Predicate Abstraction and Canonical Abstraction for Singlylinked Lists - PowerPoint PPT Presentation

1 / 33
About This Presentation
Title:

Predicate Abstraction and Canonical Abstraction for Singlylinked Lists

Description:

Current predicate abstraction refinement methods not adequate for analyzing heaps ... A Canonical Abstraction. For every variable x (regular and auxiliary) ... – PowerPoint PPT presentation

Number of Views:108
Avg rating:3.0/5.0
Slides: 34
Provided by: romanma1
Category:

less

Transcript and Presenter's Notes

Title: Predicate Abstraction and Canonical Abstraction for Singlylinked Lists


1
Predicate Abstraction andCanonical
Abstractionfor Singly-linked Lists
  • Roman ManevichMooly SagivTel Aviv University

Eran Yahav G. Ramalingam IBM T.J. Watson
2
Motivating Example 1 CEGAR
curr head while (curr ! tail) assert
(curr ! null) curr curr.n
n
n
n
n

tail
head
  • Counterexample-guided abstraction refinement
    generates following predicatescurr.n ? null
    ,curr.n.n ? null , after i refinement
    stepscurr(.n)i ? null

3
Motivating Example 1 CEGAR
curr head while (curr ! tail) assert
(curr ! null) curr curr.n
n
n
n
n

tail
head
In general, problem is undecidableV.
Chakaravathy POPL 2003 State-of-the-art
canonical abstractions can prove assertion
4
Motivating Example 2
// _at_pre cyclic(x)t null y x while (t ! x
y.data lt low) t y.n y t z
y while (z ! x z.data lt high) t z.n
z t t null if (y ! z) y.n null
y.n z // _at_post cyclic(x)
5
Motivating Example 2
_at_pre cyclic(x)
_at_post cyclic(x)
z
z
n
n
n
n
n
x
x
n
n
n
n
n
n
n
y
y
6
Existing Canonical Abstraction
concrete
abstract
z,cnrx,ry,rz
order between variables lost!cannot establish
_at_post cyclic(x)
z
n
n
n
n
x,cnrx,ry,rz
x
n
n
n
n
n
n
n
cnrx,ry,rz
n
n
n
y
y,cnrx,ry,rz
7
Overview and Main Results
  • Current predicate abstraction refinement methods
    not adequate for analyzing heaps
  • Predicate abstraction can simulate arbitrary
    finite abstract domains
  • Often requires too many predicates
  • New family of abstractions for lists
  • Bounded number of sharing patterns
  • Handles cycles more precisely than existing
    canonical abstractions
  • Encode abstraction with two methods
  • Canonical abstraction
  • Polynomial predicate abstraction

8
Outline
  • New abstractions for lists
  • Observations on concrete shapes
  • Static naming scheme
  • Encoding via predicate abstraction
  • Encoding via canonical abstraction
  • Controlling the number of predicates via
    heap-sharing depth parameter
  • Experimental results
  • Related work
  • Conclusion

9
Concrete Shapes
  • Assume the following class of (list-) heaps
  • Heap contains only singly-linked lists
  • No garbage (easy to handle)
  • A heap can be decomposed into
  • Basic shape (sharing pattern)
  • List lengths

10
Concrete Shapes
class SLL Object value SLL n
n
n
n
n
n
n
n
n
n
n
x
n
n
n
n
y
11
Interrupting Nodes
Interruption node pointed-to by a variableor
shared by n fields
n
n
n
n
n
n
n
n
n
n
x
n
n
n
n
y
interruptions 2 variables(bounded number
of sharing patterns)
12
Maximal Uninterrupted Lists
Maximal uninterrupted list maximal list segment
between two interruptionsnot containing
interruptions in-between
n
n
n
n
n
n
n
n
n
n
x
n
n
n
n
y
13
Maximal Uninterrupted Lists
max. uninterrupted 2
max. uninterrupted 1
n
n
n
n
n
n
n
n
n
n
x
n
n
n
n
y
max. uninterrupted 3
max. uninterrupted 4
14
Maximal Uninterrupted Lists
number of links
2
4
n
n
n
n
n
n
n
n
n
n
x
4
4
n
n
n
n
y
15
Maximal Uninterrupted Lists
Abstract lengths 1,2,gt2
2
gt2
n
n
n
n
n
n
n
n
n
n
x
gt2
gt2
n
n
n
n
y
16
Using Static Names
  • Goal name all sharing patterns
  • Prepare static names for interruptions
  • Derive predicates for canonical abstraction
  • Prepare static names for max. uninterrupted lists
  • Derive predicates for predicate abstraction
  • All names expressed by FOTC formulae

17
Naming Interruptions
We name interruptions by adding auxiliary
variables For every variable x x1,,xk
(kvariables)
x2
x1
n
n
n
n
n
n
n
n
n
n
x
x
n
n
n
n
y
y
y1
y2
18
Naming Max. Uninterrupted Lists
x1,x2x1,y2y1,x2y1,y2
x,x1x,y1
x2
x1
n
n
n
n
n
n
n
n
n
n
x
x
n
n
n
n
y
y
y1
x2,x2x2,y2y2,x2y2,y2
y2
y,x1y,y1
19
A Predicate Abstraction
  • For every pair of variables x,y (regular and
    auxiliary)
  • Aliasedx,y x and y point to same node
  • UList1x,y max. uninterrupted list of length 1
  • UList2x,y max. uninterrupted list of length 2
  • UListx,y max. uninterrupted list of any
    length
  • For every variable x (regular and auxiliary)
  • UList1x,null max. uninterrupted list of
    length 1
  • UList2x,null max. uninterrupted list of
    length 2
  • UListx,null max. uninterrupted list of any
    length
  • Predicates expressed by FOTC formulae

20
Predicate Abstraction Example
x2
x1
n
n
n
n
n
n
n
n
n
n
x
x
concrete
n
n
n
n
y
y
y1
y2
abstract
21
A Canonical Abstraction
  • For every variable x (regular and auxiliary)
  • x(v) v is pointed-to by x
  • culx(v) uninterrupted list from node
    pointed-to by x to v
  • Predicates expressed by FOTC formulae

22
Canonical Abstraction Example
concrete
culx1culy1
culx2culy2
culx
x2
x1
n
n
n
n
n
n
n
n
n
n
x
x
n
n
n
n
y
y
y1
y2
culy
23
Canonical Abstraction Example
abstract
culx1culy1
culx2culy2
culx
x2
x1
n
n
n
n
n
n
x
x
n
n
n
n
y
y
y1
y2
n
culy
24
Canonical Abstractionof Cyclic List
concrete
abstract
culz
z
z
n
n
n
n
n
x
x
n
n
n
n
n
n
n
n
n
culx
culy
y
y
25
Canonical Abstractionof Cyclic List
abstract pre
abstract post
culz
z
z
culz
n
n
n
n
x
x
n
n
n
n
n
n
n
n
culx
culx
culy
culy
y
y
26
Heap-sharing Depth
In this example the heap-sharing depth is 2In
practice depth expected to be low ( 1)
x2
x1
n
n
n
n
n
n
n
n
n
n
x
x
n
n
n
n
y
y
y1
y2
27
Setting the Heap-sharing Depth
Setting the heap-sharing depth parameter to
1results in lost information about shape
x1
n
n
n
n
n
n
n
n
n
n
x
x
n
n
n
n
y
y
y1
Heap-sharing depth parameter d determinesnumber
of static names control over number of
predicates
28
Experimental Results
29
Related Work
  • Dor, Rode and Sagiv SAS 00
  • Checking cleanness in lists
  • Sagiv, Reps and Wilhelm TOPLAS 02
  • General framework abstractions for lists
  • Dams and Namjoshi VMCAI 03
  • Semi-automatic predicate abstraction for shape
    analysis
  • Balaban, Pnueli and Zuck VMCAI 05
  • Predicate abstraction for shapes via small models
  • Deutsch PLDI 94
  • Symbolic access paths with lengths

30
Conclusion
  • New abstractions for lists
  • Observations about concrete shapes
  • Precise for programs containing heaps with
    sharing and cycles, ignoring list lengths
  • Parametric in sharing-depth d1k
  • Encoded new abstractions via
  • Canonical abstraction O(dk)
  • Polynomial predicate abstraction O(d2k2)
  • d1 sufficient for all examples

31
Missing from Talk
  • Simulating abstract domains by pred. abs.
  • Formal definition of abstractions
  • Abstract transformers
  • Decidable logic ? can be automatically derived
  • Abstraction equivalencefor every two concrete
    heaps H1,H2ßPA(H1)ßPA(H2) iff ßC(H1)ßC(H2)
  • Abstractions with less predicates
  • Cycle breaking
  • Linear static naming scheme

32
Merci
33
Simulating Finite Domainsby Predicate Abstraction
  • Assume finite abstract domain of numbered
    elements 1,,n
  • Naïve simulation
  • Predicates Pi i1n
  • Pi Holds when abstract program state is i
  • Simulation using logarithmic number of predicates
  • Use binary representation of numbers
  • Predicates Pj j1log n
  • Pj Holds when j-th bit of abstract program state
    is 1
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Predicate Abstraction and Canonical Abstraction for Singlylinked Lists" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!