Download presentation
Presentation is loading. Please wait.
1
1 Shape Analysis via 3-Valued Logic Mooly Sagiv Tel Aviv University Shape analysis with applications Chapter 4.6 http://www.cs.tau.ac.il/~rumster/TVLA/
2
2 Outline Collecting Semantics using first order logic 3-valued logic and embedding Simple abstract semantics using logic More precise abstract semantics TVLA
3
3 Collecting Semantics using Logic Represent states using logical structures Construct the program control flow graph with a distinguished node start Define the set of logical structures at start Define the meaning of program conditions using closed first order formulae Define the meaning of statements using first order formulae
4
4 The SWhile Programming Language Abstract Syntax a := x | x.sel | null | n | a 1 op a a 2 b := true | false | not b | b 1 op b b 2 | a 1 op r a 2 S := [x := a] l | [x.sel := a] l | [x := malloc()] l | [skip] l | S 1 ; S 2 | if [b] l then S 1 else S 2 | while [b] l do S sel:= car | cdr
![4 The SWhile Programming Language Abstract Syntax a := x | x.sel | null | n | a 1 op a a 2 b := true | false | not b | b 1 op b b 2 | a 1 op r a 2 S := [x := a] l | [x.sel := a] l | [x := malloc()] l | [skip] l | S 1 ; S 2 | if [b] l then S 1 else S 2 | while [b] l do S sel:= car | cdr](http://images.slideplayer.com/27/8917287/slides/slide_4.jpg "4 The SWhile Programming Language Abstract Syntax a := x | x.sel | null | n | a 1 op a a 2 b := true | false | not b | b 1 op b b 2 | a 1 op r a 2 S := [x := a] l | [x.sel := a] l | [x := malloc()] l | [skip] l | S 1 ; S 2 | if [b] l then S 1 else S 2 | while [b] l do S sel:= car | cdr")
5
5 Example [x := null;] 1 while ([count > 0] 2 ) ( [t := malloc();] 3 [t.cdr := x;] 4 [x :=t;] 5 Predicates Unary x(v) t(v) Binary car(v1, v2) cdr(v1, v2) eq(v1, v2)
![5 Example [x := null;] 1 while ([count > 0] 2 ) ( [t := malloc();] 3 [t.cdr := x;] 4 [x :=t;] 5 Predicates Unary x(v) t(v) Binary car(v1, v2) cdr(v1, v2) eq(v1, v2)](http://images.slideplayer.com/27/8917287/slides/slide_5.jpg "5 Example [x := null;] 1 while ([count > 0] 2 ) ( [t := malloc();] 3 [t.cdr := x;] 4 [x :=t;] 5 Predicates Unary x(v) t(v) Binary car(v1, v2) cdr(v1, v2) eq(v1, v2)")
6
6 ([count > 0] 2 [x :=t;] 5 exit [x := null;] 1 [t.cdr :=x;] 4 [t :=malloc();] 3 x:=null {x’(v) := 0 } t:=malloc() { let v 0 := new() in t(v) := eq(v, v 0 ) } t.cdr :=x { message v: t(v) … cdr’(v1, v2) := (t(v1)? x(v2): cdr(v1, v2)) } x:=t x’(v) := t(v) } ( ? 1 : 2 ) ( 1 ) ( 2 ) [ count:=count-1;] 6
![6 ([count > 0] 2 [x :=t;] 5 exit [x := null;] 1 [t.cdr :=x;] 4 [t :=malloc();] 3 x:=null {x’(v) := 0 } t:=malloc() { let v 0 := new() in t(v) := eq(v, v 0 ) } t.cdr :=x { message v: t(v) … cdr’(v1, v2) := (t(v1).](http://images.slideplayer.com/27/8917287/slides/slide_6.jpg "x(v2): cdr(v1, v2)) } x:=t x’(v) := t(v) } ( . 1 : 2 ) ( 1 ) ( 2 ) [ count:=count-1;] 6.")
7
7 The reverse example [y := null;] 1 while ([x !=null] 2 ) ( [t := y;] 3 [y := x;] 4 [x :=x.cdr;] 5 [y.cdr :=t;] 6 Predicates Unary x(v) t(v) y(v) Binary car(v1, v2) cdr(v1, v2) eq(v1, v2)
![7 The reverse example [y := null;] 1 while ([x !=null] 2 ) ( [t := y;] 3 [y := x;] 4 [x :=x.cdr;] 5 [y.cdr :=t;] 6 Predicates Unary x(v) t(v) y(v) Binary car(v1, v2) cdr(v1, v2) eq(v1, v2)](http://images.slideplayer.com/27/8917287/slides/slide_7.jpg "7 The reverse example [y := null;] 1 while ([x !=null] 2 ) ( [t := y;] 3 [y := x;] 4 [x :=x.cdr;] 5 [y.cdr :=t;] 6 Predicates Unary x(v) t(v) y(v) Binary car(v1, v2) cdr(v1, v2) eq(v1, v2)")
8
8 ([x!=null] 2 [y.cdr :=t;] 6 exit [y:= null;] 1 [x :=x.cdr;] 5 [t :=y;] 3 a3 y:=null = { y’(v) :=0 } x !=null = v: x(v) t:=y ={ t(v) :=y(v) } x:=x.cdr ={ message v:x(v) … x’(v) := v1:x(v1) cdr(v1, v) } y.cdr :=t ={ cdr’(v1, v2) := y(v1)? t(v2) : cdr(v1, v2) } [y :=x;] 4 y:=x ={ { y’(v) :=x(v) }
![8 ([x!=null] 2 [y.cdr :=t;] 6 exit [y:= null;] 1 [x :=x.cdr;] 5 [t :=y;] 3 a3 y:=null = { y’(v) :=0 } x !=null = v: x(v) t:=y ={ t(v) :=y(v) } x:=x.cdr ={ message v:x(v) … x’(v) := v1:x(v1) cdr(v1, v) } y.cdr :=t ={ cdr’(v1, v2) := y(v1).](http://images.slideplayer.com/27/8917287/slides/slide_8.jpg "t(v2) : cdr(v1, v2) } [y :=x;] 4 y:=x ={ { y’(v) :=x(v) }.")
9
9 Statement’s Meaning st st x:=null{x(v) := 0 } x:=malloc(){let v 0 = new() in x’(v) := eq(v, v 0 ) } x := y{x’(v) := y(v)} x:=y.sel {message v:x(v) … x’(v) := v1:x(v1) sel(v1, v) } x.sel:=y {message v:x(v) … sel’(v1, v2) := (x(v1)? y(v2) : sel(v1, v2)) }
10
10 Condition’s Meaning cond cond x!=null v:x(v) x==null v:x(v) x==y v:x(v) y(v) x!=y v:x(v) y(v)
11
11 Collecting Semantics CS (start) = { } CS (v) = { st(u) (S): u v E, S CS(u)} {S : S, u v E t, S cond(u) } {S: S, u v E f, S cond(u) }
12
12 1: True 0: False 1/2: Unknown A join semi-lattice: 0 1 = 1/2 Three-Valued Logic 1/2 Information order
13
13 3-Valued Logical Structures A set of individuals (nodes) U Predicate meaning –P S : U S {0, 1, 1/2}
14
14 u1u1 u x u1u1 u2u2 x u3u3 cdr U S ={u 1, u 2, u 3 } x S =[u 1 1, u 2 0, u 3 0]y S =[u 1 0, u 2 0, u 3 0] car S =[ 0, 0, 0, 0, 0, 0 0, 0, 0] cdr S =[ 0, 1, 0, 0, 0, 1/2, 0, 0, 1/2] eq S =[ 1, 0, 0, 0, 1, 0, 0, 0, 1/2]
![14 u1u1 u x u1u1 u2u2 x u3u3 cdr U S ={u 1, u 2, u 3 } x S =[u 1 1, u 2 0, u 3 0]y S =[u 1 0, u 2 0, u 3 0] car S =[ 0, 0, 0, 0, 0, 0 0, 0, 0] cdr S =[ 0, 1, 0, 0, 0, 1/2, 0, 0, 1/2] eq S =[ 1, 0, 0, 0, 1, 0, 0, 0, 1/2]](http://images.slideplayer.com/27/8917287/slides/slide_14.jpg "14 u1u1 u x u1u1 u2u2 x u3u3 cdr U S ={u 1, u 2, u 3 } x S =[u 1 1, u 2 0, u 3 0]y S =[u 1 0, u 2 0, u 3 0] car S =[ 0, 0, 0, 0, 0, 0 0, 0, 0] cdr S =[ 0, 1, 0, 0, 0, 1/2, 0, 0, 1/2] eq S =[ 1, 0, 0, 0, 1, 0, 0, 0, 1/2]")
15
15 Embedding A pre-partial order on 3-valued logical structures S 1 S 2 every concrete state represented by S 1 is also represented by S 2 The set of nodes in S 1 and S 2 may be different –No meaning for nodes (abstract locations)
16
16 Embedding S 1 f S 2 –f maps the individuals of S 1 onto S 2 –p S 1 (u 1,.., u k ) p S 2 (f(u 1 ),..., f(u k )) S 1 S 2 there exists f such that S 1 f S 2 Pre partial order Induces a pre-partial order on P(3-Struct) –Set-union is a least upper bound Finite height :3-Struct P(2-Struct) – (S) = {S’ : S’ 2-Struct, S’ S } :P(3-Struct) P(2-Struct) – (XS) = S XS (S)
17
17 Tight Embedding S= f: U S U # such that f is onto Define S # = –p # (u # 1,.., u # k ) = {p S (u 1,..., u k ) : f(u i )=u # i } S f S #
18
18 The Abstraction Principle Partition the individuals into equivalence classes based on the values of their unary predicates Collapse other predicates via
19
19 The Abstraction Principle u1u1 u2u2 u3u3 u4u4 x cdr u1u1 x u 234 blur cdr
20
20 Boolean Connectives [Kleene]
![20 Boolean Connectives [Kleene]](http://images.slideplayer.com/27/8917287/slides/slide_20.jpg "20 Boolean Connectives [Kleene]")
21
21 Formal Semantics of First Order Formulae For a structure S= Formulae with LVar free variables Assignment z: LVar U S S (z): {0, 1, 1/2} 1 S (z)=1 0 S (z)=1 p (v 1, v 2, …, v k ) S (z)=p S (z(v 1 ), z(v 2 ), …, z(v k ))
22
22 Formal Semantics of First Order Formulae For a structure S= Formulae with LVar free variables Assignment z: LVar U S S (z): {0, 1, 1/2} 1 2 S (z)=max ( 1 S (z), 2 S (z)) 1 2 S (z)=min ( 1 S (z), 2 S (z)) 1 S (z)=1- 1 S (z) v: 1 S (z)=max { 1 S (z[v u]) : u U S }
![22 Formal Semantics of First Order Formulae For a structure S= Formulae with LVar free variables Assignment z: LVar U S S (z): {0, 1, 1/2} 1 2 S (z)=max ( 1 S (z), 2 S (z)) 1 2 S (z)=min ( 1 S (z), 2 S (z)) 1 S (z)=1- 1 S (z) v: 1 S (z)=max { 1 S (z[v u]) : u U S }](http://images.slideplayer.com/27/8917287/slides/slide_22.jpg "22 Formal Semantics of First Order Formulae For a structure S= Formulae with LVar free variables Assignment z: LVar U S S (z): {0, 1, 1/2} 1 2 S (z)=max ( 1 S (z), 2 S (z)) 1 2 S (z)=min ( 1 S (z), 2 S (z)) 1 S (z)=1- 1 S (z) v: 1 S (z)=max { 1 S (z[v u]) : u U S }")
23
23 The Embedding Theorem Evaluating a formula in S is conservative with respect to (S) Every formula is preserved – = 1 in S = 1 in every S’ (S) – =0 in S =0 in every S’ (S) – = 1/2 in S don’t know
24
24 The Embedding Theorem S f S’ Formulae with LVar free variables Assignment z: LVar U S – S (z) S’ (f z)
25
25 Shape Analysis via Abstract Interpretation Iteratively compute a set of 3-valued structures for every program point Every statement transforms structures according to the predicate-update formulae –use 3-valued logic instead of 2-valued logic –use exactly the predicate-update formulae of the concrete semantics!!
26
26 Abstract Semantics AI (start) = { } CS (v) = {blur( st(u) 3 (S)): u v E, S AI(u)} {S : S, u v E t, S 3 cond(u) } {S: S, u v E f, S 3 cond(u) }
27
27 ([count > 0] 2 [x :=t;] 5 exit a2 [x := null;] 1 [t.cdr :=x;] 4 [t :=malloc();] 3 x:=null {x’(v) := 0 } t:=malloc() { let v 0 := new() in t(v) := eq(v, v 0 ) } t.cdr :=x { message v: t(v) … cdr’(v1, v2) := (t(v1)? x(v2): cdr(v1, v2)) } x:=t x’(v) := t(v) }
![27 ([count > 0] 2 [x :=t;] 5 exit a2 [x := null;] 1 [t.cdr :=x;] 4 [t :=malloc();] 3 x:=null {x’(v) := 0 } t:=malloc() { let v 0 := new() in t(v) := eq(v, v 0 ) } t.cdr :=x { message v: t(v) … cdr’(v1, v2) := (t(v1).](http://images.slideplayer.com/27/8917287/slides/slide_27.jpg "x(v2): cdr(v1, v2)) } x:=t x’(v) := t(v) }.")
28
28 ([x!=null] 2 [y.cdr :=t;] 6 exit [y:= null;] 1 [x :=x.cdr;] 5 [t :=y;] 3 a3 y:=null = { y’(v) :=0 } x !=null = v: x(v) t:=y ={ t(v) :=y(v) } x:=x.cdr ={ message v:x(v) … x’(v) := v1:x(v1) cdr(v1, v) } y.cdr :=t ={ cdr’(v1, v2) := y(v1)? t(v2) : cdr(v1, v2) } [y :=x;] 4 y:=x ={ { y’(v) :=x(v) }
![28 ([x!=null] 2 [y.cdr :=t;] 6 exit [y:= null;] 1 [x :=x.cdr;] 5 [t :=y;] 3 a3 y:=null = { y’(v) :=0 } x !=null = v: x(v) t:=y ={ t(v) :=y(v) } x:=x.cdr ={ message v:x(v) … x’(v) := v1:x(v1) cdr(v1, v) } y.cdr :=t ={ cdr’(v1, v2) := y(v1).](http://images.slideplayer.com/27/8917287/slides/slide_28.jpg "t(v2) : cdr(v1, v2) } [y :=x;] 4 y:=x ={ { y’(v) :=x(v) }.")
29
29 Intermediate Summary Predicate logics allows naturally expressing SOS for languages with pointers and dynamically allocated structures 3-valued logic provides a sound solution –Immediate from Embedding theorem –All you need is to guarantee the SOS correctness But not very precise
30
30 More precise abstract interpretation Refine the abstraction (concretization) More precise abstract interpretation of basic statements –But not necessarily the best (induced)
31
31 The Instrumentation Principle Increase precision by storing the truth- value of some designated formulae Introduce predicate-update formulae to update the extra predicates
32
32 is = 0 Example: Heap Sharing x 31 7191 is[sel](v) = v1,v2: sel(v1,v) sel(v2,v) eq(v1, v2) u1u1 u x u1u1 u x is = 0
 = v1,v2: sel(v1,v) sel(v2,v) eq(v1, v2) u1u1 u x u1u1 u x is = 0](http://images.slideplayer.com/27/8917287/slides/slide_32.jpg "32 is = 0 Example: Heap Sharing x is[sel](v) = v1,v2: sel(v1,v) sel(v2,v) eq(v1, v2) u1u1 u x u1u1 u x is = 0")
33
33 is = 0 Example: Heap Sharing x 31 7191 is[sel](v) = v1,v2: sel(v1,v) sel(v2,v) eq(v1, v2) u1u1 u x u1u1 u x is = 0 is = 1
 = v1,v2: sel(v1,v) sel(v2,v) eq(v1, v2) u1u1 u x u1u1 u x is = 0 is = 1](http://images.slideplayer.com/27/8917287/slides/slide_33.jpg "33 is = 0 Example: Heap Sharing x is[sel](v) = v1,v2: sel(v1,v) sel(v2,v) eq(v1, v2) u1u1 u x u1u1 u x is = 0 is = 1")
34
34 Updating sharing x.sel:=y is [sel]’(v) := ( v1:x(v1)? (y(v)? v2:sel(v2, v) x(v2) :(sel(v1, v)? v2, v3: is[sel] (v2, v3, v) x(v2) x(v3) : is[sel](v)) is[sel] (v2, v3, v) = sel(v2, v) sel(v3, v) eq(v2, v3)
![34 Updating sharing x.sel:=y is [sel]’(v) := ( v1:x(v1).](http://images.slideplayer.com/27/8917287/slides/slide_34.jpg "(y(v). v2:sel(v2, v) x(v2) :(sel(v1, v). v2, v3: is[sel] (v2, v3, v) x(v2) x(v3) : is[sel](v)) is[sel] (v2, v3, v) = sel(v2, v) sel(v3, v) eq(v2, v3).")
35
35 Other Instrumentation c[cdr,car](v)= v1: cdr(v, v1) car(v1, v) c[car,cdr](v)= v1: car(v, v1) cdr(v1, v) r[sel](v1, v2) = sel*(v1, v2) r[x, sel](v) = v1: x(v1) sel*(v1, v) r[x](v) = v1: x(v1) (car|cdr)*(v1, v) inOrder[sel,dle](v) = v1: sel(v, v1) dle(v, v1) inROrder[sel,dle](v) = v1: sel(v, v1) dle(v1, v)
= v1: cdr(v, v1) car(v1, v) c[car,cdr](v)= v1: car(v, v1) cdr(v1, v) r[sel](v1, v2) = sel*(v1, v2) r[x, sel](v) = v1: x(v1) sel*(v1, v) r[x](v) = v1: x(v1) (car|cdr)*(v1, v) inOrder[sel,dle](v) = v1: sel(v, v1) dle(v, v1) inROrder[sel,dle](v) = v1: sel(v, v1) dle(v1, v)](http://images.slideplayer.com/27/8917287/slides/slide_35.jpg "35 Other Instrumentation c[cdr,car](v)= v1: cdr(v, v1) car(v1, v) c[car,cdr](v)= v1: car(v, v1) cdr(v1, v) r[sel](v1, v2) = sel*(v1, v2) r[x, sel](v) = v1: x(v1) sel*(v1, v) r[x](v) = v1: x(v1) (car|cdr)*(v1, v) inOrder[sel,dle](v) = v1: sel(v, v1) dle(v, v1) inROrder[sel,dle](v) = v1: sel(v, v1) dle(v1, v)")
36
36 ([x!=null] 2 [y.cdr :=t;] 6 exit [y:= null;] 1 [x :=x.cdr;] 5 [t :=y;] 3 a3 y:=null = { y’(v) :=0 } x !=null = v: x(v) t:=y ={ t(v) :=y(v) } x:=x.cdr ={ message v:x(v) … x’(v) := v1:x(v1) cdr(v1, v) } y.cdr :=t ={ cdr’(v1, v2) := y(v1)? t(v2) : cdr(v1, v2) } [y :=x;] 4 y:=x ={ { y’(v) :=x(v) }
![36 ([x!=null] 2 [y.cdr :=t;] 6 exit [y:= null;] 1 [x :=x.cdr;] 5 [t :=y;] 3 a3 y:=null = { y’(v) :=0 } x !=null = v: x(v) t:=y ={ t(v) :=y(v) } x:=x.cdr ={ message v:x(v) … x’(v) := v1:x(v1) cdr(v1, v) } y.cdr :=t ={ cdr’(v1, v2) := y(v1).](http://images.slideplayer.com/27/8917287/slides/slide_36.jpg "t(v2) : cdr(v1, v2) } [y :=x;] 4 y:=x ={ { y’(v) :=x(v) }.")
37
37 Semantic Reduction l L1L1 L2L2 op Improve the precision of the analysis by recovering properties of the program semantics A Galois connection (L 1, , , L 2 ) An operation op:L 2 L 2 is a semantic reduction – l L 2 op(l) l – (op(l)) = (l) Can be applied before and after basic operations Preserve soundness
38
38 Materialization x = x cdr y u1u1 u x u1u1 u x cdr x y u1u1 u u1u1 u x = x cdr y x u1u1 u3u3 u2u2 y u1u1 u x u1u1 u x cdr
39
39 The Focusing Principle To increase precision –“Bring the predicate-update formula into focus” (Force 1/2 to 0 or 1) –Then apply the predicate-update formulae Generalizes materialization
40
40 (1) Focus on v 1 : x(v 1 ) cdr(v 1,v) y u1u1 u x u1u1 u x cdr r[cdr] y u1u1 u x u1u1 u x cdr y u1u1 u x u1u1 u x y u1u1 u.1 x u.0 cdr
![40 (1) Focus on v 1 : x(v 1 ) cdr(v 1,v) y u1u1 u x u1u1 u x cdr r[cdr] y u1u1 u x u1u1 u x cdr y u1u1 u x u1u1 u x y u1u1 u.1 x u.0 cdr](http://images.slideplayer.com/27/8917287/slides/slide_40.jpg "40 (1) Focus on v 1 : x(v 1 ) cdr(v 1,v) y u1u1 u x u1u1 u x cdr r[cdr] y u1u1 u x u1u1 u x cdr y u1u1 u x u1u1 u x y u1u1 u.1 x u.0 cdr")
41
41 x’(v) = v 1 : x(v 1 ) cdr(v 1,v) (2) Evaluate Predicate-Update Formulae y u1u1 u x u1u1 u x cdr y u1u1 u u1u1 u y u1u1 u x u1u1 u x y u.0 u1u1 u.1 cdr y u1u1 u u1u1 u x x u.0 y u1u1 u.1 cdr
42
42 The Focus Operation Focus: Formula (P(3-Struct) P(3-Struct)) For every formula –Focus( )(X) yields structure in which evaluates to a definite values in all assignments –Focus( ) is a semantic reduction –But Focus( )(X) may be undefined for some X
43
43 (1) Focus on v 1 : x(v 1 ) cdr(v 1,v) y u1u1 u x u1u1 u x cdr y u1u1 u x u1u1 u x y u1u1 u x u1u1 u x y u1u1 u.1 x u.0 cdr
44
44 (1) Focus on v 1 : cdr(v 1,v) y u1u1 u x u1u1 u x cdr
45
45 x’(v) = v 1 : x(v 1 ) cdr(v 1,v) (2) Evaluate Predicate-Update Formulae y u1u1 u x u1u1 u x cdr y u1u1 u u1u1 u y u1u1 u x u1u1 u x y u.0 u1u1 u.1 cdr y u1u1 u u1u1 u x x u.0 y u1u1 u.1 cdr
46
46 The Coercion Principle Another Semantic Reduction Can be applied after Focus or after Update or both Increase precision by exploiting some structural properties possessed by all stores (Global invariants) Structural properties captured by constraints Apply a constraint solver
47
47 (3) Apply Constraint Solver x u.0 y u1u1 u.1 cdr x u.0 y u1u1 u.1 cdr
48
48 Example Constraints x(v1) x(v2) eq(v1, v2) sel(v, v1) sel(v,v2) eq(v1, v2) sel(v1, v) sel(v2,v) eq(v1, v2) is[sel](v)
](http://images.slideplayer.com/27/8917287/slides/slide_48.jpg "48 Example Constraints x(v1) x(v2) eq(v1, v2) sel(v, v1) sel(v,v2) eq(v1, v2) sel(v1, v) sel(v2,v) eq(v1, v2) is[sel](v)")
49
49 Sources of Constraints Properties of the operational semantics Domain specific knowledge –Instrumentation predicates User supplied
50
50 Format of Constraints p(v 1, v 2, …, v k ) i j v i v j p(v 1, v 2, …, v k ) i j v i v j Interpretation –If LHS is 1 so is RHS –Preserved under tight embedding
51
51 Example Constraints x(v1) x(v2) eq(v1, v2) (1) sel(v, v1) sel(v,v2) eq(v1, v2) (2) sel(v1, v) sel(v2,v) eq(v1, v2) is[sel](v) (3) is[sel](v) sel(v1, v) sel(v2,v) eq(v1, v2) (4) x(v1) eq(v1, v2) x(v2) (1a) sel(v, v1) eq(v1, v2) sel(v,v2) (2a) sel(v1, v) sel(v2,v) is[sel](v) eq(v1, v2) (3a) sel(v1, v) eq(v1, v2) is[sel](v) sel(v2,v) (3b)
 (3) is[sel](v) sel(v1, v) sel(v2,v) eq(v1, v2) (4) x(v1) eq(v1, v2) x(v2) (1a) sel(v, v1) eq(v1, v2) sel(v,v2) (2a) sel(v1, v) sel(v2,v) is[sel](v) eq(v1, v2) (3a) sel(v1, v) eq(v1, v2) is[sel](v) sel(v2,v) (3b)](http://images.slideplayer.com/27/8917287/slides/slide_51.jpg "51 Example Constraints x(v1) x(v2) eq(v1, v2) (1) sel(v, v1) sel(v,v2) eq(v1, v2) (2) sel(v1, v) sel(v2,v) eq(v1, v2) is[sel](v) (3) is[sel](v) sel(v1, v) sel(v2,v) eq(v1, v2) (4) x(v1) eq(v1, v2) x(v2) (1a) sel(v, v1) eq(v1, v2) sel(v,v2) (2a) sel(v1, v) sel(v2,v) is[sel](v) eq(v1, v2) (3a) sel(v1, v) eq(v1, v2) is[sel](v) sel(v2,v) (3b)")
52
52 (3) Apply Constraint Solver x u.0 y u1u1 u.1 cdr x(v1) x(v2) eq(v1, v2) (1) x u.0 y u1u1 u.1 cdr x u.0 y u1u1 u.1 cdr sel(v1, v) eq(v1, v2) is[sel](v) sel(v2,v) (3b) x u.0 y u1u1 u.1 cdr
 sel(v2,v) (3b) x u.0 y u1u1 u.1 cdr](http://images.slideplayer.com/27/8917287/slides/slide_52.jpg "52 (3) Apply Constraint Solver x u.0 y u1u1 u.1 cdr x(v1) x(v2) eq(v1, v2) (1) x u.0 y u1u1 u.1 cdr x u.0 y u1u1 u.1 cdr sel(v1, v) eq(v1, v2) is[sel](v) sel(v2,v) (3b) x u.0 y u1u1 u.1 cdr")
53
53 Summary Predicate logics allows naturally expressing SOS for languages with pointers and dynamically allocated structures 3-valued logic provides a sound solution Semantic reductions improve precision and preserve soundness Next meeting: TVLA + some applications
Similar presentations
