1 and L2. • This logical product is more precise than reduced product. • Described abstract interpretation operators for L1*L2 in terms of corresponding operators for L1 and L2. • Lends modularity to design & implementation of abstract interpreters. Future Work: • Handle non-convex theories (eg. arrays) more precisely. • Handle non-atomic facts involving negation & disjunction. • Perform experiments.