predicate abstraction and canonical abstraction for singly - linked lists roman manevich mooly sagiv...
TRANSCRIPT
![Page 1: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/1.jpg)
Predicate Abstraction andCanonical Abstractionfor Singly-linked Lists
Roman ManevichMooly Sagiv
Tel Aviv University
Eran Yahav G. Ramalingam IBM T.J. Watson
![Page 2: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/2.jpg)
2
Motivating Example 1: CEGAR
curr = head;while (curr != tail) { assert (curr != null); curr = curr.n;}
curr
n n n ntail…
Counterexample-guided abstraction refinement generates following predicates:curr.n ≠ null ,curr.n.n ≠ null ,… after i refinement steps:curr(.n)i ≠ null
head
![Page 3: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/3.jpg)
3
Motivating Example 1: CEGAR
curr = head;while (curr != tail) { assert (curr != null); curr = curr.n;}
n n n ntail…
In general, problem is undecidable:V. Chakaravathy [POPL 2003]
State-of-the-art canonical abstractions can prove assertion
curr
head
![Page 4: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/4.jpg)
4
Motivating Example 2// @pre cyclic(x)t = null;y = x;while (t != x && y.data < low) { t = y.n; y = t;}z = y;while (z != x && z.data < high) { t = z.n; z = t;}t = null;if (y != z) { y.n = null; y.n = z;}// @post cyclic(x)
![Page 5: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/5.jpg)
5
Motivating Example 2
x
n
n n
n
n
nn
y
z
x
n
nn
nn
y
z@pre cyclic(x) @post cyclic(x)
![Page 6: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/6.jpg)
6
Existing Canonical Abstraction
x,cnrx,ry,rz
n
n
y,cnrx,ry,rz
z,cnrx,ry,rz
n
nn
n
n
x
n
n n
n
n
nn
y
z
cnrx,ry,rz
concrete abstract
order between variables lost!cannot establish @post cyclic(x)
![Page 7: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/7.jpg)
7
Overview and Main Results
Current predicate abstraction refinement methods not adequate for analyzing heaps
Predicate abstraction can simulate arbitrary finite abstract domains
Often requires too many predicates New family of abstractions for lists
Bounded number of sharing patterns Handles cycles more precisely than existing canonical
abstractions Encode abstraction with two methods:
Canonical abstraction Polynomial predicate abstraction
![Page 8: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/8.jpg)
8
Outline
New abstractions for lists Observations on concrete shapes Static naming scheme Encoding via predicate abstraction Encoding via canonical abstraction Controlling the number of predicates via heap-
sharing depth parameter Experimental results Related work Conclusion
![Page 9: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/9.jpg)
9
Concrete Shapes
Assume the following class of (list-) heaps Heap contains only singly-linked lists No garbage (easy to handle)
A heap can be decomposed into Basic shape (sharing pattern) List lengths
![Page 10: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/10.jpg)
10
Concrete Shapes
x
y
class SLL { Object value; SLL n;}
n n n n n n n n n n
n n n n
![Page 11: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/11.jpg)
11
Interrupting Nodes
x
y
Interruption:node pointed-to by a variableor shared by n fields
#interruptions ≤ 2 · #variables(bounded number of sharing patterns)
n n n n n n n n n n
n n n n
![Page 12: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/12.jpg)
12
Maximal Uninterrupted Lists
x
y
Maximal uninterrupted list:maximal list segment between two interruptionsnot containing interruptions in-between
n n n n n n n n n n
n n n n
![Page 13: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/13.jpg)
13
Maximal Uninterrupted Lists
x
y
max. uninterrupted 2max. uninterrupted 1
max. uninterrupted 3
max. uninterrupted 4
n n n n n n n n n n
n n n n
![Page 14: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/14.jpg)
14
Maximal Uninterrupted Lists
x
y
n n n n n n n n n n
n n n n
24
44
number of links
![Page 15: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/15.jpg)
15
Maximal Uninterrupted Lists
x
y
n n n n n n n n n n
n n n n
2>2
>2>2
Abstract lengths: {1,2,>2}
![Page 16: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/16.jpg)
16
Using Static Names
Goal: name all sharing patterns Prepare static names for interruptions
Derive predicates for canonical abstraction
Prepare static names for max. uninterrupted lists Derive predicates for predicate
abstraction All names expressed by FOTC formulae
![Page 17: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/17.jpg)
17
Naming Interruptions
x
y
x1
y1
x2
y2
We name interruptions by adding auxiliary variablesFor every variable x : x1,…,xk (k=#variables)
x
y
n n n n n n n n n n
n n n n
![Page 18: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/18.jpg)
18
Naming Max. Uninterrupted Lists
x
y
x1
y1
x2
y2
x
y
[x1,x2][x1,y2][y1,x2][y1,y2][x,x1]
[x,y1]
[x2,x2][x2,y2][y2,x2][y2,y2][y,x1]
[y,y1]
n n n n n n n n n n
n n n n
![Page 19: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/19.jpg)
19
A Predicate Abstraction
For every pair of variables x,y (regular and auxiliary) Aliased[x,y] = x and y point to same node UList1[x,y] = max. uninterrupted list of length 1 UList2[x,y] = max. uninterrupted list of length 2 UList[x,y] = max. uninterrupted list of any length
For every variable x (regular and auxiliary) UList1[x,null] = max. uninterrupted list of length 1 UList2[x,null] = max. uninterrupted list of length 2 UList[x,null] = max. uninterrupted list of any length
Predicates expressed by FOTC formulae
![Page 20: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/20.jpg)
20
Predicate Abstraction Example
x
y
x1
y1
x2
y2
x
y
n n n n n n n n n n
n n n n
Aliased[x,x]Aliased[y,y]Aliased[x1,x1]Aliased[x2,x2]
Aliased[y1,y1]Aliased[y2,y2]Aliased[x1,y1]Aliased[y1,x1]
Aliased[x2,y2]Aliased[y2,x2]UList[x,x1]UList[x,y1]
UList2[x1,x2]UList2[x1,y2]UList2[y1,x2]UList2[y1,y2]
UList[x1,x2]UList[x1,y2]UList[y1,x2]UList[y1,y2]
UList[y,x1]UList[y,y1]UList[x2,x2]UList[x2,y2]
UList[y2,x2]UList[y2,y2]
concrete
abstract
![Page 21: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/21.jpg)
21
A Canonical Abstraction
For every variable x (regular and auxiliary) x(v) = v is pointed-to by x cul[x](v) = uninterrupted list from node
pointed-to by x to v Predicates expressed by FOTC
formulae
![Page 22: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/22.jpg)
22
Canonical Abstraction Example
x
y
x1
y1
x2
y2
x
y
cul[x]
cul[y]
cul[x1]cul[y1] cul[x2]
cul[y2]
n n n n n n n n n n
n n n n
concrete
![Page 23: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/23.jpg)
23
Canonical Abstraction Example
x
y
x1
y1
x2
y2
x
y
cul[x]
cul[y]
cul[x1]cul[y1] cul[x2]
cul[y2]
n n n n n n
n
n
n
n n
abstract
![Page 24: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/24.jpg)
24
Canonical Abstractionof Cyclic List
x
n
n n
n
n
nn
y
z
concrete abstract
x
n
n n
nn
y
z
cul[x] cul[y]
cul[z]
nn
![Page 25: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/25.jpg)
25
Canonical Abstractionof Cyclic List
abstract pre abstract post
x
n
n n
nn
y
z
cul[x] cul[y]
cul[z]
nn
x
n
n n
nn
y
z
cul[x] cul[y]
cul[z]
![Page 26: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/26.jpg)
26
Heap-sharing Depth
x
y
x1
y1
x2
y2
x
y
In this example the heap-sharing depth is 2In practice depth expected to be low (≤ 1)
n n n n n n n n n n
n n n n
![Page 27: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/27.jpg)
27
Setting the Heap-sharing Depth
x
y
x1
y1
x
y
Setting the heap-sharing depth parameter to 1results in lost information about shape
n n n n n n n n n n
n n n n
Heap-sharing depth parameter d determinesnumber of static names : control over number of predicates
![Page 28: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/28.jpg)
28
Experimental Results
![Page 29: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/29.jpg)
29
Related Work
Dor, Rode and Sagiv [SAS ’00] Checking cleanness in lists
Sagiv, Reps and Wilhelm [TOPLAS ‘02] General framework + abstractions for lists
Dams and Namjoshi [VMCAI ’03] Semi-automatic predicate abstraction for shape
analysis Balaban, Pnueli and Zuck [VMCAI ’05]
Predicate abstraction for shapes via small models Deutsch [PLDI ’94]
Symbolic access paths with lengths
![Page 30: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/30.jpg)
30
Conclusion
New abstractions for lists Observations about concrete shapes Precise for programs containing heaps with
sharing and cycles, ignoring list lengths Parametric in sharing-depth d:[1…k]
Encoded new abstractions via Canonical abstraction O(d·k) Polynomial predicate abstraction O(d2·k2) d=1 sufficient for all examples
![Page 31: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/31.jpg)
31
Missing from Talk Simulating abstract domains by pred. abs. Formal definition of abstractions Abstract transformers
Decidable logic can be automatically derived Abstraction equivalence:
for every two concrete heaps H1,H2βPA(H1)=βPA(H2) iff βC(H1)=βC(H2)
Abstractions with less predicates Cycle breaking Linear static naming scheme
![Page 32: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/32.jpg)
32
Merci
![Page 33: Predicate Abstraction and Canonical Abstraction for Singly - linked Lists Roman Manevich Mooly Sagiv Tel Aviv University Eran Yahav G. Ramalingam IBM T.J](https://reader036.vdocuments.mx/reader036/viewer/2022062515/56649c755503460f94929c2e/html5/thumbnails/33.jpg)
33
Simulating Finite Domainsby Predicate Abstraction
Assume finite abstract domain of numbered elements {1,…,n}
Naïve simulation Predicates {Pi} i=1…n Pi Holds when abstract program state is i
Simulation using logarithmic number of predicates Use binary representation of numbers Predicates {Pj} j=1…log n Pj Holds when j-th bit of abstract program state
is 1