160 likes | 251 Views
Join Algorithms for the Theory of Uninterpreted Functions. Sumit Gulwani Ashish Tiwari George Necula UC-Berkeley SRI UC-Berkeley. Definition: Join in theory T. E = Join T ( E 1 , E 2 ) iff E 1 ) T E and E 2 ) T E
E N D
Join Algorithms for the Theory of Uninterpreted Functions Sumit Gulwani Ashish Tiwari George Necula UC-Berkeley SRI UC-Berkeley
Definition: Join in theory T E = JoinT(E1,E2) iff • E1)T E and E2)T E • If (E1)T g) and (E2)T g), then E )T g E1, E2, E: conjunction of ground facts in theory T g: ground fact in theory T E is the strongest conjunction of ground facts that is implied by both E1 and E2 in theory T
Example of Joins • LE: Linear Arithmetic with Equality JoinLE(x=1 Æ y=4, x=3 Æ y=2) = x+y=5 • LI: Linear Arithmetic with Inequalities JoinLI(x=1 Æ y=4, x=3 Æ y=2) = x+y=5 Æ 1·x·3 • UF: Uninterpreted Functions JoinUF(x=a Æ y=F(a), x=b Æ y=F(b)) = y=F(x)
Motivation: Program Analysis using Abstract Interpretation False True • Disadvantages of using decision procedure: • Exponential # of paths • Loop invariants required • Cannot discover invariants • Abstract Interpretation avoids these problems • Join Algorithm required to merge facts at join points * x := a; y := F(a); x := b; y := F(x); True False * u := F(a); v := F(a); u := F(x); v := y; assert (u=v); assert (v=F(a));
Join for Uninterpreted Functions is not easy Join(F(a)=a Æ F(b)=b Æ G(a)=G(b), a=b) = GFi(a)=GFi(b) The result of join is not finitely representable using standard data-structures like EDAGs
Relatively Complete Join: Definition Recall, Join(E1,E2): strongest conjunction of ground facts g s.t. E1)T g and E2)T g RCJoin(E1,E2,K): strongest conjunction of ground facts g s.t. E1)T g and E2)T g and Terms(g) 2 K Example E1:F(a)=a Æ F(b)=b Æ G(a)=G(b) E2: a=b K: { GF(a),GF(b) } RCJoin(E1,E2,K): GF(a) = GF(b)
Relatively Complete Join: Algorithm RCJoin(E1,E2,K): • Let D1=EDAG(E1) and D2=EDAG(E2) • Extend D1 and D2 to represent K • Congruence close D1 and D2 • Let D=product construction of D1 and D2 Output D
F G G F a b Step 1: Constructing EDAGs E1: F(a)=a Æ F(b)=b Æ G(a)=G(b) E2: a=b K: { GF(a),GF(b) } a b D1 = EDAG(E1) D2 = EDAG(E2) • Nodes represent terms • Dotted edges represent equalities
G G F G G F F F a b Step 2: Extending EDAGs E1: F(a)=a Æ F(b)=b Æ G(a)=G(b) E2: a=b K: { GF(a),GF(b) } a b D1 = EDAG(E1) D2 = EDAG(E2) • Add extra nodes to EDAGs s.t. terms in K are represented
G G F G G F F F a b Step 3: Congruence Closure E1: F(a)=a Æ F(b)=b Æ G(a)=G(b) E2: a=b K: { GF(a),GF(b) } a b D1 = EDAG(E1) D2 = EDAG(E2) • F(n) = F(m) if n=m
30 60 G G 6 5 2 3 F G G F 20 50 F F 1 4 a b 10 40 Step 4: Product Construction (Intuition) E1: F(a)=a Æ F(b)=b Æ G(a)=G(b) E2: a=b K: { GF(a),GF(b) } C6 Å C30: { GF(a), GF(b)} a b D1 = EDAG(E1) D2 = EDAG(E2) C1: {a, Fa, F2(a), …} C4: {b, Fb, F2(b), …} C6: {G(a), GF(a), … G(b), GF(b), …} C10: {a, b} C20: {F(a), F(b)} C30: {GF(a), GF(b)}
30 60 G G 6 5 2 3 F G G F 20 50 F F 1 4 a b 10 40 Step 4: Product Construction (Algorithm) E1: F(a)=a Æ F(b)=b Æ G(a)=G(b) E2: a=b K: { GF(a),GF(b) } [3,30] [6,60] G G [2,20] [5,50] F F [1,10] [4,40] a b a b D1 = EDAG(E1) D2 = EDAG(E2) D • [n,m] 2 D if n:vÆm:v, or n:F(n1)Æm:F(m1) Æ[n1,m1] 2 D • [n1,m1] = [n2,m2] if n1=n2 and m1=m2
Future Work: Join Algorithm for other theories For example, theory of commutative functions (CF) • Useful in modeling floating point operations • More challenging than uninterpreted functions (UF) E1: x=a Æ y=b E2: x=b Æ y=a JoinUF(E1,E2) = true JoinCF(E1,E2) = F(C[a],C[b]) = F(C[b], C[a])
Future Work: Combining Join Algorithms For example, theory of linear arithmetic and uninterpreted functions (LA+UF) E1: x=a Æ y=b E2: x=b Æ y=a JoinUF(E1,E2) = true JoinLA(E1,E2) = x+y=a+b JoinLA+UF(E1,E2) = F(x+c)+F(y+c) = F(a+c)+F(b+c) Æ .….
Future Work: Context-sensitive Join Algorithms Join(E1,E2) Æ E = Join(E1ÆE, E2ÆE) • Useful in interprocedural analysis • This is a representation issue. • Representing result of join using conjunction of ground facts is not context-sensitive. E1: x=a Æ y=F(a) E2: x=b Æ y=F(b) JoinUF(E1,E2) Æ a=b = y=F(x) Æ a=b JoinUF(E1Æ a=b,E2Æ a=b) = y=F(x) Æ x=a=b
Conclusion • Join Algorithms are useful in program analysis. They are generalization of decision procedure. JoinT(E, g) = g iff E )T g E: conjunction of ground facts in theory T g: ground fact in theory T • We showed a relatively complete join algorithm for uninterpreted functions. • Join algorithms open up several interesting problems.