Download presentation

Presentation is loading. Please wait.

Published byReina Capell Modified over 2 years ago

1
Meta Predicate Abstraction for Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los Angeles TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A A A A A A

2
What: –Method of defining extrapolation and join operations for separation logic based analyses Main Goals: –Enable join operations between Powerset and Cartesian –Provide systematic definitions and parameterizations of operations 2

3
Goal: Enable join operations between Powerset and Cartesian –Maximally precise Powerset (disjunctive-normal form) join too costly / redundant Particularly for shape analysis: tends to overuse disjunction –Minimally precise Cartesian (no disjunction) join usually too imprecise Therefore here: –Use symbolic heap formulae that allow arbitrary nesting of conjunction & disjunction –Parameterize join to control when to weaken by shifting from disjunctive to a more conjunctive form 3

4
Goal: Provide systematic definitions and parameterizations of operations –Join & extrapolation generally have ad-hoc definitions in SL analyses –Significant impediment to systematic or automatic tuning Therefore here: –Define join & extrapolation using a form of predicate abstraction Unary predicates in (positive) first-order logic with transitive closure Interpreted over points in the structure of SL formulae –Opens the way to specializing operations to particular: Program Program point: lazy abstraction Program point at particular point in analysis: abstraction refinement 4

5
Approximate semantics Soundness condition for –Join: –Extrapolation: 5 What are extrapolation & join?

6
Simple fragment of separation logic Consider analysis –Sets of symbolic heap formulae –Set theoretic order, join, pointwise lift of transformers Now to define extrapolation… 6 Simple symbolic heaps

7
First-order logic with transitive closure Entailment judgment Closure rules 7 Meta predicate logic

8
Base predicate satisfaction Predicate satisfaction Unary predicates: are evaluated: lift to vectors of predicates: and expressions: 8 Meta predicate evaluation

9
Predicates: Symbolic Heap: Valuations: 9 Predicate evaluation example

10
Append entailment Simplified concatenation rewrite rule General concatenation rewrite rule 10 Meta predicate based Extrapolation

11
Consider: –then: –and: Non-confluence: In general, confluence depends on predicate set 11 Extrapolation example

12
Consider the predicates Then we have the rewrites Note similarity to Distefano + TACAS06 & Manevich + VMCAI05 But: 12 Predicates example

13
Disjunctive symbolic heaps Add production: Symbolic heap contexts Predicate satisfaction judgment 13 Disjunctive symbolic heaps

14
14 Predicate satisfaction

15
15 Example deduction

16
16 Predicate evaluation algorithm

17
17 Predicate evaluation algorithm

18
Concatenation rewrite Selected branch of a context 18 Extrapolation

19
Factorization rewrite Example 19 Weaken & distribute ¤ over Ç Join

20
Joining segments with equal heads and unequal tails Example 20 Trade disjuncts for existentials Join

21
Work from leaves of whole formula to root For each decomposition into context and symbolic heap –View selected symbolic heap as graph –Edges for points-tos, list segments and equalities Apply rewrite rules to paths in graph in a length-decreasing order 21 Extrapolation & Join algorithms

22
Disjunctive Hierarchical Symbolic Heaps Base predicate satisfaction changes Otherwise mostly orthogonal extension Extrapolation & Join algorithms complicated by needing to construct segment graphs inductively over patterns Rewrite rules now need to use subtraction –Paths in segment graph dont imply append entailment applies 22 Hierarchical Symbolic Heaps

23
Proposed method of defining extrapolation & join operations –For separation logic based analyses –Over formulae allowing arbitrary nesting of *-conjunction and disjunction –Using a form of (unary, FOTC) predicate abstraction Enables join operations between Powerset and Cartesian Provides systematic definitions and parameterizations of operations Can be seen as a meeting point of Canonical Abstraction and separation logic based analysis –Representation of invariants & local semantics of programs from SL –Extrapolation & join based on valuation of FOTC predicates a la CA 23 Summary

Similar presentations

© 2016 SlidePlayer.com Inc.

All rights reserved.

Ads by Google