1 / 19

Combining Abstract Interpreters

Combining Abstract Interpreters. Ashish Tiwari SRI. Sumit Gulwani Microsoft Research Redmond, Group. R A D. Motivation. a 1 := 0; a 2 := 0; b 1 := 1; b 2 := F(1); c 1 := 2; c 2 := 2;. a 1 := a 1 +1; a 2 := a 2 +2; b 1 := F(b 1 ); b 2 := F(b 2 );

bradleyk
Download Presentation

Combining Abstract Interpreters

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Combining Abstract Interpreters Ashish Tiwari SRI Sumit Gulwani Microsoft Research Redmond, Group RAD

  2. Motivation a1 := 0; a2 := 0; b1 := 1; b2 := F(1); c1 := 2; c2 := 2; a1 := a1+1; a2 := a2+2; b1 := F(b1); b2 := F(b2); c1 := F(2c1-c2); c2 := F(c2); True b1< b2 False • Abstract interpretation over the abstractions of linear arithmetic and uninterpreted functions can verify the first and second assertions respectively. • Third assertion can be verified only over the combined abstraction. Assert(a2=2a1); Assert(b2 = F(b1)); Assert(c2=c1);

  3. Outline • Logical product combination of lattices • Abstract interpreter for logical product lattice • Join operator • Existential quantification operator • Correctness and Complexity

  4. Logical Product of Lattices • A lattice L consists of a domain DL and partial order ¹L. • A lattice L is a logical lattice over theory T if • DL = finite conjunctions of atomic facts over T • E ¹L E’ iff E )T E’ • Let L1 and L2 be logical lattices over T1 and T2 resp. Then logical product of L1 and L2 is L1*L2, where • DL1*L2 = finite conjunctions of atomic facts over T1 [ T2 • E ¹L1*L2 E’ iff E )T1 [ T2 E’ and AlienTerms(E’) µ Terms(E)

  5. Outline • Logical product combination of lattices • Abstract interpreter for logical product lattice • Join operator • Existential quantification operator • Correctness and Complexity

  6. Abstract Interpreter for L1*L2 E’ E2 E1 E p x := g; False True E E E1 E2 Conditional Node Assignment Node Join Node E = JoinL1*L2(E1,E2) We show how to get JoinL1*L2 from JoinL1 and JoinL2. E = EQL1*L2(E’’, {x’}) E’’ = E’[x’/x] Æ x=(g[x’/x]) We show how to get EQL1*L2 from EQL1 and EQL2. E1 = MeetL1*L2(E, p) E2 = E MeetL1*L2(E,E’) = E Æ E’

  7. Outline • Logical product combination of lattices • Abstract interpreter for logical product lattice • Join operator • Existential quantification operator • Correctness and Complexity

  8. ? y1=y2 y1=a2 y1=a1 Background: Combining Decision Procedures y1 · 4y3 · F(2y2-y1) Æ y1=F(y1) Æ y2=F(F(y1)) y1 = 4y3 Purification a1=2y2-y1 y1· 4y3· a2 y1 = y2 y1 = a2 a2=F(a1) y1=F(y1) Æ y2=F(F(y1)) y1 = a1 Saturation y1 = 4y3 This classic algorithm was given by Nelson and Oppen in 1979.

  9. Join Operator If E = JoinL(E1,E2), then E is the least upper bound of E1 and E2 in lattice L Examples: • Joinla(z=0 Æ y=10, z=5 Æ y=5) = z+y=10 Æ 0·z· 5 • Joinuf(z=a Æ y=F(a), z=b Æ y=F(b)) = y=F(z) • Joinla*uf(z=a-1 Æ y=F(a), z=b-1 Æ y=F(b)) = ?

  10. Join Operator If E = JoinL(E1,E2), then E is the least upper bound of E1 and E2 in lattice L Examples: • Joinla(z=0 Æ y=10, z=5 Æ y=5) = z+y=10 Æ 0·z· 5 • Joinuf(z=a Æ y=F(a), z=b Æ y=F(b)) = y=F(z) • Joinla*uf(z=a-1 Æ y=F(a), z=b-1 Æ y=F(b)) = y=F(1+z) We next show how to construct JoinL1*L2 using JoinL1 and JoinL2.

  11. Combining Join Operators z=a-1 Æ y=F(a) z=b-1 Æ y=F(b) Joinuf+la z=a-1 a=ha,bi y=F(a) a=ha,bi z=b-1 b=ha,bi y=F(b) b=ha,bi Joinuf Joinla ha,bi=1+z y=F(ha,bi) { ha,bi } EQuf*la y=F(1+z)

  12. Outline • Logical product combination of lattices • Abstract interpreter for logical product lattice • Join operator • Existential quantification operator • Correctness and Complexity

  13. Existential Quantification Operator If E = EQL(E’,V), then E is the least (i.e., most precise) element in lattice L such that: • E’ ¹L E • Vars(E) Å V = ; Examples: • EQla(x·a Æ a·y, {a}) = x · y • EQuf(x=F(a) Æ y=F2(a), {a}) = y=F(x) • EQla*uf(a·b·y Æ z=c+1 Æ a=F2(b) Æ c=F(b), {a,b,c}) = ?

  14. Existential Quantification Operator If E = EQL(E’,V), then E is the least (i.e., most precise) element in lattice L such that: • E’ ¹L E • Vars(E) Å V = ; Examples: • EQla(x·a Æ a·y, {a}) = x · y • EQuf(x=F(a) Æ y=F2(a), {a}) = y=F(x) • EQla*uf(a·b·y Æ z=c+1 Æ a=F2(b) Æ c=F(b), {a,b,c}) = F(z-1)·y We can construct EQL1*L2 using EQL1 and EQL2.

  15. c  z-1 a F(z-1) Combining Existential Quantification Operators a·b·y Æ z=c+1 Æ a=F2(b) Æ c=F(b) { a, b, c } EQuf+la a·b·y Æ z=c+1 a=F2(b) Æ c=F(b) Defuf Defla { b } EQla EQuf c  z-1 a F(z-1) a · y Æ z=c+1 a = F(c) Substitute F(z-1) · y

  16. Outline • Logical product combination of lattices • Abstract interpreter for logical product lattice • Join operator • Existential Quantification operator • Correctness and Complexity

  17. Correctness • Our algorithms for JoinL1*L2 and EQL1*L2 are sound. • They are complete when the underlying theories T1 and T2 are convex, stably infinite, and disjoint. • Proof of correctness is non-trivial.

  18. Computational Complexity • Complexity of JoinL1*L2 and EQL1*L2 is worst-case quadratic in complexity of JoinL1, JoinL2, EQL1, EQL2. • Steps required for fixed-point computation DL(E) = max # of elements in a chain above E in lattice L DL1 £ L2(E) · DL1(E1) + DL2(E2) + |AlienTerms(E)| where E1 and E2 are purified and saturated components of E.

  19. Conclusion and Future Work • Defined combination L1*L2 of two lattices L1 and L2. • This logical product is more precise than reduced product. • Described abstract interpretation operators for L1*L2 in terms of corresponding operators for L1 and L2. • Lends modularity to design & implementation of abstract interpreters. Future Work: • Handle non-convex theories (eg. arrays) more precisely. • Handle non-atomic facts involving negation & disjunction. • Perform experiments.

More Related