Logical Abstract Interpretation presentation

About This Presentation

Transcript and Presenter's Notes

Title: Logical Abstract Interpretation

1
Logical Abstract Interpretation

Sumit Gulwani
Microsoft Research, Redmond

2
Final Goal of the class

Automatically verify partial correctness of
programs like the following using abstract
interpretation.
Void Init(int A, int n)
for (i 0 iltn i)
Ai 0
for (j 0 jltn j)
Assert(Aj 0)

3
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

4
Decision Procedures

DPT(?) Yes, if ? is satisfiable
No, if ? is unsatisfiable
Without loss of generality, we can assume that ?
is a conjunction of atomic facts.
Why?
DP(?1Ç?2) is sat iff DP(?1) is sat or DP(?2) is
sat
What is the trade-off?
Converting ? into DNF may incur exponential
blow-up

5
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

6
Linear Arithmetic

Expressions e y c e1 e2 c e
Atomic facts g e0 e?0
Note that e0 can be represented as e0 Æ e0
egt0 can be represented as e-10
(over integer LA)
The decision problem for integer LA is NP-hard.
The decision problem for rational LA is PTime.
PTime algorithms are complicated to implement.
Popular choice is an exponential algorithm called
Simplex
We will study a PTime algorithm for a special
case.

7
Difference Constraints

A special case of Linear Arithmetic
Constraints of the form xc and x-yc
We can represent xc by x-uc, where u is a
special zero variable. Wlog, we will assume
henceforth that we only have constraints x-yc
Reasoning required x-yc1 Æ y-zc2 ) x-zc1c2
O(n3) (saturation-based) decision procedure
Represent contraints by a matrix Mnn
where Mij c represents xixj c
Perform transitive closure of M
Mij min Mij, MikMkj
? is unsat iff 9i Mii lt 0

8
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

9
Uninterpreted Functions

Expressions e x F(e1,e2)
Atomic fact g e1e2 e1?e2
Axiom 8e1,e2,e1,e2 e1e1 Æ e2e2 )
F(e1,e2)F(e1,e2)
(called congruence axiom)
(saturation-based) Decision Procedure
Represent equalities e1e2 2 G in Equivalence DAG
(EDAG)
Nodes of an EDAG represent congruence classes of
expressions that are known to be equal.
Saturate equalities in the EDAG by following
rule
If C(e1)C(e1) Æ C(e2)C(e2), Merge
C(F(e1,e2)), C(F(e1,e2))
where C(e) denotes congruence class of expression
e
Declare unsatisfiability iff 9 e1?e2 in G s.t.
C(e1) C(e2)

10
Uninterpreted Functions Example
yF5(y)
y?F(y)
yF3(y)
Æ
Æ
F
F
F(y)F4(y)
F
F2(y)F5(y)
F
yF2(y)
F
F(y)F3(y)
y
yF(y)
? unsat
11
Uninterpreted Functions Complexity

Complexity of congruence closure O(n log n),
where n is the size of the input formula
In each step, we merge 2 congruence classes. The
total number of steps required is thus n, where n
is a bound on the original number of congruence
classes.
The complexity of each step can be O(log n) by
using union-find data structure

12
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

13
Combination of Linear Arithmetic and
Uninterpreted Functions

Expressions e y c e1 e2 c e
F(e1,e2)
Atomic Facts g e0 e?0
Axioms Combined axioms of linear arithmetic
uninterpreted fns.
Decision Procedure Nelson-Oppen methodology for
combining decision procedures

14
Combining Decision Procedures

Nelson-Oppen gave an algorithm in 1979 to combine
decision procedures for theories T1 and T2,
where
T1 and T2 have disjoint signatures
except equality
T1, T2 are stably infinite
Complexity is O(2n2(W1(n)W2(n)).
If T1, T2 are convex, complexity is
O(n3(W1(n)W2(n)).
The theories of linear arithmetic and
uninterpreted functions satisfy all of the above
criterions.

15
Convex Theory

A theory is convex if the following holds.
Let G g1 Æ Æ gn
If G ) e1e2 Ç e3e4, then G ) e1e2 or G ) e3e4
Examples of convex theory
Rational Linear Arithmetic
Uninterpreted Functions

16
Examples of Non-convex Theory

Theory of Integer Linear Arithmetic
Theory of Arrays

ysel(upd(M,a,0),b) ) y0 Ç ysel(M,b) But
ysel(upd(M,a,0),b) ) y0 and
ysel(upd(M,a,0),b) ) ysel(M,b)
/
/
17
Stably Infinite Theory

A theory T is stably infinite if for all
quantifier-free formulas ? over T, the following
holds
If ? is satisfiable, then ? is satisfiable
over an infinite model.
Examples of stably infinite theories
Linear arithmetic, Uninterpreted Functions
Examples of non-stably infinite theories
A theory that enforces finite of distinct
elements. Eg., a theory with the axiom 8x,y,z
(xy Ç xz Ç yz). Consider the quantifier free
formula ? y1y2.
? is satisfiable but doesnt have an
infinite model.

18
Nelson-Oppen Methodology

Purification Decompose ? into ?1 Æ ?2 such that
?i contains symbols from theory Ti.
This can be done by introducing dummy variables.
Exchange variable equalities between ?1 and ?2
until no more equalities can be deduced.
Sharing of disequalities is not required because
of stably-infiniteness.
Sharing of disjunctions of equalities is not
required because of convexity.
? is unsat iff ?1 is unsat or ?2 is unsat.

19
Combining Decision Procedures Example
y1 4y3 F(2y2-y1) Æ y1F(y1) Æ y2F(F(y1))
Æ y1?4y3
Purification
a12y2-y1 y14y3a2 Æ y1?4y3 y1 y2 y1 a2
a2F(a1) y1F(y1) Æ y2F(F(y1)) y1 a1
Saturation
? unsat
20
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

21
Logical Abstract Interpretation

Abstract Interpretation of a program involves
interpreting the program over abstract values
from some abstract domain D equipped with a
partial order ¹
Logical Abstract Interpretation refers to the
case when
D logical formulas over theory T
¹ logical implication relationship, i.e., E ¹
E iff E )T E
We will study following examples of logical
interpretation
D consists of finite conjunctions of atomic facts
over T.
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Functions
D consists of universally quantified formulas
over T.

22
Transfer Functions for Logical Abstract
Interpreter

An abstract interpreter computes abstract values
or facts at each program point from facts at
preceding program points using appropriate
transfer fns.

Transfer functions for a logical abstract
interpreter thus involve providing operators for
over-approximating disjunction and existential
quantifier elimination.

23
Fixed-point Computation

In presence of loops, fixed-point computation is
required. The process is accelerated by using a
widening operator, which takes the facts in the
current and previous iteration (at some point
inside a loop) and generates something weaker
than the current fact.
A widening operator should guarantee convergence
in a bounded number of steps.
Widening is typically applied at loop header
points.
Facts generated after fixed-point are invariants
and can be used to validate assertions using
decision procedures.

G
assert(g)
Validate iff GÆ g is unsat
24
Initialization

The fact at program entry is initialized to gt,
which in our setting is the logical formula
true.
This denotes that we make no assumptions about
inputs, and whatever we prove will be valid for
all inputs.
The facts at all other program points are
initialized to ?, which in our setting is the
logical formula false.
This denotes our optimistic assumption of
unreachability of program locations (unless we
can prove them reachable in the process of
fixed-point computation).

25
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

26
Difference Constraints

Abstract element
conjunction of xi-xj cij
can be represented using matrix M, where
Mijcij
Decide(M)
M Saturate(M)
Declare unsat iff 9i Mii lt 0
Join(M1, M2)
M1 Saturate(M1) M2 Saturate(M2)
Let M3 be s.t. M3ij Max M1ij,
M2ij
return M3

27
Difference Constraints

Eliminate(M, xi)
M Saturate(M)
Let M1 be s.t. M1jk 1 (if ji or ki)
Mjk otherwise
return M1
Widen(M1, M2)
M1 Saturate(M1) M2 Saturate(M2)
Let M3 be s.t. M3ij M1ij (if M1ij
M2ij)) 1 (otherwise)
return M3

28
Difference Constraints Example
true
y 0 z 2
y0, z2
?
y0 Æ z2
?
0y1 Æ zy2
0y2 Æ zy2
0y Æ zy2
0ylt51 Æ zy2
1ylt51 Æ zy2
1y2 Æ zy2
y1 Æ z3
?
y lt 50
y50 Æ zy2
False
True
Assert (z52)
y0 Æ z2
0y1 Æ zy2
0ylt50 Æ zy2
?
y z
29
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

30
Uninterpreted Functions

Abstract element
conjunction of e1e2, where e y F(e1,e2)
can be represented using EDAGs
Decide(G)
G Saturate(G)
Declare unsat iff G contains e1 ? e2 and G has
e1, e2 in the same congruence class.
Eliminate(G, y)
G Saturate(G)
Erase y (might need to delete some dangling
expressions)
return G

31
Uninterpreted Functions

Join(G1, G2)
G1 Saturate(G1) G2 Saturate(G2)
G Intersect(G1, G2)
return G
For each node n ltU, ni,nigt in G 1
and node m ltV, mj, mjgt in G2,
G contains a node n,m ltU Å V, ni,
mj, ni,mjgt

32
Uninterpreted Functions Example of Join
G1
G2
G Join(G1,G2)
33
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

34
Combination Decision Procedure

DP(E12)
ltE1, E2gt PurifySaturate(E12)
Return DPT1(E1) Æ DPT2(E2)

35
Combination Join Algorithm

JoinT12(L12, R12)
ltL1, L2gt PurifySaturate(L12) ltR1, R2gt
PurifySaturate(R12)
DL Æ viltvi,vjgt vi2Vars(L1ÆL2),
vj2Vars(R1ÆR2) DR Æ vjltvi,vjgt
vi2Vars(L1ÆL2), vj2Vars(R1ÆR2)
L1 L1 Æ DL R1 R1 Æ DR L2 L2 Æ
DL R2 R2 Æ DR
A1 JoinT1(L1, R1) A2 JoinT2(L2,
R2)
V Vars(A1ÆA2) Program Variables
A12 EliminateT12(A1ÆA2, V)
Return A12

36

Combination Example of Join Algorithm
za-1 Æ yF(a)
zb-1 Æ yF(b)
Joinufla
za-1 aha,bi
yF(a) aha,bi
zb-1 bha,bi
yF(b) bha,bi
Joinuf
Joinla
ha,bi1z
yF(ha,bi)
Eliminateufla
ha,bi
yF(1z)
37
Combination Existential Quantifier Elimination

ElimintateT12(E12, V)
ltE1, E2gt PurifySaturate(E12)
ltD, Defsgt DefSaturate(E1, E2, V Temp
Variables)
V V Temp Variables D E1
EliminateT1(E1, V) E2 EliminateT2(E2,
V)
E (E1 Æ E2) Defs(y)/y
Return E
DefSaturate(E1, E2, U) returns the set of all
variables D that have definitions Defs in terms
of variables not in U as implied by E1 Æ E2.

38

Combination Example of Existential Elimination
aby Æ zc1 Æ aF2(b) Æ cF(b)
a, b, c
Eliminateufla
aby Æ zc1
aF2(b) Æ cF(b)
Defla
Defuf
b
Eliminatela
Eliminateuf
c ? z-1 a ?F(z-1)
a y Æ zc1
a F(c)
Substitute
F(z-1) y
39
Abstract Interpretation over Combined Domain
Example
true
struct List struct List next x, y N(z)
0, if z null 1 N(z!next)
y x i 0
yx, i0
?
0i1 N(x)N(y)i
0i2, N(x)N(y)i
0i, N(x)N(y)i
1i2, N(x)N(y)i
?
yx, i0
1i, N(x)N(y)i
yx!next, i1, x?null N(x)N(x!next)1
?
y?null
0i1, y ? null N(x)N(y)i
0i, y ? null N(x)N(y)i
?
yx, i0, y?null
i i1 y y!next
40
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

41
Universally Quantified Abstract Domain

Abstract element is of the form E Æ Æi(8X Ai)Bi)
where E, Ai, Bi are from some underlying base
domain(s) D.
The partial order ¹ is a refinement of the more
natural implication relationship.
E Æ Æi(8X Ai)Bi) ¹ E Æ Æj(8X Aj)Bj)
iff
E ) E
8j 9i s.t. EÆAj)Ai and EÆBi)Bj
Another way to state the above thing would be to
say that the partial order is still the
implication relationship but transfer functions
are incomplete.

42
Quantified Abstract Domain Join Algorithm

Consider a simpler case first.
Let (E Æ 8XA)B) Join(E1 Æ 8XA1)B1, E2
Æ 8XA2)B2). Then,
(E1 Æ 8XA1)B1) ¹ (E Æ 8XA)B)
(E2 Æ 8XA2)B2) ¹ (E Æ 8XA)B)
Or, equivalently,
E1)E and E2)E. Thus, E Join(E1, E2).
E1ÆA)A1 and E2ÆA)A2, i.e., A ) (E1)A1 Æ E2)A2).
Thus, A bE1)A1 Æ E2)A2c.
E1ÆB1 ) B and E2ÆB2 ) B. Thus, B Join(E1ÆB1,
E2ÆB2).
Join(E1 Æ Æi(8X A1i)B1i), E2Æ Æi(8X A2i)B2i))
result JoinD(E1, E2)
Forall i,j
A bE1)A1i Æ E2)A2jc B
JoinD(E1ÆB1i, E2ÆB2j)
result result Æ 8XA)B
return result

43
Quantified Abstract Domain Example of Join

Let G1 (i0 Æ 8k k0 ) Fki)
G2 (i1 Æ 8k 0k1 ) Fk0)
Then Join(G1, G2) 0i1 Æ 8k A)B, where
A b(i0)k0) Æ (i1)0k1)c 0ki
B JoinD(i0 Æ Fki, i1 Æ Fk0) Fk0

44
Quantified Abstract Domain Eliminate

Let (E Æ 8XA)B) Eliminate(E Æ 8XA)B, s).
Then,
(E Æ 8XA)B) ¹ (E Æ 8XA)B) among other
things.
For simplicity, assume that s doesnt affect
terms in A,B involving X. Then,
E)E and E doesnt contain any term affected by
change to s.
Thus, E EliminateD(E,s).
EÆA)A and A doesnt contain any term affected by
change to s.
Thus, A b8sE)Ac.
EÆB)B and B doesnt contain any term affected
by change to s.
Thus, B EliminateD(EÆB, s).

45
Quantified Abstract Domain Eliminate

Eliminate(G, s)
Let G be E Æ 8XA)B
Psuedo-code can be easily extended for multiple 8
T e e occurs in A or B Vars(e) Å X ?
A A Æ Æe2T NotEffect(lts,Ggt, e)
E EliminateD(E,s)
B EliminateD(BÆE,s)
A b8sE)Ac
return (E Æ 8X A)B)
NotEffect(lts,Ggt, e) denotes a constraint g s.t.
GÆg implies that s does not affect e.

46
Quantified Abstract Domain Example of Eliminate

Let G (F0gt10 Æ 8k 0kltF0 ) FkgtF0 )
Then Eliminate(G, F0) true Æ 8k A)B, where
T k, Fk
NotEffect(ltF0,Ggt, Fk) k?0
NotEffect(ltF0,Ggt, Fk) true
A1 0kltF0 Æ k ? 0 Æ true 1kltF0
A b8F0 F0gt10 ) 1kltF0c 1klt10
B Eliminate(FkgtF0 Æ F0gt10, F0)
Fklt10

47
Quantified Abstract Domain Example
true
F0 0 i 1
i1 Æ F00
i1 Æ 8kk0 ) Fk0
?
2in Æ 8k 0klti ) Fk0
i2 Æ F00 Æ F10
2i3 Æ 8k 0klti ) Fk0
i2 Æ 8k0k1 ) Fk0
i1 Æ F00
?
1i2 Æ 8k 0klti ) Fk0
1i3 Æ 8k 0klti ) Fk0
1i Æ 8k 0klti ) Fk0
1i Æ 8k 0klti ) Fk0
?
i lt n
False
in Æ 8k 0klti ) Fk0
True
i1 Æ F00
1i2 Æ 8k 0klti ) Fk0
1iltn Æ 8k 0klti ) Fk0
?
i 0
Fi 0 i
i0 Æ 8k 0kltn ) Fk0
48
References

Uninterpreted Functions
A polynomial time algorithm for global value
numbering SAS 2004, S. Gulwani, G. Necula
Join algorithms for the theory of uninterpreted
fns FSTTCS 2004, S. Gulwani, A. Tiwari, G.
Necula
Combination of Linear Arithmetic and
Uninterpreted Fns
Combining Abstract Interpreters
PLDI 2006, S. Gulwani, A. Tiwari
Universally Quantified Abstract Domain
Lifting Abstract Interpreters to Quantified
Logical Domains POPL 2008, S. Gulwani, B.
McCloskey, A. Tiwari

49
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

50
Abstract Program Model / Problem Statement

Linear Arithmetic
e y c e1 e2 c e g
e0
Uninterpreted Functions
e y F(e1,e2) g e1e2
Combination
e y c e1 e2 c e F(e1,e2) g
e0

51
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

52
Assertion Checking Linear Arithmetic

Non-deterministic Conditionals
Equality Assertions PTIME
Perform abstract interpretation over linear
equalities.
Affine relationships among variables of a
program, Karr 76
Inequality assertions ?
Deterministic Conditionals Undecidable
Even with equality conditionals and equality
assertions
PCP Problem can be reduced to it.
A Note on Karrs Algorithm, H. Seidl, M.
Muller-Olm, ICALP 2004

53
Reducing PCP Problem to Assertion Checking

The following problem (PCP Problem) is
undecidable. Given pairs (u1,v1), , (um,vm),
where ui, vi 2 0,1
Decide 9 a non-empty sequence i1, , in such
that
ui1 uin vi1 vin
Given a PCP instance, we will construct an
assertion checking problem over linear arithmetic
such that the assertion holds iff the solution to
PCP instance is false.

54
Reducing PCP Problem to Assertion Checking
y 1 z 1
y 2um y ltumgt z 2vm z ltvmgt
y 2u1 y ltu1gt z 2v1 z ltv1gt

yz ?
False
True
d 1
d 0
Assert (d0)
55
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

56
Assertion Checking Uninterpreted Functions

Non-deterministic Conditionals PTIME
Abstract interpretation over uninterpreted fns.
Deterministic Conditionals Undecidable
PCP Problem can be reduced to it.
Checking Herbrand Equalities and Beyond, H.
Seidl, M. Muller-Olm, VMCAI 2005

57
Reducing PCP Problem to Assertion Checking
y 1 z 1
y um(y) z vm(z)
y u1(y) z v1(z)
Think of ui, vi as sequences of applications of
unary fns, one corresponding to 0 and other
corresponding to 1.

yz ?
False
True
d 1
d 0
Assert (d0)
58
Outline

Decision Procedures
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Logical Abstract Interpretation
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns
Universally Quantified Formulas
Hardness of Assertion Checking
Linear Arithmetic
Uninterpreted Functions
Combination of Linear Arithmetic and
Uninterpreted Fns

59
Assertion Checking Combination of Linear
Arithmetic Uninterpreted Functions

Deterministic Conditionals Undecidable
No surprise since problem is undecidable for
individual cases of linear arithmetic and
uninterpreted fns.
Non-deterministic Conditionals ? At least
coNP-hard
Even for equality conditionals.
A surprising result since assertion checking for
individual cases of linear arithmetic
(equalities) and uninterpreted fns is PTIME, but
not for combination.
In contrast, decision procedures for linear
arithmetic and uninterpreted fns can be combined
in PTIME using Nelson-Oppen methodology.
Assertion checking over combination of linear
arithmetic and uninterpreted fns, S. Gulwani, A.
Tiwari, ESOP 2006

60
Reducing Unsatisfiability to Assertion Checking

? boolean 3-SAT instance with m clauses
IsUnsatisfiable(?)
for j1 to m
cj 0
for i1 to k do
if ()
8 j s.t. var i occurs positively in
clause j, cj 1
else
8 j s.t. var i occurs negatively in clause
j, cj 1
y c1 c2 cm
Assert (y0 Ç y1 Ç ym-1)

61
Encoding disjunction

The check y1 Ç y2 can be encoded by the
assertion F(y) F(1)F(2)-F(3-y)).
The above trick can be recursively applied to
construct an assertion that encodes y0 Ç y1 Ç
Ç ym-1
Eg., y0 Ç y1 Ç y2 can be encoded by encoding
F(y)F(0) Ç F(y)F(1)F(2)-F(3-y)

62
Conclusion

We showed how logical reasoning traditionally
used in theorem proving can be exploited in an
abstract interpretation setting.
We focused on conjunctive and universally
quantified invariants over the domain of linear
arithmetic and uninterpreted fns.
There are several other interesting issues in
program analysis that we did not address
Destructive updates
Points-to analysis, Shape analysis
Path-sensitive analysis
Disjunctive invariants
Inter-procedural analysis
Procedure summaries

Write a Comment

User Comments (0)

About PowerShow.com

Logical Abstract Interpretation PowerPoint PPT Presentation