# Join Algorithms for the Theory of Uninterpreted Functions - PowerPoint PPT Presentation

1 / 16

Join Algorithms for the Theory of Uninterpreted Functions. Sumit Gulwani Ashish Tiwari George Necula UC-Berkeley SRI UC-Berkeley. Definition: Join in theory T. E = Join T ( E 1 , E 2 ) iff E 1 ) T E and E 2 ) T E

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Join Algorithms for the Theory of Uninterpreted Functions

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

## Join Algorithms for the Theory of Uninterpreted Functions

Sumit Gulwani Ashish Tiwari George Necula

UC-Berkeley SRI UC-Berkeley

### Definition: Join in theory T

E = JoinT(E1,E2) iff

• E1)T E and E2)T E

• If (E1)T g) and (E2)T g), then E )T g

E1, E2, E: conjunction of ground facts in theory T

g: ground fact in theory T

E is the strongest conjunction of ground facts that is implied by both E1 and E2 in theory T

### Example of Joins

• LE: Linear Arithmetic with Equality

JoinLE(x=1 Æ y=4, x=3 Æ y=2) = x+y=5

• LI: Linear Arithmetic with Inequalities

JoinLI(x=1 Æ y=4, x=3 Æ y=2) = x+y=5 Æ 1·x·3

• UF: Uninterpreted Functions

JoinUF(x=a Æ y=F(a), x=b Æ y=F(b)) = y=F(x)

### Motivation: Program Analysis using Abstract Interpretation

False

True

• Disadvantages of using decision procedure:

• Exponential # of paths

• Loop invariants required

• Cannot discover invariants

• Abstract Interpretation avoids these problems

• Join Algorithm required to merge facts at join points

*

x := a; y := F(a);

x := b;

y := F(x);

True

False

*

u := F(a); v := F(a);

u := F(x);

v := y;

assert (u=v);

assert (v=F(a));

### Join for Uninterpreted Functions is not easy

Join(F(a)=a Æ F(b)=b Æ G(a)=G(b), a=b) = GFi(a)=GFi(b)

The result of join is not finitely representable using standard data-structures like EDAGs

### Relatively Complete Join: Definition

Recall, Join(E1,E2): strongest conjunction of ground facts g s.t.

E1)T g and E2)T g

RCJoin(E1,E2,K): strongest conjunction of ground facts g s.t.

E1)T g and E2)T g and Terms(g) 2 K

Example

E1:F(a)=a Æ F(b)=b Æ G(a)=G(b)

E2: a=b

K: { GF(a),GF(b) }

RCJoin(E1,E2,K): GF(a) = GF(b)

### Relatively Complete Join: Algorithm

RCJoin(E1,E2,K):

• Let D1=EDAG(E1) and D2=EDAG(E2)

• Extend D1 and D2 to represent K

• Congruence close D1 and D2

• Let D=product construction of D1 and D2

Output D

F

G

G

F

a

b

### Step 1: Constructing EDAGs

E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)

E2: a=b

K: { GF(a),GF(b) }

a

b

D1 = EDAG(E1)

D2 = EDAG(E2)

• Nodes represent terms

• Dotted edges represent equalities

G

G

F

G

G

F

F

F

a

b

### Step 2: Extending EDAGs

E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)

E2: a=b

K: { GF(a),GF(b) }

a

b

D1 = EDAG(E1)

D2 = EDAG(E2)

• Add extra nodes to EDAGs s.t. terms in K are represented

G

G

F

G

G

F

F

F

a

b

### Step 3: Congruence Closure

E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)

E2: a=b

K: { GF(a),GF(b) }

a

b

D1 = EDAG(E1)

D2 = EDAG(E2)

• F(n) = F(m) if n=m

30

60

G

G

6

5

2

3

F

G

G

F

20

50

F

F

1

4

a

b

10

40

### Step 4: Product Construction (Intuition)

E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)

E2: a=b

K: { GF(a),GF(b) }

C6 Å C30: { GF(a), GF(b)}

a

b

D1 = EDAG(E1)

D2 = EDAG(E2)

C1: {a, Fa, F2(a), …}

C4: {b, Fb, F2(b), …}

C6: {G(a), GF(a), …

G(b), GF(b), …}

C10: {a, b}

C20: {F(a), F(b)}

C30: {GF(a), GF(b)}

30

60

G

G

6

5

2

3

F

G

G

F

20

50

F

F

1

4

a

b

10

40

### Step 4: Product Construction (Algorithm)

E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)

E2: a=b

K: { GF(a),GF(b) }

[3,30]

[6,60]

G

G

[2,20]

[5,50]

F

F

[1,10]

[4,40]

a

b

a

b

D1 = EDAG(E1)

D2 = EDAG(E2)

D

• [n,m] 2 D if n:vÆm:v, or n:F(n1)Æm:F(m1) Æ[n1,m1] 2 D

• [n1,m1] = [n2,m2] if n1=n2 and m1=m2

### Future Work: Join Algorithm for other theories

For example, theory of commutative functions (CF)

• Useful in modeling floating point operations

• More challenging than uninterpreted functions (UF)

E1: x=a Æ y=b

E2: x=b Æ y=a

JoinUF(E1,E2) = true

JoinCF(E1,E2) = F(C[a],C[b]) = F(C[b], C[a])

### Future Work: Combining Join Algorithms

For example, theory of linear arithmetic and uninterpreted functions (LA+UF)

E1: x=a Æ y=b

E2: x=b Æ y=a

JoinUF(E1,E2) = true

JoinLA(E1,E2) = x+y=a+b

JoinLA+UF(E1,E2) = F(x+c)+F(y+c) = F(a+c)+F(b+c) Æ .….

### Future Work: Context-sensitive Join Algorithms

Join(E1,E2) Æ E = Join(E1ÆE, E2ÆE)

• Useful in interprocedural analysis

• This is a representation issue.

• Representing result of join using conjunction of ground facts is not context-sensitive.

E1: x=a Æ y=F(a)

E2: x=b Æ y=F(b)

JoinUF(E1,E2) Æ a=b = y=F(x) Æ a=b

JoinUF(E1Æ a=b,E2Æ a=b) = y=F(x) Æ x=a=b

### Conclusion

• Join Algorithms are useful in program analysis. They are generalization of decision procedure.

JoinT(E, g) = g iff E )T g

E: conjunction of ground facts in theory T

g: ground fact in theory T

• We showed a relatively complete join algorithm for uninterpreted functions.

• Join algorithms open up several interesting problems.