1 / 23

Meta Predicate Abstraction for Hierarchical Symbolic Heaps

Meta Predicate Abstraction for Hierarchical Symbolic Heaps. Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los Angeles. TexPoint fonts used in EMF.

sadie
Download Presentation

Meta Predicate Abstraction for Hierarchical Symbolic Heaps

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Meta Predicate Abstractionfor Hierarchical Symbolic Heaps Josh Berdine Microsoft Research, Cambridge joint with Mike Emmi University of California, Los Angeles TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAA

  2. What: • Method of defining extrapolation and join operations for separation logic based analyses • Main Goals: • Enable join operations between Powerset and Cartesian • Provide systematic definitions and parameterizations of operations

  3. Goal: Enable join operations between Powerset and Cartesian • “Maximally” precise Powerset (disjunctive-normal form) join too costly / redundant • Particularly for shape analysis: tends to overuse disjunction • “Minimally” precise Cartesian (no disjunction) join usually too imprecise • Therefore here: • Use symbolic heap formulae that allow arbitrary nesting of conjunction & disjunction • Parameterize join to control when to weaken by shifting from disjunctive to a more conjunctive form

  4. Goal: Provide systematic definitions and parameterizations of operations • Join & extrapolation generally have ad-hoc definitions in SL analyses • Significant impediment to systematic or automatic tuning • Therefore here: • Define join & extrapolation using a form of predicate abstraction • Unary predicates in (positive) first-order logic with transitive closure • Interpreted over “points in the structure” of SL formulae • Opens the way to specializing operations to particular: • Program • Program point: lazy abstraction • Program point at particular point in analysis: abstraction refinement

  5. What are extrapolation & join? • Approximate semantics • Soundness condition for • Join: • Extrapolation:

  6. Simple symbolic heaps • Simple fragment of separation logic • Consider analysis • Sets of symbolic heap formulae • Set theoretic order, join, pointwise lift of transformers • Now to define extrapolation…

  7. Meta predicate logic • First-order logic with transitive closure • Entailment judgment • Closure rules

  8. Meta predicate evaluation • Base predicate satisfaction • Predicate satisfaction • Unary predicates: are evaluated: lift to vectors of predicates: and expressions:

  9. Predicate evaluation example • Predicates: • Symbolic Heap: • Valuations:

  10. Meta predicate based Extrapolation • Append entailment • Simplified concatenation rewrite rule • General concatenation rewrite rule

  11. Extrapolation example • Consider: • then: • and: • Non-confluence: • In general, confluence depends on predicate set

  12. Predicates example • Consider the predicates • Then we have the rewrites • Note similarity to Distefano+ TACAS’06 & Manevich+ VMCAI’05 • But:

  13. Disjunctive symbolic heaps • Disjunctive symbolic heaps Add production: • Symbolic heap contexts • Predicate satisfaction judgment

  14. Predicate satisfaction

  15. Example deduction

  16. Predicate evaluation algorithm

  17. Predicate evaluation algorithm

  18. Extrapolation • Concatenation rewrite • “Selected branch” of a context

  19. “Weaken & distribute ¤ over Ç” Join • Factorization rewrite • Example

  20. “Trade disjuncts for existentials” Join • Joining segments with equal heads and unequal tails • Example

  21. Extrapolation & Join algorithms • Work from leaves of whole formula to root • For each decomposition into context and symbolic heap • View selected symbolic heap as graph • Edges for points-to’s, list segments and equalities • Apply rewrite rules to paths in graph in a length-decreasing order

  22. Hierarchical Symbolic Heaps • Disjunctive Hierarchical Symbolic Heaps • Base predicate satisfaction changes • Otherwise mostly orthogonal extension • Extrapolation & Join algorithms complicated by needing to construct segment graphs inductively over patterns • Rewrite rules now need to use subtraction • Paths in segment graph don’t imply append entailment applies

  23. Summary • Proposed method of defining extrapolation & join operations • For separation logic based analyses • Over formulae allowing arbitrary nesting of *-conjunction and disjunction • Using a form of (unary, FOTC) predicate abstraction • Enables join operations between Powerset and Cartesian • Provides systematic definitions and parameterizations of operations • Can be seen as a meeting point of Canonical Abstraction and separation logic based analysis • Representation of invariants & local semantics of programs from SL • Extrapolation & join based on valuation of FOTC predicates a la CA

More Related