Join Algorithms for the Theory of Uninterpreted Functions

Download Presentation

Join Algorithms for the Theory of Uninterpreted Functions

Loading in 2 Seconds...

- 82 Views
- Uploaded on
- Presentation posted in: General

Join Algorithms for the Theory of Uninterpreted Functions

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Join Algorithms for the Theory of Uninterpreted Functions

Sumit Gulwani Ashish Tiwari George Necula

UC-Berkeley SRI UC-Berkeley

E = JoinT(E1,E2) iff

- E1)T E and E2)T E
- If (E1)T g) and (E2)T g), then E )T g
E1, E2, E: conjunction of ground facts in theory T

g: ground fact in theory T

E is the strongest conjunction of ground facts that is implied by both E1 and E2 in theory T

- LE: Linear Arithmetic with Equality
JoinLE(x=1 Æ y=4, x=3 Æ y=2) = x+y=5

- LI: Linear Arithmetic with Inequalities
JoinLI(x=1 Æ y=4, x=3 Æ y=2) = x+y=5 Æ 1·x·3

- UF: Uninterpreted Functions
JoinUF(x=a Æ y=F(a), x=b Æ y=F(b)) = y=F(x)

False

True

- Disadvantages of using decision procedure:
- Exponential # of paths
- Loop invariants required
- Cannot discover invariants

- Abstract Interpretation avoids these problems
- Join Algorithm required to merge facts at join points

*

x := a; y := F(a);

x := b;

y := F(x);

True

False

*

u := F(a); v := F(a);

u := F(x);

v := y;

assert (u=v);

assert (v=F(a));

Join(F(a)=a Æ F(b)=b Æ G(a)=G(b), a=b) = GFi(a)=GFi(b)

The result of join is not finitely representable using standard data-structures like EDAGs

Recall, Join(E1,E2): strongest conjunction of ground facts g s.t.

E1)T g and E2)T g

RCJoin(E1,E2,K): strongest conjunction of ground facts g s.t.

E1)T g and E2)T g and Terms(g) 2 K

Example

E1:F(a)=a Æ F(b)=b Æ G(a)=G(b)

E2: a=b

K: { GF(a),GF(b) }

RCJoin(E1,E2,K): GF(a) = GF(b)

RCJoin(E1,E2,K):

- Let D1=EDAG(E1) and D2=EDAG(E2)
- Extend D1 and D2 to represent K
- Congruence close D1 and D2
- Let D=product construction of D1 and D2
Output D

F

G

G

F

a

b

E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)

E2: a=b

K: { GF(a),GF(b) }

a

b

D1 = EDAG(E1)

D2 = EDAG(E2)

- Nodes represent terms
- Dotted edges represent equalities

G

G

F

G

G

F

F

F

a

b

E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)

E2: a=b

K: { GF(a),GF(b) }

a

b

D1 = EDAG(E1)

D2 = EDAG(E2)

- Add extra nodes to EDAGs s.t. terms in K are represented

G

G

F

G

G

F

F

F

a

b

E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)

E2: a=b

K: { GF(a),GF(b) }

a

b

D1 = EDAG(E1)

D2 = EDAG(E2)

- F(n) = F(m) if n=m

30

60

G

G

6

5

2

3

F

G

G

F

20

50

F

F

1

4

a

b

10

40

E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)

E2: a=b

K: { GF(a),GF(b) }

C6 Å C30: { GF(a), GF(b)}

a

b

D1 = EDAG(E1)

D2 = EDAG(E2)

C1: {a, Fa, F2(a), …}

C4: {b, Fb, F2(b), …}

C6: {G(a), GF(a), …

G(b), GF(b), …}

C10: {a, b}

C20: {F(a), F(b)}

C30: {GF(a), GF(b)}

30

60

G

G

6

5

2

3

F

G

G

F

20

50

F

F

1

4

a

b

10

40

E1: F(a)=a Æ F(b)=b Æ G(a)=G(b)

E2: a=b

K: { GF(a),GF(b) }

[3,30]

[6,60]

G

G

[2,20]

[5,50]

F

F

[1,10]

[4,40]

a

b

a

b

D1 = EDAG(E1)

D2 = EDAG(E2)

D

- [n,m] 2 D if n:vÆm:v, or n:F(n1)Æm:F(m1) Æ[n1,m1] 2 D
- [n1,m1] = [n2,m2] if n1=n2 and m1=m2

For example, theory of commutative functions (CF)

- Useful in modeling floating point operations
- More challenging than uninterpreted functions (UF)
E1: x=a Æ y=b

E2: x=b Æ y=a

JoinUF(E1,E2) = true

JoinCF(E1,E2) = F(C[a],C[b]) = F(C[b], C[a])

For example, theory of linear arithmetic and uninterpreted functions (LA+UF)

E1: x=a Æ y=b

E2: x=b Æ y=a

JoinUF(E1,E2) = true

JoinLA(E1,E2) = x+y=a+b

JoinLA+UF(E1,E2) = F(x+c)+F(y+c) = F(a+c)+F(b+c) Æ .….

Join(E1,E2) Æ E = Join(E1ÆE, E2ÆE)

- Useful in interprocedural analysis
- This is a representation issue.
- Representing result of join using conjunction of ground facts is not context-sensitive.
E1: x=a Æ y=F(a)

E2: x=b Æ y=F(b)

JoinUF(E1,E2) Æ a=b = y=F(x) Æ a=b

JoinUF(E1Æ a=b,E2Æ a=b) = y=F(x) Æ x=a=b

- Representing result of join using conjunction of ground facts is not context-sensitive.

- Join Algorithms are useful in program analysis. They are generalization of decision procedure.
JoinT(E, g) = g iff E )T g

E: conjunction of ground facts in theory T

g: ground fact in theory T

- We showed a relatively complete join algorithm for uninterpreted functions.
- Join algorithms open up several interesting problems.